LECTURE NOTES ON INFORMATION SECURITY Il B. Tech I semester (JNTUH-R15) Ms Geetavani.B Assistant Professor, CSE Dr. P L Srinivasa Murthy Professor, CSE Mr N Rajasekar Assistant Professor, CSE Mr P.V Narsimha Rao Assistant Professor, CSE 2000 INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) DUNDIGAL, HYDERABAD - 500 043 COMPUTER SCIENCE AND ENGINEERINGUNIT -I Attacks on Computers and Computer Security: Introduction, The need of Security, Security approaches, Principles of Security, Types of Security Attacks, Security Services, Security Mechanisms, A model for Network Security. Cryptography: Concepts and Techniques: Introduction, Plain text and Cipher Text, Substitution Techniques, Transposition Techniques, Encryption and Decryption, Symmetric and Asymmetric Cryptography, Steganography, Key Range and Key Size, Possible types of Attacks, Introduction: This is the age of universal electronic connectivity, where the vities like hacking, viruses, electronic fraud are very common. Unless security measures are taken, a network conversation or a distributed application can be compromised e: ily. Some simple examples are: i, Online purchases using a credit/debit card. ii, A customer unknowingly being directed to a false website. iii, A hacker sending a message to person pretending to be someone else. Network Security has been affected by two major developments over the last several decades, First one is introduction of computers into organizations and the second one being introduction of distributed systems and the use of networks and communication facilities for carrying data between users & computers. These two developments lead to ‘computer security’ and ‘network security’, where the computer security deals with collection of tools designed to protect data and to thwart hackers. Network security measures are needed to protect data during transmission. But keep in mind that, it is the information and our ability to access that information that we are really trying to protect and not the computers and networks. Why We Need Information Security? Because there are threats: Threats A threat is an object, person, or other entity that represents a constant danger to an asset The 2007 CSI survey 494 computer security practitioners v v 46% suffered security incidents v 29% reported to law enforcement Average annual loss $350,424 vv v vvv Threat Ca vvyv VVvVVVVYY¥ v v 1/5 suffered _targeted attack’ The source of the greatest financial losses? Most prevalent security problem Insider abuse of network access Email tegories Acts of human error or failure Compromises to intellectual property Deliberate acts of espionage or trespass Deliberate acts of information extortion Deliberate acts of sabotage or vandalism Deliberate acts of theft Deliberate software attack Forces of nature Deviations in quality of service Technical hardware failures or errors Technical software failures or errors Technological obsolesce Definitions v vv v Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks our focus is on Internet Security> which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information tow a Source CORT Aspects Of Security consider 3 aspects of information security: > Security Attack > Security Mechanism > Security Service Security Attack > any action that compromises the security of information owned by an organization > information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems often threat & attack used to mean same thing have a wide range of attacks can focus of generic types of attacks vvv > Passive > Active Passive Threats Active Threats denesl “Tralee Ray Malone alo smopctets ate menor ne Figure L2_ Ace ad Pn Sey TresPassive Attack Darth # moc Active Attack Interruption ‘An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on availability. Examples: » Destruction of some hardware > Jamming wireless signals > Disabling file management systems Interception An unauthorized party gains access to an asset, Attack on confidentiality. Examples: > Wire tapping to capture data in a network. > Illicitly copying data or programs > Eavesdropping ModificationWhen an unauthorized party gains access and tampers an asset. Attack is on Integrity. Examples: > Changing data file > Altering a program and the contents of a message Fabrication ‘An unauthorized party inserts a counterfeit object into the system. Attack on Authenticity. Also called impersonation Examples: > Hackers gaining access to a personal email and sending message » Insertion of records in data files > Insertion of spurious messages in a network o —-® efor Information source sinter (a) Neem ow e— OQ 0) iteran (@)Modieaton (e) Eabeation Figure 11. Security Threats Security Services It is a processing or communication service that is provided by a system to give a specific kind of production to system resources. Security services implement security policies and are implemented by security mechanisms. Confidentiali Confidentiality is the protection of transmitted data from passive attacks. It is used to prevent the disclosure of information to unauthorized individuals or systems. It has been defined as “ensuring that information is accessible only to those authorized to have access”The other aspect of confidentiality is the protection of traffic flow from analysis. Ex: A credit card number has to be secured during online transaction, Authentication This service assures that a communication is authentic. For a single message transmission, its function is to assure the recipient that the message is from intended source. For an ongoing interaction two aspects are involved, First, during connection initiation the service assures the authenticity of both parties. Second, the connection between the two hosts is not interfered allowing a third party to masquerade as one of the two parties. Two specific authentication services defines in X.800 are Peer entity authentication: Verifies the identities of the peer entities involved in communication. Provides use at time of Mediaconnectionestblishment and during data transmission. Provides confidence against a masquera or replay attack Data origin authentication: Assumes the authenticity of source of data unit, but does not provide protection against duplication or modification of data units. Supports applications like electronic mail, where no prior interactions take place between communicating entities Integrity Integrity means that data cannot be modified without authorization. Like confidentiality, it can be applied to a stream of messages, a single message or selected fields within a message. Two types of integrity services are available. They are Connection-Oriented Integrity Service: This service deals with a stream of messages, assures that messages are received as sent, with no duplication, insertion, modification, reordering or replays. Destruction of data is also covered here, Hence, it attends to both message stream modification and denial of service. Conneetionless-Oriented Integrity Service: It deals with individual messages regardless of larger context, providing protection against message modification only. An integrity service can be applied with or without recovery. Because it is related to active attacks, major concern will be detection rather than prevention, If a violation isdetected and