Cryptography and Network security, describe and explain the AES cryptosystem, Explores mistakes in paper research and Nmap tools.

1. 1
by: Haitham Farag Daw
2013-14
FACULITY OFELECTRONIC
TECNOLOGY
COMPUTETRENGINEERING
(MSc)

2. Outline
Introduction
AES Cryptosystem
Review of the article
NmapTool
Implementation (RSA)

3. Introduction

4. Cryptography
4
The term Cryptography is originally derived from the two
greek words “kryptos" and “graph", meaning hidden and
writing, 20th
.
Cryptography is the science and study of methods of
protecting data in computer and communication systems
from unauthorized disclosure and modification.
Classified into two cryptosystems, private-key
cryptosystem and public-key cryptosystem. Both are
based on complex mathematical algorithms and are
controlled by keys.

5. Branches of cryptography
Cryptographic engineering
Visual cryptography
Steganography
Quantum cryptography
Multivariate cryptography

6. 6
Uses of cryp.. techniques
 Commitment
schemes
 Secure multiparty
 Computation
 Electronic voting
 Authentication
 Digital signature
 Protocol
 Banking
 Digital currency
 Secret sharing
 Anonymous remailer
 Onion routing
 Cryptosystems

7. Security Goals
7
1.Confidentiality or Privacy : Service is used to
save the information content of all persons except
that told them to get acquainted with them.
2.Data Integrity: This service is used to save the
information of the change (delete or add or
modify) by persons unauthorized to do so.
3.Proof of identity (Authentication): This service is
used to prove the identity of the data handling
(authorized).

8. Cont.
8
4. (Non-repudiation): This service is used to prevent a
person from denial to do something, Digital Signature.
 Note :-
If the primary purpose of encryption is to
provide these services to the people is to
maintain the security of their information .

9. 9
Ciphers
Classical
Rotor
Machines
Private KeySubstitution
Modern
Public Key
Stream Block
Transpositio
n
Fig 3:- Types of Ciphers

10. Fig 3:- Types of Modern cipher.
Symmetric Asymmetric
• Ke=Kd=K
• P=D(E(P,Ke),K)
• Ke ≠ Kd
• P=D(E(P,Ke),Kd)
•DES
•Tripl DES
• AES
• BLOWFISH
• CASTS
• IDEA
• Serpent
• Twofish
•DES
•Tripl DES
• AES
• BLOWFISH
• CASTS
• IDEA
• Serpent
• Twofish
• RSA
• ElGamal
• Diffie-Hellman
• Rabin
• ECDSA
• XTR
• RSA
• ElGamal
• Diffie-Hellman
• Rabin
• ECDSA
• XTR
Modern
• RC4
• BMGL
•SEAL
•SNOW
•SOBER
• RC4
• BMGL
•SEAL
•SNOW
•SOBER
Block Stream

11. Symmetric Encryption
private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are
private-key

12. Advanced Encryption Standard
(AES)

13. 7.13
Main topics
 To review a short history of AES
 To define the basic structure and trans.. of AES
To define the key expansion process
 To define ANALYSIS and Uses of AES
Comparison
Reference

14. 7.14
 Clear a replacement for DES was needed
o
have theoretical attacks that can break it
o
have demonstrated exhaustive key search
attacks, ” deep crack (88b) in 3 days”
 Can use (3-DES) – but slow, has small blocks
 US NIST issued call for ciphers in 1997
 15 candidates accepted in Jun 98
 5 were shortlisted in Aug-99
o (Rijndael, SERPENT, TWOFISH, RC6, MARS).
History

15. Introduction
 The Advanced Encryption Standard (AES).
 Is a symmetric-key block cipher .
 Rijndael was selected as the AES in Oct-2000
 Published by the (NIST) in December 2001.
The criteria defined by NIST for selecting AES fall
into three areas:
1. Security
2. Cost
3. Implementation.

16. 7.16
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than Feistel cipher

processes data as block of 4 columns of 4 bytes

operates on entire data block in every round
 designed to have:

resistance against known attacks

speed and code compactness on many CPUs

design simplicity
The AES Cipher - Rijndael

17. 7.17
Continue
Figure 1:General design of AES encryption cipher

18. AES Structure
 data block of 4 columns of 4 bytes is state
 key is expanded to array of words
 has 10/12/14 rounds in which state undergoes:

byte substitution (1 S-box used on every byte)

shift rows (permute bytes between groups/columns)

mix columns (subs using matrix multiply of groups)

add round key (XOR state with key material)

view as alternating XOR key & scramble data bytes
 initial XOR key material & incomplete last round
 with fast XOR & table lookup implementation

