4. Cryptography
4
The term Cryptography is originally derived from the two
greek words “kryptos" and “graph", meaning hidden and
writing, 20th
.
Cryptography is the science and study of methods of
protecting data in computer and communication systems
from unauthorized disclosure and modification.
Classified into two cryptosystems, private-key
cryptosystem and public-key cryptosystem. Both are
based on complex mathematical algorithms and are
controlled by keys.
7. Security Goals
7
1.Confidentiality or Privacy : Service is used to
save the information content of all persons except
that told them to get acquainted with them.
2.Data Integrity: This service is used to save the
information of the change (delete or add or
modify) by persons unauthorized to do so.
3.Proof of identity (Authentication): This service is
used to prove the identity of the data handling
(authorized).
8. Cont.
8
4. (Non-repudiation): This service is used to prevent a
person from denial to do something, Digital Signature.
Note :-
If the primary purpose of encryption is to
provide these services to the people is to
maintain the security of their information .
13. 7.13
Main topics
To review a short history of AES
To define the basic structure and trans.. of AES
To define the key expansion process
To define ANALYSIS and Uses of AES
Comparison
Reference
14. 7.14
Clear a replacement for DES was needed
o
have theoretical attacks that can break it
o
have demonstrated exhaustive key search
attacks, ” deep crack (88b) in 3 days”
Can use (3-DES) – but slow, has small blocks
US NIST issued call for ciphers in 1997
15 candidates accepted in Jun 98
5 were shortlisted in Aug-99
o (Rijndael, SERPENT, TWOFISH, RC6, MARS).
History
15. Introduction
The Advanced Encryption Standard (AES).
Is a symmetric-key block cipher .
Rijndael was selected as the AES in Oct-2000
Published by the (NIST) in December 2001.
The criteria defined by NIST for selecting AES fall
into three areas:
1. Security
2. Cost
3. Implementation.
16. 7.16
designed by Rijmen-Daemen in Belgium
has 128/192/256 bit keys, 128 bit data
an iterative rather than Feistel cipher
processes data as block of 4 columns of 4 bytes
operates on entire data block in every round
designed to have:
resistance against known attacks
speed and code compactness on many CPUs
design simplicity
The AES Cipher - Rijndael
18. AES Structure
data block of 4 columns of 4 bytes is state
key is expanded to array of words
has 10/12/14 rounds in which state undergoes:
byte substitution (1 S-box used on every byte)
shift rows (permute bytes between groups/columns)
mix columns (subs using matrix multiply of groups)
add round key (XOR state with key material)
view as alternating XOR key & scramble data bytes
initial XOR key material & incomplete last round
with fast XOR & table lookup implementation
22. Some Comments on AES
key expanded into array of 32-bit words
four words form round key in each round
4 different stages are used as shown
has a simple structure
only AddRoundKey uses key
AddRoundKey a form of Vernam cipher
each stage is easily reversible
decryption uses keys in reverse order
decryption does recover plaintext
final round has only 3 stages
25. 7.25
EA 04 65 85
83 01 5D 96
5C 33 98 B0
F1 2D AD C5
Initial XOR key
24 34 31 13
75 75 e2 Aa
A2 56 12 5
B3 88 00 87
00 12 0c 08
04 04 00 23
12 12 13 19
14 00 11 19
Input state Output stateKey Round
Plain text key Cipher text
+ =
26. 7.26
TRANSFORMATIONS
To provide security, AES uses four types of
transformations: substitution, permutation, mixing, and
key-adding.
1. Substitution
2. Permutation
3. Mixing
4. Key Adding
27. Substitute Bytes
A simple substitution of each byte
Uses one table of 16x16 bytes .
Each byte of state is replaced by byte indexed
by row (left 4-bits) & column (right 4-bits)
eg. byte {95} is replaced by byte in row 9
column 5
which has value {2A}
S-box constructed using defined transformation
of values in GF(28
)
Designed to be resistant to all known attacks
28. 7.28
0 1 . . . . . . F
0 7C
.
.
.
.
.
