network and computer security

MODULE I MCA-501 Computer Security ADMN 2012-‘15

Dept. of Computer Science And Applications, SJCET, Palai

INTRODUCTION

Computer security is the effort to create a secure computing platform, designed so that agents (users or

programs) cannot perform actions that they are not allowed to perform, but can perform the actions that

they are allowed to.

Some general Terms

Plain text : Original message(Message to be send)

Cipher Text : Message after transformation.

Encryption/Enciphering : Conversion of plain text to cipher text

Decryption/Deciphering : Conversion of cipher text to plain text

Cryptography: Area of Study about encryption and decryption

Cipher/Cryptographic System: Entire system of encryption/decryption.

Cryptanalysis : Cryptanalysis is the art of breaking codes and ciphers

Cryptology : Study of Cryptography and cryptanalysis.

Definitions

Computer Security - generic name for the collection of tools designed to protect data and to prevent

hackers

Network Security - measures to protect data during their transmission

Internet Security - measures to protect data during their transmission over a collection of

interconnected networks

Key Security Concepts

Fig 1.1 Key security concepts



• Confidentiality is roughly equivalent to privacy

• Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire

life cycle.

Computer Security Challenges

1. not simple

2. must consider potential attacks

3. involve algorithms and secret info

4. must decide where to deploy mechanisms

5. battle of wits between attacker / admin

6. not perceived on benefit until fails

7. requires regular monitoring

8. regarded as impediment to using system

Computer security is not as simple as it might first appear to the novice. The requirements

seem to be straightforward, but the mechanisms used to meet those requirements can be quite

complex and subtle. In developing a particular security mechanism or algorithm, one must always

consider potential attacks (often unexpected) on those security features. Having designed various

security mechanisms, it is necessary to decide where to use them. Security mechanisms typically

involve more than a particular algorithm or protocol, but also require participants to have secret

information, leading to issues of creation, distribution, and protection of that secret information.

Computer security is essentially a battle of wits between a perpetrator who tries to find holes and

the designer or administrator who tries to close them. There is a natural tendency on the part of

users and system managers to perceive little benefit from security investment until a security failure

occurs. Security requires regular monitoring, difficult in today's short-term environment. Security is

still too often an afterthought - incorporated after the design is complete. Many users / security

administrators view strong security as an impediment to efficient and user-friendly operation of an

information system or use of information.

OSI SECURITY ARCHITECTURE

ITU-T X.800 “Security Architecture for OSI”

Defines a systematic way of defining and providing security requirements.

Aspects of Security

Consider 3 aspects of information security:

i. security attack

ii. security mechanism

iii. security service



Security Attack

any action that compromises the security of information owned by an organization

often threat & attack used to mean same thing

have a wide range of attacks

can focus of generic types of attacks

passive

active

Passive Attacks

Passive attacks do not affect system resources

Two types of passive attacks

a. Unauthorized reading of messages

b. Traffic analysis

Passive attacks are very difficult to detect

Message transmission apparently normal

No alteration of the data

Fig 1.2 Passive Attacks



Active Attacks

Active attacks try to alter system resources or affect their operation

Modification of data, or creation of false data

Four categories

a. Masquerade

b. Replay

c. Modification of messages

d. Denial of service: preventing normal use

Difficult to prevent

The goal is to detect and recover

Fig 1.3 masquerade

Fig 1.4 Replay



Fig 1.5 modification of message

Security Mechanism

Are designed to detect, prevent, or recover from a security attack

no single mechanism that will support all services required

however one particular element underlies many of the security mechanisms in use(cryptographic

techniques)

Example: X.800

• specific security mechanisms: incorporated into appropriate protocol layer

• pervasive security mechanisms: not specific to any protocol layer

Fig 1.6 specific security mechanisms



Fig 1.7 pervasive security mechanisms

Security Service

enhance security of data processing systems and information transfers of an organization

using one or more security mechanisms

Example

X.800: defines a service provided by a protocol layer of communicating open systems, which

ensures adequate security of the systems or of data transfers.