the service reports it, either human intervention or automated recovery machines are required to recover. Non-repudiation Non-repudiation prevents either sender or receiver from denying a transmitted message. This capability is crucial to e-commerce. Without it an individual or entity can deny that he, she or it is responsible for a transaction, therefore not financially liable, Access Control This refers to the ability to control the level of access that individuals or entities have to a network or system and how much information they can receive. It is the ability to limit and control the access to host systems and applications via communication links. For this, each entity trying to gain access must first be identified or authenticated, so that access rights can be tailored to the individuals. Availability It is defined to be the property of a systemMediaorasystemresource being accessible and usable upon demand by an authorized system entity. The v ilability can significantly be affected by a variety of attacks, some amenable to automated counter measures ie authentication and eneryption and others need some sort of physical action to prevent or recover from loss of availability of elements of distributed system. Security Mechanisms According to X.800, the sec rity mechanisms are divided into those implemented in a specific protocol layer and those that are not specific to any particular protocol layer or security service. X.800 also differentiates reversible & irreversible encipherment mechanisms. A reversible encipherment mechanism is simply an encryption algorithm that allows data to be encrypted and subsequently decrypted, whereas irreversible encipherment include hash algorithms and message authentication codes used in digital signature and message authentication applications Specific Security Mechanisms Incorporated into the appropriate protocol layer in order to provide some of the OST security servies Encipherment: It refers to the process of applying mathematical algorithms for converting data into a form that is not intelligible. This depends on algorithm used and encryption keys. Digital Signature: The appended data or a cryptographic transformation applied to any data unit allowing to prove the source and integrity of the data unit and protect against forgery.Access Control: A variety of techniques used for enforcing access permissions to the system resources, Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. ‘Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis, attempts, Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes once a breach of security is suspected. Notarization: The use of a trusted third party to assure cert in properties of a data exchange Pervasive Security Mechanisms These are not specific to any particular OSI security service or protocol layer. ‘Trusted Funetionality: That which is perceived to b correct with respect to some criteria Security Level: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource, Event Detection: It is the process of detecting all the events related to network security. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: It deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.Model For Network Security Security rated Information sormeti pannel | 2 i! j Secret Opponent ‘Computing resources Opponent (processor, memory, YO) = —_— al Access Channel Gatekeeper | sonware function Figure 1.4 Network Access Security Model Data is transmitted over network between two communicating parties, who must cooperate for the exchange to take place, A logical information channel is established by defining a route through the internet from source to destination by use of communication an opponent presents a threat to confidentiality, protocols by the two parties, Whenev authenticity of information, security aspects come into play. Two components are present in almost all the security providing techniques. A security-related transformation on the information to be sent making it unreadable 10by the opponent, and the addition of a code based on the contents of the message, used to verify the identity of sender. Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception A trusted third party may be needed to achieve secure transmission. It is responsible for distributing the secret information to the two parties, while keeping it away from any opponent. It also may be needed to settle disputes between the two parties regarding authenticity of a message transmission, The general model shows that there are four basic tasks in designing a particular security service: 1. Design an algorithm for performing the security-related transformation, The algorithm should be such that an opponent cannot defeat its purpose 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information 4, Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service various other threats to information system like unwanted access still exist. samdinsa coiarattepiiin Information access threats intercept or modify data on behalf of users who should not have access to that data Service threats exploit service flaws in computers to inhibit use by legitimate users Viruses and worms are two examples of software attacks inserted into the system by means of a disk or also across the network. The security mechanisms needed to cope with unwanted access fall into two broad categories Some basic terminologies used CIPHER TEXT - the coded message CIPHER - algorithm for transforming plaintext to cipher text KEY- info used in cipher known only to sender/receiver ENCIPHER (ENCRYPT) - converting plaintext to cipher text ECIPHER (DECRYPT) - recovering cipher text from plaintext CRYPTOGRAPHY - study of encryption principles/methods CRYPTANALYSIS (CODEBREAKING) - the study of principles! methods of deciphering cipher text without knowing key 8. CRYPTOLOGY - the field of both cryptography and cryptanalysis say aeNe Cryptography Cryptographic systems are generally cla: ified along 3 independent dimensions: ‘Type of operations used for transforming plain text to cipher text: All the encryption algorithms are a based on two general principles: substitution, in which each element in the plaintext is mapped into another element, and transposition, in which elements in the plaintext are rearranged. uThe number of keys used: If the sender and receiver uses same key then it is s to be symmetric key (or) single key (or) conventional encryption. If the sender and receiver use different keys then it is said to be public key encryption ‘The way in which the plain text is processed: A block cipher processes the input and block of elements at a time, producing output block for each input block. A Stream cipher processes the input elements continuously, producing output element one at a time, as it goes along. Cryptanalysis The process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst. There are various types of eryptanalytic attacks based on the amount of information known to the cryptanalyst. ipher text only — A copy of cipher text alone is known to the cryptanalyst. Known plaintext — The cryptanalyst has a copy of the cipher text and the corresponding plaintext. Chosen plaintext — The cryptanalysts gains temporary access to the encryption machine. They cannot open it to find the key, however; they can encrypt a large number of suitably chosen plaintexts and try to use the resulting cipher texts to deduce the key. Chosen cipher text — The eryptanalyst obtains temporary access to the decryption machine, uses it to decrypt several string of symbols, and tries to use the results to deduce the key. Classical Encryption Techniques There are two basic building blocks of all encryption techniques: substitution and transposition, Substitution Techniques In which each element in the plaintext is mapped into another element. Caesar Cipher Monoalphabetic cipher Playfair Cipher Hill Cipher Polyalphabetic Cipher One Time Pad ae bey Caesar Cipher It is a mono-alphabetic cipher wherein each letter of the plaintext is substituted by another letter to form the cipher text. It is a simplest form of substitution cipher scheme. 