Assignment 2

DOA: 25/9/23

DOS:3/10/23

Q1. What do you mean by encryption and decryption?

Ans:- Encryption is the process of converting normal message (plaintext) into meaningless message
(Ciphertext). Whereas Decryption is the process of converting meaningless message (Ciphertext) into
its original form (Plaintext). The major distinction between secret writing associated secret writing is
that the conversion of a message into an unintelligible kind that’s undecipherable unless decrypted.
whereas secret writing is that the recovery of the first message from the encrypted information.

Q2. Difference between block cipher and stream cipher?

Ans:-Block Cipher:- Block cipher is an encryption algorithm that takes a fixed size of input say b bits
and produces a ciphertext of b bits again. If the input is larger than b bits it can be divided further.

Stream cipher:- A stream cipher is an encryption technique that works byte by byte to transform
plain text into code that's unreadable to anyone without the proper key. Stream ciphers are linear,
so the same key both encrypts and decrypts messages.

S.NO Block Cipher Stream Cipher

Block Cipher Converts the plain text Stream Cipher Converts the plain
1. into cipher text by taking plain text’s text into cipher text by taking 1 byte
block at a time. of plain text at a time.

Block cipher uses either 64 bits or

2. While stream cipher uses 8 bits.
more than 64 bits.

The complexity of block cipher is While stream cipher is more

3.
simple. complex.
S.NO Block Cipher Stream Cipher

Block cipher Uses confusion as well While stream cipher uses only
4.
as diffusion. confusion.

In block cipher, reverse encrypted While in-stream cipher, reverse

5.
text is hard. encrypted text is easy.

The algorithm modes which are used The algorithm modes which are
in block cipher are ECB (Electronic used in stream cipher are CFB
6.
Code Book) and CBC (Cipher Block (Cipher Feedback) and OFB
Chaining). (Output Feedback).

While stream cipher works on

Block cipher works on transposition
substitution techniques like Caesar
7. techniques like rail-fence technique,
cipher, polygram substitution
columnar transposition technique, etc.
cipher, etc.

Block cipher is slow as compared to a While stream cipher is fast in

8.
stream cipher. comparison to block cipher.

Suitable for applications that

Suitable for applications that require
require strong encryption, such as
9. strong encryption, such as file storage
file storage and internet
and internet communications
communications

More secure than stream ciphers Less secure than block ciphers
10. when the same key is used multiple when the same key is used multiple
times times

key length is Typically 128 or 256 key length is Typically 128 or 256
11.
bits bits

Operates on fixed-length blocks of Encrypts data one bit or byte at a

12.
data time

Q3. Elaborate the concept of AES with proper diagram?

Ans:- Advanced Encryption Standard (AES) is a specification for the encryption of electronic data
established by the U.S National Institute of Standards and Technology (NIST) in 2001. AES is widely
used today as it is a much stronger than DES and triple DES despite being harder to implement.
Points to remember

 AES is a block cipher.

 The key size can be 128/192/256 bits.
 Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text as output. AES
relies on substitution-permutation network principle which means it is performed using a series of
linked operations which involves replacing and shuffling of the input data.

Working of the cipher :

AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the
cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

 128 bit key – 10 rounds

 192 bit key – 12 rounds
 256 bit key – 14 rounds

Creation of Round keys :

A Key Schedule algorithm is used to calculate all the round keys from the key. So the initial key is
used to create many different round keys which will be used in the corresponding round of the
encryption.

Encryption :
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major arrangement.
[ b0 | b4 | b8 | b12 |

| b1 | b5 | b9 | b13 |

| b2 | b6 | b10| b14 |

| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps :

 SubBytes
 ShiftRows
 MixColumns
 Add Round Key

The SubBytes does the substitution and ShiftRows and MixColumns performs the permutation in the
algorithm.

SubBytes :
This step implements the substitution.

In this step each byte is substituted by another byte. Its performed using a lookup table also called
the S-box. This substitution is done in a way that a byte is never substituted by itself and also not
substituted by another byte which is a compliment of the current byte. The result of this step is a 16
byte (4 x 4 ) matrix like before.

The next two steps implement the permutation.

ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.

 The first row is not shifted

 The second row is shifted once to the left.
 The third row is shifted twice to the left.
 The fourth row is shifted thrice to the left.

(A left circular shift is performed.)

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]

| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |

| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |

[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]

MixColumns :
This step is basically a matrix multiplication. Each column is multiplied with a specific matrix and thus
the position of each byte in the column is changed as a result.

This step is skipped in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]

| c1 | = |1 2 3 1| | b1 |

| c2 | |1 1 2 3| | b2 |

[ c3 ] [3 1 1 2] [ b3 ]

Add Round Keys :

Now the resultant output of the previous stage is XOR-ed with the corresponding round key. Here,
the 16 bytes is not considered as a grid but just as 128 bits of data.

After all these rounds 128 bits of encrypted data is given back as output. This process is repeated
until all the data to be encrypted undergoes this process.

Decryption :
The stages in the rounds can be easily undone as these stages have an opposite to it which when
performed reverts the changes.Each 128 blocks goes through the 10,12 or 14 rounds depending on
the key size.