Authentication - assurance that the communicating entity is the one claimed

Access Control - prevention of the unauthorized use of a resource

Data Confidentiality –protection of data from unauthorized disclosure

Data Integrity - assurance that data received is as sent by an authorized entity

Non-Repudiation - protection against denial by one of the parties in a communication

Availability – resource accessible/usable

Model for Network Security

Fig 1.8 model for network security



using this model requires us to:

1. design a suitable algorithm for the security transformation

2. generate the secret information (keys) used by the algorithm

3. develop methods to distribute and share the secret information

4. specify a protocol enabling the principals to use the transformation and secret information

for a security service

Model for Network Access Security

Fig 1.9 model for network access security

The security mechanisms needed to cope with unwanted access fall into two broad categories. The

first category might be termed a gatekeeper function. It includes password-based login procedures that are

designed to deny access to all but authorized users and screening logic that is designed to detect and reject

worms, viruses, and other similar attacks. Once either an unwanted user or unwanted software gains access,

the second line of defense consists of a variety of internal controls that monitor activity and analyze stored

information in an attempt to detect the presence of unwanted intruders.

FUNDAMENTALS OF ABSTRACT ALGEBRA

Group

A group G is a set of elements and some generic operation/s, with some certain relations:

Axioms:

1. A1 (Closure) If {a,b} G, then (a.b)G

2. A2 (Associative) law:(a·b)·c = a·(b·c)

3. A3 (has identity) e: e·a = a·e = a

4. A4 (has inverses) a’: a·a’= e

5. A5 (has commutative) a·b = b·a,

A G is a finite group if has a finite number of elements



A G is abelian if it is commutative,

Cyclic Group

a group G is cyclic if every element of G is a power of some fixed element a G ie b = ak for some

a and every b in group (k is an integer).a is said to be a generator of the group

Ring

a set of “numbers” denoted by {R,+,X} with two operations (addition and multiplication) which

form:

an abelian group with addition operation (R satisfies axioms A1-A5)

and multiplication:

1. Closure: If a and b belong to R, then ab is also in R. (M1)

2. Associative: a (bc) = (ab) c for all a, b, c in R. (M2)

3. distributive over addition:(a(b+c) = ab + ac) (M3)

4. Commutative: ab = ba for all a, b in R. (M4)

5. Multiplicative identity: There is an element 1 in R such that a1 = 1a = a for all a in R.

(M5)

6. No zero divisors: If a, b in R and ab = 0, then either a = 0 or b = 0

(M6)

if multiplication operation is commutative, it forms a commutative ring

if multiplication operation has an identity and no zero divisors, it forms an integral domain

Field

a set of numbers denoted by

{F,+,X}

with two operations which form:

abelian group for addition(F satisfies axioms A1-A5)

abelian group for multiplication (F satisfies axioms A1-M6 ignoring 0)

Fig 1.10 heirachy of field



Modular Arithmetic

The Modulus

If ‘a’ is an integer and ‘n’ is a positive integer, we define “a mod n” to be the remainder when ‘a’ is

divided by n. The integer ‘n’ is called the modulus.

Two integers ‘a’ and ‘b’ are said to be congruent modulo n, if (a mod n) = (b mod n).

This can be written as a ≡ b (mod n)

i.e. when divided by n, a & b have same remainder

e.g. 100 ≡ 34 mod 11

Modulo 8 Addition Example

+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 2 3 4 5 6 7 0

2 2 3 4 5 6 7 0 1

3 3 4 5 6 7 0 1 2

4 4 5 6 7 0 1 2 3

5 5 6 7 0 1 2 3 4

6 6 7 0 1 2 3 4 5

7 7 0 1 2 3 4 5 6

Fig 1.11 Modulo 8 Addition example

Fig 1.12 properties of modular arithmetic



Fig 1.13 examples for modular arithmetic properties

Euclidean Algorithm

an efficient way to find the GCD(a,b)

uses theorem that:

GCD(a,b) = GCD(b, a mod b)

The algorithm assumes a > b > 0.

