TY BTech Trimester-VIII (AY 2019-

2020) Computer Science and

Engineering

Disclaimer:
a. Information included in these slides came from multiple sources. We have tried our
best to cite the sources. Please refer to the references to learn about the sources,
when applicable.
b. The slides should be used only for preparing notes, academic purposes (e.g. in teaching
a class), and should not be used for commercial purposes.
 CS323: Information
Security
Examination Scheme:
Continuous Assessment: 50 Marks End Semester Examination: 50 Credit: 2+1

Course Objectives:

 To understand foundations of security architecture and classical crypto system.

 To recognize mathematical foundations and its use in advanced cryptography.
 To comprehend authentication and key management issues.
 To understand network attacks, defense and web security tools.

Course Outcomes:
After completion of this course students will be able to:
 Use basic security principles and techniques in secured application programming.
 Mathematically prove security solutions in cryptography applications.
 To handle key management and authentication protocols.
 To deploy network security tools and solutions of web information security.

information Security: Unit - I Prof. U. K. Raut

 Pre-requisites

• Data and Mobile Communication

• Computer Networks

information Security: Unit - I Prof. U. K. Raut

 Syllabus
Unit: I Foundations of Information Security: Background of security, Security attacks, Defence 8 Hrs
Mechanisms, Goals of Security, Various security domains. Security Design Principles. Classical
Cryptography: Caesar cipher, One Time Pad, Mono alphabetic cipher, Transposition ciphers.
Symmetric Cryptosystems: Block Ciphers, Stream Ciphers, Basics of DES and AES. Cipher modes
of operations. Introduction to Cryp Tool.

Unit: II Mathematical Foundations and Public Key Cryptography: Mathematics for Security: Modular 8 Hrs
Arithmetic, Euclidean Algorithm, Chinese Remainder Theorem, Discrete Logarithm, Fermat
Theorem, Secret Splitting and Sharing with polynomials Asymmetric key Cryptography: RSA.
Hash algorithms: SHA1, Digital Signatures: Symmetric Key Signatures, Public Key Signatures.

Unit: III Key Management and Authentication: Pseudo Random numbers, Key Management: Types of 7 Hrs
Keys, Generation, Distribution, Cryptographic Key Infrastructures, Diffie-Hellman Key Exchange,
Digital Certificates x509. Authentication Protocols: Remote, Mutual Authentication, Passwords
attacks & defence, Symmetric key and Asymmetric key Authentication, Federated Authentication.
information Security: Unit - I Prof. U. K. Raut
 Syllabus (Continue)

Unit: IV Networks and Web security: Layer wise Security concerns, Firewalls: Packet filtering, Stateless 7 Hrs
and Stateful, Intrusion detection systems: host based, network based IDS, Secured Socket Layer
Security, IP level IPSEC security, Kerberos Security System. Wireless Security.

Books:- 1. Cryptography and Network Security, William Stallings, Pearson Education 5th Edition, ISBN 13: 978-
(Text) 0-13-609704-4
2. Computer Security: Principles and Practices, Willaim Stallings and Lawrie Brown, Pearson Education,
ISBN 13-9780134794396

Books:- 1. Cryptography and Network Security, Berouz Forouzan 2 edition, TMH, ISBN :9780070702080
(Referen 2. Applied Cryptography, Bruice Schneier, 2nd Edition, Wiely India Pvt Ltd, ISBN 978-81-265-1368-0
ce)
3. Computer Security: Art and Science, by Matt Bishop, Pearson Education, ISBN:9788177584257
Supplementary Reading:
1. E-books
2. Web links
3. MOOCs
information Security: Unit - I Prof. U. K. Raut
 Laboratory: Lab Assignment
Assign No. Name of Assignment
A Core Level security (Any two)
1 Implement any classical cryptographic technique using java or python or C++
2 Implement simple DES symmetric key algorithm using python or java or C++
3 Implement simple RSA asymmetric key algorithm using python or java or C++

B API Level - (Using Libraries) (Any two)

1 To program asymmetric key cryptography such as RSA cryptography using JAVA API, Python or C++ API.

2 To program basic cryptography hash algorithm SHA1 or MD5 Use Java or Python or C++ API. Additionally
demonstrate client server authentication using socket programming.
3 Write program for demonstration of digital signature and its verification using Java or Python or C++.