19. 7.19
Figure 2:Ciphers and inverse ciphers of the original design

20. 7.20
Continue

21. 7.21
Structure of Each Round
Figure 3:Structure of each round at the encryption site

22. Some Comments on AES
 key expanded into array of 32-bit words

four words form round key in each round
 4 different stages are used as shown
 has a simple structure
 only AddRoundKey uses key
 AddRoundKey a form of Vernam cipher
 each stage is easily reversible
 decryption uses keys in reverse order
 decryption does recover plaintext
 final round has only 3 stages

23. 7.23
Data Units.
Figure 4: Data units used in AES

24. 7.24
Figure 5:Changing plaintext to state
Continue

25. 7.25
EA 04 65 85
83 01 5D 96
5C 33 98 B0
F1 2D AD C5
Initial XOR key
24 34 31 13
75 75 e2 Aa
A2 56 12 5
B3 88 00 87
00 12 0c 08
04 04 00 23
12 12 13 19
14 00 11 19
Input state Output stateKey Round
Plain text key Cipher text
+ =

26. 7.26
TRANSFORMATIONS
To provide security, AES uses four types of
transformations: substitution, permutation, mixing, and
key-adding.
1. Substitution
2. Permutation
3. Mixing
4. Key Adding

27. Substitute Bytes
 A simple substitution of each byte
 Uses one table of 16x16 bytes .
 Each byte of state is replaced by byte indexed
by row (left 4-bits) & column (right 4-bits)

eg. byte {95} is replaced by byte in row 9
column 5

which has value {2A}
 S-box constructed using defined transformation
of values in GF(28
)
 Designed to be resistant to all known attacks

28. 7.28
0 1 . . . . . . F
0 7C
.
.
.
.
.
F A1
EA 04 65 85
83 01 5D 96
5C 33 98 B0
F1 2D AD C5
State
87 F2 4D 97
EC 7C 4C 90
4A C3 46 E7
A1 D8 95 A6
State
After substituteS-box
SubBytes
Figure 6: SubBytes transformation

29. 7.29

30. 7.30

31. Shift Rows
 A circular byte shift in each each

1st
row is unchanged

2nd
row does 1 byte circular shift to left

3rd row does 2 byte circular shift to left

4th row does 3 byte circular shift to left
 Decrypt inverts using shifts to right
 Since state is processed by columns, this step
permutes bytes between the columns

32. 7.32
87 F2 4D 97
EC 7C 4C 90
4A C3 46 E7
A1 D8 95 A6
87 F2 4D 97
7C 4C 90 EC
46 E7 4A C3
A6 A1 D8 95
unchanged
1 byte shift to left
2 byte shift to left
3 byte shift to left
State
After shifting
State
Shift Rows
Shift row
InShift row
Figure 7: shift rows

33. Mix Columns
 Each column is processed separately
 Each byte is replaced by a value
dependent on all 4 bytes in the column
 Effectively a matrix multiplication in GF(28
)
using prime poly m(x) =x8
+x4
+x3
+x+1

34. Continue
 Can express each col as 4 equations

to derive each new byte in col
 Decryption requires use of inverse matrix

with larger coefficients, hence a little harder
 Have an alternate characterisation

each column a 4-term polynomial

with coefficients in GF(28
)

and polynomials multiplied modulo (x4
+1)
 Coefficients based on linear code with maximal
distance between codewords

35. 7.35
Continue

36. 7.36
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
87 F2 4D 97
6E 4C 90 EC
46 E7 4A C3
A6 A1 D8 95
47 S0,1 S0,2 S0,3
37 S1,1 S1,2 S1,3
94 S2,1 S2,2 S2,3
ED S3,1 S3,2 S3,3
=*
Old matrix New matrixConstant matrix
*
eg.:- (({02}*{87})+({03}*{6E})+({01}*{46})+({01}*{A6}))= {47}
InvMixColumns:
The InvMixColumns transformation is basically the
same as the MixColumns transformation.
Figure 8: Mixing bytes using matrix multiplication

37. Add Round Key
 XOR state with 128-bits of the round key
 Again processed by column (though
effectively a series of byte operations)
 Inverse for decryption identical

since XOR own inverse, with reversed keys
 Designed to be as simple as possible

a form of Vernam cipher on expanded key

requires other stages for complexity / security

38. 7.38
Continue
Figure 9: AddRoundKey transformation
S0,0 S0,1 S0,2 S0,3
S1,0 S1,1 S1,2 S1,3
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
S0,0 S0,1 S0,2 S0,3
S1,0 S1,1 S1,2 S1,3
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
S0,0 S0,1 S0,2 S0,3
S1,0 S1,1 S1,2 S1,3
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
+ =