12This eryptosystem is generally referred to as the Shift Cipher. The concept is to replace each alphabet by another alphabet which is ‘shifted’ by some fixed number between 0 and 25, For this type of scheme, both sender and receiver agree on a ‘secret shift number’ for shifting the alphabet. This number which is between 0 and 25 becomes the key of encryption. The name “Caesar Cipher” is occasionally used to describe the Shift Cipher when the ‘shift of three’ is used. Process of Shift Cipher + In order to encrypt a plaintext letter, the sender positions the sliding ruler underneath the first set of plaintext letters and slides it to LEFT by the number of positions of the secret shift + The plaintext letter is then encrypted to the cipher text letter on the sliding ruler underneath, The result of this process is depicted in the following illustration for an agreed shift of three positions. In this case, the plaintext ‘tutorial’ is encrypted to the cipher text ‘WXWRULDO’. Here is the cipher text alphabet for a Shift of 3 - Piaintext Alphabet |a|b|c|dielfig|h|iljik}l|minlolplaqiris|tiulviwixly Ciphertext Alphabet |D/E|FIG|H] I] J/K|LIM[N}O}P}Q{RIS|T|U]V|WIX]Y¥| ZA] B * On receiving the cipher text, the receiver who also knows the secret shift, positions his sliding ruler underneath the cipher text alphabet and slides it to RIGHT by the agreed shift number, 3 in this case. + He then replaces the cipher text letter by the plaintext letter on the sliding ruler underneath, Hence the cipher text “WXWRULDO" is decrypted to ‘tutorial’, To decrypt a message encoded with a Shift of 3, generate the plaintext alphabet using a shift of *-3° as shown below — Ciphertext Alphabet A] 8] clo] e | [e|4] i]s] x[t[m[Nfo]plale]s|tlulv|w]x[y[z Painnext aipabet | x|y [zal b[eldlelflglalifilk[t[m[nfolplalr[s[t]ulv[w Security Value Caesar Cipher is not a secure cryptosystem because there are only 26 possible keys to try out, An attacker can carry out an exhaustive key search with available limited computing resources, Simple Substitution Cipher Itis an improvement to the Caesar Cipher. Instead of shifting the alphabets by some number, this scheme uses some permutation of the letters in alphabet. For example, A.B.....Y.Z and Z.Y......B.A are two obvious permutation of all the letters in alphabet. Permutation is nothing but a jumbled up set of alphabets, With 26 letters in alphabet, the possible permutations are 26! (Factorial of 26) which is equal to 4x10°*, The sender and the receiver may choose any one of these possible permutation as a cipher text alphabet. This permutation is the secret key of the scheme. 13Process of Simple Substitution Cipher + Write the alphabets A, B, C,...Z.in the natural order. + The sender and the receiver decide on a randomly selected permutation of the letters of the alphabet. + Undemeath the natural order alphabets, write out the chosen permutation of the letters of the alphabet. For encryption, sender replaces each plaintext letters by substituting the permutation letter that is directly beneath it in the table. This process is shown in the following illustration. In this example, the chosen permutation is K, D, G, 0. The plaintext ‘point’ is encrypted to ‘MJBXZ’. Here is a jumbled Cipher text alphabet, where the order of the cipher text letters is a key. Piaintext Alphabet | a|b| c| d| e ik] t[m)nfolplqirisit{ulviwlx}y Ciphertext Alphabet | K]D|GFIN|S| Liv] B|WiA|H}E| x] J |Mjajc|eiziRi tly} ify + On receiving the ciphertext, the receiver, who also knows the randomly chosen permutation, replaces each ciphertext letter on the bottom row with the corresponding plaintext letter in the top row. The ciphertext ‘MJBXZ. is decrypted to ‘point’. Security Value Simple Substitution Cipher is a considerable improvement over the Caesar Cipher. The possible number of keys is large (26!) and even the modern computing systems are not yet powerful enough to comfortably launch a brute force attack to break the system. However, the Simple Substitution Cipher has a simple design and it is prone to design flaws, say choosing obvious permutation, this eryptosystem can be easily broken. Monoalphabetic and Polyalphabetic Cipher Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for cach plain alphabet is fixed throughout the encryption process. For example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted to All of the substitution ciphers we have discussed earlier in this chapter are monoalphabetic; these ciphers are highly susceptible to cryptanalysis. Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers. Playfair Cipher In this scheme, pairs of letters are encrypted, instead of single letters as in the substitution cipher. ¢ of simple In playfair cipher, initially a key table is created. The key table is a 5x5 grid of alphabets that acts as the key for encrypting the plaintext, Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I 14The sender and the receiver deicide on a particular key, say ‘tutorials’, In a key table, the first characters (going left to right) in the table is the phrase, excluding the duplicate letters. The rest of the table will be filled with the remaining letters of the alphabet, in natural order. The key table works out to be ~ T /U oO R I <| al o} > m mn a xo w |x ly [z Process of Playfair Cipher + First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”. It will be written as — HIDE MO NE YZ + The rules of encryption are — © Ifboth the letters are in the same column, take the letter below each one (going back to the top if at the bottom) TUORL AL SBC DE F Gf 2% T are in same cohmnn, hence take letter below them to replace HI Qc KMNPQ a VWXYZ * Ifboth letters are in the same row, take the letter to the right of cach one (going back to the left if at the farthest right) TUORI “D’ and ‘E’ are in same row, hence take letter to the right of them to replace. DE > EF + Ifneither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle. 1sit R|1 | ‘Mand ‘0’ nor on same column or same row, x STE] hence form rectangle as shown, and replace letter by picking up opposite corner letter on same row D G]H| Mo -> Nu K] P/Q viw]x fy [z Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be = QC EF NU MF ZV Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has the same key and can create the same key table, and then decrypt any messages made using that key. Security Value It is also a substitution cipher and is difficult to break compared to the simple substitution, cipher. As in case