Chameli Devi Group of Institutions

Department of Information Technology

Subject Name: Information Security Subject Code: IT 801

Subject Notes
Syllabus:
Block Ciphers and Data Encryption Algorithm: Block Cipher Principles, The Data Encryption Standard, The
Strength of DES, Differential and linear cryptanalysis, Block Cipher Design Principles; Advanced Encryption
Standard: Evaluation criteria of AES, The AES Cipher, Multiple Encryption and Triple DES, Block Cipher
modes of operation, Stream Ciphers, Confidentiality using Symmetric Encryption.
__________________________________________________________________________________________
Course Objectives:
The objective of this course is to familiarize the students with the fundamentals of information security and
the methods used in protecting both the information present in computer storage as well as information
traveling over computer networks.
__________________________________________________________________________________________
Unit-II
Block Ciphers and Data Encryption Algorithm

A block cipher is an encryption method that applies a deterministic algorithm along with a symmetric key to
encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers. For example, a common
block cipher, AES, encrypts 128-bit blocks with a key of predetermined length: 128, 192, or 256 bits. Block
ciphers are pseudorandom permutation (PRP) families that operate on the fixed size block of bits. PRPs are
functions that cannot be differentiated from completely random permutations and thus, are considered
reliable, until proven unreliable.

The basic scheme of a block cipher is depicted as follows −

Figure 2.1: scheme of a block cipher

A block cipher takes a block of plaintext bits and generates a block of ciphertext bits, generally of same size.
The size of block is fixed in the given scheme. The choice of block size does not directly affect to the strength
of encryption scheme. The strength of cipher depends up on the key length.

Block Size

Though any size of block is acceptable, following aspects are borne in mind while selecting a size of a block.
 Chameli Devi Group of Institutions
Department of Information Technology

 Avoid very small block size − Say a block size is m bits. Then the possible plaintext bits combinations
are then 2m. If the attacker discovers the plain text blocks corresponding to some previously sent
ciphertext blocks, then the attacker can launch a type of ‘dictionary attack’ by building up a dictionary
of plaintext/ciphertext pairs sent using that encryption key. A larger block size makes attack harder as
the dictionary needs to be larger.
 Do not have very large block size − With very large block size, the cipher becomes inefficient to
operate. Such plaintexts will need to be padded before being encrypted.
 Multiples of 8 bit − A preferred block size is a multiple of 8 as it is easy for implementation as most
computer processor handle data in multiple of 8 bits.
Padding in Block Cipher

Block ciphers process blocks of fixed sizes (say 64 bits). The length of plaintexts is mostly not a multiple of the
block size. For example, a 150-bit plaintext provides two blocks of 64 bits each with third block of balance 22
bits. The last block of bits needs to be padded up with redundant information so that the length of the final
block equal to block size of the scheme. In our example, the remaining 22 bits need to have additional 42
redundant bits added to provide a complete block. The process of adding bits to the last block is referred to as
padding. Too much padding makes the system inefficient. Also, padding may render the system insecure at
times if the padding is done with same bits always.

Block Cipher Schemes

There is a vast number of block ciphers schemes that are in use. Many of them are publically known. Most
popular and prominent block ciphers are listed below.

 Digital Encryption Standard (DES) − The popular block cipher of the 1990s. It is now considered as a
‘broken’ block cipher, due primarily to its small key size.
 Triple DES − It is a variant scheme based on repeated DES applications. It is still a respected block
ciphers but inefficient compared to the new faster block ciphers available.
 Advanced Encryption Standard (AES) − It is a relatively new block cipher based on the encryption
algorithm Rijndael that won the AES design competition.
 IDEA − It is a sufficiently strong block cipher with a block size of 64 and a key size of 128 bits. A number
of applications use IDEA encryption, including early versions of Pretty Good Privacy (PGP) protocol. The
use of IDEA scheme has a restricted adoption due to patent issues.
 Twofish − This scheme of block cipher uses block size of 128 bits and a key of variable length. It was
one of the AES finalists. It is based on the earlier block cipher Blowfish with a block size of 64 bits.
 Serpent − A block cipher with a block size of 128 bits and key lengths of 128, 192, or 256 bits, which
was also an AES competition finalist. It is a slower but has more secure design than other block cipher.