C Security Tools Level – (Any two)

1 Demonstrate use of PGP open source security tool for Confidentiality, Authentication and Integrity.
2 Demonstrate secured web applications system using SSL certificates and its deployment in Apache tomcat server

3 Implement Intrusion Detection System using Snort IDS tool

information Security: Unit - I Prof. U. K. Raut
4 Install and configure and demonstrate NESSUS tool of vulnerability assessment
 Guidelines for CCA and LCA
Examination Scheme CCA Marks Distribution
Sr. No. Examination Scheme Marks Examination Weightage Marks
Mid-Term Theory Exam 30 % 15
1. Class Continuous Assessment (CCA) 50
Class Attendance 10 % 5
Laboratory Continuous Online MCQ Test 30 % 15
2. Assessment (LCA) 50
Theory Assignment 30 % 15
3. End Term Theory Examination 50
Total 50

information Security: Unit - I Prof. U. K. Raut

 LCA Marks Distribution

Examination Weightage Marks

Practical
30% 15
Demonstration

Journal
30% 15
Submission
Understanding
30% 15
(Orals)

Attendance 10% 5

Total 50

information Security: Unit - I Prof. U. K. Raut

 Unit-I

Foundations of Information Security

information Security: Unit - I Prof. U. K. Raut

 Foundations of Information Security
 Cyber security or information security are the techniques of protecting computers, networks,
programs and data from unauthorized access or attacks that are aimed for exploitation.

Benjamin Franklin once said

Three people can keep a secret…....
…………. if two of them are dead!

Security is Not Easy to Achieve:

• Human tendency
• Problems of storage and communication
• Trust in all the parties
information Security: Unit - I Prof. U. K. Raut
 Don’t forget these roots !!

Attacks -- Services -- Defense

information Security: Unit - I Prof. U. K. Raut

 Key Security Concepts

 Elements of Information Security

 Confidentiality: authorised user can access data
 Integrity: validity of data
 Availability

information Security: Unit - I Prof. U. K. Raut

 Aspects of Security

 consider 3 aspects of information security:

• security attack: Any action that compromises the security of information owned by an organization.
• security mechanism: A process that is designed to detect, prevent, or recover from a security
attack.
•security service: A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization.

 note terms
• threat: a potential for violation of security
• attack: an assault on system security, a deliberate attempt to evade security
services
information Security: Unit - I Prof. U. K. Raut
 Security Attacks - Security threats
Information Information
source destination

a) Normal flow

• Interruption – attack on availability b) Interruption

• Interception – attack on confidentiality c) Interception
• Modification – attack on integrity
• Fabrication – attack on authenticity

d) Modification
information Security: Unit - I Prof. U. K. Raut
e) Fabrication
  Passive Attack: make use of information from the system but does not affect system
resource

Observe pattern
of messages

Note: in dealing with passive attacks is on prevention rather than detection. i.e. encryption

information Security: Unit - I Prof. U. K. Raut

 Active Attack: modification of the data stream or the creation of a false stream

information Security: Unit - I Prof. U. K. Raut

 Attackers

information Security: Unit - I Prof. U. K. Raut

 Security Services/Goals

 Confidentiality (privacy)
 Authentication (who created or sent the data)
 Integrity (has not been altered)
 Non-repudiation (the order is final)
 Access control (prevent misuse of resources)
 Availability (permanence, non-erasure)

information Security: Unit - I Prof. U. K. Raut

 Security Mechanism
• feature designed to detect, prevent, or recover from a security attack
• no single mechanism that will support all services required
• however one particular element underlies many of the security mechanisms in use:
– cryptographic techniques

• specific security mechanisms:

– encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event detection, security audit trails, security recovery

information Security: Unit - I Prof. U. K. Raut

 Quiz : Match the Following?

a)Interruption 1)integrity
b)Interception 2)availability
c)Modification 3)authentication
d)Fabrication
4)confidentiality

information Security: Unit - I Prof. U. K. Raut

 Methods of Defense
 Cryptography Controls
 Software Controls
 Hardware Controls
 Management & Audit Controls
 Physical Controls
 Law Enforcement Controls
 Education Controls

information Security: Unit - I Prof. U. K. Raut

 Various Security Domains

• Number Theory: Cryptography – Infrastructure – Physical - Security Management - Audit

control
• Cyber Enforcement: IT Laws Courts
• Program / Database / Operating System /Net Work
Security
• Image, Audio, Video Enabled Security
• Biometric Security , Intelligent Security, Social Engineering
• Market Trends – Enterprise, Cloud, Wireless Security,
Intelligence

information Security: Unit - I Prof. U. K. Raut

The Operational Model of Network Security

• Prevention is better than cure

information Security: Unit - I Prof. U. K. Raut

 Problem

Problem 1: Consider an automated teller machine (ATM) in which users provide a personal
identification number (PIN) and a card for account access. Give examples of confidentiality,
integrity, and availability requirements associated with the system and, in each case, indicate the
degree of importance of the requirement.