of substitution cipher, cryptanalysis is possible on the Playfair cipher as well, however it would be against 625 possible pairs of letters (25x25 alphabets) instead of 26 different possible alphabets. The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is quick to use and requires no special equipment. Vigenere Cipher This scheme of cipher uses a text string (say, a word) as a key, which is then used for doing a number of shifts on the plaintext. For example, let’s assume the key is ‘point’, Each alphabet of the key is converted to its respective numeric value: In this case, p> 16,0 15,i> 9, 14, and t > 20. Thus, the key is: 16 15 9 14 20. Process of Vigenere Cipher > The sender and the receiver decide on a key. Say ‘point’ is the key. Numeric representation of this key is “16 15 9 14 20°. > The sender wants to encrypt the message, say ‘attack from south east’, He will arrange plaintext and numeric key as follows ~ a l(t |t/a le |[k /f |rjo |[m{s_/o ju/t [h Je [a [s|t 16 [15] 9 | 14] 20] 16] 15| 9 | 14] 20] 16] 15/9 | 14| 20| 16] 15/9] 14 16> He now shifts each plaintext alphabet by the number written below it to create ciphertext as shown below — a|t [tla fc |k /f |rjo |m|s fo |uft [h fe Ja Js|t is [1s] 9 | 14 [20 [416/15 [9 [14] 20/16] 1s ]9 [14] 20/16 | as] [ia Qi [clo [wia lu falc [e [i [bp [D/H [B lu [P [Bin » Here, each plaintext character has been shifted by a different amount — and that amount is determined by the key. The key must be less than or equal to the size of the message. > For decryption, the receiver uses the same key and shifts received ciphertext in reverse order to obtain the plaintext. Q{i |[cfo}wa ju jAlc |G |i [D |D/H /B {u |P {BiH is [1s [9 [44[20 | 16 [as [9 [14] 20 [16 [45] 9 [44 [20 | 16 [a5 i4 alt [tla |e [k [f [rlo [m]s Jo [ult [h Je [a [s[t Security Value Vigenere Cipher was designed by tweaking the standard Caesar cipher to reduce the effectiveness of cryptanalysis on the ciphertext and make a cryptosystem more robust. It is significantly more secure than a regular Caesar Cipher. In the history, it was regularly used for protecting sensitive political and military information. It was referred to as the unbreakable cipher due to the difficulty it posed to the cryptanalysis. Variants of Vigenere Cipher There are two special cases of Vigenere cipher ~ > The keyword length is same as plaintext message. This case is called Vernam Cipher. It is more secure than typical Vigenere cipher v Vigenere cipher becomes a cryptosystem with perfect secrecy, which is called One-time pad, One-Time Pad The circumstances are — > The length of the keyword is same as the length of the plaintext, > The keyword is a randomly generated string of alphabets. > The keyword is used only once. 7Security Value Let us compare Shift cipher with one-time pad. Shift Cipher - Easy to Break In case of Shift cipher, the entire message could have had a shift between I and 25. This is a very small size, and very easy to brute force. However, with each character now having its own individual shift between 1 and 26, the possible keys grow exponentially for the message One-time Pad — Impossible to Break Let us say, we encrypt the name “point” with a one-time pad, It is a 5 letter text. To break the cipher text by brute force, you need to try all possibilities of keys and conduct computation for (26 x 26 x 26 x 26 x 26) = 26° = 11881376 times. That’s for a message with 5 alphabets. Thus, for a longer message, the computation grows exponentially with every additional alphabet. This makes it computationally impossible to break the cipher text by brute force. Transposition Techniques All the techniques examined so far involve the substitution of a cipher text symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher. Rail fence is simplest of such cipher, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. Plaintext = meet at the school house To encipher this message with a rail fence of depth 2, We write the message as follows: meatecolosetthshohue The encrypted message is MEATECOLOSETTHSHOHUE Row Transpos jon Ciphers-A more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of columns then becomes the key of the algorithm, plaintext ~ meet at the school house Key=4312567 PT=meetattheschoolhouse 18CT = ESOTCUEEHMHLAHSTOETO A pure transposition cipher is easily recognized because it has the same letter frequencies as the original plaintext, The transposition cipher can be made significantly more secure by performing more than one stage of transposition. The result is more complex permutation that, is not easily reconstructed. Steganography A plaintext message may be hidden in any one of the two ways. The methods of steganography conceal the existence of the message, whereas the methods of cryptography render the message unintelligible to outsiders by various transformations of the text, A simple form of steganography, but one that is time consuming to construct is one in which an arrangement of words or letters within an apparently innocuous text spells out the real message. e.g., (i) the sequence of first letters of each word of the overall message spells out the real (hidden) message. (ii) Subset of the words of the overall message is used to convey the hidden message. Various other techniques have been used historically, some of them are: > Character marking — selected letters of printed or typewritten text are overwritten in pencil, The marks are ordinarily not visible unless the paper is held to an angle to bright light. v Invisible ink — a number of substances can be used for writing but leave no visible trace until heat or some chemical is applied to the paper. v Pin punctures — small pin punctures on selected letters are ordinarily not visible unless the paper is held in front of the light. v Typewritten correction ribbon — used between the lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light. Drawbacks of Steganography > Requires a lot of overhead to hide a relatively few bits of information. > Once the system is discovered, it becomes virtually worthless. 19UNIT ~2 ‘Symmetric Key Ciphers: Block Cipher Principles and Algorithms (DES, AES, and Blowfish), Differential and Linear Cryptanalysis, Block Cipher Modes of Operations, Stream Ciphers, RC4, Location and Placement of encryption function, Key Distribution. Asymmetric Key Ciphers: Principles of Public Key Cryptosystems, Algorithms (RSA, Diffie- Hellman, ECC), Key Distribution Conventional Encryption Principles A Conventional/Symmetric encryption scheme has five ingredients: 1, Plain Text: This is the original message or data which is fed into the algorithm as input. 