Block Cipher Principles

 Chameli Devi Group of Institutions
Department of Information Technology

Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of rounds and keys for
generating ciphertext. For defining the complexity level of an algorithm few design principles are to be
considered.
These are explained as following below:
Number of Rounds –The number of Rounds is regularly considered in design criteria, it just reflects the
number of rounds to be suitable for an algorithm to make it more complex, in DES have 16 rounds ensuring it
to be more secure while in AES have 10 rounds which makes it more secure.

Design of function –
The core part of the Feistel Block cipher structure is the Round Function. The complexity of cryptanalysis can
be derived from the round function i.e., the increasing level of complexity for the round function would be
greatly contributing to an increase in complexity. To increase the complexity of the round function, the
avalanche effect is also included in the round function, as the change of a single bit in plain text would
produce a mischievous output due to the presence of avalanche effect.

Key schedule algorithm –

In Feistel Block cipher structure, each round would generate a sub-key for increasing the of cryptanalysis. The
Avalanche effect makes it more complex in deriving sub-key. Decryption must be done very carefully to get
the actual output as the avalanche effect is present in it.

Data Encryption Standard (DES)

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of
Standards and Technology (NIST). DES is an implementation of a Feistel Cipher. It uses 16 round Feistel
structure. The block size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since
8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits only). General
Structure of DES is depicted in the following illustration −

Figure 2.2: Data Encryption Standard (DES)

Since DES is based on the Feistel Cipher, all that is required to specify DES is −
 Chameli Devi Group of Institutions
Department of Information Technology

 Round function
 Key schedule
 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each other.
They have no cryptography significance in DES. The initial and final permutations are shown as follows −

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost 32 bits to
produce a 32-bit output.

Figure 2.3 : Round Function

 Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, first need to expand
right input to 48 bits. Permutation logic is graphically depicted in the following illustration −
 Chameli Devi Group of Institutions
Department of Information Technology

 The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −

 XOR (Whitener). − After the expansion permutation, DES does XOR operation on the expanded right
section and the round key. The round key is used only in this operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes, each with
a 6-bit input and a 4-bit output. Refer the following illustration −

 The is illustrated below −

Figure 2.4: S-box rules

 There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32 bit
section.
 Chameli Devi Group of Institutions
Department of Information Technology

 Straight Permutation − The 32-bit output of S-boxes is then subjected to the straight permutation with
rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key generation
is depicted in the following illustration −

Figure 2.5: Sixteen 48-bit keys out of a 56-bit cipher key

The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

Strength of Data encryption standard (DES)

Data encryption standard (DES) is a symmetric key block cipher algorithm. The algorithm is based on Feistel
network. The algorithm uses a 56-bit key to encrypt data in 64-bit blocks.
 Chameli Devi Group of Institutions
Department of Information Technology

There are mainly two categories of concerns about the strength of Data encryption standard. They are:

 Concerns about the algorithm used.

 Concerns about the usage of key of size 56-bit.

The first concern regarding the algorithm used addresses the possibility of cryptanalysis by making use of the
DES algorithm characteristics. A more severe concern is about the length of secret key used. There can be
256(approximately 7.2 × 1016 keys) possible keys with a key length of 56 bits. Thus, a brute force attack appears
to be impractical.

Assuming that on an average one has to search half the key space, to break the cipher text, a system
performing one DES encryption per microsecond might require more than thousand years. But, the
assumption of one DES encryption per microsecond is too conservative. In July 1998, DES was finally proved to
be insecure when the Electronic Frontier Foundation (EFF) had broken a DES encryption.

