Cyptography and network security

UNIT-I
 Security trends
 OSI Security Architecture
 Security Attacks
 Security Services
 Security mechanisms
 A Model for Network Security
 Symmetric Cipher Model
 Substitution Techniques and Transposition Techniques
 Block Cipher Principles
 The Data Encryption Standard and The Strength of DES
 Differential and linear cryptanalysis Block
 cipher design principles
 Evaluation criteria for AES and The AES Cipher.
1

Cryptography
Cryptography is the study of
Secret (crypto-) writing (-graphy).
2

Cryptography
cryptography - study of encryption
principles/methods.
Cryptography deals with creating
documents that can be shared secretly
over public communication channels.
3

Cryptanalysis
cryptanalysis (code breaking) - study of
principles/ methods of decrypting cipher
text without knowing key.
4

Cryptology
The area of cryptography and crypt
analysis together are called cryptology.
5

Computer Security
generic name for the collection of tools
designed to protect data.
6

Network Security
It is used to protect data during their
transmission.
7

Internet security
it is used to protect data during their
transmission over a collection of
interconnected networks.
8

Security trends
 In 1994, the Internet Architecture Board
(IAB) issued a report entitled "Security in
the Internet Architecture"
 The report stated the general agreement
that the Internet needs more and better
security, and it identified key areas for
security mechanisms.
9

CERT Statistics
security trend in Internet-related
vulnerabilities reported to CERT over a
10-year period.
These include security weaknesses in the
operating systems of attached computers
as well as vulnerabilities in Internet routers
and other network devices.
10

OSI Security Architecture
The OSI (open systems interconnection)
security architecture provides a systematic
framework for defining security attacks,
mechanisms, and services.
12

Services, Mechanisms, Attacks
consider three aspects of information
security:
 security attack
 security mechanism
 security service
13

Security service
A service that enhances the security of
data processing systems and information
transfers.
A security service makes use of one or
more security mechanisms.
14

Security Services
 Authentication
 Access control
 Data Confidentiality
 Data Integrity
 Non-Repudiation
15

Authentication
Authentication is a process of verification
of the sender.
16

Access Control
prevention of the unauthorized use of a
resource
17

Data Confidentiality
protection of data from unauthorized
disclosure.
18

Data Integrity
assurance that data received is as sent by
an authorized entity
19

Non-Repudiation
Nonrepudiation prevents either sender or
receiver from denying a transmitted
message.
20

Security Mechanism
A mechanism that is designed to detect,
prevent, or recover from a security attack.
21

Encipherment
The use of mathematical algorithm to
transmit from data into a form that is not
understandable.
22

Digital signature
A valid digital signature gives a recipient
reason to believe that the message was
created by a known sender.
23

Access control
A variety of mechanisms that enforce
access right to resource.
24

Data integrity
A variety of mechanism used to assure the
integrity of a data unit.
25

Traffic padding
The insertion of bits into gaps in a data
stream to avoid traffic analysis attempts.
26

Routing control
Enables selection of particular physically
secure routes for data.
27

Notarization
The use of a trusted third party to assure
certain properties of a data exchange.
28

Security Attack
Any action that compromise the security of
information.
threat & attack used to mean same thing
29

passive attacks
 passive attacks attempt to learn or make
use of information from the system but does
not affect system resources.
 Are difficult to detect because they do not
involve any alteration of the data.
30

Release of message contents
31

Active attacks
 active attacks attempt to alter system
resources or affect their operation.
 Easy to detect because they will involve
alteration of the data.
33

Masquerade
A masquerade takes place when one
entity pretends to be a different entity
34

Model for Network Security
 design a suitable algorithm for the security
transformation
 generate the secret keys used by the
algorithm
 develop methods to distribute secret key
 specify a protocol enabling the principals to
use the transformation and secret information
for a security service
40

Model for Network Access Security

Symmetric Encryption
 Symmetric encryption, also referred to as
conventional encryption or single-key
encryption
 All traditional schemes are symmetric /
single key / private-key encryption
algorithms, with a single key, used for
both encryption and decryption.
 Since both sender and receiver are
equivalent, either can encrypt or decrypt
messages using that common key. 42

Some Basic Terminology
 plaintext - original message
 Cipher text - coded message
 key – shared by both sender and receiver
 encipher (encrypt) - converting plaintext to cipher text
 decipher (decrypt) – converting cipher text to plaintext

Cryptography
characterize cryptographic system by:
 type of encryption operations used
 substitution / transposition / product
 number of keys used
 single-key or private / two-key or public
 way in which plaintext is processed
 block / stream

Cryptanalysis
There are two general approach to attacking a
conventional encryption scheme
 cryptanalytic attack
 brute-force attack

Cryptanalytic attack
Cryptanalytic attacks rely on the nature of the
algorithm plus perhaps some knowledge of the
general characteristics of the plaintext.
47

Brute-force attack
Brute-force attacks try every possible key on a
piece of cipher text until plaintext is obtained.
48

Types of Encryption Schemes
Encryption
Classical Modern
Rotor Machines
Substitution Public KeyTransposition Secret Key
BlockStream
Steganography
49

Substitution Techniques
letters of plaintext are replaced by other
letters or by numbers or symbols.
50

Caesar Cipher
The Caesar cipher involves replacing
each letter of the alphabet with the
letter standing k places further down the
alphabet, for k in the range 1 through 25.

Caesar Cipher
• mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
• then have Caesar cipher as:
c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)

Caesar Cipher
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
53

Brute-Force Cryptanalysis of
Caesar Cipher
If it is known that a given cipher text is a
Caesar cipher, then a brute-force
cryptanalysis is easily performed.
Simply try all the 25 possible keys.
54

Monoalphabetic Ciphers
mono alphabetic substitution uses
fixed substitution over the entire message
56

Mono alphabetic Ciphers
Shuffle the letters and map each plaintext letter
to a different random ciphertext letter:
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Cipher text: WIRFRWAJUHYFTSDVFSFUUFYA
57

Monoalphabetic Cipher Security
• the monoalphabetic substitution cipher is
not secure
• problem is language characteristics

Relative Frequency of Letters in English Text
59

Monoalphabetic Cipher
the relative frequency of the letters can be
determined and compared to a standard
frequency distribution for English.
If the message were long enough, this
technique alone might be sufficient,
60

Playfair Cipher
The Playfair algorithm is based on the use
of a 5 * 5 matrix of letters constructed
using a keyword.
Plaintext is encrypted two letters at a time
using this matrix.
61

62
Playfair Cipher
• Rules:
– Take a pair of letters from plaintext
– Separate repeating letters with an x
– Plaintext letters in the same row are replaced by
letters to the right (cyclic manner)
– Plaintext letters in the same column are replaced by
letters below (cyclic manner)
– Plaintext letters in different row and column are
replaced by the letter in the row corresponding to the
column of the other letter and vice versa

Playfair Cipher
63
Keyword: LARGEST
Plain text: Mu st se ey ou
Cipher text: UZTBDLGZPN

Hill Cipher
The encryption algorithm takes m
successive plaintext letters and
substitutes for them m cipher text letters.
The substitution is determined by m linear
equations in which each character is
assigned a numerical value (a = 0, b = 1 ...
z = 25).
64

Hill Cipher
where C and P are column vectors of
length 3, representing the plaintext and
cipher text, and K is a 3 x 3 matrix,
representing the encryption key
66

Hill Cipher
In general terms, the Hill cipher system can
be expressed as follows:
C = E(K, P) = KP mod 26
P = D(K1
, C) = K1
C mod 26 = P
67

Hill Cipher
68
Consider the message ‘CAT', and the key GYBNQKURP

For Example if the key is an 3 X 3 matrix
Plain Text : paymoremoney
m=3
(p a y)=(15 0 24)
So Encryption is as follows
(15 0 24) = (303 303 531) mod 26
= (17 17 11) = RRL
Now the cipher text for pay is RRL

For Decryption you have to find the K-1
How to find inverse of K that is
K-1
1. Find the adjoint of the element in the matrix,
2. Transpose the matrix
adj A= 300 -357 6
-313 313 0
267 -252 -51
This is
Transpose of
adj A
Determinant of matrix A is=
=17(18*19 – 21*2) -17(21*9 – 21*2) + 5(21*2 – 18*2)
= -939
(18*19 – 21*2) – (19*21 – 21*2) +
( 17*19 – 5*2) ………

Now K-1
is 1/adj(A) * K-1
1/adj(A) = 1 /(-939) = (-939)-1
=
(-939 mod 26)-1
(the easy way to find -939mod 26 is keep
adding 26 with -939 till you get a positive value, so that you will get 23)
= (23)-1
mod 26
= 23 * 17 = 391 mod 26 =1 (find a number when
multiplied with 23 gives a number consider “ s” ; then s mod 26 should give 1)
Now (-939 mod 26)-1
= 17
Now according to 1/adj(A) * K-1
= 17 * K-1
= 17 *
=
300 -313 267
-357 313 -252
6 0 -51
5100 -5321 4539
6069 5321 4284
102 0 867
Mod 26
Mod 26 =
This is the
inverse matrix

Polyalphabetic Ciphers
Each plaintext letter has multiple
corresponding cipher text letters.
72

Vigenère Cipher
The Vigenère cipher is a method
of encrypting alphabetic text by using a
series of different Caesar ciphers based
on the letters of a keyword.
It is a simple form of polyalphabetic
substitution.
73

