blowfish cryptosystem
TRANSCRIPT
FACULITY OF ELECTRONIC TECNOLOGY
COMPUTETR ENGINEERING (MSc)
By: Haitham Farag Daw
1
Cryptography and Cryptography and Network SecurityNetwork Security
Introduction
designed in 1993 by Bruce Blowfish
64-bit block cipher with variable length key
Large key-dependent S-boxes
More resistant to cryptanalysis
Key-dependent permutations
Diverse Mathematical Operations
Combine XOR and addition5
Continue Fast
Compact It can run in less than 5K of memory.
Simple to code
Easily modifiable for different security levels Secure: The key length is variable ,it can be in
the range of 32~448 bits: default 128 bits key length.
Unpatented and royality-free.
6
Structure of BF
Feistel iterated block cipher
Scalable Key (32 to 448 bits)
Simple operation that are efficient on
microprocessors
XOR, Addition, Table lookup, etc
Employ Precomputable Subkeys
Variable number of iterations7
Implementation: Encryption
( )
171617
181617
11
111
PRR
PLL
PLR
RPLFL
iii
iiii
⊕=⊕=⊕=
⊕⊕=
−−
−−−
Wikipedia, http://en.wikipedia.org/wiki/Image:BlowfishDiagram.png
Arrays:
P – Number of rounds + 2 elements
4 S-boxes – 256 elements
9
Implementation: Function F(x(
( ) [ ] [ ]( ) [ ]( )[ ]07
81516232431031
4
321
−
−−−−
+⊕+=
XS
XSXSXSXF
Wikipedia, http://upload.wikimedia.org/wikipedia/en/8/81/BlowfishFFunction.png
Addition is mod 232
10
Data Encryption
• Divide 64-bits into two 32-bit halves: XL, XR • For i = 1 to 16
o XL = XL XOR Pi o XR=F(XL) XOR XR o Swap XL and XR
• Swap XL and XR (Undo the last swap ) • XR=XR XOR P17 • XL = XL XOR P18 • Concatenate XL and XR
11
Cryptanalysis
Differential Attack
After 4 rounds a differential attack is no better than a brute
force attack
Weak Keys
S-box collisions
blowfish algorithm has yet to be cracked as the key size
is high, requires 2448 combinations
12
Future Concerns Simplifications
Fewer and Smaller S-boxes
Fewer Iterations
On-the-fly subkey calculation
Twofish
AES Finalist
128-bit Block Size
More Operations
13
References
Wikipedia (for illustrations)
http://en.wikipedia.org/wiki/Blowfish_cipher
Applied Cryptography
Bruce Schneier
John Wiley and Sons, Inc. 1996
The Blowfish Paper
http://www.schneier.com/paper-blowfish-fse.html
15
New Approach for Modifying Blowfish Algorithm by Using
Multiple Keys
byAfaf et al in
VOL.11 No.3, March 2011, Amman, Jordan, Baghdad, Iraq
17
Introduction
IP Addresses: Finding out an IP Address
Through Instant Messaging Software
Through Internet Relay Chat
Through Your website
Through Email Headers
20
21
Port Scanning
Port Scanning is normally the first step that an
attacker undertakes.
List of Open Ports
Services Running
Exact Names and Versions of all the Services or
Daemons.
Operating System name and version
Major Tools Available
Some of the best and the most commonly used Port Scanners are: Nmap Superscan Hping Nessus
Common Features of all above Port Scanners: Very Easy to Use Display Detailed Results
23
Nmap Nmap (Network Mapper) is a security scanner originally
written by Gordon Lyon , (1997).
Is a free and open source, Website nmap.org.
Nmap runs on all major computer operating systems
Used to discover
hosts and services on acomputer network, and security
auditing
Thus creating a "map" of the network.
24
25
Determain what..
operating systems
vulnerability detection.
It was designed to rapidly scan large networks
Nmap is also capable of adapting to network
conditions including latency and congestion during a
scan
Nmap sends specially crafted packets to the target
host and then analyzes the responses.
Nmap features Host discovery
Port scanning
Version detection
OS detection
Nmap can provide further information on targets,
including reverse DNS names, device types, and
MAC addresses.
26
Anti-Port Scanning
Some useful Anti-Port Scanning software available
are:
Scanlogd
BlackICE
Snort
Abacus Port sentry
And multi tools using to hide the IP address .
30
Reference
http://nmap.org/book/man.html
http://nmap.org/book/install.html
http://nmap.org/nsedoc
31