Solution: The system must keep personal identification number (PIN) confidential, both in the host
system and during transmission for a transaction. In addition, for security the personal identification
number must encrypted.
It must protect the integrity of account records and of individual transactions.
Availability of the host system is important to the economic well being of the bank, but not to its
fiduciary responsibility. The availability of individual teller machines is of less concern.

information Security: Unit - I Prof. U. K. Raut

 Classical Cryptography
Basic Terminology
• Plaintext- the original message
• Ciphertext - the coded message
• Cipher - algorithm for transforming plaintext to ciphertext
• Key - info used in cipher known only to sender/receiver
• Encipher (encrypt) - converting plaintext to ciphertext
• Decipher (decrypt) - recovering ciphertext from plaintext
• Cryptography - study of encryption principles/methods
• Cryptanalysis (codebreaking) - the study of principles/ methods of deciphering
ciphertext without knowing key
• cryptology - the field of bothinformation
cryptography and cryptanalysis
Security: Unit - I Prof. U. K. Raut
 Encryption Methods

 Symmetric encryption- DES, Triple DES, AES

 Asymmetric encryption- RSA, ECC
• The security of encryption algorithm depends upon the key

• or conventional / private-key / single-key

• sender and recipient share a common key
• all classical encryption algorithms are private-key
• was only type prior to invention of public-key
in 1970’s

information Security: Unit - I Prof. U. K. Raut

 Cryptography

-- Parameters used by cryptographic systems are:

• The type of operations used for transforming plaintext to ciphertext
• e.g. substitution and transposition
• The number of keys used e.g. symmetric, asymmetric
• The way in which the plaintext is processed e.g. block cipher, stream cipher
 Substitution Ciphers:
Classical Ciphers:
 Plaintext is viewed as a sequence of elements (e.g., bits or characters)
 Substitution cipher : replacing each element of the plaintext with another element.
 Transposition (or permutation) cipher : rearranging the order of the elements of the plaintext.
 Product cipher : using multiple stages of substitutions and transpositions

information Security: Unit - I Prof. U. K. Raut

 Caesar Cipher

 Earliest known substitution cipher. Invented by Julius Caesar

 Each letter is replaced by the letter three positions further down the alphabet.
Plain: abcdefghijklmnopqrstuvwxyz

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 Example: mit pune  PLW SXQH E.g. break ciphertext “GCUA VQ DTGCM”
Answer: easy to break
 Mathematically, map letters to numbers:
a b c d e f g h i j k l m  Then the general Caesar cipher is:
0 1 2 3 4 5 6 7 8 9 10 11 12 c = EK(p) = (p + k) mod 26 p
n o p q r s t u v w x y z = DK(c) = (c – k) mod 26
13 14 15 16 17 18 19 20 21 22 23 24 25

 Brute force attack is easily possible

information Security: Unit - I Prof. U. K. Raut
 Monoalphabetic Cipher

 Shuffle the letters and map each plaintext letter to a different random ciphertext letter:
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

 Now we have a total of 26! = 4 x 1026 keys.

 With so many keys, it is secure against brute-force attacks.
 But not secure against some cryptanalytic attacks.
 Problem is language characteristics.

information Security: Unit - I Prof. U. K. Raut

English Letter Frequencies

information Security: Unit - I Prof. U. K. Raut

• given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

• count relative letter frequencies (see text)

• guess P & Z are e and t
• guess ZW is th and hence ZWP is the

• proceeding with trial and error finally get:

it was disclosed yesterday that several informal
but direct contacts have been made with political
representatives of the Viet cong in Moscow
information Security: Unit - I Prof. U. K. Raut
 One-Time Pad
• The number of possible keys is equal to the number of possible plaintexts
• The key is selected at random from the choice of all possible keys
• Any key should only be used once
• It is unbreakable since ciphertext bears no statistical relationship to the plaintext

ci = pi XOR ki

information Security: Unit - I Prof. U. K. Raut

Two fundamental difficulties:
• Problem of making large quantities of random keys
• Problem of key distribution and protection.

Becauseof these difficulties, the one-time pad is of limited utility and is useful primarily for
low-bandwidth channels requiring very high security.

information Security: Unit - I Prof. U. K. Raut

 Transposition Ciphers
 Plaintext written in a row under the key and then arrange the column as per alphabetical order.
 Single Columnar Transposition
Preparing the Key:
 Numbered each letter of the
key as per their appearance
h
in the alphabet e a v e n
4 2 1 6 3 5

Preparing the Plaintext: we are the best h e a v e n

4 2 1 6 3 5
W E A R E T
H E B E S T
information Security: Unit - I Prof. U. K. Raut
Encryption: a e e h n v
1 2 3 4 5 6
A E E W T R
B E S H T E

Decryption: ABEEESWHTTRE h e a v e n
4 2 1 6 3 5
W E A R E T
H E B E S T

Problem: Using Transposition cipher encrypt message “WE ARE THE BEST” use key ‘HEAVEN’

information Security: Unit - I Prof. U. K. Raut

 Double Columnar Transposition

h e a v e n
4 2 1 6 3 5
W E A R E T
H E B E S T

ABEEESWHTTRE a n o t h e r
1 4 5 7 3 2 6
A B E E E S W
H T T R E
information Security: Unit - I Prof. U. K. Raut
 Modes of Operation

 A block cipher processes the data blocks of fixed size.