Vigenère Cipher
To encrypt a message, a key is needed that
as long as the message. Usually, the key
is a repeating keyword.
key: `deceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
74

One-time pad
The one-time pad's security comes from
it's key; the key is EQUAL to the length of
the plaintext and is COMPLETELY
random.
76

One-time pad
H E L L O Message
7 4 11 11 14
X M C K L Key
+ 23 12 2 10 11
= 30 16 13 21 25 Message + key
= 4 16 13 21 25 Message+key(mod 26)
E Q N V Z → ciphertext
77

Transposition Encryption
position of the plain text will be changed.
78

Rail Fence cipher
The simplest such cipher is the rail fence technique, in
which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows.
The example message is: meet me after the toga
party
eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
giving ciphertext
MEMATRHTGPRYETEFETEOAAT

Row Transposition Ciphers
A more complex transposition cipher is to
write the message in a rectangle, row by row,
and read the message off shuffling the order of
the columns in each row.
80

Rotor machine
In cryptography, a rotor machine is an
electro-mechanical device used for
encrypting and decrypting secret
messages.
82

Steganography
Steganography is the art and science of
writing hidden messages in such a way
that no one knows, apart from the sender
and receiver.
84

Character marking:
text are overwritten in pencil The marks
are ordinarily not visible unless the paper
is held at an angle to bright light.
85

Invisible ink
A number of substances can be used for
writing but leave no visible trace until heat
or some chemical is applied to the paper.
86

Pin punctures:
Small pin punctures on selected letters are
ordinarily not visible unless the paper is
held up in front of a light.
87

Block Cipher Principles
A block cipher is an encryption/decryption
scheme in which a block of plaintext is
treated as a whole and used to produce a
cipher text block of equal length.
88

Block Cipher
Divide input bit stream into n-bit sections, encrypt only that section.
89

Block cipher versus Stream
Ciphers
 block ciphers process messages in blocks
 stream ciphers process messages in bit
or byte.
90

Reversible Mapping
Each block of plain text must produce a
unique cipher text block. Such a
transformation is called reversible.
91

Irreversible Mapping
Each block of plain text must not produce
a unique cipher text block. Such a
transformation is called reversible.
93

Feistel cipher
Feistel cipher is a symmetric structure used in
the construction of block ciphers.
95

Confusion and Diffusion
• “Confusion” = Substitution (non linear function)
• a -> b
• “Diffusion” = Transposition (linear function)
• abcd -> dacb
Encryption Decryption
plaintext ciphertext plaintext
Key KA Key KB
96

Confusion
Each bit of the cipher text block has highly
nonlinear relations with the plaintext block
bits and the key bits.
97

Diffusion
Each plaintext block bit or key bit affects
many bits of the cipher text block.
98

Feistel Cipher Structure
 The inputs to the encryption algorithm are a
plaintext block of length 2w bits and a key K.
 The plaintext block is divided into two halves, L0
and R0.
 The two halves of the data pass through n
rounds of processing and then combine to
produce the cipher text block.
 Each round i has as inputs Li-1 and Ri-1, derived
from the previous round, as well as a subkey Ki,
derived from the overall K.
100

Feistel Cipher Structure
A substitution is performed on the left
half of the data. This is done by applying
a round function F to the right half of the
data and then taking the exclusive-OR of
the output of that function and the left half
of the data.
101

Feistel Cipher Design Elements
block size - increasing size improves
security, but decrease the encryption
speed.
key size – increasing key size improves
security, but decrease the encryption
speed.
number of rounds - increasing number of
rounds improves security but decrease the
encryption speed.
104

Feistel Cipher Design Elements
sub key generation algorithm - greater
complexity can make analysis harder,
decrease the encryption speed.
round function - greater complexity can
make analysis harder, but decrease the
encryption speed.
105

Simplified DES
 Developed 1996 as a teaching tool
 Santa Clara University
 Prof. Edward
 Takes an 8-bit block plaintext, a 10 –bit key and
produces an 8-bit block of cipher text
 Decryption takes the 8-bit block of cipher text,
the same 10-bit key and produces the original 8-
bit block of plaintext
106

Five Functions to Encrypt
 IP – an initial permutation
 fk - a complex, 2-input function
 SW – a simple permutation that swaps
the two nybles
 fk - a complex, 2-input function; again
 IP – inverse permutation of the initial
permutation
108

DES
The Data Encryption Standard (DES) is
a block cipher that uses shared secret
encryption.
data are encrypted in 64-bit blocks using a
56-bit key. The algorithm transforms 64-bit
input in a series of steps into a 64-bit
output.
117

DES
• Adopted in 1976 as US Government
standard encryption technique
• Utilizes a 56-bit symmetric key
• Cracked in 1998
• Replaced in 2002 by AES which utilizes
128 bit keys.
118

DES
• First, the 64-bit plaintext passes through
an initial permutation (IP) that rearranges
the bits to produce the permuted input.
• This is followed by a phase consisting of
16 rounds of the same function, which
involves both permutation and substitution
functions.
120

DES
• The output of the last (sixteenth) round
consists of 64 bits that are a function of
the input plaintext and the key.
• The left and right halves of the output are
swapped to produce the preoutput.
• Finally, the preoutput is passed through a
permutation (IP-1) that is the inverse of
the initial permutation function, to produce
the 64-bit cipher text.
121

Details of Single Round
• uses two 32-bit L & R halves
• as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 ⊕ F(Ri–1, Ki)
• F takes 32-bit R half and 48-bit sub key:
– expands R to 48-bits using perm E
– adds to sub key using XOR
– passes through 8 S-boxes to get 32-bit result
– finally permutes using 32-bit perm P
126

MS 128
1 4 5 8 9 12 13 16 17 20 21 24 25 28 29 32
1 48
Expansion Permutation
32
48

S-Boxes
• The substitution consists of a set of eight
S-boxes, each of which accepts 6 bits as
input and produces 4 bits as output.
• The first and last bits of the input to box Si
form a 2-bit binary that represent the row
of the table for Si.
• The middle four bits select one of the
sixteen columns
130

Example
• For example, in S1 for input 011001, the
row is 01 (row 1) and the column is 1100
(column 12).
• The value in row 1, column 12 is 9, so the
output is 1001.
131

Permuted Choice One (PC-1)
136

Permuted Choice Two (PC-2)
137

Avalanche Effect
A small change in the plaintext or in the key
results in a significant change in the cipher text.
DES provides a strong avalanche effect
Changing 1 bit in the plaintext affects 34
bits in the cipher text on average.
139

The Strength of DES
• The use of 56 bit key
• The Nature of the DES algorithm
• Timing attacks
141

The use of 56 bit key
• With a key length of 56 bits, there are 256
possible keys.
• single machine performing one DES
encryption per microsecond would take
more than a thousand years to break the
cipher.
142

The Nature of the DES algorithm
Eight S-boxes, that are used in each
iteration.
143

Timing Attacks
timing attack is one in which information
about the key or the plaintext is obtained
by observing how long it takes a given
implementation to perform decryptions on
various cipher texts.
144

Differential Cryptanalysis
• Differential cryptanalysis is the first
published attack that is capable of
breaking DES in less than 255
encryptions.
• powerful method to analyse block ciphers

differential cryptanalysis compares two
related pairs of encryptions.
it is feasible to determine the sub key used in
the function f.
The differential cryptanalysis attack is
complex.
146

Compares Pairs of Encryptions
• with a known difference in the input
• searching for a known difference in output
• when same subkeys are used

Linear Cryptanalysis
• another recent development
• also a statistical method
• must be iterated over rounds, with
decreasing probabilities
• developed by Matsui in early 90's
• based on finding linear approximations
• can attack DES with 243
known plaintexts,
easier but still in practise infeasible

Linear Cryptanalysis
For example, the following equation,
states the XOR sum of the first and third
plaintext bits (as in a block cipher's block)
and the first cipher text bit is equal to the
second bit of the key
P1ӨP3 ӨC1=k2

Block Cipher Design
• basic principles still like Feistel’s in 1970’s
• number of rounds
– more is better, exhaustive search best attack
• function f:
– provides “confusion”, is nonlinear, avalanche
– have issues of how S-boxes are selected
• key schedule
– complex subkey creation, key avalanche

AES
• DES finally proved insecure in July 1998,
when the Electronic Frontier Foundation
(EFF) announced that it had broken a
DES encryption using a special-purpose
"DES cracker" machine that was built for
less than $250,000.
• The Advanced Encryption Standard (AES)
was published by NIST (National Institute
of Standards and Technology) in 2001.
151

AES
AES is a block cipher intended to replace
DES for commercial applications.
It uses a 128-bit block size.
AES does not use a Feistel structure.
152

Evaluation Criteria for AES
153

Security
Minimum key size for AES is 128 bits,
brute-force attacks with current and
projected technology were considered
impractical.
154

COST
The algorithm(s) specified in the AES shall
be available on a worldwide, non-
exclusive, royalty-free basis.
155

Computational efficiency
Computational efficiency refers to the
speed of the algorithm.
156

Memory requirement
The memory required to implement a
candidate algorithm for both hardware and
software implementations of the algorithm
will also be considered during the
evaluation process.
157

Algorithm and implementation
characteristics
This category includes a variety of
considerations, including flexibility;
suitability for a variety of hardware and
software implementations.
158