EUCLID (a,b)

1. A = a; B = b

2. If B = 0 return A = gcd (a, b)

3. R = A mod B

4. A = B

5. B = R

6. goto 2

Fig 1.14 Euclidean algorithm progression

FINITE FIELDS OF THE FORM GF(p) Galois Fields

order of a finite field (number of elements in the field) must be a power of a prime .known as

Galois Fields

GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p.

The simplest finite field is GF(2). Its arithmetic operations are easily summarized:



Fig 1.15 GF arithmetic operations addition and multiplication

Finding Multiplicative Inverse in GF(p)

An important problem is to find multiplicative inverses in such finite fields. Extend the Euclidean

algorithm to find them as shown.it uses the following concept.

if GCD(a,b) = 1 = ax + by then x is inverse of a mod b (or mod y)

EXTENDED EUCLID (m, b)

1. (A1, A2, A3) = (1, 0, m);

(B1, B2, B3)= (0, 1, b)

2. If B3 = 0

Return A3 = gcd (m, b); no inverse

3. If B3 = 1

Return B3 = gcd (m, b); B2 = b–1

mod m

4. Q = A3 div B3

5. (T1, T2, T3) = (A1 – Q B1, A2 – Q B2, A3 – Q B3)

6. (A1, A2, A3) = (B1, B2, B3)

7. (B1, B2, B3) = (T1, T2, T3)

8. goto 2

Fig 1.16 extended Euclidean algorithm example

Addition Multiplication



POLYNOMIAL ARITHMETIC

can compute using polynomials

f(x) = anxn + an-1x

n-1 + … + a1x + a0 = ∑ aix

i

several alternatives available

ordinary polynomial arithmetic using the basic rules of algebra

poly arithmetic with coefs mod p

poly arithmetic with coefs mod p and polynomials mod m(x)

Ordinary Polynomial Arithmetic

add or subtract corresponding coefficients

multiply all terms by each other

eg

Let f(x) = x3 + x

2 + 2 and g(x) = x

2 – x + 1

f(x) + g(x) = x3 + 2x

2 – x + 3

f(x) – g(x) = x3 + x + 1

f(x) x g(x) = x5 + 3x

2 – 2x + 2

Fig 1.17 examples for ordinary polynomial arithmetic



Polynomial Arithmetic with Modulo Coefficients

• • If each distinct polynomial is considered to be an element of the set, then that set is a ring

• When polynomial arithmetic is performed on polynomials over a field, then division is possible

• Note: this does not mean that exact division is possible

• If we attempt to perform polynomial division over a coefficient set that is not a field,

we find that division is not always defined

• Even if the coefficient set is a field, polynomial division is not necessarily exact

• With the understanding that remainders are allowed, we can say that polynomial

division is possible if the coefficient set is a field

Fig 1.18 examples of Polynomial Arithmetic with Modulo Coefficients



Polynomial Division

• We can write any polynomial in the form:

f(x) = q(x) g(x) + r(x)

• r(x) can be interpreted as being a remainder

• So r(x) = f(x) mod g(x)

• If there is no remainder we can say g(x) divides f(x)

• Written as g(x) | f(x)

• We can say that g(x) is a factor of f(x)

• Or g(x) is a divisor of f(x)

• A polynomial f(x) over a field F is called irreducible if and only if f(x) cannot be expressed as a

product of two polynomials, both over F, and both of degree lower than that of f(x)

• An irreducible polynomial is also called a prime polynomial

Polynomial GCD

• The polynomial c(x) is said to be the greatest common divisor of a(x) and b(x) if the following are

true:

• c(x) divides both a(x) and b(x)

• Any divisor of a(x) and b(x) is a divisor of c(x)

• An equivalent definition is:

• gcd[a(x), b(x)] is the polynomial of maximum degree that divides both a(x) and b(x)

• The Euclidean algorithm can be extended to find the greatest common divisor of two polynomials

whose coefficients are elements of a field

Computational Considerations

• Since coefficients are 0 or 1, they can represent any such polynomial as a bit string