F A1
EA 04 65 85
83 01 5D 96
5C 33 98 B0
F1 2D AD C5
State
87 F2 4D 97
EC 7C 4C 90
4A C3 46 E7
A1 D8 95 A6
State
After substituteS-box
SubBytes
Figure 6: SubBytes transformation
31. Shift Rows
A circular byte shift in each each
1st
row is unchanged
2nd
row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
Decrypt inverts using shifts to right
Since state is processed by columns, this step
permutes bytes between the columns
32. 7.32
87 F2 4D 97
EC 7C 4C 90
4A C3 46 E7
A1 D8 95 A6
87 F2 4D 97
7C 4C 90 EC
46 E7 4A C3
A6 A1 D8 95
unchanged
1 byte shift to left
2 byte shift to left
3 byte shift to left
State
After shifting
State
Shift Rows
Shift row
InShift row
Figure 7: shift rows
33. Mix Columns
Each column is processed separately
Each byte is replaced by a value
dependent on all 4 bytes in the column
Effectively a matrix multiplication in GF(28
)
using prime poly m(x) =x8
+x4
+x3
+x+1
34. Continue
Can express each col as 4 equations
to derive each new byte in col
Decryption requires use of inverse matrix
with larger coefficients, hence a little harder
Have an alternate characterisation
each column a 4-term polynomial
with coefficients in GF(28
)
and polynomials multiplied modulo (x4
+1)
Coefficients based on linear code with maximal
distance between codewords
36. 7.36
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
87 F2 4D 97
6E 4C 90 EC
46 E7 4A C3
A6 A1 D8 95
47 S0,1 S0,2 S0,3
37 S1,1 S1,2 S1,3
94 S2,1 S2,2 S2,3
ED S3,1 S3,2 S3,3
=*
Old matrix New matrixConstant matrix
*
eg.:- (({02}*{87})+({03}*{6E})+({01}*{46})+({01}*{A6}))= {47}
InvMixColumns:
The InvMixColumns transformation is basically the
same as the MixColumns transformation.
Figure 8: Mixing bytes using matrix multiplication
37. Add Round Key
XOR state with 128-bits of the round key
Again processed by column (though
effectively a series of byte operations)
Inverse for decryption identical
since XOR own inverse, with reversed keys
Designed to be as simple as possible
a form of Vernam cipher on expanded key
requires other stages for complexity / security
40. 7.40
KEY EXPANSION
To create round keys for each round, AES uses a key-
expansion process. If the number of rounds is Nr , the
key-expansion routine creates Nr + 1 128-bit round keys
from one single 128-bit cipher key.
Key Expansion in AES-128
46. 7.46
ContinuedContinued
Example :
Figure 7.21 shows the state entries in one round, round 7, inFigure 7.21 shows the state entries in one round, round 7, in
Example 7.10.Example 7.10.
Figure 12: States in a single round
47. 7.47
ContinuedContinued
Example :
One may be curious to see the result of encryption when theOne may be curious to see the result of encryption when the
plaintext and cipher key is made of all 0s. Using the cipherplaintext and cipher key is made of all 0s. Using the cipher
key in Example 7.10 yields the ciphertext.key in Example 7.10 yields the ciphertext.
48. 7.48
ANALYSIS OF AES
This section is a brief review of the three characteristics
of AES.
1. Security
2. Implementation
3. Simplicity and Cost
49. 7.49
Security
AES was designed after DES. Most of the known
attacks on DES were already tested on AES.
Brute-Force Attack
AES is definitely more secure than DES due to the
larger-size key.
Statistical Attacks
Numerous tests have failed to do statistical analysis
of the ciphertext.
Differential and Linear Attacks
There are no differential and linear attacks on AES
as yet.
50. 7.50
Implementation
AES can be implemented in software, hardware, and
firmware. The implementation can use table lookup
process or routines that use a well-defined algebraic
structure.
Simplicity and Cost
The algorithms used in AES are so simple that they can
be easily implemented using cheap processors and a
minimum amount of memory.
51. Uses of AES Algorithm
7.51
AES is used in programs (WINZIP) the user
request dataset after encrypt compressed.
Used in the protocol TLS, a protocol to
establish a secure connection.
Use of the IPsec protocol, a protocol to ensure
safety in the connections that are powered by IP
over the Internet
Uses in the military….etc.
54. 7.54
Pratap Chandra Mandal has evaluated the following
algorithms: DES, 3DES ,AES and Blowfish
Pentium IV of 2.4 GHz CPU speed
4 GB RAM.
text files sizes range from 50 KB to 22300 KB.
Experiment
59. 7.59
William Stallings, CRYPTOGRAPHY AND NETWORK SECURITY, FIFTH
EDITION,2011, USA
www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Pratap Chandra Mandal., Kolkata, W.B., Evaluation of performance of the
Symmetric Key Algorithms: DES, 3DES ,AES and Blowfish.Journal of Global
Research in Computer Science, 3 (8), August 2012, 67-70.