Key Agility
Key agility refers to the ability to change
keys quickly and with a minimum of
resources.
159

The AES Cipher
• The input to the encryption and decryption
algorithms is a single 128-bit block.
• This block is copied into the State array,
which is modified at each stage of
encryption or decryption.
• After the final stage, State is copied to an
output matrix.
160

Substitute Bytes
Transformation
• Replace each byte in the state array with
its corresponding value from the S-Box
00 44 88 CC
11 55 99 DD
22 66 AA EE
33 77 BB FF
55
165

Shift row transformation
• The first row of State is not altered.
• For the second row, a 1-byte circular left
shift is performed.
• For the third row, a 2- byte circular left
shift is performed.
• For the fourth row, a 3-byte circular left
shift is performed.
166

Mix column Transformation
• Apply mix column transformation to each
column.
169

Add Round Key
• XOR each byte of the round key with its
corresponding byte in the state array.
171

AddRoundKey
S0,0 S0,1 S0,2 S0,3
S1,0 S1,1 S1,2 S1,3
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
S’0,0 S’0,1 S’0,2 S’0,3
S’1,0 S’1,1 S’1,2 S’1,3
S’2,0 S’2,1 S’2,2 S’2,3
S’3,0 S’3,1 S’3,2 S’3,3
S0,1
S1,1
S2,1
S3,1
S’0,1
S’1,1
S’2,1
S’3,1
R0,0 R0,1 R0,2 R0,3
R1,0 R1,1 R1,2 R1,3
R2,0 R2,1 R2,2 R2,3
R3,0 R3,1 R3,2 R3,3
R0,1
R1,1
R2,1
R3,1
XOR
172

Key Expansion Algorithm
• The AES key expansion algorithm takes
as input a 4-word (16-byte) key and
produces a linear array of 44 words (176
bytes).
• This is sufficient to provide a 4-word round
key for the initial AddRoundKey stage and
each of the 10 rounds of the cipher.
173

175
1. Using this Playfair matrix
encrypt this message: cryptography and network security

Answer
176
BGXQHWEGROKWLOSUADAWGIDLDQBPCW

Example
Given the plaintext {00 01 02 03 04 05 06 07 08 09
0A 0B 0C 0D 0E 0F} and the key {01 01 01 01 01
01 01 01 01 01 01 01 01 01 01 01},
I. Show the original contents of State, displayed as a
4 x 4 matrix.
II.Show the value of State array after initial
AddRoundKey.
III.Show the value of State array after Sub Bytes.
IV.Show the value of State array after Shift Rows.
V.Show the value of State array after Mix Columns.
177

State array after initial
AddRoundKey
179

State array after Sub Bytes
180

State array after Shift Rows
181

State array after Mix Columns
182

Example
Consider the given key K and the plaintext,
namely: in hexadecimal notation: 0 1 2 3 4
5 6 7 8 9 A B C D E F
• in binary notation: 0000 0001 0010 0011
0100 0101 0110 0111 1000 1001 1010
1011 0100 1101 1110 1111
183

A. Derive K1, the first-round sub key.
B. Derive L0, R0.
C. Expand R0 to get E[R0], where E[·] is the
expansion function.
D. Calculate A = E[R0] Ө K1.
E. Group the 48-bit result of (d) into sets of 6 bits
and evaluate the corresponding S-box
substitutions.
F. Concatenate the results of (e) to get a 32-bit
result, B.
G. Apply the permutation to get P(B).
H. Calculate R1 = P(B)Ө L0.
i. Write down the cipher text. 184

UNIT-II
 Multiple Encryption and Triple DES
 Block Cipher Modes of Operation
 Stream cipher and RC4
 Placement of Encryption function
 Traffic confidentiality
 Key Distribution
 Principle of Public Key Cryptosystems
 The RSA Algorithm
 Key management
 Diffie Hellman Key Exchange
 Elliptic curve cryptography.
185

Multiple Encryption
Multiple encryption is a technique in
which an encryption algorithm is used
multiple times.
186

Double DES
The simplest form of multiple encryption
has two encryption stages and two keys .
Given a plaintext P and two encryption keys
K1 and K2, cipher text C is generated as
C = E(K2, E(K1, P))
187

Double DES
• Decryption requires that the keys be
applied in reverse order
P = D(K1, D(K2, C))
• this scheme apparently involves a key
length of 56 x 2 = 112 bits, of resulting in a
dramatic increase in cryptographic
strength
189

Meet-in-the-middle attack
• Given a known pair, (P, C), the attack
proceeds as follows.
• First, encrypt P for all 256
possible values of
K1 Store these results in a table and then
sort the table by the values of X.
• Next, decrypt C using all 256
possible
values of K2. As each decryption is
produced, check the result against the
table for a match. 190

Meet-in-the-middle attack
• If a match occurs, then test the two
resulting keys against a new known
plaintext-cipher text pair.
• If the two keys produce the correct cipher
text, accept them as the correct keys.
191

Triple DES with Two Keys
• Triple DES makes use of three stages of
the DES algorithm, using a total of two or
three distinct keys.
• The function follows an encrypt-decrypt-
encrypt (EDE) sequence
C = E(K1, D(K2, E(K1, P)))
192

Triple DES with Three Keys
• Three-key 3DES has an effective key
length of 168 bits and is defined as
follows:
• C = E(K3, D(K2, E(K1, P)))
194

Block Cipher Modes of
Operation
• To apply a block cipher in a variety of
applications, four "modes of operation"
have been defined by NIST .
• mode of operation is a technique for
enhancing the effect of a cryptographic
algorithm for an application
195

Electronic Codebook (ECB)
Each block of 64 plaintext bits is encrypted
independently using the same key.
196

Limitation of ECB
• The most significant characteristic of ECB
is that the same b-bit block of plaintext, if it
appears more than once in the message,
always produces the same cipher text.
• For lengthy messages, the ECB mode
may not be secure.
198

Typical Application
• Secure transmission of single values (e.g.,
an encryption key)
199

Cipher Block Chaining (CBC)
200
• To overcome the security deficiencies of
ECB, we would like a technique in which
the same plaintext block, if repeated,
produces different cipher text blocks.
• A simple way to satisfy this requirement is
the cipher block chaining (CBC) mode
• The input to the encryption algorithm is the
XOR of the next 64 bits of plaintext and
the preceding 64 bits of cipher text.

201

• use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
202

Limitations of CBC
• need Initialization Vector (IV)
203

Typical Application
• General-purpose block-oriented
transmission
• Authentication
204

Cipher Feedback (CFB)
205
Input is processed j bits at a time.
Preceding cipher text is used as input to
the encryption algorithm to produce
pseudorandom output, which is XORed
with plaintext to produce next unit of
cipher text.

Limitation of CFB
A possible problem is that if its used over
a "noisy" link, then any corrupted bit will
destroy values in the current and next
blocks.
208

Typical Application
209
• General-purpose stream-oriented
transmission
• Authentication

Output Feedback (OFB)
The alternative to CFB is OFB. Here the
generation of the "random" bits is
independent of the message being
encrypted.
The advantage is that firstly, they can be
computed in advance, good for bursty
traffic, and secondly, any bit error only
affects a single bit. Thus this is good for
noisy links (eg satellite TV transmissions
etc).
210

Typical Application
• Stream-oriented transmission over noisy
channel (e.g., satellite communication)
212

Counter (CTR)
Each block of plaintext is XOR ed with an
encrypted counter. The counter is
incremented for each subsequent block.
213

Advantages and Limitations of CTR
can do parallel encryptions in h/w or s/w.
good for bursty high speed links.
provable security (good as other modes)
but CTR does not reusing the same key
and counter value

Typical Application
• General-purpose block-oriented transmission
• Useful for high-speed requirements
216

Stream Ciphers
• stream cipher encrypts plaintext one byte
at a time.
• stream cipher may be designed to operate
on one bit at a time.
218

Design considerations
• long period with no repetitions of pseudo
random key.
• output of the pseudorandom number
generator is conditioned on the value of
the input key.
• To protect against brute-force attacks, the
key needs to be sufficiently long.
221

RC4 Basics
• A symmetric key encryption algorithm.
• Invented by Ron Rivest.
• Normally uses 64 bit and 128 bit key sizes.
• Cryptographically very strong yet very easy to
implement.
• Consists of 2 parts: Key Scheduling Algorithm
(KSA) & Pseudo-Random Generation Algorithm

RC4 Block Diagram
Plain Text
Secret Key
RC4
+
Encrypted
Text
Keystream

RC4 …break up
• Initialize an array of 256 bytes.
• Run the KSA on them
• Run the PRGA on the KSA output to
generate keystream.
• XOR the data with the keystream.

Array Initialization
C Code:
char S[256];
Int i;
For(i=0; i< 256; i++)
S[i] = i;
After this the array would like this :
S[] = { 0,1,2,3, ……, 254, 255}

The KSA
• The initialized array S[256] is now run through
the KSA. The KSA uses the secret key to
scramble the array.
• C Code for KSA:
int i, j = 0;
for(i=0; i<256; i++)
{
j = ( j + S[i] + key[ i % key_len] ) % 256;
swap(S[i], S[j]);
}

The PRGA
• The KSA scrambled S[256] array is used to generate the
PRGA. This is the actual keystream.
• C Code:
i = j = 0;
while(output_bytes)
{
i = ( I + 1) % 256;
j = ( j + S[i] ) % 256;
swap( S[i], S[j] );
output = S[ ( S[i] + S[j] ) % 256 ]
}

Encryption using RC4
• Choose a secret key
• Run the KSA and PRGA using the key to
generate a keystream.
• XOR keystream with the data to generated
encrypted stream.
• Transmit Encrypted stream.