• Addition becomes XOR of these bit strings

• Multiplication is shift and XOR

• cf long-hand multiplication

• Modulo reduction is done by repeatedly substituting highest power with remainder of irreducible

polynomial (also shift and XOR)

•

CLASSICAL ENCRYPTION TECHNIQUES

Symmetric Encryption

or conventional / private-key / single-key

sender and recipient share a common key



all classical encryption algorithms are private-key

Requirements

Two requirements for secure use of symmetric encryption:

1. a strong encryption algorithm

2. a secret key known only to sender / receiver

Fig 1.19 symmetric cipher model

Detail the five ingredients of the symmetric cipher model

- plaintext - original message

- encryption algorithm – performs substitutions/transformations on plaintext

- secret key – control exact substitutions/transformations used in encryption algorithm

- ciphertext - scrambled message

- decryption algorithm – inverse of encryption algorithm

Mathematically:

Y = E(K, X) X = D(K, Y)

X = plaintext

Y = ciphertext

K = secret key

E = encryption algorithm

D = decryption algorithm

Both E and D are known to public



Fig 1.20 conventional crypto system

Cryptography

characterize cryptographic system by:

i. Type of encryption operations used

ii. Number of keys used

iii. Way in which plaintext is processed

i. Type of encryption operations used

Substitution: each element in the plaintext is mapped into another element,

Transposition: elements in the plaintext are rearranged.

Product: using multiple stages of substitutions and transpositions

ii. Number of keys used

Single-key or private / two-key or public

iii. Way in which plaintext is processed

Block: processes the input one block of elements at a time, producing an o/p block for each i/p block.

Stream: processes the input elements continuously, producing output one element at a time, as it goes

along.

Cryptanalysis

objective to recover key not just message

general approaches:

cryptanalytic attack

brute-force attack

i. Cryptanalytic Attacks



Classified by how much information needed by the attacker:

a. Ciphertext-only attack- only know algorithm & ciphertext

b. Known-plaintext attack- Know plaintext & ciphertext

c. Chosen-plaintext attack - select plaintext and obtain ciphertext

d. Chosen-ciphertext attack - select ciphertext and obtain plaintext

ii. Brute Force Search

most basic attack, proportional to key size

always possible to simply try every key

An attacker has an encrypted message .They know that this file contains data they want to

see, and they know that there’s an encryption key that unlocks it. To decrypt it, they can

begin to try every single possible password and see if that results in a decrypted file.

Classical Substitution Ciphers

letters of plaintext are replaced by other letters or by numbers or symbols

or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit

patterns with ciphertext bit patterns

Caesar Cipher

earliest known substitution cipher by Julius Caesar

replaces each letter by 3rd letter on

example:

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

Mathematically, map letters to numbers:

a, b, c, ..., x, y, z

0, 1, 2, ..., 23, 24, 25

Then the general Caesar cipher is:

c = EK(p) = (p + k) mod 26

p = DK(c) = (c – k) mod 26

Cryptanalysis of Caesar Cipher

only have 26 possible ciphers

could simply try each in turn

a brute force search

given ciphertext, just try all shifts of letters



Monoalphabetic Cipher

rather than just shifting the alphabet could shuffle the letters arbitrarily

each plaintext letter maps to a different random ciphertext letter

hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Cryptanalysis

Now we have a total of 26! = 4 x 1026

keys.

With so many keys, it is secure against brute-force attacks.

But not secure against some cryptanalytic attacks.

Problem is language characteristics.

Language Statistics and Cryptanalysis

Human languages are not random.

Letters are not equally frequently used.

In English, E is by far the most common letter, followed by T, R, N, I, O, A, S.

Other letters like Z, J, K, Q, X are fairly rare.

There are tables of single, double & triple letter frequencies for various languages

To attack, we

calculate letter frequencies for cipher text

compare this distribution against the known one

Example: Given cipher text:

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWS

FPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies

Guess {P, Z} = {e, t}

Of double letters, ZW has highest frequency, so guess ZW = th and hence ZWP = the

Proceeding with trial and error finally get:

it was disclosed yesterday that several informal but direct contacts have been made with political

Representatives of the Viet cong in moscow



Playfair Cipher

Not even the large number of keys in a monoalphabetic cipher provides security.