Handout
Reference
63. Abstract
This survey paper discussed about the symmetric
cryptographic algorithms and their performance in
context of power consumption issues, Memory and
CPU processing time.
Also, their performance based on algorithm, key
generation process and length.
64. Introduction
Cryptography converts the message into a non
readable format and send it over an unsecure
channel.
There are five requirements for symmetric
encryption, plain text, cipher text, encryption
algorithm, decryption algorithm, and secret key.
65. In general, encryption uses two techniques
like.
Encryption
Symmetric Asymmetric
RSA ECC Etc.Blowfish
DES,3
DES
AESRC2/6
Fig 1: Cryptography Diagram
67. Description of some symmetric encryption
algorithms like AES, DES, Blowfish, Modified DES,
and Modified Blowfish, and their strengths and
weaknesses.
1. DES (Data Encryption Standard) Algorithm
It is a block cipher which encrypts 64 bit plaintext at a time and
uses 56 bit key.
The drawback can be easily prone to Brute Force to break the
key, 256
possible.
So DES is not so secure.
68. Round 1
Round 2
Initial
permutayion
Round 16
32 bit swap
Inv initial
permutation
Permuted
choice 2
Left circular
shift
Permuted
choice 2
Left circular
shift
Left circular
shift
Permuted
choice 2
Permutation
choice
64-bit plain text
64-bit cipher text
64-bit key
56
56
56
56
5648
48
48
64
64
64
64
Key Generation
Encryption
Fig 3: DES Algorithm
69. 2. AES (Advanced Encryption Standard) Algorithm
AES is a variable bit block cipher and uses variable key
length of 128, 192 and 256 bits.
AES performs different processing rounds.
Substitute bytes
Shift rows
Mix column
Add round key
AES encryption is fast, flexible and higher secure
The key length is variable.
71. Blowfish Encryption Algorithm
designed in 1993 by Bruce Blowfish
It’s 64 bit block cipher with variable length key.
Fast : It encrypts data on large 32-bit microprocessors at a
rate of 26 clock cycles per byte.
Compact: It can run in less than 5K of memory.
Simple: It uses addition, XOR, lookup table with 32-bit
operands.
Secure: The key length is variable ,it can be in the range of
32~448 bits: default 128 bits key length.
Unpatented and royality-free.
72. Cont..
It is suitable and efficient for hardware
implementation
blowfish algorithm has yet to be cracked as the
key size is high, requires 2448
combinations
The processing speed is less than DES and AES.
simple to implement
74. Description of Algorithm:
• Feistel network.
• This algorithm is divided into two parts.
1. Key-expansion
•The key expansion step converts 448 bit key into 4168
bytes.
• A P-array of size 18 and four S-boxes whose size is 256
2. Data Encryption
• Divide 64-bits into two 32-bit halves: XL, XR
• For i = 1 to 16
o XL = XL XOR Pi
o XR=F(XL) XOR XR
o Swap XL and XR
• Swap XL and XR (Undo the last swap )
• XR=XR XOR P17
• XL = XL XOR P18
• Concatenate XL and XR
75. Key-expansion:
It will converts a key of 448 bits into several subkey arrays
totaling 4168 bytes. Blowfish uses large number of subkeys.
These keys are generate earlier to any data encryption or decryption.
The p-array consists of 18, 32-bit subkeys:
P1,P2,………….,P18
Four 32-bit S-Boxes consists of 256 entries each:
S1,0, S1,1,………. S1,255
S2,0, S2,1,……….. S2,255
S3,0, S3,1,……….. S3,255
S4,0, S4,1,..............S4,255
76.
77.
78. Modified Blowfish Algorithm
Modified by Monika and Paradeep in 2012. They
modify the blowfish algorithm with a random number
Rn, the remaining processing is same as blowfish.
Modified blowfish algorithm uses the concept of
random number and flags,
flags decide where f function process is required or
not.
79. Cont...
As the result of the number of f function calls is
reduced, lead to,
increase the CPU processing time
decrease memory usage
increased the throughput.
The second advantage of modified blowfish
algorithm is increased in security.
80. Modified DES Algorithm using Fuse
Data Technique
DES algorithm is modified by Al Hamami et al in .
They present Fuse DES with Blowfish and Genetic
Algorithm (GA).
DES has a disadvantage of shortest key, since it is not
more secure.
The algorithm uses 2 subkeys:-
right subkey and Left subkey is a 768 bit length and
16 blocks of 48 bits called Pi through both 16th round
left subkey is generated.