Decryption using RC4
• Use the same secret key as during the encryption phase.
• Generate keystream by running the KSA and PRGA.
• XOR keystream with the encrypted text to generate the
plain text.
• Logic is simple :
(A xor B) xor B = A
A = Plain Text or Data
B = KeyStream

RC4 Example
• Simple 4-byte example
• S = {0, 1, 2, 3}
• K = {1, 7, 1, 7}
• Set i = j = 0

KSA
First Iteration (i = 0, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 0 + 1) = 1
Swap S[ i ] with S[ j ]: S = {1, 0, 2, 3}
Second Iteration (i = 1, j = 1, S = {1, 0, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (1 + 0 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {0, 1, 2, 3}

KSA
Third Iteration (i = 2, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 2 + 1) = 3
Swap S[ i ] with S[ j ]: S = {0, 1, 3, 2}
Fourth Iteration (i = 3, j = 3, S = {0, 1, 3, 2}):
j = (j + S[ i ] + K[ i ]) = (3 + 2 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {2, 1, 3, 0}

PRGA
Reset i = j = 0, Recall S = {2, 1, 3, 0}
i = i + 1 = 1
j = j + S[ i ] = 0 + 1 = 1
Swap S[ i ] and S[ j ]: S = {2, 1, 3, 0}
Output z = S[ S[ i ] + S[ j ] ] = S[2] = 3

Analysis of RC4
• Advantages
– Faster than DES
– Enormous key space (average of 1700 bits)
• Disadvantages
– Large number of “weak” keys 1 of 256
– “Weak” keys can be detected and exploited
with a high probability

Placement of Encryption
function
If encryption is to be used to counter
attacks on confidentiality, we need to
decide what to encrypt and where the
encryption function should be located.
235

Confidentiality using Symmetric
Encryption
• traditionally symmetric encryption is used
to provide message confidentiality

• link encryption
• end-to-end encryption
237

Link encryption
Link encryption is an approach to
encrypts and decrypts all data at each
end of a communications line
238

End-to-end encryption
encryption process is carried out at the
two end systems
239

With end-to-end encryption, user data are
secure, but the traffic pattern is not because
packet headers are transmitted in the clear.
To achieve greater security, both link and
end-to-end encryption are needed

• can place encryption function at various
layers in OSI Reference Model
– link encryption occurs at layers 1 or 2
– end-to-end can occur at layers 3, 4, 6, 7

Front-End Processor Function
243

Traffic Confidentiality
Knowledge about the number and length
of messages between nodes may enable
an opponent to determine who is talking to
whom.
245

Information that can be derived from a traffic
analysis attack:
• Identities of partners
• How frequently the partners are
communicating
• Message pattern, message length, or
quantity of messages that suggest
important information is being exchanged
246

Link Encryption Approach
Network-layer headers are encrypted,
reducing the opportunity for traffic
analysis.
However, it is still possible to observe the
amount of traffic entering and leaving
each end system.
247

Traffic-Padding Encryption Device
• Traffic padding produces cipher text
output continuously, even in the absence
of plaintext.
248

249

• A continuous random data stream is
generated.
• When plaintext is available, it is encrypted
and transmitted.
• When input plaintext is not present,
random data are encrypted and
transmitted.
• This makes it impossible for an attacker to
distinguish between true data flow and
padding
250

End-to-End Encryption Approach
• if encryption is implemented at the
application layer, then an opponent can
determine which transport unit are
engaged in dialogue.
• In addition, null messages can be inserted
randomly into the stream. These tactics
deny an opponent knowledge about the
amount of data exchanged between end
users and difficult to understand the
underlying traffic pattern.
251

Key Distribution
given parties A and B have various key
distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B

Session key
• Session keys can also be termed
temporary keys or one-time use keys.
Usually after a session, these keys are
discarded and not used again.
• Communication between end systems is
encrypted using session key.
254

Master key
• session keys are transmitted in encrypted
form, using a master key that is shared
by the key distribution center and an end
system or user.
255

The Use of a Key Hierarchy
256

Key Distribution Scenario
• A issues a request to the KDC for a
session key to protect a logical connection
to B.
• The KDC responds with a message
encrypted using Ka Thus, A is the only
one who can successfully read the
message, and A knows that it originated at
the KDC
258

• A stores the session key for use in the upcoming
session and forwards to B the information that
originated at the KDC for B, namely, E(Kb, [Ks ||
IDA]). Because this information is encrypted with
Kb, it is protected from eavesdropping.
• B now knows the session key (Ks), knows that
the other party is A (from IDA), and knows that
the information originated at the KDC (because it
is encrypted using Kb).
259

• Using the newly minted session key for
encryption, B sends a nonce, N2, to A.
• Also using Ks, A responds with f(N2),
where f is a function that performs some
transformation on N2 (e.g., adding one).
260

15.261
Hierarchical Key Control

Hierarchical Key Control
• It is not necessary to limit the key
distribution function to a single KDC.
Indeed, for very large networks, it may not
be practical to do so. As an alternative, a
hierarchy of KDCs can be established.
• If two entities in different domains desire a
shared key,then the corresponding local
KDCs can communicate through a global
KDC.
262

Decentralized Key Control
1. A issues a request to B for a session key and
includes a nonce, N1
2. B responds with a message that is encrypted
using the shared master key. The response
includes the session key selected by B, an
identifier of B, the value f(N1), and another
nonce, N2.
3. Using the new session key, A returns f(N2) to B.
264

Principles of Public-Key
Cryptosystems
265

Private-Key Cryptography
• traditional private/secret/single key
cryptography uses one key
• shared by both sender and receiver
• if this key is disclosed communications are
compromised
• does not support authentication
266

Public-Key Cryptography
• Asymmetric encryption is a form of cryptosystem
in which encryption and decryption are performed
using the different keys—one a public key and
one a private key. It is also known as public-key
encryption.
• Asymmetric encryption transforms plaintext into
cipher text using a one of two keys and an
encryption algorithm. Using the paired key and a
decryption algorithm, the plaintext is recovered
from the cipher text.
• Asymmetric encryption can be used for
confidentiality, authentication, or both. 267

Public-Key Cryptography
public-key/two-key/asymmetric cryptography
involves the use of two keys:
– a public-key, which may be known by
anybody, and can be used to encrypt
messages, and verify signatures
– a private-key, known only to the recipient,
used to decrypt messages, and sign
(create) signatures
268

Principles of Public-Key
Cryptosystems
• The concept of public-key cryptography
evolved from an attempt to attack two of
the most difficult problems associated with
symmetric encryption.
• Key distribution
• Does not Supports Data authentication
269

270
Confidentiality using public-Key
system

Encryption
• Each user generates a pair of keys to be
used for the encryption and decryption of
messages.
• Each user places one of the two keys in a
public register This is the public key.
• The companion key is kept private.
271

Encryption
• If Bob wishes to send a confidential
message to Alice, Bob encrypts the
message using Alice's public key.
• When Alice receives the message, she
decrypts it using her private key.
• No other recipient can decrypt the
message because only Alice knows
Alice's private key.
272

273
Authentication using Public-Key
System

Difference between Symmetric Encryption and asymmetric
Encryption
Symmetric encryption Asymmetric encryption
symmetric encryption is a form of
cryptosystem in which encryption and
decryption are performed using same
key.
Asymmetric encryption is a form of
cryptosystem in which encryption and
decryption are performed using the
different keys .one is public key and
another one is private key.
It is also known as secret key
encryption.
It is also known as public-key
encryption.
symmetric encryption can be used for
confidentiality.
Asymmetric encryption can be used for
confidentiality, authentication, or both.
The most widely used symmetric key-
key cryptosystem is Transposition and
substitution.
The most widely used public-key
cryptosystem is RSA.
274

Public-Key Cryptosystem:
Secrecy
275

Secrecy
• With the message X and the encryption
key PUb as input, A forms the cipher text
Y = [Y1, Y2,..., YN]:
• Y = E(PUb, X)
• The intended receiver, in possession of
the matching private key, is able to invert
the transformation:
• X = D(PRb, Y)
276

Authentication
277

Authentication and Secrecy
278

Applications for Public-Key
Cryptosystems
• Encryption/decryption
• Digital signature
• Key exchange
279

Requirements for Public-Key
Cryptography
1.It is computationally easy for a party B to
generate a pair (public key PUb, private key
PRb).
2. It is computationally easy for a sender A,
knowing the public key and the message to be
encrypted, M, to generate the corresponding
cipher text: C = E(PUb, M)
3.It is computationally easy for the receiver B to
decrypt the resulting cipher text using the private
key to recover the original message: M = D(PRb,
C) = D[PRb, E(PUb, M)] 280

Requirements for Public-Key
Cryptography
4. It is computationally infeasible for an
opponent, knowing the public key, PUb, to
determine the private key, PRb.
5.It is computationally infeasible for an
opponent, knowing the public key, PUb,
and a cipher text, C, to recover the original
message, M.
281

Our dramatis personae
Rivest Shamir Adleman
283

The RSA Algorithm
RSA algorithm is developed by Ron
Rivest , Adi Shamir, and Len Adleman at
MIT and first published in 1978.
The RSA scheme is a block cipher in
which the plaintext and cipher text are
integers between 0 and n.
284