One approach to improving security is to encrypt multiple letters at a time.

The Playfair Cipher is the best known such cipher.

Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.

Playfair Key Matrix

Use a 5 x 5 matrix.

The matrix is constructed by filling in the letters of the keyword without duplicates from left to

right and from top to bottom.

Fill the rest of matrix with other letters in alphabetic order.

E.g., key = MONARCHY.

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

Fig 1.21 playfair key matrix

Encrypting and Decrypting

plaintext encrypted two letters at a time:

1. If a pair is a repeated letter, insert a filler like 'X',

eg. "balloon" encrypts as "ba lx lo on"

2. If both letters fall in the same row, replace each with letter to right (wrapping back to start from end),

eg. “ar" encrypts as "RM"

3. If both letters fall in the same column, replace each with the letter below it (again wrapping to top from

bottom),

eg. “mu" encrypts to "CM"

4. Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair,

eg. “hs” encrypts to "BP", and “ea" to "IM" or "JM"



Cryptanalysis

Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters or diagrams.

would need a 676 entry frequency table to analyse

Was widely used for many decades

eg. by US & British military in WW1 and early WW2

Polyalphabetic Ciphers

A sequence of monoalphabetic ciphers (M1, M2, M3... Mk) is used in turn to encrypt letters.

A key determines which sequence of ciphers to use.

Each plaintext letter has multiple corresponding ciphertext letters.

This makes cryptanalysis harder since the letter frequency distribution will be flatter

repeat from start after end of key is reached

Vigenère Cipher

Simplest polyalphabetic substitution cipher

Consider the set of all Caesar ciphers:

{ Ca, Cb, Cc, ..., Cz }

Key: e.g. security

Encrypt each letter using Cs, Ce, Cc, Cu, Cr, Ci, Ct, Cy in turn.

Repeat from start after Cy.

Decryption simply works in reverse.

Fig 1.22 example of vignere cipher



Crytanalysis

There are multiple ciphertext letters corresponding to each plaintext letter.

To break Vigenere cipher:

1. Try to guess the key length.

2. If key length is N, the cipher consists of N Caesar ciphers. Plaintext letters are encoded by

the same cipher.

3. Attack each individual cipher

One-Time Pad

if a truly random key as long as the message is used, the cipher will be secure

called a One-Time pad

is unbreakable since ciphertext has no statistical relationship to the plaintext

since for any plaintext & any ciphertext there exists a key mapping one to other

can only use the key once

problems in generation & safe distribution of key

Transposition Ciphers

Also called permutation ciphers.

these hide the message by rearranging the letter order.

without altering the actual letters used

Rail Fence cipher

write message letters out diagonally over a number of rows

Key: the number of Rails

Ciphertext: read off cipher row by row.

eg. write message out as:

defend the east wall

Fig 1.23 rail cipher

Obtained ciphertext

DNETLEEDHESWLXFTAAX



Row Transposition Ciphers

a more complex transposition

write letters of message in a rectangle in rows over a specified number of columns (related to the

length of the key) and read out message column by column

then reorder the columns according to some key before reading off the rows

Key: 3 4 2 1 5 6 7

Plaintext: a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Product Ciphers

Uses a sequence of substitutions and transpositions

Harder to break than just substitutions or transpositions

this is bridge from classical to modern ciphers.

Rotor Machines

before modern ciphers, rotor machines were most common product cipher.

implemented a very complex, varying substitution cipher

used a series of cylinders, each giving one substitution, which rotated and changed after each letter

was encrypted

with 3 cylinders have 263=17576 alphabets

Steganography

Hide a message in another message.