 Usually, the size of a message is larger than the block size.
 Hence, the long message is divided into a series of sequential message blocks, and the cipher operates
on these blocks one at a time.
 The size of plaintext block and ciphertext block is same.
 When no. of bits in the plaintext/message are not multiple of the block size ---- Modes of operation

 Block Cipher Modes of Operation

 Electronic Code book (ECB) mode
 Cipher Block Chaining (CBC) mode
 Feedback (CFB) modes
 Counter (CTR) mode
information Security: Unit - I Prof. U. K. Raut
 Electronic Code book (ECB) mode

 The message is divided into blocks, and each block is encrypted separately.
 If two plaintext blocks are identical then the ciphertext block are also same . Therefore, a
known plaintext attack is possible.
 uses: secure transmission of single values

Ci = EK(Pi)

information Security: Unit - I Prof. U. K. Raut

 Cipher Block Chaining (CBC) mode

 The message is divided into blocks, and each block is encrypted separately.
 An initialisation is random number is used to increase security.
 It can be used to generate the hash value.
Ci = EK(Pi XOR Ci-1)
 uses: bulk data encryption, authentication C-1 = IV

information Security: Unit - I Prof. U. K. Raut

Advantages:
 For identical block of plaintext, different ciphertext blocks are generated. So secure than ECB
mode.
 Hash value, i.e. last ciphertext block, helps to identify if the message is original or modified.
Disadvantages:
 Parallel operation cannot be performed.
 Lost/missing of any block of ciphertext stops the decryption process of the remaining blocks.

information Security: Unit - I Prof. U. K. Raut

 Cipher Feedback (CFB) Mode

 Can be used when the block size is smaller than the required block
size.
 The block size may be a bit or bytes, so there is no need of padding. Ci = Pi XOR EK(Ci-1)
 uses: stream data encryption, authentication C-1 = IV

information Security: Unit - I Prof. U. K. Raut

 CFB is suffered from bit errors. If in the incoming cipher block, any one bit error is there, then it
causes the bit error at the same bit position in the plaintext block.

information Security: Unit - I Prof. U. K. Raut

 Output Feedback (OFB) Mode

 message is treated as a stream of bits

 Free from bit error rate.
 Information about the key is not required, which help the cryptanalyst to break the cipher
easily.

information Security: Unit - I Prof. U. K. Raut

information Security: Unit - I Prof. U. K. Raut
 Counter (CTR) Mode

 It may be faster than of cipher block chaining mode.

 Encryption can be done in parallel.
 Padding is not required.
 Processing of plaintext blocks can be done randomly
 Integrity of the message is not maintained
 Reuse of counter value, compromise the security.
 It is ATM and IP sec

information Security: Unit - I Prof. U. K. Raut

information Security: Unit - I Prof. U. K. Raut
 XTS-AES Mode

• new mode, for block oriented storage use

– in IEEE Std 1619-2007
• concept of tweakable block cipher
• different requirements to transmitted data
• uses AES twice for each block
Tj = EK2(i) XOR αj
Cj = EK1(Pj XOR Tj) XOR Tj
where i is tweak & j is sector
no
• each sector may have multiple
blocks

information Security: Unit - I Prof. U. K. Raut

XTS-AES Mode per block

information Security: Unit - I Prof. U. K. Raut

XTS-AES Mode Overview

information Security: Unit - I Prof. U. K. Raut

 Advantages and Limitations of XTS-AES
 efficiency
 can do parallel encryptions in h/w or s/w

 random access to encrypted data blocks

 has both nonce & counter

 addresses security concerned related to stored data

information Security: Unit - I Prof. U. K. Raut

 Problem 2

Consider the CFB of operation where the block cipher is permutation cipher and key is mutation
1 2 3 4 . If the intial vector is taken as 1010 the compute the ciphertext correspond to
the
3 4 2 1 plaintext 010010111100

information Security: Unit - I Prof. U. K. Raut

 Feistel Ciphers

 Most symmetric block ciphers are based on a Feistel Cipher Structure

 Needed since must be able to decrypt ciphertext to recover messages efficiently
Block ciphers look like an extremely large substitution would need table of 264 entries for a 64-
bit block
 Instead create from smaller building blocks using idea of a product cipher

 Horst Feistel devised the feistel cipher

• based on concept of invertible product cipher

information Security: Unit - I Prof. U. K. Raut

 partitions input block into two halves
• process through multiple rounds which:

• perform a substitution on left data half

• based on round function of right half & sub key

• then have permutation swapping halves

 The plaintext is divided into two halves (L0 and R0). Then the two halves pass through
n
rounds of processing then combine to produce the cipher block.