RSA Public Key Cryptosystem
c=
m e
mod n
Network
Plain Text Cipher Text Cipher Text Plain Text
Alice
Bob
Bob: (e, n)
Public Key Directory (Yellow/White Pages)
public key:
e & n
secret key: d
m=
c d
mod n

The RSA Algorithm – Key Generation
1. Select p,q p and q both prime
2. Calculate n = p x q
3. Calculate
4. Select integer e
5. Calculate d
6. Public Key KU = {e,n}
7. Private key KR = {d,n}
286
)1)(1()( −−=Φ qpn
)(1;1)),(gcd( neen Φ<<=Φ
)(mod1
ned Φ= −

The RSA Algorithm - Encryption
• Plaintext: M<n
• Ciphertext: C = Me
(mod n)
287

The RSA Algorithm - Decryption
• Ciphertext: C
• Plaintext: M = Cd
(mod n)
288

Example
Select two prime numbers, p = 17 and q = 11.
Calculate n = pq = 17 x 11 = 187
Calculate θ(n) = (p -1)(q -1) = 16 x 10 = 160.
Select e such that e is relatively prime to θ(n) =
160 and less than θ(n) we choose e = 7
289

Example
Calculate d value using the formula
d=(1+X * θ(n) )/e
X=0 d=(1+0*160)/ 7 = 0.143
X=1 d=(1+1 *160)/7 = 23
d=23
290

Example
PU={e, n}
PR={d , n}
The resulting keys are
public key PU = {7,187}
private key PR = {23,187}.
291

Encryption
Ciphertext: C = Me
(mod n)
C=887
(mod 187)
c=11
292

Decryption
Plaintext: M = Cd
(mod n)
M=1123
(mod 187)
M=88
293

Example
perform the Encryption and decryption for
p =7, q = 11, e = 17 and m = 8
297

Key generation
Calculate n = pq = 7 x 11 = 77
Calculate θ(n) = (p -1)(q -1) = 6 x 10 = 60
Calculate d value using the formula
d=(1+X * θ(n) )/e
X=0 d=(1+0*60)/ 17 = 0.0588
X=1 d=(1+1*60)/17 = 3.58
X=2 d=(1+2*60)/17 =7.11
x=3 d=(1+3*60)/17=10.64
298

Key generation
X=4 d=(1+4*60)/17=14.17
X=5 d=(1+5*60)/17=17.70
X=6 d=(1+6*60)/17=21.23
X=7 d=(1+7*60)/17=24.76
X=8 d=(1+8*60)/17=28.29
X=9 d=(1+9*60)/17=31.82
x=10 d=(1+10*60)/17=35.35
299

Key generation
X=11 d=(1+11*60)/17=38.88
X=12 d=(1+12*60)/17=42.41
X=13 d=(1+13*60)/17=45.94
X=14 d=(1+14*60)/17=49.47
X=15 d=(1+15*60)/17=53
300

Key generation
PU={e, n}
PR={d , n}
The resulting keys are
public key PU = {17,77}
private key PR = {53,77}.
301

Encryption
Ciphertext: C = Me
(mod n)
C=817
(mod 77)
c=57
302

Decryption
Plaintext: M = Cd
(mod n)
M=5753
(mod 77)
M=8
303

The Security of RSA
Brute force: This involves trying all
possible private keys.
Mathematical attacks: There are several
approaches, all equivalent in effort to
factoring the product of two primes.
Timing attacks: These depend on the
running time of the decryption algorithm.
Chosen cipher text attacks This type of
attack make use of properties of the RSA
algorithm. 304

Key Management
One of the major roles of public-key
encryption has been to address the
problem of key distribution.
• The distribution of public keys
• Distribution of secret keys using public key
305

Distribution of Public Keys
• Public announcement
• Publicly available directory
• Public-key authority
• Public-key certificates
306

Public Announcement of
Public Keys
• any participant can send his or her public
key to any other participant or broadcast
the key to the community at large.
307

Public Announcement of
Public Keys
308

Example
• For Example USENET is a public forum
anybody can post a message and read
message.
• it has a major weakness.
• some user could pretend to be user A and
send a public key to another participant.
309

Publicly Available Directory
• can obtain greater security by registering keys
with a public directory
• The authority maintains a directory with a {name,
public key} entry for each participant.
• Each participant registers a public key with the
directory authority.
• A participant may replace the existing key with a
new one at any time.
• Participants could also access the directory
electronically.
310

Publicly Available Directory
311

Public-Key Authority
Stronger security for public-key distribution
can be achieved by providing tighter
control over the distribution of public keys
from the directory.
312

1. A sends a time stamped message to the public-key authority containing a
request for the current public key of B.
2. The authority responds with a message that is encrypted using the
authority's private key, PRauthThus, A is able to decrypt the message using
the authority's public key.
The message includes the following:
● B's public key, PUb which A can use to encrypt messages destined for B
● The original request, to enable A to match this response with the
corresponding earlier request and to verify that the original request was not
altered before reception by the authority
● The original timestamp, so A can determine that this is not an old
message from the authority.
314

A stores B's public key and also uses it to encrypt a message to B containing
an identifier of A(IDA) and a nonce (N1), which is used to identify this
transaction uniquely.
4,5.B retrieves A's public key from the authority in the same manner as A
retrieved B's public key.
At this point, public keys have been securely delivered to A and B, and they
may begin their protected exchange. However, two additional steps are
desirable:
6. B sends a message to A encrypted with PUa and containing A's nonce
(N1) as well as a new nonce generated by B (N2) Because only B could
have decrypted message (3), the presence of N1 in message (6) assures A
that the correspondent is B.
7. A returns N2, encrypted using B's public key, to assure B that its
correspondent is A.
315

Public-Key Certificates
• Any participant can read a certificate to
determine the name and public key of the
certificate's owner.
• Any participant can verify that the
certificate originated from the certificate
authority and is not counterfeit.
• Only the certificate authority can create
and update certificates.
317

Distribution of Secret Keys Using Public-Key
Cryptography
• Simple Secret Key Distribution
• Secret Key Distribution with
Confidentiality and Authentication
318

Simple Secret Key Distribution
319

Simple Secret Key
Distribution
1.A generates a public/private key pair
{PUa, PRa} and transmits a message to B
consisting of Pua and an identifier of A,
IDA.
2. B generates a secret key, Ks, and
transmits it to A, encrypted with A's
public key.
320

Simple Secret Key
Distribution
3. A computes D(PRa, E(PUa, Ks)) to
recover the secret key. Because only A
can decrypt the message, only A and B
will know the identity of Ks.
4. A discards PUa and PRa and B
discards PUa.
321

Man-in-the-middle attack
1.A generates a public/private key pair
{PUa, PRa} and transmits a message
intended for B consisting of PUa and an
identifier of A, IDA.
2.E capture the message, creates its own
public/private key pair {PUe, PRe} and
transmits PUe|| IDA to B.
322

Man-in-the-middle attack
3.B generates a secret key, Ks, and
transmits E(PUe, Ks).
4.E capture the message, and learns Ks by
computing D(PRe, E(PUe, Ks)).
5.E transmits E(PUa, Ks) to A.
323

Secret Key Distribution with
Confidentiality and Authentication
324

1. A uses B's public key to encrypt a
message to B containing an identifier of A
(IDA) and a nonce (N1), which is used to
identify this transaction uniquely.
2. B sends a message to A encrypted with
PUa and containing A's nonce (N1) as well
as a new nonce generated by B (N2)
Because only B could have decrypted
message (1), the presence of N1 in
message (2) assures A that the
correspondent is B.
325

3. A returns N2 encrypted using B's public
key, to assure B that its correspondent is
A.
4. A selects a secret key Ks and sends M =
E(PUb, E(PRa, Ks)) to B. Encryption of
this message with B's public key ensures
that only B can read it; encryption with A's
private key ensures that only A could have
sent it.
5. B computes D(PUa, D(PRb, M)) to
recover the secret key.
326

Diffie-Hellman Key Exchange
The purpose of the algorithm is to enable
two users to securely exchange a key that
can then be used for subsequent
encryption of messages.
327

Primitive roots
P is prime number
a is a primitive root of p means
It should satisfies following condition
a mod p, a2
mod p,..., ap-1
mod p
are distinct and consist of the integers from
1 through p-1 in some permutation.
328

Primitive roots
3 is a primitive root of 5:
a=3,p=5
p ap
ap
mod 5
1 3 3
2 9 4
3 27 2
4 81 1
329

Primitive roots
4 is not a primitive root of 5:
a= 4 p=5
p ap
ap
mod 5
1 4 4
2 16 1
3 64 4
4 256 1
330

The Diffie-Hellman Key
Exchange Algorithm
331

Exchange Algorithm
332

Exchange Algorithm
333

Exchange Algorithm
334

Exchange Algorithm
335

Exchange Algorithm
336

Diffie-Hellman Example
Users A and B use the Diffie-Hellman key
exchange technique with a common prime
q = 71 and a primitive root a = 7.
i)If user A has private key XA = 5, what is A's
public key YA?
ii)If user B has private key XB = 12, what is
B's public key YB?
iii) What is the shared secret key?
337