Linear & Differential Cryptanalysis

Cryptanalysis is the study of cryptosystems with the objective of attacking them and decrypting codes and
ciphers. The field includes rigorous mathematical investigation of encryption and decryption algorithms as well
as side-channel attacks whereby flaws in implementation are exploited rather than a mathematical flaw in the
algorithm itself.
Cryptanalysis generally falls into one of several categories which can be broadly considered to be ciphertext
only (where only the encrypted output is known), known plaintext (where the plaintext corresponding to
some given ciphertext is known), chosen plaintext (where the cryptanalyst may choose plaintext and receive
the related ciphertext) and chosen ciphertext attacks (where the cryptanalyst may choose some ciphertext
and receive the corresponding plaintext).
have seen simple cryptanalysis such as letter frequency analysis in the field of affine ciphers. This considers
the letter frequencies in natural language and in some given ciphertext and uses this information to reverse
engineer the encryption key mapping letters to one another based on the frequency with which they occur.

Linear Cryptanalysis

Linear and differential cryptanalysis are both instances of known plaintext attacks where to be effective a
certain amount of plaintext and its corresponding ciphertext must be known. The approaches were initially
designed to aid in breaking the Data Encryption Standard (DES). In this case the fact that the algorithm was
known (although the key in each case was not) enabled plaintext to be encrypted by the cryptanalyst to see
the related ciphertext. Linear cryptanalysis is an approach where aim to find affine approximations to the
action of a cipher. Letter frequency analysis is one of the simplest forms of linear cryptanalysis. Differential
cryptanalysis is an approach to cryptanalysis whereby differences in inputs are mapped to differences in
outputs and patterns in the mappings of plaintext edits to ciphertext variation are used to reverse engineer a
key.
Linear and differential cryptanalysis are most often applied to block ciphers (encryption functions operating on
messages that are split into blocks). They are symmetric key algorithms.
 Chameli Devi Group of Institutions
Department of Information Technology

Differential cryptanalysis

Differential cryptanalysis preceded linear cryptanalysis having initially been designed in 1990 as an attack on
DES. Differential cryptanalysis is like linear cryptanalysis; differential cryptanalysis aims to map bitwise
differences in inputs to differences in the output to reverse engineer the action of the encryption algorithm. It
is again aiming to approximate the encryption algorithm looking to find a maximum likelihood estimator of the
true encryption action by altering plaintexts or (looking at different plaintexts) and analyzing the impact of
changes to the plaintext to the resulting ciphertext. Differential cryptanalysis is therefore a chosen plaintext
attack.
The input and output differences of the S-boxes are considered to determine a high probability difference
pair. Combining S-box difference pairs from round to round so that the nonzero output difference bits from
one round correspond to the non-zero input difference bits of the next round, enables us to find a high
probability differential consisting of the plaintext difference and the difference of the input to the last round.
The subkey bits of the cipher end up disappearing from the difference expression because they are involved in
both data points being differenced.
The description of differential cryptanalysis is analogous to that of linear cryptanalysis and is essentially the
same as would be the case of applying linear cryptanalysis to input differences rather than to input and output
bits directly.

Block Cipher Design Principles

The block cipher operation modes are divided into five essential parts and are defined by the NIST. These
modes of operation help in enhancing the algorithm such that there could be a wide application range that
could be adapted to use the encryption of block cipher.

These modes are

 Electronic Code Book Mode

 Cipher Block Chaining Mode
 Cipher Feedback Mode
 Output Feedback Mode
 Counter Mode
A) Electronic Feedback Mode

The electronic feedback mode is the easiest of the block cipher operation mode. In this mode, the plain text
gets divided into blocks. Each of the blocks is 64-bit. Every block gets encrypted one at each time to form the
cipher block. A particular key is used to encrypt every block.

When the receiver receives a message, then the ciphertext gets divided into 64-bit blocks, and every block
gets decrypted independently at one time to get the bare text block that corresponds to it. The method is
used to encrypt small messages where the probability of the test repeating is rare.
 Chameli Devi Group of Institutions
Department of Information Technology

B) Cipher Block Chaining Mode

This overcomes the ECB limitations. Here, even if the plain text has many repeating blocks, its encryption does
not produce a similar cipher block. This is done by adding chaining to it, which gets the ciphertext block
obtained depending on the current and any previous plain text block input.