E.g., hide your plaintext in a graphic image

Each pixel has 3 bytes specifying the RGB color

The least significant bits of pixels can be changed w/o greatly affecting the

image quality

So can hide messages in these LSBs

Advantage: hiding existence of messages

Drawback: high overhead



Hill Cipher

Multiletter or block cipher developed by Lester Hill in 1929,based on matrix

multiplication

Key: an invertible m x m matrix (where m is the block length)

Encryption

• first turn our keyword into a key matrix

• turn the plaintext into a column vector.

• then perform matrix multiplication modulo the length of the alphabet (i.e. 26) on each

vector.

• These vectors are then converted back into letters to produce the ciphertext

Example

• plaintext : “short example”, keyword : hill use 2 x 2 matrix.

• turn the keyword into a matrix.

• With the keyword in a matrix, we need to convert this into a key matrix. We do this

by converting each letter into a number by its position in the alphabet (starting at 0).

So, A = 0, B = 1, C= 2, D = 3, etc.

Convert plaintext to column vectors.

• Convert the plaintext column vectors to plaintext matrix by replacing each letter by its appropriate

number.

• Multiply the key matrix by each column vector in turn.

The keyword written as a matrix. The key matrix

The algebraic rules of matrix multiplication.



Example:

Decryption

To decrypt a ciphertext encoded using the Hill Cipher, we first multiply the inverse key matrix (K-1) with

each column vectors that the ciphertext is split into, take the results modulo the length of the alphabet, and

finally convert the numbers back to letters.

General method to calculate the inverse key matrix.

Where K is the key matrix, d is the determinant of the key matrix and adj(K) is the adjugate matrix of K.

Where



Once we have these values we will need to take each of them modulo 26 (in particular, we need to

add 26 to the negative values to get a number between 0 and 25). For our example we get the matrix

below.

The adjugate matrix of the key matrix.



BLOCK CIPHERS In a block cipher:

Plaintext and ciphertext have fixed length b (e.g., 128 bits)

A plaintext of length n is partitioned into a sequence of m blocks, P[0], …, P[m1], where n

bm n + b

Each message is divided into a sequence of blocks and encrypted or decrypted in terms of its

blocks.

Fig 1.24 Block ciphering



Claude Shannon and Substitution-Permutation Ciphers

Claude Shannon introduced idea of (S-P) networks in 1949 .form basis of modern block ciphers

based on the two primitive cryptographic operations :

Substitution (S-box): Replace n bits by another n bits

Permutation (P-box): Bits are rearranged. No bits are added/removed.

provide confusion & diffusion of message & key

diffusion – dissipates statistical structure of plaintext over bulk of ciphertext

confusion – makes relationship between ciphertext and key as complex as possible

Structure

Horst Feistel devised the feistel cipher

based on concept of invertible product cipher

partitions input block into two halves

Perform a substitution on left data half based on a function of right half & subkey (Round

Function).

Then permutation by swapping halves

Practical implementation of Shannon’s S-P net concept.

Repeat this round of S-P many times

Design Elements

Block size: Larger block sizes mean greater security but reduced encryption/decryption speed for a

given algorithm.

Ex: 64,128bits

Key size: Larger key size means greater security but may decrease encryption/ decryption speed.

Number of rounds: multiple rounds offer increasing security. A typical size is 16 rounds.

Sub key generation algorithm: Greater complexity in this algorithm should lead to greater difficulty

of cryptanalysis.

Round function: greater resistance to cryptanalysis.

Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern.

ease of analysis

Encryption:

L1 = R0 R1 = L0⊕f1 (R0, K0)

L2 = R1 R2 = L1⊕f2 (R1, K1)

Ln+1 = Rn Rn+1 = Ln⊕fn (Rn, Kn)



Fig 1.25 Fiestal encryption and decryption

Decryption:

Rn = Ln+1 Ln = Rn+1⊕fn (Ln+1, KN)

R0 = L1; L0 = R1⊕f0(L1 ,K0)

Data Encryption Standard (DES)

Features:

– Block size = 64 bits

– Key size = 56 bits (in reality, 64 bits, but 8 are used as parity-check bits for error control, see next slide)

– Number of rounds = 16

– 16 intermediary keys, each 48 bits

Fig 1.26 DES

Key length in DES

In the DES specification, the key length is 64 bit:

8 bytes; in each byte, the 8th bit is a parity-check bit



Fig 1.27 DES key

DES Encryption

Fig 1.28 DES Encryption

Initial Permutation IP

first step of the data computation

reorders the input data bits



Fig 1.29 permutation table for initial permutation

• This table specifies the input permutation on a 64-bit block.