YA= a
XA
mod q
=75
mod 71
= 51
YB= a
XB
mod q
=712
mod 71
= 4
338

Ks= yB
XA
mod q = 4
5
mod 71 = 30
Ks= yA
XB
mod q = 51
12
mod 71 = 30
339

Consider a Diffie-Hellman scheme with a
common prime q = 11 and a primitive root
a = 2.
I. Show that 2 is a primitive root of 11.
II.If user A has public key YA = 9, what is A's
private key XA?
III.If user B has public key YB = 3, what is the
shared secret key K, shared with A?
340

Elliptic Curve Cryptography
Elliptical curve cryptography (ECC) is a
public key encryption technique based on
elliptic curve theory that can be used to
create faster, smaller, and more efficient
cryptographic keys.
341

ECC generates keys through the
properties of the elliptic curve equation
instead of the traditional method of
generation as the product of very large
prime numbers
342

• ECC requires significantly smaller key
size with same level of security.
• Benefits of having smaller key sizes :
faster computations, need less storage
space.
• ECC ideal for constrained environments :
Pagers ; PDAs ; Cellular Phones ; Smart
Cards.
343

elliptic curve
• Elliptic curves are not ellipses. They are
so named because they are described by
cubic equations, used for calculating the
circumference of an ellipse.
• An elliptic curve is a set of points (x, y), for
which it is true that
• y2
= x3
+ ax + b given certain chosen
numbers a and b.
344

ECC Diffie-Hellman Key Exchange
346

ECC Diffie-Hellman Key
Exchange
347

Exchange
348

Exchange
349

Exchange
350

Contents
 Message Authentication and Hash functions
Authentication requirements
Authentication functions
Message Authentication codes and Hash functions
Security of hash functions and MAC’s
 Secure hash Algorithm
 Whirlpool
 HMAC and CMAC
 Digital Signatures
 Authentication protocols
 Digital signature standard
 Kerberos
 X.509 Authentication Service
• Public Key Infrastructure.
352

Authentication requirements
 disclosure
 traffic analysis
 masquerade
 content modification
 sequence modification
 timing modification
 source repudiation
 destination repudiation
353

Authentication Functions
Message encryption: The cipher text of the
entire message serves as its authenticator
Message authentication code (MAC):
A function of the message and a secret key that
produces a fixed-length value that serves as the
authenticator
Hash function: A function that maps a
message of any length into a fixed-length hash
value, which serves as the authenticator
354

Basic Uses of Message Encryption
355

356

357

358

Message Authentication Codes
Message authentication code (often
MAC) is a short piece of information used
to authenticate a message.
361

Message Authentication Codes
MAC = C(K, M)
M = input message
C= MAC function
K= shared secret key
MAC= message authentication code
362

Basic Uses of Message
Authentication Code
363

Authentication Code
364

Authentication Code
365

Requirements for MACs
1. knowing a message and MAC, is infeasible
to find another message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the
message.

Data Authentication Algorithm
• Data Authentication Algorithm (DAA) is
a widely used MAC based on DES-CBC
– using IV=0 and zero-pad of final block
– encrypt message using DES in CBC mode
– and send just the final block as the MAC
• or the leftmost M bits (16≤M≤64) of final block
• but final MAC is now too small for security

Hash Function
hash function accepts a variable-size
message M as input and produces a fixed-
size output, referred to as a hash code
H(M).
The hash code is also referred to as a
message digest or hash value
A hash value h is generated by a function
H of the form h = H(M)
369

Basic Uses of Hash Function
370

371

372

373

374

375

Requirements for Hash Functions
1. can be applied to any sized message M
2. produces fixed-length output h
3. is easy to compute h=H(M) for any message M
4. given h is infeasible to find x s.t. H(x)=h
• one-way property

Weak collision resistance
Given an input m1 it should be difficult to
find another input m2 — where m1!=m2
— such that H(m1)=H(m2)
377

Strong collision resistance
It should be difficult to find two different
messages m1 and m2 such that
H(m1)=H(m2)
378

Hash Functions & MAC Security
• like block ciphers have:
• brute-force attacks exploiting
– strong collision resistance hash have cost 2
m/2
• have proposal for h/w MD5 cracker
• 128-bit hash looks vulnerable, 160-bits better
– MACs with known message-MAC pairs
• can either attack keyspace (cf key search) or MAC
• at least 128-bit MAC is needed for security

Hash Functions & MAC Security
• cryptanalytic attacks exploit structure
– like block ciphers want brute-force attacks to be the
best alternative
• have a number of analytic attacks on iterated
hash functions
– CVi = f[CVi-1, Mi]; H(M)=CVN
– typically focus on collisions in function f
– like block ciphers is often composed of rounds
– attacks exploit properties of round functions

Secure Hash Algorithms
The Secure Hash Algorithm (SHA) was
developed by the National Institute of
Standards and Technology (NIST) and
published as a federal information
processing standard in 1993.
381

Types of SHA
1. SHA-0
2. SHA-1
3. SHA-224
4. SHA-256
5. SHA-384
6. SHA-512
382

Comparisons
SHA-1 SHA-256 SHA-384 SHA-512
Message digest
size
160 256 384 512
Message size <264
<264
<2128
<2128
Block size 512 512 1024 1024
Word size 32 32 64 64
Number of
steps
80 64 80 80
383

SHA-512
• The algorithm takes as input a message
with a maximum length of less than 2128
bits
and produces as output a 512-bit
message digest.
• The input is processed in 1024-bit blocks.
384

SHA-512 Logic
Padding is the addition of one or more
extra bits to a transmission .
385

Message Digest Generation
Using SHA-512
386

Message Digest Generation
Using SHA-512
Step 1: Append padding bits.
Step 2: Append length.
Step 3: Initialize hash buffer.
Step 4: Process message in 1024-bit
(128-word) blocks.
387

Processing of a Single 1024-Bit Block
388

Processing of a Single 1024-
Bit Block
• A 512-bit buffer is used to hold
intermediate and final results of the hash
function.
• The buffer can be represented as eight
64-bit registers (a, b, c, d, e, f, g, h).
• These registers are initialized default
hexadecimal values.
389

a = 6A09E667F3BCC908
b = BB67AE8584CAA73B
c = 3C6EF372FE94F82B
c = A54FF53A5F1D36F1
e = 510E527FADE682D1
f = 9B05688C2B3E6C1F
g = 1F83D9ABFB41BD6B
h = 5BE0CDI9137E2179 390

SHA-512 Processing of a
Single 1024-Bit Block
• Each round takes as input the 512-bit
buffer value abcdefgh, and updates the
contents of the buffer.
391

H0= IV
Hi= SUM64(Hi-1, abcdefghi)
MD= HN
392

• Where
IV= initial value of the abcdefgh buffer,
• abcdefghi= the output of the last round of
processing of the ith message block
• N= the number of blocks in the message
(including padding and length fields)
• SUM64= Addition modulo 264
performed
separately on each word of the pair of
inputs
• MD= final message digest value
393

Creation of 80-word Input Sequence for SHA-
512 Processing of Single Block
400

401

402

Whirlpool
• Whirlpool is based on the use of a block
cipher for the compression function.
• It takes a message of any length less than
2256
bits and returns a 512-bit message
digest.
403

Features
• The hash code length is 512 bits
• The underlying block cipher is based on
AES .
404

12.406
Message Digest Generation Using
Whirlpool

Whirlpool Overview
Step 1: Append padding bits
Step 2: Append length
Step 3: Initialize hash matrix
Step 4: Process message in 512-bit (64-
byte) blocks, using as its core, the block
cipher W.
407

Comparison of Whirlpool
Block Cipher W and AES
W AES
Block size (bits) 512 128
Key size (bits) 512 128, 192, or 256
Matrix
orientation
Input is mapped row-wise Input is mapped column-
wise
Number of
rounds
10 10, 12, or 14
409

Whirlpool Block Cipher W
The encryption algorithm takes a 512-bit
block of plaintext and a 512-bit key as
input and produces a 512-bit block of
cipher text as output.
The encryption algorithm involves the use
of four different functions add key (AK),
substitute bytes (SB), shift columns (SC),
and mix rows (MR).
411

Whirlpool Matrix Structure
• The plaintext input to W is a single 512-bit
block.
• This block is treated as an 8 x 8 square
matrix of bytes, labeled Cstate.
412

Whirlpool Matrix Structure
413

The Nonlinear Layer SB
The leftmost 4 bits of the byte are used as
a row value and the rightmost 4 bits are
used as a column value.
These row and column values serve as
indexes into the S-box to select a unique
8-bit output value.
For example, the hexadecimal value[3]
{95}references row 9, column 5 of the S-
box, which contains the value {BA}.
Accordingly, the value {95}is mapped into
the value {BA}. 415

Mix Row
• Each byte of a row is mapped into a new
value that is a function of all eight bytes in
that row.
• The transformation can be defined by the
matrix multiplication: B = AC
• where A is the input matrix, B is the output
matrix, and C is the transformation matrix:
416

Whirlpool Performance &
Security
• Whirlpool is a very new proposal, hence
there is little experience with use
• compared to SHA-512, Whirlpool requires
more hardware resources but performs
much better in terms of throughput.
417

HMAC(Hash-based Message Authentication Code)
CMAC(Cipher-based Message Authentication Code)
Types of MAC
419

HMAC
Message authentication code is generated
by hash function.
HMAC is computationally very fast and
very compact.
Any cryptographic hash function, such as
MD5 or SHA-1, may be used in the
calculation of an HMAC.
420