 Each round i has as input L i-1 and Ri-1 derived from the previous round as well as a sub-
key Ki derived from the overall
information K
Security: Unit - I Prof. U. K. Raut
information Security: Unit - I Prof. U. K. Raut
The design of Feistel cipher depends on following parameter:
 Block Size: (larger block means greater security) 64 bits.
 Key Size:56-128 bits.
 Number of Rounds: a single round offers inadequate security, a typical size is 16 rounds.
 Sub-key Generation Algorithms: greater complexity should lead to a greater difficulty of
cryptanalysis.
 Round function: Again, greater complexity generally means greater resistance
to cryptanalysis.

information Security: Unit - I Prof. U. K. Raut

 Data Encryption Standard (DES)

 IBM developed Lucifer cipher

◦ by team led by Feistel

◦ used 64-bit data blocks with 128-bit key

 then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS
issued request for proposals for a national cipher standard
 IBM submitted their revised Lucifer which was eventually accepted as the DES
 encrypts 64-bit data using 56-bit key
 DES has become widely used, especially in financial applications

information Security: Unit - I Prof. U. K. Raut

 Conceptual View of DES

 Every 8th bit of the key is discarded to produce a 56-bit key

 Same algorithm and key are used for encryption and decryption

64-bit 64-bit 64-bit

Plain text Plain text Plain text


56-bit Key 56-bit Key 56-bit Key

DES DES DES

64-bit 64-bit 64-bit

Cipher text Cipher text Cipher text

Block 1 Block 2 Block n

information Security: Unit - I Prof. U. K. Raut
 Broad Level Steps in DES

 DES is based on substitution (called as confusion) and transposition (called as diffusion)

 Each round performs the steps of substitution and transposition

Step 1 Plain text (64 bits)

Initial
Step 2 Permutatio
n (IP)
Step 3 LPT RPT

Step 4 Key 16 rounds 16 rounds Key

Step 5 Final Permutation (FP)

Step 6 Cipher text (64 bits)

information Security: Unit - I Prof. U. K. Raut
  Initial Permutation (IP)

 Thefirst bit of the output is taken from the 58th bit of the input; the second bit from the 50th bit,
and so on, with the last bit of the output taken from the 7th bit of the input. i.e. transposition

information Security: Unit - I Prof. U. K. Raut

 Details of One Round in DES

Key Transformation

Expansion Permutation

S-Box Substitution

P-Box Permutation

XOR and Swap

information Security: Unit - I Prof. U. K. Raut

 Step 1: Key Transformation and Compression Permutation
 After the parity-bit drop, the key is divided into two 28-bit
parts
 Each part is circularly shifted left by one or two bit
 The two parts are then combined to form
Rounda 56-bit
1 part
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

 Choose 48 of the 56 bits Bits shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

14 17 11 24 1 5 3 28 15 6 21 10
Compression Permutation 23 19 12 4 26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40 51 45 33 48
44 49 39 56 34 53 46 42 50 36 29 32
inf ormatio Securit y: Unit I Prof U. K. Ra ut
n - .
 Step 2: Expansion Permutation
 32-bit RPT is divided into 8 blocks (each block 4-bits)
 Each 4-bit block is expanded to 6-bit block. Two bits -- repeated first and forth bits

Original Right Plain Text (RPT) of 32 bits



Block 1 (4 bits) Block 2 (4 bits) Block 8 (4 bits)

information Security: Unit - I Prof. U. K. Raut

 Input Block 3 (4 bits)
Input Block 1 (4 bits) Input Block 2 (4 bits)
29 30 31 32
1 2 3 4 5 6 7

1 2 3 4 5 6 7 8 9 10 11 12 43 44 45 46 47 48
Output Block 1 (6 bits) Output Block 2 (6 bits) Output Block 3 (6 bits)

RPT Expansion Permutation Table

32 1 2 3 4 5 4 5 6 7 8 9
8 9 10 11 12 13 12 13 14 15 16 17
16 17 18 19 20 21 20 21 22 23 24 25
24 25 26 27 28 29 28 29 30 31 32 1
i nformat on ty: Unit - I Prof. U. K.
i Securi Raut
 Step 3: S-box substitution
• Output: 32 bit

Key Transformation Expansion Permutation

(Compress key from 56 bits to 48 bits) (Expand RPT from 32 bits to 48 bits)