2. Encryption Algorithm: This encryption algorithm performs various substitutions and transformations on the plain text. Secret Key: The key is another input to the algor thm, The substitutions and transformations performed by algorithm depend on the key. 4. Cipher Text: This is the scrambled (unreadable) message which is output of the encryption algorithm, This cipher text is dependent on plaintext and secret key. For a given plaintext, two different keys produce two different cipher texts 5. Decryption Algorithm: This is the reverse of encryption algorithm, It takes the cipher text and secret key as inputs and outputs the plain text. 20Secret ey shared by Secret key shared by sender sender and " Transmitted ciphertext —__ciobertext__ || Encryption algorithm Decryption algorithm (eg DES) (reverse of encryption algorithm ) impli fied Mode! of Conventional Encryption ‘The important point is that the security of conventional encrypt on depends on the secrecy of the key, not the secrecy of the algorithm i.e. it is not necessary to keep the algorithm secret, but only the key is to be kept secret, This feature that algorithm need not be kept secret made it feasible for wide spread use and enabled manufacturers develop low cost chip implementation of data encryption algorithms. With the use of conventional algorithm, the principal security problem is maintaining the secrecy of the key. Feistel Cipher Structure The input to the encryption algorithm are a plaintext block of length 2w bits and a key K. the plaintext block is divided into two halves Lo and Ro. The two halves of the data pass through ,.n rounds of processing and then combine to produce the cipher text block. Each round ,,i" has inputs Li-t and Ri-, derived from the previous round, as well as the subkey Ki, derived from the overall key K. in general, the subkeys Ki are different from K and from each other. All rounds have the same structure. A substitution is performed on the left half of the data (as similar to S-DES). This is done by applying a round function F to the right half 2of the data and then taking the XOR of the output of that function and the left half of the data. The round function has the same general structure for each round but is parameterized by the round subkey ki, Following this substitution, a permutation is performed that consists of the interchange of the two halves of the data, This structure is a particular form of the substitution-permutation network, The exact realization of a Feistel network depends on the choice of the following parameters and design features: vv vv vv Block size - Increasing size improves security, but slows cipher Key size - Increasing size improves security, makes exhaustive key searching harder, but may slow cipher Number of rounds - Increasing number improves security, but slows cipher Subkey generation - Greater complexity can make analysis harder, but slows. cipher Round function - Greater complexity can make analysis harder, but slows cipher Fast software en/decryption & case of analysis - re more recent concerns for practical use and testing heOutput (ptantert) Input (ciphertext) ‘Output (ciphertext The process of decryption is essentially the same as the encryption process. The rule is as follows: use the cipher text as input to the algorithm, but use the subkey ki in reverse order. ive., kn in the first round, ks-1 in second round and so on, For clarity, we use the notation LEi and REi for data traveling through the decryption algorithm. The diagram below indicates that, at each round, the intermediate value of the decryption process is same (equal) to the corresponding value of the encryption process with two halves of the value swapped. 23i.e., REi || LEi (or) equivalently RD16. || LD16 After the last iteration of the encryption process, the two halves of the output are swapped, so that the cipher text is RE16 || LE16. The output of that round is the cipher text, Now take the cipher text and use it as input to the same algorithm. The input to the first round is RE16 LEls, which is equal to the 32-bit swap of the output of the sixteenth round of the encryption process. Now we will see how the output of the first round of the decryption process is equal to a 32-bit swap of the input to the sixteenth round of the encryption process. First consider the encryption process, LE16 = RE15 REL LE1s( F (RE1s, Ki6) On the decryption side, LD1 =RDo = LE16 =RE1s RDi = LDo (4) F (RDo, Kis) =RE16 F (REts, Ki) =[LE1s F (RE1s, Ki6)] F (RE1s, Kis) =LEIs Therefore, LDi = RE1s RD1 = LE1s In general, for the ith iteration of the encryption algorithm, LEi = REi-1 REi= LEi.1 F (REi-1, Ki) Finally, the output of the last round of the decryption process is REo || LEo. A 32-bit swap recovers the original plaintext.Definitions Encryption; Converting a text into code or cipher. Converting computer data and messages into something, incomprehensible use a key, so that only a holder of the matching key can reconvert them, Conventional or Symmetric or Secret Key or Single Key encryption: Uses the same key for encryption & decryption. Public Key encryption: Uses different keys for encryption & decryption Conventional Encryption Principles An eneryption scheme has five ingredients 1. Plaintext — Original message or data. 2. Encryption algorithm — performs substitutions & transformations on plaintext. 3. Secret Key — exact substitutions & transformations depend on this 4, Cipher text - output ie scrambled input. 5. Decryption algorithm - converts cipher text back to plaintext. Simplified Data Encryption Standard (S-DES) * a fo)The figure above illustrates the overall structure of the simplified DES. The S-DES encryption algorithm takes an 8-bit block of plaintext (example: 10111101) and a 10-bit key as input and produces an &-bit block of cipher text as output. The S-DES decryption algorithm takes an 8-bit block of cipher text and the same 10-bit key used to produce that cipher text as input and produces the original 8-bit block of plaintext, The encryption algorithm involves five functions: > an initial permutation (IP) > acomplex function labeled fi, which involves both permutation and substit operations and depends on a key input > a simple permutation function that switches (SW) the two halves of the data v the funetion fi again > a permutation function that is the inverse of the initial permutation The function fi takes as input not only the data passing through the encryption algorithm, but also an 8-bit key. Here a 10-bit key is us from which two 8-bit subkeys are generated, The key is first subjected to a permutation (P10). Then a shift operation is performed. The output of the shift o eration then passes through a permutation function that produces an 8-bit output (P8) for the first subkey (K1). The output of the shift operation also feeds into another shift and another instance of P8 to produce the second subkey (K2). The encryption algorithm can be expressed as a composition composition of functions: IP. 0 fk2 0 SW o fki 0 IP This can also be written as Ciphertext = IP-1 (fic2 (SW (fk1 (IP (plaintext))))) Where K1 = P8 (Shift (P10 (Key))) K2 = P8 (Shift (shift (P10 (Key)))) Decryption can be shown as Plaintext = IP-1 (fk1 (SW (fiz (IP (ciphertext))))) 26it key S-DES depends on the use of a 10-bit key shared between sender and receiver, From this key, two 8-bit subkeys are produced for use n particular stages of the eneryption and decryption algorithm. First, permute the key in the following fashion. Let the 10-bit key be designated as (kl, K2, k3, k4, kS, k6, k7, k8, k9, k10), Then the permutation P10 is defined as: PLO (kl, K2, k3, k4, kS, K6, k7, k8, k9, K10) = (K3, KS, K2, k7, k4, k10 10, kl, k9, k8, K6) P10 can be concisely defined by the dis lay: P10 3[5 [2 [774 To]1 [97s [6 This table is read from left to right; each position in the table gives the identity of the input bit that produces the output bit in that position. So the first output bit is bit 3 of the