39. Figure 10: Invertibility of SubBytes and ShiftRows combinations

40. 7.40
KEY EXPANSION
To create round keys for each round, AES uses a key-
expansion process. If the number of rounds is Nr , the
key-expansion routine creates Nr + 1 128-bit round keys
from one single 128-bit cipher key.
 Key Expansion in AES-128

41. 7.41
Key Expansion in AES-128
Figure 11: Key expansion in AES

42. 7.42
Continue

43. 7.43
Examples

44. 7.44
ContinuedContinued

45. 7.45
ContinuedContinued

46. 7.46
ContinuedContinued
Example :
Figure 7.21 shows the state entries in one round, round 7, inFigure 7.21 shows the state entries in one round, round 7, in
Example 7.10.Example 7.10.
Figure 12: States in a single round

47. 7.47
ContinuedContinued
Example :
One may be curious to see the result of encryption when theOne may be curious to see the result of encryption when the
plaintext and cipher key is made of all 0s. Using the cipherplaintext and cipher key is made of all 0s. Using the cipher
key in Example 7.10 yields the ciphertext.key in Example 7.10 yields the ciphertext.

48. 7.48
ANALYSIS OF AES
This section is a brief review of the three characteristics
of AES.
1. Security
2. Implementation
3. Simplicity and Cost

49. 7.49
Security
AES was designed after DES. Most of the known
attacks on DES were already tested on AES.
 Brute-Force Attack
AES is definitely more secure than DES due to the
larger-size key.
 Statistical Attacks
Numerous tests have failed to do statistical analysis
of the ciphertext.
 Differential and Linear Attacks
There are no differential and linear attacks on AES
as yet.

50. 7.50
Implementation
AES can be implemented in software, hardware, and
firmware. The implementation can use table lookup
process or routines that use a well-defined algebraic
structure.
Simplicity and Cost
The algorithms used in AES are so simple that they can
be easily implemented using cheap processors and a
minimum amount of memory.

51. Uses of AES Algorithm
7.51
 AES is used in programs (WINZIP) the user
request dataset after encrypt compressed.
 Used in the protocol TLS, a protocol to
establish a secure connection.
 Use of the IPsec protocol, a protocol to ensure
safety in the connections that are powered by IP
over the Internet
 Uses in the military….etc.

52. 7.52
Comparison

53. 7.53

54. 7.54
Pratap Chandra Mandal has evaluated the following
algorithms: DES, 3DES ,AES and Blowfish
 Pentium IV of 2.4 GHz CPU speed
 4 GB RAM.
 text files sizes range from 50 KB to 22300 KB.
Experiment

55. 7.55

56. 7.56

57. 7.57

58. 7.58

59. 7.59
 William Stallings, CRYPTOGRAPHY AND NETWORK SECURITY, FIFTH
EDITION,2011, USA
 www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf
 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
 Pratap Chandra Mandal., Kolkata, W.B., Evaluation of performance of the
Symmetric Key Algorithms: DES, 3DES ,AES and Blowfish.Journal of Global
Research in Computer Science, 3 (8), August 2012, 67-70.
 Handout
Reference

60. Presentation of
review article

61. Performance Evaluation of Symetric
Cryptography Algorithm
by
Mohsin Khan, Sadaf Hussain, Malik Imran
Article journal, Volume 2, Issue,April 2012-13. Islamabad

62. Outline
 Abstract
 Introduction
 Description
 Modified Blowfish Algorithm
Conclusion
 Critique

63. Abstract
This survey paper discussed about the symmetric
cryptographic algorithms and their performance in
context of power consumption issues, Memory and
CPU processing time.
Also, their performance based on algorithm, key
generation process and length.

64. Introduction
Cryptography converts the message into a non
readable format and send it over an unsecure
channel.
There are five requirements for symmetric
encryption, plain text, cipher text, encryption
algorithm, decryption algorithm, and secret key.

65. In general, encryption uses two techniques
like.
Encryption
Symmetric Asymmetric
RSA ECC Etc.Blowfish
DES,3
DES
AESRC2/6
Fig 1: Cryptography Diagram

66. ---------
---------
---------
------
---------
---------
---------
------
Secret
key
Secret
key
Encryption Decryption
--------
--------
--------
-----
--------
--------
--------
-----
Message Message
M
Y=E(M,K) M=D(Y,K)
K K
@^^&-
=!!l&%-
*kuh&^
@^^&-
=!!l&%-
*kuh&^
Fig 2: Symmetric Encryption Algorithm process

67. Description of some symmetric encryption
algorithms like AES, DES, Blowfish, Modified DES,
and Modified Blowfish, and their strengths and
weaknesses.
1. DES (Data Encryption Standard) Algorithm
It is a block cipher which encrypts 64 bit plaintext at a time and
uses 56 bit key.
The drawback can be easily prone to Brute Force to break the
key, 256
possible.
So DES is not so secure.