48-bit Key XOR 48-bit RPT

S-box
Substitution

information Security: Unit - I Prof. U. K. Raut

• Eight S-boxes that accept 6 bit inputs and produce 4 bit outputs

48-bit input block

6-bit sub-block 6-bit sub-block 6-bit sub-block



S-box 1 S-box 2 S-box 8

4-bit output 4-bit output 4-bit output

32-bit output block

information Security: Unit - I Prof. U. K. Raut

b1 b2 b3 b5 b6
b4
4-bit column number

2-bit row number

information Security: Unit - I Prof. U. K. Raut

information Security: Unit - I Prof. U. K. Raut
 Step 4: P-box permutation

 The output of S-box consists of 32 bits

 It is straight permutation. No bits are used twice and no bits are ignored
 Replacement of each bit with another bit

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

information Security: Unit - I Prof. U. K. Raut

 Step 5: XOR and Swap

Original 64-bit Plain Text Block

32-bit Left Plain Text (LPT) Block 32-bit Right Plain Text (RPT) Block

Key Transformation
(not involved directly)
Expansion Permutation
S-box Substitution
P-box Permutation

XOR

32-bit Left Plain Text (LPT) Block 32-bit Right Plain Text (RPT) Block

Next round
information Security: Unit - I Prof. U. K. Raut
 Final
permutation

information Security: Unit - I Prof. U. K. Raut

 DES Decryption

 Same algorithm and key are used for encryption and decryption
 Key reversal is used i.e. K16, K15, …… K1

Analysis of DES
 Useof S-boxes: The table used for substitution in DES are kept secret by IBM. It takes 17 years
come up with internal design of the S-boxes.
 Key Length: There are 256 possible keys i.e. 7.2 x 1016 keys. Thus, it seems that a brute-force
attack on DES is impractical. A single computer performing one DES encryption per
microsecond would require more than 1000 years to break DES.

information Security: Unit - I Prof. U. K. Raut

 Variations of DES: Double
DES
Original Cipher Cipher
Encrypt Encrypt
Plain Text Text Text
 Meet-in-the-
middle attack
K1 K2

Cipher Cipher Original

Decrypt Decrypt
Text Text Plain Text

K2 K1
EK1(P) T = EK1(P) EK2(EK1(P)) C = EK2(EK1(P))
Temporary
P Encrypt Encrypt C
result (T)

Kinfo1rmation Security: Unit - Prof. U. K. Raut K2

 Triple DES
 Secure but more time for encryption

Original Cipher Final

Encrypt Cipher Text
Plain Text Text 1
Cipher
Encrypt Text 2
Encrypt
K1

K2 K3

Original Cipher Final Cipher

Encrypt Text 1 Text
Plain Text
Cipher
Decrypt Text 2 Encrypt
K1

K2 K1
information Security: Unit - I Prof. U. K. Raut
 DES Weaknesses

Weaknesses in Cipher Design

S-boxes: At least three weaknesses are mentioned in the literature for S-boxes.
1. In S-box 4, the last three output bits can be derived in the same way as the first output bit
by complementing some of the input bits.
2. Two specifically chosen inputs to an S-box array can create the same output.
3. It is possible to obtain the same output in a single round by changing bits in only three neighboring S-
boxes.
D-boxes: One mystery and one weakness were found in the design of D-boxes:
4. It is not clear why the designers of DES used the initial and final permutations; these have no security
benefits.
5. In the expansion permutation (inside the function), the first and fourth bits of every 4-bit series are
repeated
information Security: Unit - I Prof. U. K. Raut
information Security: Unit - I Prof. U. K. Raut
 Why A New Cipher?

 DES has the 56-bit key size and being too small.

In January 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly
break a DES key in 22 hours and 15 minutes

 DES had outlived its usefulness:

• Vulnerabilities were becoming known
• 56-bit key was too small
• Too slow in software implementations
 NIST wanted increased trust in cipher:
• Previous processes very closed
• DES suspected of having 'back doors'
information Security: Unit - I Prof. U. K. Raut
 Advanced Encryption Standard (AES)
 Background
 On January 2, 1997, NIST announced the initiation of the AES development.

The point stipulated that:

 The algorithm must be a symmetric block cipher
 Key lengths of 128, 192, and 256 bits must be supported
 Block length: 128, 192, and 256 bits
 Both software and hardware implementations must be possible
 Possible implementation on smart-cards
 Royalty-free

information Security: Unit - I Prof. U. K. Raut

The finalists and their scores were as follows: 15 Ciphers submitted
 Rijndael (from Joan Deamen and Vincent Rijmen, 86 votes).
 Serpent (from Ross Anderson, Eli Biham, and Lars Knudsen, 56 votes).
 Twofish (from a team headed by Bruce Schneier, 31 votes).
 RC6 (from RSA Laboratories, 23 votes).
 MARS (from IBM, 13 votes)

 InNovember 2001, Rijndael became a U. S. Government standard published as

Federal Information Processing Standard FIPS 197.
 It is not a Feistel cipher.
- It works in parallel over the whole input block.
information Security: Unit - I Prof. U. K. Raut
The most powerful supercomputer in the world in 2017 was the Sunway TaihuLight in China. This
beast is capable of a peak speed of 93.02 petaflops. This means that the most powerful computer in
the world would still take some 885 quadrillion years to brute force a 128-bit AES key.