The stages of each round in decryption is as follows :

 Add round key

 Inverse MixColumns
  ShiftRows
 Inverse SubByte

The decryption process is the encryption process done in reverse so i will explain the steps with
notable differences.

Inverse MixColumns :
This step is similar to the MixColumns step in encryption, but differs in the matrix used to carry out
the operation.

[ b0 ] [ 14 11 13 9 ] [ c0 ]

| b1 | = | 9 14 11 13 | | c1 |

| b2 | | 13 9 14 11 | | c2 |

[ b3 ] [ 11 13 9 14 ] [ c3 ]

Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are substituted during decryption.

Applications:

AES is widely used in many applications which require secure data storage and transmission. Some
common use cases include:

 Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to
ensure data confidentiality and prevent unauthorized access.
 Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This
helps protect personal information, financial records, and other confidential data from
unauthorized access in case of a data breach.
 Secure communications: AES is widely used in protocols like such as internet
communications, email, instant messaging, and voice/video calls.It ensures that the data
remains confidential.
 Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and
other storage media, protecting it from unauthorized access in case of loss or theft.
 Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the
communication between a user’s device and a remote server. It ensures that data sent and
received through the VPN remains private and cannot be deciphered by eavesdroppers.
 Secure Storage of Passwords: AES encryption is commonly employed to store passwords
securely. Instead of storing plaintext passwords, the encrypted version is stored. This adds
an extra layer of security and protects user credentials in case of unauthorized access to the
storage.
 File and Disk Encryption: AES is used to encrypt files and folders on computers, external
storage devices, and cloud storage. It protects sensitive data stored on devices or during
data transfer to prevent unauthorized access.
Q4. Describe briefly RSA algorithm with proper example?

Ans:- RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it
works on two different keys i.e. Public Key and Private Key. As the name describes that the Public
Key is given to everyone and the Private key is kept private.

An example of asymmetric cryptography:

1. A client (for example browser) sends its public key to the server and requests some data.
2. The server encrypts the data using the client’s public key and sends the encrypted data.
3. The client receives this data and decrypts it.

Since this is asymmetric, nobody else except the browser can decrypt the data even if a third party
has the public key of the browser.

The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public
key consists of two numbers where one number is a multiplication of two large prime numbers. And
private key is also derived from the same two prime numbers. So if somebody can factorize the large
number, the private key is compromised. Therefore encryption strength totally lies on the key size
and if we double or triple the key size, the strength of encryption increases exponentially. RSA keys
can be typically 1024 or 2048 bits long, but experts believe that 1024-bit keys could be broken in the
near future. But till now it seems to be an infeasible task.

Let us learn the mechanism behind the RSA algorithm : >> Generating

Public Key:

Select two prime no's. Suppose P = 53 and Q = 59.

Now First part of the Public key : n = P*Q = 3127.
We also need a small exponent say e :
But e Must be
An integer.
Not be a factor of Φ(n).
1 < e < Φ(n) [Φ(n) is discussed below],
Let us now consider it to be equal to 3.

Generating Private Key:

We need to calculate Φ(n) :

Such that Φ(n) = (P-1)(Q-1)
so, Φ(n) = 3016
Now calculate Private Key, d :
d = (k*Φ(n) + 1) / e for some integer k
For k = 2, value of d is 2011.

Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011) Now we will
encrypt “HI”:
Convert letters to numbers : H = 8 and I = 9
Thus Encrypted Data c = (89e)mod n
Thus our Encrypted Data comes out to be 1394
Now we will decrypt 1394 :
Decrypted Data = (cd)mod n
Thus our Encrypted Data comes out to be 89
8 = H and I = 9 i.e. "HI".

Q5. What do you mean by key management in network security?

Ans:- In cryptography, it is a very tedious task to distribute the public and private keys between
sender and receiver. If the key is known to the third party (forger/eavesdropper) then the whole
security mechanism becomes worthless. So, there comes the need to secure the exchange of keys.

There are two aspects for Key Management:

1. Distribution of public keys.

2. Use of public-key encryption to distribute secrets.

Distribution of Public Key:

The public key can be distributed in four ways:

1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.

These are explained as following below:

1. Public Announcement: Here the public key is broadcasted to everyone. The major weakness of
this method is a forgery. Anyone can create a key claiming to be someone else and broadcast it.
Until forgery is discovered can masquerade as claimed user.
2. Publicly Available Directory: In this type, the public key is stored in a public directory. Directories
are trusted here, with properties like Participant Registration, access and allow to modify values at
any time, contains entries like {name, public-key}. Directories can be accessed electronically still
vulnerable to forgery or tampering.

3. Public Key Authority: It is similar to the directory but, improves security by tightening control over
the distribution of keys from the directory. It requires users to know the public key for the directory.
Whenever the keys are needed, real-time access to the directory is made by the user to obtain any
desired public key securely.

4. Public Certification: This time authority provides a certificate (which binds an identity to the
public key) to allow key exchange without real-time access to the public authority each time. The
certificate is accompanied by some other info such as period of validity, rights of use, etc. All of this
content is signed by the private key of the certificate authority and it can be verified by anyone
possessing the authority’s public key.
First sender and receiver both request CA for a certificate which contains a public key and other
information and then they can exchange these certificates and can start communication.