input; the second output bit is bit 5 of the input, and so on. For example, the key (1010000010) is permuted to (10000 01100). Next, perform a circular left shift (LS-1), or rotation, separately, on the first five bits and the second five bits. In our example, the result is (00001 11000), Next we apply P8, which picks out and permutes 8 of the 10 bits according to the following rule: PSThe result is subkey 1 (K1). In our example, this yields (10100100). We then go back to the pair of S-bit strings produced by the two LS-1 functions and performs a circular left shift of 2 bit positions on each string. In our example, the value (00001 11000) becomes (00100 00011). Finally, P8 is applied again to produce K2. In our example, the result is (01000011). S-DES encryption Encryption involves the sequential application of five functions. Initial and Final Permutations The input to the algorithm is an 8-bit block of plaintext, which we first permute using the IP function: iP 2 6 3 1 4 8 5 7 This retains all 8 bits of the plaintext but mixes them up Consider the plaintext to be 11110011. Permuted output = 10111101 At the end of the algorithm, the inverse permutation is use : PT 4 1 3 5 7 2 8 6 The most complex Skyupscomponentof- the function fk, which consists of a combination of permutation and substitution functions. The functions can be expressed as follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit input to f K, and. let F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let f(L, R) = (L(+) F(R, SK), R) Where SK is a subkey and (+) is the bit-by-bit exclusive-OR function, €.g,, permuted output = 1011 1101 and suppose F (1101, SK) = (1110) for some key SK. Then £K(10111101) ~ 10111110, 1101 ~ 01011101 We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first operation is an expansion/permutation operation: EP,R= 1101 E/P output = 11101011 It is clearer to depict the result in this fashion: My My Ny ny ny The 8-bit subkey K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added to this value using exclusive-OR: a,@a, | my ny Bys | My ny ng] my Bk, Gk, | 1, Ok, Be, | m Sig hig My Let us rename these 8 bits: Poo Pos Por Pos Pio Pia Pi Pig The first 4 bits (first row of the preceding matrix) are fed into the S-box SO to produce a 2- bit output, and the remaining 4 bits (second row) are fed into S1 to produce another 2- bit output. These two boxes are defined as follows: The S-boxes operate Skyups as follows. The first and fourth input bits are treated as a 2-bit number that specify a row of the -box, and the second and third input bits specify a column of the S-box. The entry in that row and column, in base 2, is the 2-bit output. For example, if (p0,0 p0,3) = ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0, column 2 of SO, which is 3, or (11) in ) binary. Similarly, (p1,0 p1,3) and ( pl,1 pl,2) are used to index into a row and column of $1 to produce an additional 2 bits. Next, the 4 bits produced by SO and SI undergo a further permutation as follo’ Pa 2 4 3 i The output of P4 is the output of the function F. The Switch Function The function f K only alters the leftmost 4 bits of the input. The switch function (SW) interchanges the left and right 4 bits so that the second instance of f K operates 29ona different 4 bits. In this second instance, the E/P, $0, $1, and P4 functions are the same. The key input is K2. Finally apply inverse permutation to get the ciphertext Data Encryption Standard (DES) The main standard for encrypting data was a symmetric algorithm known as the Data Encryption Standard (DES). However, this has now been replaced by a new standard known as is a 64 bit block the Advanced Encryption Standard (AES) which we will look at later. E cipher which means that it encrypts data 64 bits at a time. This is contrasted to a s eam cipher in which only one bit at a time (or sometimes small groups of bits such as a byte) is encrypted. DES was the result of a research project set up by Intemational Business Machines (IBM) corporation, in the late 1960's which resulted in a cipher known as LUCIFER. In the early 1970's it was decided to commercialize LUCIFER and a number of significant changes were introduced. IBM was not the only one involved in these changes as they sought technical advice from the National Security Agency (NSA) (other outside consultants were involved but it is likely that the NSA were the major contributors from a technical point of view). The alt red version of LUCIFER was put forward as a proposal for the new national encryption standard requested by the National Bureau of Standards (NBS)3 . It was finally adopted in 1977 as the Data Encryption Standard - DES (FIPS PUB 46). Some of the changes made to LUCIFER have been the subject of much controversy even to the present day. The most notable of these was the key size, LUCIFER used a key size of 128 bits however this was reduced to 56 bits for DES. Even though DES actually accepts a 64 bit key as input, the remaining eight bits are used for parity checking and have no effect on DES’s security. Outsiders were convinced that the 56 bit key was an easy target for a brute force attack4 due to its extremely small size. The need for the parity checking scheme was also questioned without satisfying answers. Another controversial issue was that the S-boxes used were designed under classified conditions and no reasons for their particular design were ever given. This led people to assume that the NSA had introduced a “trapdoor” through which they could decrypt any data encrypted by DES even without knowledge of the key. One startling discovery was that the S-boxes appeared to be secure against an attack known as Differential Cryptanalysis which was only publicly discovered by Biham and Shamir in 1990. This suggests, that the NSA were aware of this attack in 1977; 13 years earlier! In 30fact the DES designers claimed that the reason they never made the design specifications for the S-boxes available was that they knew about a number of att cks that weren’t public knowledge at the time and they didn’t want them leaking - this is quite a plausible claim as differential cryptanalysis has shown, However, despite all this controversy, in 1994 NIST reaffirmed DES for goverment use for a further five years for use in areas other than “classified”. DES of course isn’t the only symmetric cipher. There are many others, each with varying levels of complexity. Such ciphers include: IDEA, RC4, RCS, RC6 and the new Advanced Encryption Standard (AES), AES is an important algorithm and was originally meant to replace DES (and its more secure variant triple DES) as the standard algorithm for non-classified material. However as of 2003, AES with key sizes of 192 and 256 bits has been found to be secure enough to protect information up to top secret. Since its creation, AES had underdone intense scrutiny as one would expect for an algorithm that is to be used as the standard. To date it has withstood all attacks but the search is still on and it remains to be seen Media whetherornotthis will last. We will look at AES later in the course. DES DES (and most of the other major symmetric ciphers) is based on cipher known as the Feistel block cipher. It consists of a number of rounds where each round contains bit-shuffling, non- linear substitutions (S-boxes) and exclusive OR operations. As with most encryption schemes, DES expects two inputs - the plaintext to be encrypted and the secret key. The manner in which the plaintext is accepted, and the key arrangement used for encryption and decryption, both determine the type of cipher it is. DES is therefore a symmetric, 64 bit block cipher as it uses the same key for both encryption and decryption and only operates on 64 bit blocks of data at a timeS (be they plaintext or ciphertext). The key size used is 56 bits, however a 64 bit (or eight-byte) key is actually input. The least significant bit of each byte is, either ed for parity (odd for DES) or set arbitrarily and does not increase the security in any way. All blocks are numbered from left to right which makes the eight bit of each byte the parity bit. 31Once a plain-text message is received to be encrypted, it is arranged into 64 bit blocks required for input. If the number of bits in the message is not evenly divisible by 64, then the last block will be padded. Multiple permutations and substitutions are incorporated throughout in order to increase the difficulty of performing a cryptanalysis on the cipher Overall Structure Figure below shows the sequence of events that occur during an encryption operation, DES performs an initial permutation on the entire 64 bit block of data. It is then split into 2, 32 bit sub-blocks, Li and Ri which are then passed into what is known as a round (see figure 2.3), of which there are 16 (the subscript i in Li and Ri indi ites the current round). Each of the rounds are identical and the effectsMediaofincreasingtheir number is twofold - the algorithms security is increased and its temporal efficiency decreased. Clearly these are two conflicting outcomes and a compromise must be ma . For DES the number chosen was 16, probably to guarantee the elimination of any correlation between the cipher text and either the plaintext or key6 . At the end of the 16th round, the 32 bit Li and Ri output quantities are swapped to create what is known as the pre-output. This [R16, L16] concatenation is permuted using a function which is the exact inverse of the initial permutation, The output of this final permutation is the 64 bit cipher text64-bit plaintext 36-bit key TT I Initial Permutation Permuted choice 1 nef tae x ae) aa AL Permated choice 2 jee-{ ef eireular shit xe Tew x. oe Round 2 pee Permuted choice 2_ taf Lafleur oh | , ~ wn! | | | 1_ii_«, ‘Round 15 jane {_Permuted choice 2 }saa-{_Left circular shift a Te x oe Round 16 Si Permuted choice 2 rox-{ Left cireular shit “="ThiSwap [= Tnverse Permutation G4-bit ciphertext Figure _: Flow Diagram of DES algorithm for encrypting data So in total the processing of the plaintext proceeds in three phases as can be seen from the left hand side of figure 1. Initial permutation (IP - defined in table 2.1) rearranging the bits to form the “permuted input” 2. Followed by 16 iterations of the same function (substitution and permutation). The output of the last iteration consists of 64 bits which is a fumetion of the plaintext and key. The left and right halves are swapped to produce the pre-output. 3, Finally, the pre-output is passed through a permutation (IP-1 - defined in table 2.1) which is simply the inverse of the initial permutation (IP). The output of IPI is the 64- bit cipher text 33Table 2.1: Permutation tables used in DES ‘As figure shows, the inputs to each round consist of the Li , Ri pair and a 48 bit subkey which is a shifted and contracted version of the original 56 bit key. The use of the key can be seen in the right hand portion of figure 2.2: + Initially the key is passed through a permutation function (PCI - defined in table 2.2) + For each of the 16 iterations, a subkey (Ki) is produced by a combination of a left circular shift and a permutation (PC2 - defined in table 2.2) which is the same for each iteration. However, the resulting subkey is different for each iteration because of repeated shifts. 34Poem Cen Ore EA 6) Porm Chater te 35 Details Of Individual RoundsOperations on Data Operations on Key 32 bits 32 bits 28 bits 28 bits Cea Dia Les; R Figure — : Details of a single DES round, The main operations on the data are encompassed into what is referred to as the cipher function and is labeled F. This function accepts two different length inputs of 32 bits and 48 bits and outputs a single 32 bit number. Both the data and key are operated on in parallel, however the operations are quite different. The 56 bit key is split into two 28 bit halves Ci and Di (C and D being chosen so as not to be conf sed with L and R). The value of the key used in any round is simply a left cyclic shift and a permuted contraction of that used in the previous round, Mathematically, this can be written as Ci = Lesi(Ci-1), Di= Lesi(Di-1) Ki=P C2(Ci, Di) where Lesi is the left eyclic shift for round i, Ci and Di are the outputs after the shifts, P C2(.) is a function which permutes and compresses a 56 bit number into a 48 bit number and Ki is the actual key used in round i, The number of shifts is either one or two and is determined by the round number i. For i= {1, 2, 9, 16} the number of shifts is one and for every other round itis two 36S-BOX Details Table 2.3: S-box details, Figure 2.4: The complex F function of the DES algorithm. 37Advanced Encryption Algorithm (AES) > AES is a block cipher with a block length of 128 bits. > AES allows for three different key lengths: 128, 192, or 256 bits. Most of our discussion will assume that the key length is 128 bits Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys > Except for the last round in each case, all other rounds are identical. v Each round of processing includes one single-byte based substitution step, a row- v wise permutation step, a column-wise mixing step, and the addition of the round key. The order in which these four steps are executed is different for encryption and decryption. To appreciate the processing steps used in single round, it is best to think of a v 128-bit block as consisting of a 4 x 4 matrix of bytes, rearranged as follows: byteo byte, bytes byter | byte, byte; bytes bytes byte bytes byter byters byte; byte; byte, byte, | Therefore, the first four bytes of a 128-bit input block occupy the first column in the 4 x 4 matrix of bytes. The next four bytes occupy the second column, and so on. The 4x4 matrix of bytes shown above is referred to as the state array in AES. 38.128 bit plaintext block 128 bit plaintext block zn 2 g é z & & e 128 bit ciphertext block 128 bit ciphertext block AES Encryption AES Decryption The algorithm begins with an Add round key stage followed by 9 rounds of four stages and a tenth round of three stages. This applies for both encryption and decryption with the exception that each stage of a round the decryption algorithm is the inverse of its counterpart in the eneryption algorithm, ‘The four stages are as follows: 1. Substitute bytes 2. Shift rows 3. Mix Columns 4. Add Round Key Substitute Bytes > This stage (known as SubBytes) is simply a table lookup using a 16 x 16 matrix of byte values called an s-box. > This matrix consists of all the possible combinations of an 8 bit sequence (28 = 16 x 16 = 256). > However, the s-box is not just a random permutation of these values and there is a well defined method for creating the s-box tables. 