2. 2
Stream Cipher System
Encryption process Decryption process
Ci = Pi Ki, Pi = Ci Ki
Key
stream, Ki
Ciphertext
Plaintext
+
+
Secret
key
Secret key
Key Stream
Generator
Key Stream
Generator
Key
stream, Ki
•
Needs perfect synchronization for the bit index
i.e. Crypto Synch.
Plaintext
2022-2023
3. 3
Block Cipher System
Encryption process Decryption process
Ci = Ek ( Pi) Pi = Dk(Ci )
Plaintext
Block
Secret
Key , k
Encryption
Algorithm
Decryption
Algorithm
Secret
Key , k
Ciphertext
Block Plaintext
Block
Ciphertext
Block
2022-2023
6. 6
DES Overview
Block size : 64 bits (8 bytes)
bits numbered left to right 1, ..., 64
Key size: 64-bit key. Usually represented as 8 ASCII
so it is effectively 56 bits ( each ASCII has a
parity bit out of the 8 bits)
So, Effective key diversity: 256 = 7.2 x 1016
Number of Rounds : 16 rounds
- Each round uses a different 48-bit subkey (round key).
- Each round uses substitutions, permutations, initial and
final permutations.
2022-2023
8. Initial Permutation IP:
58 50 42 34 26 18 10 02 60 52 44 36 28 20 12 04
62 54 46 38 30 22 14 06 64 56 48 40 32 24 16 08
57 49 41 33 25 17 09 01 59 51 43 35 27 19 11 03
61 53 45 37 29 21 13 05 63 55 47 39 31 23 15 07
The bit in the 58th position of the original input
block is moved to the 1st place in the permuted
output, bit in the 50th position is moved into the
2nd palce, …… etc.
8
2022-2023
13. 13
Security Evaluation of DES
• Exhaustive key search (brute force) attack had
been reported in the community as the only
way to cryptanalyze DES.
• DES Key diversity: 256 = 7.2 x 1016 keys
i.e about 72,000 trillion keys.
• For 1 µ sec/key & single processor:
you need ⁓1000 Years to break the DES .
• In 1985: 1µ sec/key & million parallel processors,
you need ⁓ 10 Hours to break DES. ( costs ~ 20 M$)
• In 1998: 1n sec/key &million processor , you need ~
10’s of minutes to break. (costs ~ 250 K$)
2022-2023
14. 14
Design of DES Block Cipher
Plaintext
Block
64 bits
Secret
Key
64 bits
DES
Encryption
Algorithm
Ciphertext
Block
64 bits
DES
Decryption
Algorithm
Secret
Key
64 bits
Plaintext
Block
64 bits
Ciphertext
Block
64 bits
Cipher system has 2 inputs contributing to give one output,
that must reflect strong dependency on the inputs.
15. 15
Main Design Criteria of Block Cipher Systems
• Shannon's Confusion and Diffusion properties:
• Confusion Criteria: Each bit of the cipher text block is affected
by all bits of the secret key.
• Confusion implies that mathematical relations between
ciphertext bits and key bits are very complicated, thus became
useless to deduce any knowledge about unknown key bits.
• Diffusion Criteria: Each bit of the cipher text block is affected
by as large number - as possible – of plaintext bits.
• Diffusion: implies having statistical properties of the plaintext
are widely spread over the whole ciphertext, so it is useless to
apply known plaintext attack.
16. 16
Main Design Criteria of Block Cipher
To evaluate confusion or diffusion criteria we observe the results
of “ Avalanche effect “ experimentally.
Avalanche effect: means minimal change ( 1 bit change) in the
input “ plaintext or secret key” should produce large changes
in the ciphertext bits.
Best avalanche effect must give ~ 50% change in the output bits
corresponding to only Single bit change in the input bits
[ plaintext or key].
Achieving avalanche criteria determines the minimum number
of rounds in any block cipher system.
Confusion and diffusion properties are achieved using well
studied complex cryptographic functions under control of both
secret key and plaintext bits.
2022-2023
17. 17
Avalanche Criteria in DES
One bit Change in secret key
(Confusion)
One bit Chang in Plaintext bits
(Diffusion)
# Rounds # changed bits
in ciphertext
# Rounds # changed bits in
ciphertext
1 2 1 1
2 14 2 6
3 28 3 21
4 32 4 35
5 30 5 34
…… …. …… …..
12 33 12 30
15 34 15 29
16 35 16 34
17 34 17 34
Starting from 16 rounds, 32 bit change is assured, So DES has 16 rounds.
Usually we consider the larger number of rounds in both columns.
18. 18
*FIPS: Federal Information Processing Standard (USA)
Triple-DES “3DES"
- To overcome short key length of DES.
- Issued as Part of FIPS 46-3 standard in 1990 .
- Encryption : C = E(K3, D(K2, E(K1, M)))
- Decryption : M = D(K3, E(K2, D(K1, C)))
2 Cases :
* 3-key 3DES:K1, K2, K3 are different. Total of 168-bit key.
* 2-key 3DES:K1=K3, K2 .Total of 112-bit key.
2022-2023
20. Advanced Encryption Standard (AES)
• NIST issued call for proposals ”Competition” for an
Advanced Encryption Standard (AES) in 1997.
– Security strength equal to or better than 3DES
– Symmetric block cipher with fixed block length
128 bits.
– Significantly improved processing efficiency.