C) Cipher Feedback Mode

Every application may not have been designed to operate on data blocks. Some of them could be a bit or
character-oriented too. This is where the cipher feedback mode comes into the picture. It operates on the
smaller units instead of operating on blocks.

D) Output Feedback Mode

The output feedback mode operates in encrypted IV, which gets fed into the plain text block encryption. The
mode also operates on the block of bits.

E) Counter Mode

The counter mode does not contain any mechanism of feedback. Nothing gets fed from the last step into the
next step. Instead, a sequence of numbers is used, called a counter that gets inputted into the encryption
function with the key. When a bare text block gets encrypted, it causes the counter value to be incremented
by 1.

Advanced Encryption Standard

The more popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays is
the Advanced Encryption Standard (AES). It is found at least six time faster than triple DES.

A replacement for DES was needed as its key size was too small. With increasing computing power, it was
considered vulnerable against exhaustive key search attack. Triple DES was designed to overcome this
drawback but it was found slow.

The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Evaluation criteria of AES

It is worth examining the criteria used by NIST to evaluate potential candidates. These criteria span the range
of concerns for the practical application of modern symmetric block ciphers. In fact, two set of criteria
 Chameli Devi Group of Institutions
Department of Information Technology

evolved. When NIST issued its original request for candidate algorithm nominations in 1997. The three
categories of criteria were as follows:
 Security: This refers to the effort required to cryptanalyze an algorithm. The emphasis in the
evaluation was on the practicality of the attack. Because the minimum key size for AES is 128 bits,
brute-force attacks with current and projected technology were considered impractical. Therefore, the
emphasis, with respect to this point, is cryptanalysis other than a brute-force attack.
 Cost: NIST intends AES to be practical in a wide range of applications. Accordingly, AES must have high
computational efficiency, to be usable in high-speed applications, such as broadband links.
 Algorithm and implementation characteristics: This category include a variety of considerations,
including flexibility; suitability for a variety of hardware and software implementations; and simplicity,
which will make an analysis of security more straightforward.

The AES Cipher

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It comprises of
a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and
others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of a
plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as a
matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses 10 rounds
for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a
different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −

Figure 2.6: AES structure

Multiple Encryption

The potential vulnerability of DES to a brute-force attack, there has been considerable interest in finding an
alternative. One approach is to design a completely new algorithm, of which AES is a prime example. Another
 Chameli Devi Group of Institutions
Department of Information Technology

alternative, which would preserve the existing investment in software and equipment, is to use multiple
encryptions with DES and multiple keys. Begin by examining the simplest example of this second alternative.
then look at the widely accepted triple DES (3DES) approach.

Double DES-The simplest form of multiple encryptions has two encryption stages and two keys. Given a
plaintext P and two encryption keys K1 and K2, ciphertext C is generated as

Decryption requires that the keys be applied in reverse order:

For DES, this scheme apparently involves a key length of 56 x 2 = 112 bits of resulting in a dramatic increase in
cryptographic strength.
Reduction to a Single Stage-Suppose it were true for DES, for all 56-bit key values, that given any two keys K1
and K2, it would be possible to find a key K3 such that

If this were the case, then double encryption, and indeed any number of stages of multiple encryptions with
DES, would be useless because the result would be equivalent to a single encryption with a single 56-bit key.
On the other hand, DES defines one mapping for each different key, for a total number of mappings:
256>1017
Therefore, it is reasonable to assume that if DES is used twice with different keys, it will produce one of the
many mappings that are not defined by a single application of DES.