The number of operations required to brute force a 256-bit cipher is 3.31 x 10^56. This is roughly
equal to the number of atoms in the universe!

information Security: Unit - I Prof. U. K. Raut

 Rijndael’s Encryption Algorithm

 The basic unit for processing in the AES algorithm is a byte.

 The AES algorithm’s operations are performed on a two-dimensional array of bytes called the State.
It is referred as sr,c
 Block = 128 bits = 16 byte = b0 b1 b2……………b15
 Key = 128 bits = 16 byte = k0 k1 k2……………k15
 The four bytes in each column of the State array stand as one word

w0 = s0,0 s1,0 s2,0 s3,0 w2 = s0,2 s1,2 s2,2 s3,2

w1 = s0,1 s1,1 s2,1 s3,1 w3 = s0,3 s1,3 s2,3 s3,3

information Security: Unit - I Prof. U. K. Ra utw w1 w2 w3

0
 Implemented as a 4 x 4 matrix, where each element in the matrix is one byte.
 Algorithm consists of an initial round, Nr - 1 standard rounds where Nr is 10, 12, 14
depending on the block and key array sizes, and a final round.

 Possible Round Operations

 ByteSub – Substitution of Bytes

 Shift Row – Shifts Rows
 MixColumn – Multiplies Columns
 AddRoundKey – XORs by Key

information Security: Unit - I Prof. U. K. Raut

Encryption
Algorithm

information Security: Unit - I Prof. U. K. Raut

information Security: Unit - I Prof. U. K. Raut
  SubBytes transformation

 16 x 16 matrix whose entries are all distinct bytes.

 For example, if s1,1 = {53}, the result is {ed}.

information Security: Unit - I Prof. U. K. Raut

  Shift-Rows transformation

information Security: Unit - I Prof. U. K. Raut

  MixColumn transformation

 The mixcolumn transformation operates on the state column-by-column.

information Security: Unit - I Prof. U. K. Raut

02 03 01 01 d4 e0 b8 1e
01 02 03 01 bf 34 41 27
02. {d4}  03.{bf}  01.{5d}  01.{30} = {04}
01 01 02 03 5d 52 11 98
03 01 01 02 30 ae f1 e5

information Security: Unit - I Prof. U. K. Raut

 Multiplication

 A polynomial is irreducible if its only divisors are one and itself.

 For the AES algorithm, this irreducible polynomial is

m(x) = x8 + x4 + x3 + x + 1 or {01}{1b} in hexadecimal

notation
E.g. {57} • {83} = {c1}, because
(x6 +x4+x2 +x +1) (x7+x +1) = x13 + x11 +x9 +x8+x7+ x7+ x5 + x3+ x2 + x + x6 + x4 + x2 + x +1
= x13 + x11 +
x 9 + x 8 + x 6 + x 5 + x4 + x3 + 1

x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1 modulo x8 + x4 + x3 + x + 1

= x 7 + x6 + 1
information Security: Unit - I Prof. U. K. Raut
  Add Round Key transformation

 In this operation, a Round Key is applied to the State by a simple bitwise XOR .

 Key schedule
This consists of two components: the Key Expansion and the Round Key Selection.
The basic principle is the following:
 The total number of Round Key bits is equal to the block length multiplied by the number
of rounds plus 1. (i.e. 128 x 11 = 1408, 1408/32 = 44)
 The Cipher Key is expanded into an Expanded Key.
 Round Keys are taken from this Expanded Key in the following way: the first Round Key
consists of the first Nb words, the second one of the following Nb words, and so on.

information Security: Unit - I Prof. U. K. Raut

 Key = 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f
3c
 Key expansion
The key expansion function depends on the value of Nk.
For Nk ≤ 6, we have:

KeyExpansion (byte Key [4*Nk], word W [Nb*(Nr+1)])

