Académique Documents
Professionnel Documents
Culture Documents
Network Security
Course Content
Introduction
Security trends, Security Attacks, Security services, introduction to
Encryption Techniques
1 Quiz 15%
Reference Books:
Cryptography and Network Security, by William Stallings
Cryptography and
Network Security
Chapter-1
Introduction
What is Computer Security?
The protection to an automated information system
in order to attain the applicable objectives
preserving the integrity, availability and
confidentiality of information system resources. By
NIST
Integrity
Availability
Authenticity
Accountability
Critical for many of our companies in Ethiopia!!!!!
Passive Attacks
RFC 2828:
a processing or communication service provided by
a system to give a specific kind of protection to
system resources
Security Services (X.800)
Authentication - assurance that communicating
entity is the one claimed
have both peer-entity & data origin authentication
Access Control - prevention of the unauthorized use
of a resource
Data Confidentiality protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is as
sent by an authorized entity
Non-Repudiation - protection against denial by one
of the parties in a communication
Availability resource accessible/usable
Model for Network Security
Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
Some Basic Terminology
plaintext - original message
ciphertext - coded message
cipher - algorithm for transforming plaintext to ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from plaintext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
cryptology - field of both cryptography and cryptanalysis
History of Cryptography
Traditional Cryptography
are classical transposition or permutation ciphers.
Encrypt the text power for k=6, (vuckz)
Example Cryptanalysis
given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
count relative letter frequencies (see text)
guess P & Z are e and t
guess ZW is th and hence ZWP is the
proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
Playfair Cipher
one approach to improving security was to
encrypt multiple letters
a 5X5 matrix of letters based on a keyword
fill in letters of keyword (sans duplicates)
fill rest of matrix with other letters
eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Rotor Machine Principles
Steganography
an alternative to encryption
hides existence of message
using only a subset of letters/words in a longer
message marked in some way
using invisible ink
hiding in LSB in graphic image or sound file
has drawbacks
high overhead to hide relatively few info bits
advantage is can obscure encryption use
Hide a file on image using notepad !!!!
Modern cryptography
Symmetric Key Cryptography
Same key for encryption and decryption
Key distribution problem. A network with N hosts => N(N-1)/2 pairs
Advantages Disadvantages
They are difficult to break if a large key Difficult to deliver keys (key distribution)
size is used
Only one key needed Symmetric algorithms dont support
authenticity or nonrepudiation
You cant know for sure who sent the
message, since two people have the same
key
We will see the details of DES.
Block Vs Stream Ciphers
block ciphers process messages in blocks, each
of which is then en/decrypted
like a substitution on very big characters
64-bits or more
stream ciphers process messages a bit or byte
at a time when en/decrypting
many current ciphers are block ciphers
better analysed
broader range of applications
Block vs Stream Ciphers
Block Cipher Principles
most symmetric block ciphers are based on a Feistel
Cipher Structure
needed since must be able to decrypt ciphertext to
recover messages efficiently
block ciphers look like an extremely large
substitution
would need table of 264 entries for a 64-bit block
instead create from smaller building blocks
using idea of a product cipher
Ideal Block Cipher
Claude Shannon and Substitution-
Permutation Ciphers
Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
form basis of modern block ciphers
S-P nets are based on the two primitive
cryptographic operations seen before:
substitution (S-box)
permutation (P-box)
provide confusion & diffusion of message & key
Confusion and Diffusion
cipher needs to completely obscure statistical
properties of original message
a one-time pad does this
more practically Shannon suggested
combining S & P elements to obtain:
diffusion dissipates statistical structure of
plaintext over bulk of ciphertext
confusion makes relationship between
ciphertext and key as complex as possible
Feistel Cipher Structure
Horst Feistel devised the feistel cipher
based on concept of invertible product cipher
partitions input block into two halves
process through multiple rounds which
perform a substitution on left data half
based on round function of right half & subkey
then have permutation swapping halves
implements Shannons S-P net concept
Feistel Cipher Structure
Feistel Cipher Design Elements
block size
key size
number of rounds
subkey generation algorithm
round function
fast software en/decryption
ease of analysis
Data Encryption Standard (DES)
most widely used block cipher in world
adopted in 1977 by NBS (now NIST)
as FIPS PUB 46
encrypts 64-bit data using 56-bit key
has widespread use
has been considerable controversy over its
security
What is specific to DES is the design of the F
function and how round keys are derived from
the main key.
DES Encryption Overview
Illustration of DES algorithm
There are four Steps involved in the DES
Initial Permutation (IP)
16 Feistal Rounds
Left right Swapping
Final Permutation (FP) which is
reverse permutation (IP- )
Initial Permutation IP
first step of the data computation
IP reorders the input data bits
even bits to LH half, odd bits to RH half
quite regular in structure
example:
IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)
DES Round Structure
uses two 32-bit L & R halves
as for any Feistel cipher can describe as:
Li = Ri1
Ri = Li1 F(Ri1, Ki)
F takes 32-bit R half and 48-bit subkey:
expands R to 48-bits using perm E
adds to subkey using XOR
passes through 8 S-boxes to get 32-bit result
finally permutes using 32-bit perm P
Substitution Boxes S
have eight S-boxes which map 6 to 4 bits
each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one row of 4
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
row selection depends on both data & key
feature known as autoclaving (autokeying)
example:
S(18 09 12 3d 11 17 38 39) = 5fd25e03
DES Decryption
decrypt must unwind steps of data computation
with Feistel design, do encryption steps again using
subkeys in reverse order (SK16 SK1)
IP undoes final FP step of encryption
1st round with SK16 undoes 16th encrypt round
.
16th round with SK1 undoes 1st encrypt round
then final FP undoes initial encryption IP
thus recovering original data value
DES Example
The plaintext is a hexadecimal
Plaintext: 02468aceeca86420
Key: 0f1571c947d9e859
Ciphertext: da02ce3a89ecac3b