Cryptography and

Network Security
 Course Content
Introduction
Security trends, Security Attacks, Security services, introduction to
Encryption Techniques

Number theory and Public Key Cryptography

Message Authentication, Hashing functions
and digital signature
IP Security and VPN
Electronic mail and Web security
 Evaluation Scheme:
SN Type of Assessment Marks allotted

1 Quiz 15%

2 Course projects and lab 20%

3 Mid- exam 30%

4 Final exam 40%

Reference Books:
Cryptography and Network Security, by William Stallings
Cryptography and
Network Security
Chapter-1
Introduction
 What is Computer Security?
The protection to an automated information system
in order to attain the applicable objectives
preserving the integrity, availability and
confidentiality of information system resources. By
NIST

Resources: includes hardware, software, firmware,

information/data, and telecommunications
 Key Security Concepts
Confidentiality

Integrity

Availability

Authenticity

Accountability
Critical for many of our companies in Ethiopia!!!!!
 Passive Attacks

Release of message content

Traffic analysis
Passive Attacks
 Active Attacks
Masquerade
Replay
Modification of Message content
DoS- (flooding)
 Security Service
enhance security of data processing systems and
information transfers of an organization
intended to counter security attacks
using one or more security mechanisms
often replicates functions normally associated with
physical documents
which, for example, have signatures, dates; need protection
from disclosure, tampering, or destruction; be notarized or
witnessed; be recorded or licensed
 Security Services
X.800:
a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers

RFC 2828:
a processing or communication service provided by
a system to give a specific kind of protection to
system resources
 Security Services (X.800)
Authentication - assurance that communicating
entity is the one claimed
have both peer-entity & data origin authentication
Access Control - prevention of the unauthorized use
of a resource
Data Confidentiality protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is as
sent by an authorized entity
Non-Repudiation - protection against denial by one
of the parties in a communication
Availability resource accessible/usable
Model for Network Security
 Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
 Some Basic Terminology
plaintext - original message
ciphertext - coded message
cipher - algorithm for transforming plaintext to ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from plaintext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
cryptology - field of both cryptography and cryptanalysis
History of Cryptography
 Traditional Cryptography
are classical transposition or permutation ciphers.
Encrypt the text power for k=6, (vuckz)
 Example Cryptanalysis
given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
count relative letter frequencies (see text)
guess P & Z are e and t
guess ZW is th and hence ZWP is the
proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
 Playfair Cipher
one approach to improving security was to
encrypt multiple letters
a 5X5 matrix of letters based on a keyword
fill in letters of keyword (sans duplicates)
fill rest of matrix with other letters
eg. using the keyword MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Rotor Machine Principles
 Steganography
an alternative to encryption
hides existence of message
using only a subset of letters/words in a longer
message marked in some way
using invisible ink
hiding in LSB in graphic image or sound file
has drawbacks
high overhead to hide relatively few info bits
advantage is can obscure encryption use
Hide a file on image using notepad !!!!
 Modern cryptography
Symmetric Key Cryptography
Same key for encryption and decryption
Key distribution problem. A network with N hosts => N(N-1)/2 pairs

Advantages Disadvantages

Symmetric algorithms are fast Symmetric keys must remain secret

They are difficult to break if a large key Difficult to deliver keys (key distribution)
size is used
Only one key needed Symmetric algorithms dont support
authenticity or nonrepudiation
You cant know for sure who sent the
message, since two people have the same
key
We will see the details of DES.
 Block Vs Stream Ciphers
block ciphers process messages in blocks, each
of which is then en/decrypted
like a substitution on very big characters
64-bits or more
stream ciphers process messages a bit or byte
at a time when en/decrypting
many current ciphers are block ciphers
better analysed
broader range of applications
Block vs Stream Ciphers
 Block Cipher Principles
most symmetric block ciphers are based on a Feistel
Cipher Structure
needed since must be able to decrypt ciphertext to
recover messages efficiently
block ciphers look like an extremely large
substitution
would need table of 264 entries for a 64-bit block
instead create from smaller building blocks
using idea of a product cipher
Ideal Block Cipher
 Claude Shannon and Substitution-
Permutation Ciphers
Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
form basis of modern block ciphers
S-P nets are based on the two primitive
cryptographic operations seen before:
substitution (S-box)
permutation (P-box)
provide confusion & diffusion of message & key
 Confusion and Diffusion
cipher needs to completely obscure statistical
properties of original message
a one-time pad does this
more practically Shannon suggested
combining S & P elements to obtain:
diffusion dissipates statistical structure of
plaintext over bulk of ciphertext
confusion makes relationship between
ciphertext and key as complex as possible
 Feistel Cipher Structure
Horst Feistel devised the feistel cipher
based on concept of invertible product cipher
partitions input block into two halves
process through multiple rounds which
perform a substitution on left data half
based on round function of right half & subkey
then have permutation swapping halves
implements Shannons S-P net concept
Feistel Cipher Structure
 Feistel Cipher Design Elements
block size
key size
number of rounds
subkey generation algorithm
round function
fast software en/decryption
ease of analysis
 Data Encryption Standard (DES)
most widely used block cipher in world
adopted in 1977 by NBS (now NIST)
as FIPS PUB 46
encrypts 64-bit data using 56-bit key
has widespread use
has been considerable controversy over its
security
What is specific to DES is the design of the F
function and how round keys are derived from
the main key.
DES Encryption Overview
 Illustration of DES algorithm
There are four Steps involved in the DES
Initial Permutation (IP)
16 Feistal Rounds
Left right Swapping
Final Permutation (FP) which is
reverse permutation (IP- )
 Initial Permutation IP
first step of the data computation
IP reorders the input data bits
even bits to LH half, odd bits to RH half
quite regular in structure
example:
IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)
 DES Round Structure
uses two 32-bit L & R halves
as for any Feistel cipher can describe as:
Li = Ri1
Ri = Li1 F(Ri1, Ki)
F takes 32-bit R half and 48-bit subkey:
expands R to 48-bits using perm E
adds to subkey using XOR
passes through 8 S-boxes to get 32-bit result
finally permutes using 32-bit perm P
 Substitution Boxes S
have eight S-boxes which map 6 to 4 bits
each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one row of 4
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
row selection depends on both data & key
feature known as autoclaving (autokeying)
example:
S(18 09 12 3d 11 17 38 39) = 5fd25e03
 DES Decryption
decrypt must unwind steps of data computation
with Feistel design, do encryption steps again using
subkeys in reverse order (SK16 SK1)
IP undoes final FP step of encryption
1st round with SK16 undoes 16th encrypt round
.
16th round with SK1 undoes 1st encrypt round
then final FP undoes initial encryption IP
thus recovering original data value
DES Example
The plaintext is a hexadecimal
Plaintext: 02468aceeca86420
Key: 0f1571c947d9e859
Ciphertext: da02ce3a89ecac3b

The first row shows the 32-bit

values of the left and right halves
of data after the initial
permutation.

The next 16 rows show the

results after each round. Also
shown is the value of the 48-bit
subkey generated for each round.

The final row shows the left and

right-hand values after the inverse
initial permutation. These two
values combined form the
ciphertext.
 Strength of DES Key Size
56-bit keys have 256 = 7.2 x 1016 values
brute force search looks hard
recent advances have shown is possible
in 1997 on Internet in a few months
in 1998 on dedicated h/w (EFF) in a few days
in 1999 above combined in 22hrs!
now have several analytic attacks on DES
must now consider alternatives to DES

Differential and linear crypto analysis !!!!