Triple DES

The meet-in-the-middle attack is to use three stages of encryption with three different keys. This raises the
cost of the known-plaintext attack to 2112, which is beyond what is practical now and far into the future.
However, it has the drawback of requiring a key length of 56 x 3 = 168 bits, which may be somewhat unwieldy.
As an alternative, Tuchman proposed a triple encryption method that uses only two keys. The function follows
an encrypt-decrypt-encrypt (EDE) sequence:

There is no cryptographic significance to the use of decryption for the second stage. Its only advantage is that
it allows users of 3DES to decrypt data encrypted by users of the older single DES:

3DES with two keys is a relatively popular alternative to DES and has been adopted for use in the key
management standards ANS X9.17 and ISO 8732.
 Chameli Devi Group of Institutions
Department of Information Technology

Currently, there are no practical cryptanalytic attacks on 3DES. Coppersmith notes that the cost of a brute-
force key search on 3DES is on the order of 2112 (5 x 1033) and estimates that the cost of differential
cryptanalysis suffers an exponential growth, compared to single DES, exceeding 1052.It is worth looking at
several proposed attacks on 3DES that, although not practical, give a flavor for the types of attacks that have
been considered and that could form the basis for more successful future attacks. The first serious proposal
came from Merkle and Hellman. Their plan involves finding plaintext values that produce a first intermediate
value of A = 0 and then using the meet-in-the-middle attack to determine the two keys. The level of effort is
256, but the technique requires 256 chosen plaintext-ciphertext pairs, a number unlikely to be provided by the
holder of the keys.

This method is an improvement over the chosen-plaintext approach but requires more effort. The attack is
based on the observation that if know A and C, then the problem reduces to that of an attack on double DES.
Of course, the attacker does not know A, even if P and C are known, as long as the two keys are unknown.
However, the attacker can choose a potential value of A and then try to find a known (P, C) pair that produces
A. The attack proceeds as follows:

1. Obtain n (P, C) pairs. This is the known plaintext. Place these in a table sorted on the values of P.
2. Pick an arbitrary value a for A and create a second table with entries defined in the following fashion.
For each of the 256 possible keys K1 = i, calculate the plaintext value Pi that produces a: Pi = D(i, a)
3. For each Pi that matches an entry in Table 1 create an entry in Table 2 consisting of the K1 value and
the value of B that is produced for the (P, C) pair from Table 1, assuming that value of K1:B = D(i, C) At
the end of this step, sort Table 2 on the values of B.
4. Now have a number of candidate values of K1 in Table 2 and are in a position to search for a value of
K2. For each of the 256 possible keys K2 = j, calculate the second intermediate value for our chosen
value of a: Bj = D(j, a)
5. At each step, look up Bj in Table 2 . If there is a match, then the corresponding key i from Table 2 plus
this value of j are candidate values for the unknown keys (K1, K2). Why? Because have found a pair of
keys (i, j) that produce a known (P, C) pair.
6. Test each candidate pair of keys (i, j) on a few other plaintext-ciphertext pairs. If a pair of keys
produces the desired ciphertext, the task is complete. If no pair succeeds, repeat from step 1 with a
new value of a.
A basic result from probability theory is that the expected number of draws required to draw one red ball out
of a bin containing n red balls and N green balls is (N 1)/(n 1) if the balls are not replaced. So the expected
number of values of that must be tried is, for large n.

Block Cipher modes of operation

A block cipher processes the data blocks of fixed size. Usually, the size of a message is larger than the block size. Hence,
the long message is divided into a series of sequential message blocks, and the cipher operates on these blocks one at a
time.
Electronic Code Book (ECB) Mode
This mode is a most straightforward way of processing a series of sequentially listed message blocks.
 Chameli Devi Group of Institutions
Department of Information Technology