– Variable secret key lengths: 128, 192, and 256 bits.
*NIST: National Institute of Standards and
Technology (USA).
20
2022-2023
21. Advanced Encryption Standard (AES)
Evaluation include:
• Security and computational efficiency.
• Memory requirements, hardware and software implementation
suitability, and flexibility.
• The winner: “ Rijndael algorithm” by 2 Belgian cryptographers:
professors; Vincent Rijmen and Joan Daemen.
AES is an SPN : Substitution–Permutation Network.
Has reversible encryption and decryption internal functions
AES was issued as FIPS 197 in 2001.
AES is expected to stay in service till 2021-2025.
*FIPS: Federal Information Processing Standard (USA)
21
2022-2023
23. AES Description
Deep understanding of AES cryptographic functions needs
“ Modular Polynomial Arithmetic” as a Prerequisite.
Assume the case of 128-bit key AES.
• input 128-bit block (square matrix (4x4) of bytes)
– copied into state array, modified at each stage..
– after final stage, state copied to the output state.
• 128-bit key (square matrix of bytes)
– expanded into array of 44 * 32-bit key schedule words
( used as 11 round keys, each = 128 bits)
• byte ordering by columns:
– 1st 4 bytes of 128-bit input occupy 1st column
– 1st 4 bytes of expanded key occupy 1st column
23
2022-2023
26. Notes on AES :
1- The Add Round Key stage by itself is strong in
conjunction with the other three stages that scramble the
bits, these 3 stages themselves would provide no security
because they do not use key bits.
2- We can view the cipher as alternating operations of
XOR encryption (Add Round Key) of a block, followed
by scrambling of the block (the other three stages),
followed by XOR encryption, and so on.
3- This scheme is both efficient and highly secure. Each
stage is easily reversible. For the Substitute Byte, Shift
Row, and Mix Columns stages, an inverse function is
used in the decryption algorithm. For the Add Round Key
stage, XOR is its own inverse. 26
2022-2023
27. 27
4- As with most block ciphers, the decryption
algorithm makes use of the round keys in reverse
order.
5- Once it is established that all four stages are
reversible, it is easy to verify that decryption does
recover the plaintext with no errors.
6- The final round of both encryption and
decryption consists of only three stages. this is a
consequence of the particular structure of AES and
is required to make the cipher reversible.
Notes on AES :
2022-2023
29. 29
• SubBytes
– Invertible S-Box
– One single S-Box for the whole cipher
– Highly non-linear S-Box provides Confusion
AES Description
2022-2023
30. 30
From To
1 5 9 13 1 5 9 13
2 6 10 14 6 10 14 2
3 7 11 15 7 11 15 3
4 8 12 16 8 12 16 4
AES Description
Shift row
- The new row (2nd - 4th ) will be circular circular shift left 1,2 3, bytes resp.
- A simple Permutation that provides diffusion.
2022-2023
31. 31
• MixColumns
– Each new column byte will be a combination
of the 4 bytes mod 28.
– High Intra-column diffusion
– Interaction with Shiftrow :
• High diffusion over multiple rounds
AES Description
2022-2023
32. 32
• Round Key Addition
- Masks state bits with round key bits
- Introduce great Confusion.
AES Description
2022-2023
33. 33
More Block Ciphers
IDEA, LUCIFER, SAFER, NEW DES, BLUE FISH,
FEAL, REDOC, LUKI, KHUFU, KHAFRE ,
RC2,MMB, CA-1, SKIP JACK, GOST, CAST,
RC5, CRAB,…..etc.
SINAI: First published Egyptian block cipher in 2013.
Completely newly designed algorithm.
Variable secret key: up to 512 bit length.
Minimum Number of Rounds: 6 only meaning more
efficient performance.
Family of algorithms: its design can be changed regularly to
achieve more strength against cryptanalysis.
2022-2023
35. Layer 6 - The Presentation Layer
OSI Reference Model Architecture
Presentation layer is responsible for
presenting the data in the proper
format :
• Coding and conversion of application
layer data (ASCII, AVI,JPG,….)
• Data compression/decompression
• Data encryption/decryption
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Location of Encryption SW Module
2022-2023 35
36. TCP/IP Model (TCP/IP Protocol Suite)
The layers in the TCP/IP protocol
suite do not exactly match those
in the OSI model. The original
TCP/IP protocol suite was defined
as shown in the Figure as having
four layers:
1. Network Access Layer.
2. internet Layer.
3. Transport Layer.
4. Application Layer.
TCP/IP Model Vs. OSI Model
Location of Encryption SW Tools
36
38. Link Encryption
• each communication link is equipped at both ends
• Traffic is secured over the external path.
• high level of security ( info and traffic )
• requires lots of encryption devices ( 2x # links)
• message must be decrypted at each switch to read
address (virtual circuit number)
• security is vulnerable at switches:
– particularly on public switched network
– stay Plain till the link encrypter.
38
2022-2023
39. End-to-End Encryption
• Encryption equipment are fixed at both ends of the
comm. channel (Full duplex).
• Requires number of encryption devices = # users .
• Encrypted payload data are crossing the network from
transmit side till receive side unaltered.
• Routing info are usually not encrypted (not secured).
• Destination shares secret keys with the source,
using automated key management system
controlled by service provider.
• Traffic info is still in plain, implying no traffic security.
• Better solution is to use both link and end-to-end
encryptions together to achieve higher security. 39
2022-2023