• The meaning is as follows:

The first bit of the output is taken from the 58th bit of the input;

The second bit from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of

the input.

Final Permutation (IP-1

)

The final permutation is the inverse of the initial permutation;

That is, the output of the Final Permutation has bit 40 as its first bit, bit 8 as its second bit, and so

on, until bit 25 as the last bit of the output.

Fig 1.30 final permutation table

DES Round Structure

uses two 32-bit L & R halves

Li = Ri–1

Ri = Li–1 F(Ri–1, Ki)

Fig 1.31 DES Single round structure



DES F Function

F takes 32-bit R half and 48-bit subkey

E is an expansion function which takes a block of 32 bits as input and produces a block of 48 bits as

output.it uses the expansion table

16 bits appear twice, in the expansion

48 bit added to subkey using XOR

And the result is passes through 8 S-boxes to get 32-bit result

finally permutes using 32-bit P

Fig 1.32 expansion table

Fig 1.33 DES F Function structure

Substitution Boxes S

Each of the unique selection functions S1,S2,...,S8, takes a 6-bit block as input and yields a 4-bit

block as output

Fig 1.34 S-Box structure



DES Key Schedule

forms subkeys used in each round consists of:

• Initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves

• 16 stages consisting of:

rotating each half separately

Give the shifted output to next round and permuting them by PC2 for use in function f, selecting

24-bits from each half

Fig 1.35 DES key generation



DES Decryption

Decryption uses the same algorithm as encryption, except that the subkeys K1, K2…K16 are

applied in reversed order.

Avalanche effect

A desirable property of any encryption algorithm is that a small change in either plaintext or key

should produce significant changes in the ciphertext. DES exhibits a strong avalanche effect

Strength of DES

Key Size: 56-bit keys have 256

values, brute force search looked hard.

Timing Attacks: is one in which information about the key or the plaintext is obtained by observing

how long it takes a given implementation to perform decryptions on various ciphertexts. DES

appears to be fairly resistant to a successful timing attack.

Nature of the DES Algorithm

Cryptanalysis of DES

Weak Keys: encrypting twice with a weak key K produces the original plaintext.

EK (EK(x))=x

for all weak keys should be avoided at key generation. Four weak keys in DES

Semi-weak keys: which only produce two different subkeys, each used eight times in the algorithm.

We can refer to them as K1 and K2.They have the property that

EK1(EK2(x))=x

Differential Cryptanalysis (Biham-Shamir)

• This is a chosen plaintext attack, assumes than an attacker knows (Plaintext, Ciphertext) pairs

• involves comparing the XOR of 2 plaintexts to the XOR of the 2 corresponding ciphertexts

• Difference ΔP = P1⊕P2, ΔC = C1⊕C2

• Distribution of ΔC’s given ΔP may reveal information about the key (certain key bits)

• After finding several bits, use brute-force for the rest of the bits to find the key.

• DES was resistant to differential cryptanalysis. S-boxes were designed to resist differential cryptanalysis.

K=64 bit

K1….K16=48 bits

C,D=28 bits

Ci=LSi(Ci-1)

Di=LSi(Di-1)

Ki=PC-2(CiDi)



• Against 16-round DES, attack requires 247 chosen plaintexts.Differential cryptanalys is not effective

against DES in practice

Linear Cryptanalysis of DES

another recent development

also a statistical method

must be iterated over rounds, with decreasing probabilities

developed by Matsui et al in early 90's

based on finding linear approximations

can attack DES with 243

known plaintexts, easier but still in practise infeasible

network and computer security

Education

system computer security

strong security

security investment

security features

security failure

computer security admn

introduction computer

computer security challenges