68. Round 1
Round 2
Initial
permutayion
Round 16
32 bit swap
Inv initial
permutation
Permuted
choice 2
Left circular
shift
Permuted
choice 2
Left circular
shift
Left circular
shift
Permuted
choice 2
Permutation
choice
64-bit plain text
64-bit cipher text
64-bit key
56
56
56
56
5648
48
48
64
64
64
64
Key Generation
Encryption
Fig 3: DES Algorithm

69. 2. AES (Advanced Encryption Standard) Algorithm
AES is a variable bit block cipher and uses variable key
length of 128, 192 and 256 bits.
AES performs different processing rounds.
Substitute bytes
Shift rows
Mix column
Add round key
AES encryption is fast, flexible and higher secure
The key length is variable.

70. Fig 4: AES Processing Diagram

71. Blowfish Encryption Algorithm
designed in 1993 by Bruce Blowfish
It’s 64 bit block cipher with variable length key.
Fast : It encrypts data on large 32-bit microprocessors at a
rate of 26 clock cycles per byte.
Compact: It can run in less than 5K of memory.
Simple: It uses addition, XOR, lookup table with 32-bit
operands.
Secure: The key length is variable ,it can be in the range of
32~448 bits: default 128 bits key length.
Unpatented and royality-free.

72. Cont..
It is suitable and efficient for hardware
implementation
blowfish algorithm has yet to be cracked as the
key size is high, requires 2448
combinations
The processing speed is less than DES and AES.
simple to implement

73. Fig5:- Blowfish Encryption Algorithm process

74.  Description of Algorithm:
• Feistel network.
• This algorithm is divided into two parts.
1. Key-expansion
•The key expansion step converts 448 bit key into 4168
bytes.
• A P-array of size 18 and four S-boxes whose size is 256
2. Data Encryption
• Divide 64-bits into two 32-bit halves: XL, XR
• For i = 1 to 16
o XL = XL XOR Pi
o XR=F(XL) XOR XR
o Swap XL and XR
• Swap XL and XR (Undo the last swap )
• XR=XR XOR P17
• XL = XL XOR P18
• Concatenate XL and XR

75.  Key-expansion:
It will converts a key of 448 bits into several subkey arrays
totaling 4168 bytes. Blowfish uses large number of subkeys.
These keys are generate earlier to any data encryption or decryption.
The p-array consists of 18, 32-bit subkeys:
P1,P2,………….,P18
Four 32-bit S-Boxes consists of 256 entries each:
S1,0, S1,1,………. S1,255
S2,0, S2,1,……….. S2,255
S3,0, S3,1,……….. S3,255
S4,0, S4,1,..............S4,255

78. Modified Blowfish Algorithm
Modified by Monika and Paradeep in 2012. They
modify the blowfish algorithm with a random number
Rn, the remaining processing is same as blowfish.
Modified blowfish algorithm uses the concept of
random number and flags,
flags decide where f function process is required or
not.

79. Cont...
As the result of the number of f function calls is
reduced, lead to,
 increase the CPU processing time
 decrease memory usage
increased the throughput.
 The second advantage of modified blowfish
algorithm is increased in security.

80. Modified DES Algorithm using Fuse
Data Technique
DES algorithm is modified by Al Hamami et al in .
They present Fuse DES with Blowfish and Genetic
Algorithm (GA).
DES has a disadvantage of shortest key, since it is not
more secure.
The algorithm uses 2 subkeys:-
right subkey and Left subkey is a 768 bit length and
16 blocks of 48 bits called Pi through both 16th round
left subkey is generated.

81. Cont..
the CPU time increased, as well as, memory usage
and as result of slow processing, the throughput
decreased compare to DES.
This is more secure encryption algorithm as uses two
subkeys, R,L.

82. Figure 7 : The Fused DES algorithm process

83. Fig 8 : The F function
process .

84. Conclusion
 one secret key is used in the symmetric
encryption algorithms
the symmetric key algorithms are more prone to
attacks and provide less security than asymmetric
algorithms.
the processing time, throughput, and memory
usage of this algorithms are very less
DES is a less secure algorithm
The drawback is solved in Fused DES through GA
Technique and Blowfish key generation.
The more secure algorithm is blowfish.