39> The designers of Rijndael showed how this was done unlike the s-boxes in DES for which no rationale was given. Our concern will be how state is affected in each round. > For this particular round each byte is mapped into a new byte in the following way: the leftmost nibble of the byte is used to specify a particular row of the s-box and the rightmost nibble specifies a column. > For example, the byte {95} (curly brackets represent hex values in FIPS PUB 197) selects row 9 column 5 which tums out to contain the value {2A} > This is then used to update the state matrix, Shift Row Transformation > This stage (known as ShiftRows) is shown in figure below. > Simple permutation an nothing more. > It works as follow: — The first row of state is not altered. — The second row is shifted 1 bytes to the left in a circular manner, ~ The third row is shifted 2 bytes to the left in a circular manner. — The fourth row is shifted 3 bytes to the left in a circular manner.Mix Column Transformation > This stage (known as MixColumn) is basically a substitution > Each column is operated on individually. Each byte of a column is mapped into a new value that is a function of all four bytes in the column, > The transformation can be determined by the following matrix multiplication on state > Each element of the product matrix is the sum of products of elements of one row and one column, > In this case the individual additions and multiplications are performed in GF(28 ). > Thes :xColumns transformation of a single column j (0 In this stage (known as AddRoundKey) the 128 bits of state are bitwise XORed with the 128 bits of the round key. > The operation is viewed as a column wise operation between the 4 bytes of a state column and one word of the round key. 4> This transformation is as simple as possible which helps in efficiency but it also effects every bit of state. > The AES key expansion algorithm takes as input a 4-word key and produces a linear array of 44 words. Each round uses 4 of these words as shown in figure. > Bach word contains 32 bytes which means each subkey is 128 bits long, Figure 7 show pseudocode for generating the expanded key from the actual key. Blowfish Algorithm a symmetric block cipher designed by Bruce Schneier in 1993/94 * characteristics: + fast implementation on 32-bit CPUs * compact in use of memory + simple structure for analysis/implementation + variable security by varying key size + has been implemented in various products Blowfish Key Schedule + uses a 32 to 448 bit key, 32-bit words store in K-array Kj ,j from 1 to 14 + used to generate + 18 32-bit subkeys stored in P array, Pr ....Pis + four 8x32 S-boxes stored in Sij, each with 256 32-bit entries Subkeys And S-Boxes Generation: 1. initialize P-arra and then 4 S-boxes in order using the fractional part of pi Pi ( left most 32-bit), and so on,,, S255 2. XOR P-array with key-Array (32-bit blocks) and reuse as needed: assume we have up to kio then Pio XOR Kio, Pir XOR Kt ... Pis XOR Ks 3. Encrypt 64-bit block of zeros, and use the result to update P1 and Pz 4, Encrypting output from previous step using current P & § and replace Ps and Ps. Then encrypting current output and use it to update successive pairs of P. 5. After updating all P's (last :P17 P1s), start updating S values using the encrypted output from previous step. > requires $21 eneryptions, hence slow in re-keying > Not suitable for limited-memory applications, 42Blowfish Encryption uses two main operations: addition modulo 2s2 , and XOR > data is divided into two 32-bit halves Lo & Ro for i=1 to 16 do Rix Lis XOR Ps Ls=F[R] XOR Rit; ‘Liz = Ris XOR Pis; Rit= Lie XOR Pr; + where Fla,b,c,d] = (Sia + S28) XOR S30) + Sa Pantene) pero i Figure 6.3 Blowfish Encryption and Decryption 43Figure 641 Deal of Single Blowfish Round Block Cipher Modes Of Operations Direct use of a block cipher is in advisable > Enemy can build up “code book” of plaintext/cipher text equivalents > Beyond that, irect use only works on messages that is multiple of the eipher block size in length > Solution: five standard Modes of Operation: Electronic Code Book (ECB), Cipher Block Chaining (CBC), CipherFeedback(CFB), Output Feedback (OFB), and Counter (CTR). Electronic Code Book > Direct use of the block cipher > Used primarily to transmit encrypted keys > Very weak if used for general-purpose encryption; never use it fora file or @ message, > + Attacker can build codebook; no semantic security > We write (P}k + C to denote “encryption of plaintext P with key k to produce cipher text C”Cipher Block Chaining We would like that same plaintext blocks produce different cipher text blocks. > > Cipher Block Chaining (see figure) allows this by XORing each plaintext with the v Cipher text from the previous round (the first round using an Initialisation Vector ayy. > As before, the same key is used for each block. > Decryption works as shown in the figure because of the properties of the XOR operation, i.e. IV ® IV @ P =P where IV is the Initialisation Vector and P is the plaintext. > Obviously the IV needs to be known by both sender and receiver and it should be kept secret along with the key for maximum security. () Decryption Cipher Feedback (CFB) Mode > The Cipher Feedback and Output Feedback allows a block cipher to be converted into stream cipher This eliminates the need to pad a message to be an integral number of blocks. It also can operate in real time. Figure shows the CFB scheme. In this figure it assumed that the unit of transmission is s bits; a common value is s =8. 45As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a function of all the preceding plaintext (which is split into s bit segments). > The input to the encryption function is a shift register equal in length to the block cipher of the algorithm (although the diagram shows 64 bits, which is block size used by DE }, this can be extended to other block sizes such as the 128 bits of AES). > This is initially set to some Initialisation Vector (IV). Output Feedback (Ofb) Mode > The Output Feedback Mode is similar in structure to that of CFB, as seen in figure 13. > As can be seen, it is the output of the encryption function that is fed back to the shift register in OFB, whereas in CFB the cipher text unit is fed back to the shift register. > One advantage of the OFB method is that bit errors in transmission do not propagate. >For example, if a bit error occurs in CI only the recovered value of P1 is affected; subsequent plaintext units are not corrupted. With CFB, C1 also serves as input to the shift register and therefore causes additional corruption downstream 46a. Se Counter Mode Counter Counter +1 Counter +.N=1 Ee . ” Ys (by Decryption Public Key Cryptography ‘The development of public-key cryptography is the greatest and perhaps the only true revolution in the entire history of cryptography. It is asymmetric, involving the use of two separate keys, in contrast to symmetric encryption, which uses only one key. Public key schemes are neither more nor less secure than private key (security depends on the key size for both). Public-key cryptography complements rather than replaces symmetric cryptography. Both also have issues with key distribution, requiring the use 47