81. Cont..
the CPU time increased, as well as, memory usage
and as result of slow processing, the throughput
decreased compare to DES.
This is more secure encryption algorithm as uses two
subkeys, R,L.
84. Conclusion
one secret key is used in the symmetric
encryption algorithms
the symmetric key algorithms are more prone to
attacks and provide less security than asymmetric
algorithms.
the processing time, throughput, and memory
usage of this algorithms are very less
DES is a less secure algorithm
The drawback is solved in Fused DES through GA
Technique and Blowfish key generation.
The more secure algorithm is blowfish.
85. Critique
The title of the article is appropriate and clear
However, the abstract is rather general and not
specific.
In introduction, the purpose of the article was not
clearly stated
So few information regarding the description of
AES algorithm.
Diagram of modified blowfish is required.
86. Overall Critique
Modified Blowfish was not clearly described( round
numbers), as well as, GA
There are so much repetition (DES)
Figures and charts was not appropriately placed.
Review of previous researches should be mentioned
in introduction.
Language of the article was not properly academic.
89. Introduction
Hacking is a term used to refer to activities
aimed at exploiting security flaws to obtain critical
information for gaining access to secured
networks.
90. General Hacking Methods
1. Identify the target system.
2. Gathering Information on the target system.
3. Finding a possible loophole in the target system.
4. Exploiting this loophole using exploit code.
5. Removing all traces from the log files and escaping
without a trace.
91. Various Types of Attacks
The most common ones are:
Denial of Services attacks (DOS Attacks)
SMURF Attacks
Threat from Sniffing and Key Logging
Trojan Attacks
RAT (Remote Administration Tool)
IP Spoofing
Buffer Overflows
All other types of Attacks
92. IPAddresses
An attacker’s first step is to find out the IP Address of
the target system.
IP Addresses: Finding out an IP Address
Through Instant Messaging Software
C:>netstat -n
Through Internet Relay Chat
Through Your website
by using simply JAVA applets or JavaScript code.
Through Email Headers
93. IPAddresses: Dangers &
Concerns
IP Addresses: Dangers & Concerns
DOS Attacks
Disconnect from the Internet
Trojans Exploitation
Geographical Information
File Sharing Exploits
95. Port Scanning
Port Scanning is normally the first step that an
attacker undertakes.
List of Open Ports
Services Running
Exact Names and Versions of all the Services or
Daemons.
Operating System name and version
96.
97. Port Scanning : Major Tools Available
Some of the best and the most commonly used
Port Scanners are:
Nmap
Superscan
Hping
Nessus
Common Features of all above Port Scanners:
Very Easy to Use
Display Detailed Results
99. Introduction
Nmap (Network Mapper) is a
security scanner originally written
by Gordon Lyon (Fyodor), (1997).
Is a free and open source, Website nmap.org.
Nmap was originally a Linux-only utility, but it was
ported to Microsoft Windows,
Nmap runs on all major computer operating systems
used to discover hosts and services on acomputer
network, and security auditing
thus creating a "map" of the network. To accomplish
its goal.
100. Determain what operating systems (and OS
versions) they are running, vulnerability detection.
type of packet filters/firewalls are in use, and dozens
of other characteristics.
It was designed to rapidly scan large networks
Nmap is also capable of adapting to network
conditions including latency and congestion during a
scan
Nmap sends specially crafted packets to the target
host and then analyzes the responses.
Cont..
109. Nmap features
Host discovery – Identifying hosts on a network.
Port scanning – Enumerating the open ports on target
hosts.
Version detection – Interrogating network services on
remote devices to determine application name and
version number.
OS detection – Determining the operating system and
hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap
Scripting Engine (NSE) and Lua programming language.
Nmap can provide further information on targets,
including reverse DNS names, device types, and MAC
addresses.
110. Typical uses of Nmap
Auditing the security of a device or firewall by
identifying the network connections which can be
made to, or through it.
Identifying open ports on a target host in
preparation for auditing.
Network inventory, network mapping,
maintenance and asset management.
Auditing the security of a network by identifying
new servers.
Generating traffic to hosts on a network.
121. Anti-Port Scanning
Some useful Anti-Port Scanning software available are:
Scanlogd (A Unix based Port Scan Detector & Logger)
BlackICE (A Windows based Port Scan Detector &
Logger)
Snort: A packet sniffer cum IDS.
Abacus Port sentry: Capable of Detecting both normal
and stealth port scanning attempts.
Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only type of encryption in use prior to the development of public-key encryption in the 1970s. It remains by far the most widely used of the two types of encryption. All traditional schemes are symmetric / single key / private-key encryption algorithms, with a single key, used for both encryption and decryption. Since both sender and receiver are equivalent, either can encrypt or decrypt messages using that common key.
The input to the AES encryption and decryption algorithms is a single 128-bit block, depicted in FIPS PUB 197, as a square matrix of bytes .This block is copied into the State array, which is modified at each stage of encryption or decryption. After the final stage, State is copied to an output.
The key is expanded into 44/52/60 lots of 32-bit words (see later), with 4 used in each round. Note that the ordering of bytes within a matrix is by column. So, for example, the first four bytes of a 128-bit plaintext input to the encryption cipher occupy the first column of the in matrix, the second four bytes occupy the second column, and so on. Similarly, the first four bytes of the expanded key, which form a word, occupy the first column of the w matrix.
The data computation then consists of an “add round key” step, then 9/11/13 rounds with all 4 steps, and a final 10th/12th/14th step of byte subs + mix cols + add round key. This can be viewed as alternating XOR key & scramble data bytes operations. All of the steps are easily reversed, and can be efficiently implemented using XOR’s & table lookups.
Before delving into details, can make several comments about the overall AES structure. See text for details.
We now turn to a discussion of each of the four transformations used in AES. For each stage, we mention the forward (encryption) algorithm, the inverse (decryption) algorithm, and the rationale for the design of that stage.
The Substitute bytes stage uses an S-box to perform a byte-by-byte substitution of the block. There is a single 8-bit wide S-box used on every byte. This S-box is a permutation of all 256 8-bit values, constructed using a transformation which treats the values as polynomials in GF(28) – however it is fixed, so really only need to know the table when implementing. Decryption requires the inverse of the table. These tables are given in Stallings Table 5.2.
The table was designed to be resistant to known cryptanalytic attacks. Specifically, the Rijndael developers sought a design that has a low correlation between input bits and output bits, with the property that the output cannot be described as a simple mathematical function of the input, with no fixed points and no “opposite fixed points”.
The ShiftRows stage provides a simple “permutation” of the data, whereas the other steps involve substitutions. Further, since the state is treated as a block of columns, it is this step which provides for diffusion of values between columns. It performs a circular rotate on each row of 0, 1, 2 & 3 places for respective rows. When decrypting it performs the circular shifts in the opposite direction for each row. This row shift moves an individual byte from one column to another, which is a linear distance of a multiple of 4 bytes, and ensures that the 4 bytes of one column are spread out to four different columns.
The forward mix column transformation, called MixColumns, operates on each column individually. Each byte of a column is mapped into a new value that is a function of all four bytes in that column. It is a substitution that makes use of arithmetic over GF(2^8). Each byte of a column is mapped into a new value that is a function of all four bytes in that column. It is designed as a matrix multiplication where each byte is treated as a polynomial in GF(28). The inverse used for decryption involves a different set of constants.
The constants used are based on a linear code with maximal distance between code words – this gives good mixing of the bytes within each column. Combined with the “shift rows” step provides good avalanche, so that within a few rounds, all output bits depend on all input bits.
In practise, you implement Mix Columns by expressing the transformation on each column as 4 equations (Stallings equation 5.4) to compute the new bytes for that column. This computation only involves shifts, XORs & conditional XORs (for the modulo reduction).
The decryption computation requires the use of the inverse of the matrix, which has larger coefficients, and is thus potentially a little harder & slower to implement.
The designers & the AES standard provide an alternate characterisation of Mix Columns, which treats each column of State to be a four-term polynomial with coefficients in GF(28). Each column is multiplied by a fixed polynomial a(x) given in Stallings eqn 5.7. Whilst this is useful for analysis of the stage, the matrix description is all that’s required for implementation.
The coefficients of the matrix are based on a linear code with maximal distance between code words, which ensures a good mixing among the bytes of each column. The mix column transformation combined with the shift row transformation ensures that after a few rounds, all output bits depend on all input bits. In addition, the choice of coefficients in MixColumns, which are all {01}, {02}, or {03}, was influenced by implementation considerations.
Lastly is the Add Round Key stage which is a simple bitwise XOR of the current block with a portion of the expanded key. Note this is the only step which makes use of the key and obscures the result, hence MUST be used at start and end of each round, since otherwise could undo effect of other steps. But the other steps provide confusion/diffusion/non-linearity. That us you can look at the cipher as a series of XOR with key then scramble/permute block repeated. This is efficient and highly secure it is believed.