85. Critique
 The title of the article is appropriate and clear
However, the abstract is rather general and not
specific.
 In introduction, the purpose of the article was not
clearly stated
So few information regarding the description of
AES algorithm.
 Diagram of modified blowfish is required.

86. Overall Critique
 Modified Blowfish was not clearly described( round
numbers), as well as, GA
 There are so much repetition (DES)
 Figures and charts was not appropriately placed.
 Review of previous researches should be mentioned
in introduction.
 Language of the article was not properly academic.

87. Nmap Tool

88. Outline
 Introduction
 IPAddresses
 Port Scanning
 Nmap
 Anti-Port Scanning
 Reference

89. Introduction
Hacking is a term used to refer to activities
aimed at exploiting security flaws to obtain critical
information for gaining access to secured
networks.

90. General Hacking Methods
1. Identify the target system.
2. Gathering Information on the target system.
3. Finding a possible loophole in the target system.
4. Exploiting this loophole using exploit code.
5. Removing all traces from the log files and escaping
without a trace.

91. Various Types of Attacks
The most common ones are:
Denial of Services attacks (DOS Attacks)
SMURF Attacks
Threat from Sniffing and Key Logging
Trojan Attacks
RAT (Remote Administration Tool)
IP Spoofing
Buffer Overflows
All other types of Attacks

92. IPAddresses
An attacker’s first step is to find out the IP Address of
the target system.
IP Addresses: Finding out an IP Address
Through Instant Messaging Software
C:>netstat -n
Through Internet Relay Chat
Through Your website
by using simply JAVA applets or JavaScript code.
Through Email Headers

93. IPAddresses: Dangers &
Concerns
IP Addresses: Dangers & Concerns
DOS Attacks
Disconnect from the Internet
Trojans Exploitation
Geographical Information
File Sharing Exploits

94. Type of Scanning
Port scanning
Network scanning
Vulnerability scanning

95. Port Scanning
Port Scanning is normally the first step that an
attacker undertakes.
List of Open Ports
Services Running
Exact Names and Versions of all the Services or
Daemons.
Operating System name and version

97. Port Scanning : Major Tools Available
Some of the best and the most commonly used
Port Scanners are:
Nmap
Superscan
Hping
Nessus
Common Features of all above Port Scanners:
Very Easy to Use
Display Detailed Results

98. Nmap

99. Introduction
Nmap (Network Mapper) is a
security scanner originally written
by Gordon Lyon (Fyodor), (1997).
Is a free and open source, Website nmap.org.
Nmap was originally a Linux-only utility, but it was
ported to Microsoft Windows,
Nmap runs on all major computer operating systems
used to discover hosts and services on acomputer
network, and security auditing
 thus creating a "map" of the network. To accomplish
its goal.

100. Determain what operating systems (and OS
versions) they are running, vulnerability detection.
type of packet filters/firewalls are in use, and dozens
of other characteristics.
It was designed to rapidly scan large networks
Nmap is also capable of adapting to network
conditions including latency and congestion during a
scan
Nmap sends specially crafted packets to the target
host and then analyzes the responses.
Cont..

101. Technique of Scan

106. M///mm

109. Nmap features
Host discovery – Identifying hosts on a network.
Port scanning – Enumerating the open ports on target
hosts.
Version detection – Interrogating network services on
remote devices to determine application name and
version number.
 OS detection – Determining the operating system and
hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap
Scripting Engine (NSE) and Lua programming language.
Nmap can provide further information on targets,
including reverse DNS names, device types, and MAC
addresses.

110. Typical uses of Nmap
Auditing the security of a device or firewall by
identifying the network connections which can be
made to, or through it.
Identifying open ports on a target host in
preparation for auditing.
Network inventory, network mapping,
maintenance and asset management.
Auditing the security of a network by identifying
new servers.
Generating traffic to hosts on a network.

120. Network scanning
GIF LANCUARD
Vulnerability scanning
Nessus

121. Anti-Port Scanning
Some useful Anti-Port Scanning software available are:
Scanlogd (A Unix based Port Scan Detector & Logger)
BlackICE (A Windows based Port Scan Detector &
Logger)
Snort: A packet sniffer cum IDS.
Abacus Port sentry: Capable of Detecting both normal
and stealth port scanning attempts.

122. Reference
http://nmap.org/book/man.html
http://nmap.org/book/install.html
http://nmap.org/nsedoc
http://nmap.org/book/zenmap.html
http://nmap.org/changelog.html
http://seclists.org
http://nmap.online-domain-tools.com
http://sectools.org
h.mondo89@yahoo.com