HMAC Algorithm
H = embedded hash function
IV = initial value input to hash function
M = message input to HMAC
Yi = ith block of M,
L = number of blocks in M
b = number of bits in a block
n = length of hash code produced by embedded
hash function
K= secret key
421

HMAC Algorithm
K+ = K padded with zeros on the left
ipad = 00110110 (36 in hexadecimal)
opad = 01011100 (5C in hexadecimal)
422

HMAC Overview
1.Append zeros to the left end of K to create
a b-bit string K+.
2. XOR K+ with ipad to produce the b-bit
block Si.
3. Append M to Si.
4. Apply H to the stream generated in step
5. XOR K+ with opad to produce the b-bit
block So
424

HMAC Overview
6.Append the hash result from step 4 to So
7.Apply H to the stream generated in step 6
and output the result.
425

Efficient Implementation of HMAC
427

Two quantities are precomputed
428

CMAC
Message authentication code is generated
by cipher based.
429

CMAC Overview
The message is divided into n blocks
M1..Mn, padded if necessary.
The algorithm makes use of a k-bit
encryption key K and an n-bit constant K1
or K2 (depending on whether the
message was padded or not).
431

CMAC Overview
T= MSBTlen(Cn)
where
T= message authentication code, also referred to
as the tag
Tlen= bit length of T
MSBs(X)= the s leftmost bits of the bit string X
433

Digital signature
A digital signature is an authentication
mechanism that enables the creator of a
message to attach a code that acts as a
signature.
The signature is formed by taking the
hash of the message and encrypting the
message with the creator's private key.
The signature guarantees the source and
integrity of the message.
434

Digital Signature Properties
 The signature must be a bit pattern that depends on the
message being signed.
 The signature must use some information unique to the
sender, to prevent both fake and disagreement.
 It must be relatively easy to produce the digital signature.
 It must be relatively easy to recognize and verify the
digital signature.
 It must be computationally infeasible to fake a digital
signature.
 It must be practical to retain a copy of the digital
signature in storage.
435

Direct Digital Signatures
Direct Digital Signatures involve only the
communicating parties.
A digital signature may be formed by encrypting the
entire message with the sender’s private key.
Confidentiality can be provided by further encrypting
the entire message plus signature using either public
or private key schemes.
security depends on sender’s private-key
436

Arbitrated Digital Signatures
• involves use of arbiter A
– validates any signed message
– then dated and sent to recipient
• requires suitable level of trust in arbiter
• can be implemented with either private or
public-key algorithms
• arbiter may or may not see message
437

Arbitrated Digital Signatures
438
X = sender
Y = recipient
A = Arbiter
M = message
T = timestamp

Authentication Protocols
• Authentication Protocols are used to
support parties of each others identity and
to exchange session keys.
• may be one-way or mutual
439

One-Way Authentication
• required when sender & receiver are not in
communications at same time (eg. email)
440

Mutual Authentication
• required when sender & receiver are in
communications at same time. (eg. Client-
server)
441

Digital Signature Standard
The digital signature standard (DSS) is an
NIST standard that uses the secure hash
algorithm (SHA).
442

Two Approaches to Digital
Signatures
443

The Digital Signature
Algorithm (DSA)
444

Global Public-Key Components
p prime number where 2L-1
< p < 2L
for 512 <= L <= 1024
q prime divisor of (p- 1), where 2159
< q < 2160
g = h(p-1)/q
mod p, where h is any integer with 1 < h < (p -1)
such that h(p- 1)/q
mod p > 1
445

User's Private Key
X random or pseudorandom integer with 0 < x < q
446

User's Public Key
y= gx
mod p
447

User's Per-Message Secret Number
k= random or pseudorandom integer with 0 < k < q
448

Signing
r= (gk
mod p) mod q
s= [k-1
(H(M) + xr)] mod q
Signature = (r, s)
449

Verifying
w= (s')-1
mod q
u1= [H(M')w] mod q
u2=(r')w mod q
v= [(gu1
yu2
) mod p] mod q
450

Verifying
TEST: v = r'
M= message to be signed
H(M)= hash of M using SHA-1
M', r', s’= received versions of M, r, s
451

Kerberos
Kerberos provides a centralized
authentication server whose function is to
authenticate users to servers and servers
to users.
453

Kerberos
Kerberos is an authentication service
designed for use in a distributed
environment.
Kerberos makes use of a trusted third-part
authentication service that enables clients
and servers to establish authenticated
communication.
454

455
Requirements for KERBEROS
Secure:
opponent does not find it to be the weak link
Scalable:
The system supports large number of clients and
severs
Reliable: For all services that rely on Kerberos for
access control, lack of availability of the Kerberos
service means lack of availability of the supported
services.
Transparent: the user should not be aware that
authentication is taking place.

A Simple Authentication
Dialogue
C = client
AS = authentication server
V =server
IDC = identifier of user on C
IDV = identifier of V
PC = password of user on C
ADC = network address of C
Kv = secret encryption key shared by AS and V
456

457
A Simple Authentication Dialogue
1- IDc + Pc+IDv
2- Ticket
3- IDc +Ticket
Ticket=Ekv[IDc,ADc,IDv]
kv=Secret Key between AS and
V (Server)
Pc=password of client

A More Secure Authentication Dialogue
 minimize the number of times that a
user has to enter a password
 tickets are not reusable
 To solve these problems, we introduce a
scheme a new server, known as the ticket-
granting server (TGS)
458

Once per user logon session:
(1)CAS : IDC||Idtgs
(2) AS C : E(Kc, Tickettgs)
459

Once per type of service:
(3) C TGS: IDC||IDV||Tickettgs
(4) TGS C: Ticketv
460

Once per service session:
(5) C V: IDC||Ticketv
461

1.The client requests a ticket-granting ticket on
behalf of the user by sending its user's ID and
password to the AS, together with the TGS ID,
indicating a request to use the TGS service.
2. The AS responds with a ticket that is
encrypted with a key that is derived from the
user‘s password. When this response arrives at
the client, the client prompts the user for his or
her password, generates the key, and attempts
to decrypt the incoming message. If the correct
password is supplied, the ticket is successfully
recovered.
463

3.The client requests a service-granting ticket on
behalf of the user.
4. The TGS decrypts the incoming ticket and
verifies the success of the decryption by the
presence of its ID. It checks to make sure that
the lifetime has not expired. Then it compares
the user ID and network address with the
incoming information to authenticate the user. If
the user is permitted access to the server V, the
TGS issues a ticket to grant access to the
requested service.
464

5.The client requests access to a service on
behalf of the user. For this purpose, the
client transmits a message to the server
containing the user's ID and the service-
granting ticket. The server authenticates
by using the contents of the ticket.
465

Kerberos allows the global distribution of ASs and TGSs,
with each system called a realm. A user may get a ticket for
a local server or a remote server.
Kerberos realm

Kerberos realm
• 1.The Kerberos server must have the user ID
and hashed passwords of all participating users
in its database.
• 2.The Kerberos server must share a secret key
with each server. All servers are registered with
the Kerberos server.
• Such an environment is referred to as a
Kerberos realm.
470

31/03/2005 Authentication Applications471
Request for Service in another realm:
1-Request ticket
for local TGS
2-Ticket for local TGS
5-Request ticket for remote server
6-Ticket for remote server
3-Request ticket for remote TGS
4-Ticket for remote TGS
7-request for remote service

The minor differences between version 4 and version 5
1) Version 5 has a longer ticket lifetime.
2) Version 5 allows tickets to be renewed.
3) Version 5 can accept any symmetric-key algorithm.
4) Version 5 uses a different protocol for describing data
types.
5) Version 5 has more overhead than version 4.

X.509 Authentication Service
X.509 is an ITU-T standard for a public key
infrastructure (PKI) and Privilege Management
Infrastructure (PMI).
X.509 specifies standard formats for public key
certificates, certificate revocation lists, attribute
certificates, and a certification path validation
algorithm.
473

Public-Key Certificate Use
474

X.509 Certificates
• issued by a Certification Authority (CA), containing:
– version (1, 2, or 3)
– serial number (unique within CA) identifying certificate
– signature algorithm identifier
– issuer X.500 name (CA)
– period of validity (from - to dates)
– subject X.500 name (name of owner)
– subject public-key info (algorithm, parameters, key)
– issuer unique identifier (v2+)
– subject unique identifier (v2+)
– extension fields (v3)
– signature (of hash of all fields in certificate)
• notation CA<<A>> denotes certificate for A signed by CA
475

CRL
• certificates have a period of validity
• may need to revoke before expiry, eg:
1. user's private key is compromised
2. user is no longer certified by this CA
3. CA's certificate is compromised
• CRL is a file that contains a list of
revoked certificates, their serial numbers,
and their revocation dates.
477

Obtaining a Certificate
• any user with access to CA can get any
certificate from it
• only the CA can modify a certificate
• because cannot be forged, certificates can
be placed in a public directory
478

CA Hierarchy
• if both users share a common CA then they are
assumed to know its public key
• otherwise CA's must form a hierarchy
• use certificates linking members of hierarchy to
validate other CA's
– each CA has certificates for clients (forward) and
parent (backward)
• each client trusts parents certificates
• enable verification of any certificate from one CA
by users of all other CAs in hierarchy
479