Analysis of ECB Mode

Any application data usually have partial information which can be guessed. For example, the range of salary
can be guessed. A ciphertext from ECB can allow an attacker to guess the plaintext by trial-and-error if the
plaintext message is within predictable.
For example, if a ciphertext from the ECB mode is known to encrypt a salary figure, then a small number of
trials will allow an attacker to recover the figure. In general, do not wish to use a deterministic cipher, and
hence the ECB mode should not be used in most applications.
Cipher Block Chaining (CBC) Mode
CBC mode of operation provides message dependence for generating ciphertext and makes the system non-
deterministic
Analysis of CBC Mode
In CBC mode, the current plaintext block is added to the previous ciphertext block, and then the result is
encrypted with the key. Decryption is thus the reverse process, which involves decrypting the current
ciphertext and then adding the previous ciphertext block to the result.
Advantage of CBC over ECB is that changing IV results in different ciphertext for identical message. On the
drawback side, the error in transmission gets propagated to few further blocks during decryption due to
chaining effect.
It is worth mentioning that CBC mode forms the basis for a well-known data origin authentication mechanism.
Thus, it has an advantage for those applications that require both symmetric encryption and data origin
authentication.
Cipher Feedback (CFB) Mode
In this mode, each ciphertext block gets ‘fed back’ into the encryption process in order to encrypt the next
plaintext block.
Output Feedback (OFB) Mode
It involves feeding the successive output blocks from the underlying block cipher back to it. These feedback
blocks provide string of bits to feed the encryption algorithm which act as the key-stream generator as in case
of CFB mode.
The key stream generated is XOR-ed with the plaintext blocks. The OFB mode requires an IV as the initial
random n-bit input block. The IV need not be secret.
The operation is depicted in the following illustration –
 Chameli Devi Group of Institutions
Department of Information Technology

Figure 2.7: Output Feedback (OFB) Mode

Counter (CTR) Mode

It can be considered as a counter-based version of CFB mode without the feedback. In this mode, both the
sender and receiver need to access to a reliable counter, which computes a new shared value each time a
ciphertext block is exchanged. This shared counter is not necessarily a secret value, but challenge is that both
sides must keep the counter synchronized.
Analysis of Counter Mode
It does not have message dependency and hence a ciphertext block does not depend on the previous plaintext
blocks. Like CFB mode, CTR mode does not involve the decryption process of the block cipher. This is because
the CTR mode is really using the block cipher to generate a key-stream, which is encrypted using the XOR
function. In other words, CTR mode also converts a block cipher to a stream cipher.
The serious disadvantage of CTR mode is that it requires a synchronous counter at sender and receiver. Loss of
synchronization leads to incorrect recovery of plaintext.
However, CTR mode has almost all advantages of CFB mode. In addition, it does not propagate error of
transmission at all.

Stream Ciphers

In stream cipher, one byte is encrypted at a time while in block cipher ~128 bits are encrypted at a time.
Initially, a key(k) will be supplied as input to pseudorandom bit generator and then it produces a random 8-bit
output which is treated as keystream.
The resulted keystream will be of size 1 byte, i.e., 8 bits.
1. Stream Cipher follows the sequence of pseudorandom number stream.
2. One of the benefits of following stream cipher is to make cryptanalysis more difficult, so the number of
bits chosen in the Keystream must be long to make cryptanalysis more difficult.
3. By making the key longer it is also safe against brute force attacks.
4. The longer the key the stronger security is achieved, preventing any attack.
5. Keystream can be designed more efficiently by including a greater number of 1s and 0s, for making
cryptanalysis more difficult.
6. Considerable benefit of a stream cipher is it requires few lines of code compared to block cipher.
Encryption:
For Encryption,
 Plain Text and Keystream produces Cipher Text (Same keystream will be used for decryption.).
 The Plaintext will undergo XOR operation with keystream bit-by-bit and produces the Cipher Text.

Confidentiality using Symmetric Encryption

 Chameli Devi Group of Institutions
Department of Information Technology

 In a distributed environment, encryption devices can be placed to support either link encryption or
end-to-end encryption. With link encryption, each vulnerable communications link is equipped on both
ends with an encryption device. With end-to-end encryption, the encryption process is carried out at
the two end systems.
 Even if all traffic between users is encrypted, a traffic analysis may yield information of value to an
opponent. An effective countermeasure is traffic padding, which involves sending random bits during
periods when no encrypted data are available for transmission.
 Key distribution is the function that delivers a key to two parties who wish to exchange secure
encrypted data. Some sort of mechanism or protocol is needed to provide for the secure distribution of
keys.
 Key distribution often involves the use of master keys which are infrequently used and are long lasting,
and session keys, which are generated and distributed for temporary use between two parties.