{
for (i = 0; i < Nk; i++)
{
W[i] = (Key [4*i], Key [4*i+1], Key [4*i+2], Key [4*i+3])
}
for (i = Nk; i < Nb * (Nr + 1); i++)
{ temp = W [i - 1];
if (i % Nk = =
0)
{
temp
=
} SubB information Security: Unit - I Prof. U. K. Raut
yte
 The round constants are independent of Nk and defined by:
Rcon[i] = (RC[i], ‘00’, ‘00’, ‘00’)
with RC[1] representing an element in GF(28) with a value of x(i -1) so that:
RC[1] = 1 (i.e. ‘01’)
RC[i] = x (i.e. ‘02’) • (RC[i-1]) = x(i -1)

information Security: Unit - I Prof. U. K. Raut

information Security: Unit - I Prof. U. K. Raut
Key Expansion Examples
Cipher Key = 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c
For Nk = 4, which results in

w0 = 2b7e1516 w1 = 28aed2a6 w2 = abf71588 w3 = 09cf

4f3c

information Security: Unit - I Prof. U. K. Raut

Example: Nb = 4 and Nk = 4

Input : 32 43 f6 a8 88 5a 30 8d 31 31
98 a2 e0 37 07 34
Key : 2b 7e 15 16 28 ae d2 a6 ab f7
15 88 09 cf 4f 3c
Round
The Round Key values StarttheofKey ExpansionAfter
are taken from example After After Round Key
Number Round SubByte ShiftRows MixColumns Value

information Security: Unit - I Prof. U. K. Raut

information Security: Unit - I Prof. U. K. Raut
information Security: Unit - I Prof. U. K. Raut
 Addition
 The addition is performed with the XOR operation (denoted by ) - i.e., modulo 2 -
so that 1  1 = 0, 1  0 = 1, and 0  0 = 0.

(x6 + x4 + x2 + x +1) + (x7 + x + 1) = x7 + x6 + x4 + x2 (polynomial notation)

{01010111}  {10000011} = {11010100} (binary notation)

{57}  {83} = {d4} (hexadecimal notation)

information Security: Unit - I Prof. U. K. Raut

 Multiplication

 A polynomial is irreducible if its only divisors are one and itself.

 For the AES algorithm, this irreducible polynomial is

m(x) = x8 + x4 + x3 + x + 1 or {01}{1b} in hexadecimal

notation
E.g. {57} • {83} = {c1}, because
(x6 +x4+x2 +x +1) (x7+x +1) = x13 + x11 +x9 +x8+x7+ x7+ x5 + x3+ x2 + x + x6 + x4 + x2 + x +1
= x13 + x11 +
x 9 + x 8 + x 6 + x 5 + x4 + x3 + 1

x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1 modulo x8 + x4 + x3 + x + 1

= x7 + x6 + 1
information Security: Unit - I Prof. U. K. Raut
 Rijndael’s Decryption Algorithm

information Security: Unit - I Prof. U. K. Raut

 Inverse Shift-Rows transformation

information Security: Unit - I Prof. U. K. Raut

 Inverse Sub-Bytes transformation

information Security: Unit - I Prof. U. K. Raut

 Inverse Mix-column transformation

information Security: Unit - I Prof. U. K. Raut

 Advantages

 Rijndael can be implemented to run at speeds unusually fast for a block cipher on a Pentium
(Pro). There is a trade-off between table size/performance.

 Rijndael can be implemented on a Smart Card in a small amount of code, using a small amount
of RAM and taking a small number of cycles. There is some ROM/performance trade-off.

 The round transformation is parallel by design, an important advantage in future processors

and dedicated hardware.

 As the cipher does not make use of arithmetic operations, it has no bias towards big-or little
endian processor architectures.

information Security: Unit - I Prof. U. K. Raut

 Limitations

 The inverse cipher is less suited to be implemented on a smart card than the cipher itself: it
takes more code and cycles. (Still, compared with other ciphers, even the inverse is very fast)

 In software, the cipher and its inverse make use of different code and/or tables.

 In hardware, the inverse cipher can only partially re-use the circuitry that implements the
cipher.

information Security: Unit - I Prof. U. K. Raut

 Comparison

BASIS FOR DES (DATA ENCRYPTION STANDARD) AES (ADVANCED ENCRYPTION STANDARD)
COMPARISON
Basic In DES, the data block is divided into two In AES, the entire data block is processed as a
halves. single matrix.
Principle DES work on Feistel Cipher structure. AES work on block Cipher structure.
Plaintext Plaintext is of 64 bits Plaintext can be of 128,192, or 256 bits
Key size DES in comparison to AES has smaller key AES has larger key size as compared to DES.
size.
Rounds 16 rounds 10 rounds for 128-bit algo, 12 rounds for 192-bit
algo 14 rounds for 256-bit algo
Rounds Names Expansion Permutation, Xor, Subbytes, Shiftrows,
S-box, P-box, Xor and Mix columns, Addroundkeys.
Swap.
Security DES has a smaller key which is less secure. AES has large secret key comparatively hence, more
secure.
Speed DES is comparatively slower. AES is faster.
information Security: Unit - I Prof. U. K. Raut