CA Hierarchy Use
480
A get B certificate using chain:
X<<W>>W<<V>>V<<Y>>Y<<Z>>Z<<B>>

31/03/2005 Authentication Applications 481
Authentication Procedures:
• CA must authenticate/verify an applicant
before issuing it a certificate for it.
• Three alternative authentication procedures:
– One-Way Authentication
– Two-Way Authentication
– Three-Way Authentication

One-Way Authentication
• One way authentication involves a single
transfer of information from one user (A) to
another (B)
482

One-Way Authentication:
• 1 message ( A->B) used to establish
– the identity of A and that message is from A
– message was intended for B
– integrity & originality of message
A B1-A {ta,ra,B,sgnData,KUb[Kab]}
Ta-timestamp rA=nonce B =identity
sgnData=signed with A’s private key

Two-Way Authentication
• 2 messages (A->B, B->A) which also
establishes in addition:
– the identity of B and that reply is from B
– that reply is intended for A
– integrity & originality of reply
A B
1-A {ta,ra,B,sgnData,KUb[Kab]}
2-B {tb,rb,A,sgnData,KUa[Kab]}

Three-Way Authentication
• 3 messages (A->B, B->A, A->B) which
enables above authentication without
synchronized clocks
A B
1- A {ta,ra,B,sgnData,KUb[Kab]}
2 -B {tb,rb,A,sgnData,KUa[Kab]}
3- A{rb}

Public-Key Infrastructure
public-key infrastructure (PKI) as the set of
hardware, software, people, policies, and
procedures needed to create, manage,
store, distribute, and revoke digital
certificates based on asymmetric
cryptography.
486

End entity: A generic term used to denote
end users, devices (e.g., servers, routers)
Certification authority (CA): The issuer
of certificates and certificate revocation
lists (CRLs).
Registration authority (RA): An optional
component that can assume a number of
administrative functions.
487

CRL issuer: An optional component that a
CA can delegate to publish CRLs.
Repository: A generic term used to
denote any method for storing certificates
and CRLs so that they can be retrieved by
End Entities.
488

Registration: This is the process whereby a
user first makes itself known to a CA (directly, or
through an RA), prior to that CA issuing a
certificate or certificates for that user.
Initialization: Before a client system can
operate securely, it is necessary to install key
materials that have the appropriate relationship
with keys stored elsewhere in the infrastructure
490

Certification: This is the process in which
a CA issues a certificate for a user's public
key, and returns that certificate to the
user's client system and/or posts that
certificate in a repository.
Key pair update: All key pairs need to be
updated regularly (i.e., replaced with a
new key pair) and new certificates issued.
491

Cross certification: one certificate
authority use the certificate to the another
certificate authority.
492

Contents
 Pretty Good Privacy
 S/MIME
 IP Security Overview
 IP Security Architecture
 Authentication Header
 Encapsulating Security Payload
 Combining Security Associations
 Key management.
494

Pretty Good Privacy
 PGP provides a confidentiality and
authentication service that can be used for
electronic mail and file storage
applications.
496

Pretty Good Privacy
 PGP is an open-source freely available
software package for e-mail security.
 It provides authentication through the use
of digital signature;
 It provides confidentiality through the use
of symmetric block encryption;
497

Pretty Good Privacy
 It provides compression using the ZIP
algorithm.
 It provides e-mail compatibility using the
radix-64 encoding scheme.
 It provides Segmentation and reassembly
to accommodate long e-mails.
498

Pretty Good Privacy
 Ks =session key used in symmetric
encryption scheme
 PRa =private key of user A, used in
public-key encryption scheme
 PUa =public key of user A, used in public-
key encryption scheme
499

Pretty Good Privacy
 EP = public-key encryption
 DP = public-key decryption
 EC = symmetric encryption
 DC = symmetric decryption
 H = hash function
 || = concatenation
 Z = compression using ZIP algorithm
 R64 = conversion to radix 64 ASCII format
500

Authentication
1.The sender creates a message.
2.SHA-1 is used to generate a 160-bit hash
code of the message.
3.The hash code is encrypted with RSA
using the sender's private key, and the
result is prepended to the message.
4.The receiver uses RSA with the sender's
public key to decrypt and recover the hash
code.
502

Authentication
5. The receiver generates a new hash code
for the message and compares it with the
decrypted hash code. If the two match, the
message is accepted as authentic.
503

Confidentiality
1.The sender generates a message and a
random 128-bit number to be used as a
session key for this message only.
2.The message is encrypted, using CAST-
128 (or IDEA or 3DES) with the session
key.
3.The session key is encrypted with RSA,
using the recipient's public key, and is
prepended to the message.
504

Confidentiality
4.The receiver uses RSA with its private key
to decrypt and recover the session key.
5.The session key is used to decrypt the
message.
505

Transmission and Reception
of PGP Messages
506

PGP Message Format
 The message component includes the
actual data to be stored or transmitted,
as well as a filename and a timestamp
that specifies the time of creation.
508

PGP Message Format
 The signature component includes the
following:
 Timestamp: The time at which the
signature was made.
 Message digest: The 160-bit SHA-1
digest, encrypted with the sender's
private signature key.
509

PGP Message Format
 Leading two octets of message digest:
To enable the recipient to determine if
the correct public key was used to
decrypt the message digest for
authentication
• Key ID of sender's public key: Identifies
the public key that should be used to
decrypt the message digest
510

PGP Message Format
 The session key component includes
the session key and the identifier of the
recipient's public key that was used by
the sender to encrypt the session key.
511

Signing the message
 PGP retrieves the sender's private key from the
private-key ring using your_userid as anindex. If
your_userid was not provided in the command,
the first private key on the ring is retrieved.
 PGP prompts the user for the passphrase to
recover the unencrypted private key.
 The signature component of the message is
constructed.
512

Encrypting the message
 PGP generates a session key and
encrypts the message.
 PGP retrieves the recipient's public key
from the public-key ring using her_userid
as an index.
 The session key component of the
message is constructed.
513

Decrypting the message
 PGP retrieves the receiver's private key
from the private-key ring, using the Key ID
field in
 the session key component of the
message as an index.
 PGP prompts the user for the passphrase
to recover the unencrypted private key.
 PGP then recovers the session key and
decrypts the message.
516

Authenticating the message
 PGP retrieves the sender's public key from the
public-key ring, using the Key ID field in the
signature key component of the message as an
index.
 PGP recovers the transmitted message digest.
 PGP computes the message digest for the
received message and compares it to the
transmitted message digest to authenticate.
517

S/MIME
 Another security service designed for electronic mailAnother security service designed for electronic mail
is Secure/Multipurpose Internet Mail Extensionis Secure/Multipurpose Internet Mail Extension
(S/MIME).(S/MIME).
 The protocol is an enhancement of the MultipurposeThe protocol is an enhancement of the Multipurpose
Internet Mail Extension (MIME) protocolInternet Mail Extension (MIME) protocol
518

RFC 822
 RFC 822 defines a format for text
messages that are sent using electronic
mail. It has been the standard for Internet-
based text mail message and remains in
common use.
519

MIME
MIME is an extension to the RFC 822
framework that is intended to address
some of the problems and limitations of
the use of SMTP .
521

MIME
SMTP cannot transmit executable files or other
binary objects.
SMTP cannot transmit text data that includes
national language characters
SMTP servers may reject mail message over a
certain size.
SMTP cannot handle non textual data.
522

16.525
MIME-VersionMIME-Version
This header defines the version of MIME used. TheThis header defines the version of MIME used. The
current version is 1.1.current version is 1.1.
Content-TypeContent-Type
The content type and the content subtype are separatedThe content type and the content subtype are separated
by a slash. Depending on the subtype, the header mayby a slash. Depending on the subtype, the header may
contain other parameters.contain other parameters.

S/MIME Functions
enveloped data
encrypted content and associated keys
signed data
encoded message + signed digest
clear-signed data
clear text message + encoded signed digest
signed & enveloped data
nesting of signed & encrypted entities

Cryptographic Algorithms
Function Requirement
Create a message digest to be used in
forming a digital signature.
MUST support SHA-1.
Encrypt message digest to form digital
signature.
Receiver SHOULD support MD5 for
backward compatibility.
Sending and receiving agents MUST
support DSS.
Sending agents SHOULD support RSA
encryption.
Receiving agents SHOULD support
verification of RSA signatures with key
sizes 512 bits to 1024 bits.
Encrypt session key for transmission with
message.
Sending and receiving agents SHOULD
support Diffie-Hellman.
Sending and receiving agents MUST
support RSA encryption with key sizes 512
bits to 1024 bits.
529

Cryptographic Algorithms
Encrypt message for
transmission with one-time
session key.
Sending and receiving agents MUST support
encryption with triple DES
Sending agents SHOULD support encryption
with AES.
Sending agents SHOULD support encryption
with RC2/40.
530

S/MIME Messages
Type Subtype smime Parameter Description
Multipart Signed
A clear-signed message in two parts:
one is the message and the other is the
signature.
Application pkcs 7-mime signedData A signed S/MIME entity.
pkcs 7-mime envelopedData An encrypted S/MIME entity.
pkcs 7-mime degenerate
signedData An entity containing only public- key
certificates.
pkcs 7-mime CompressedData A compressed S/MIME entity
531

Enveloped data
This consists of encrypted content of any
type and encrypted-content encryption
keys for one or more recipients.
532

533
enveloped data
Version
Encrypted Content Info
Recipient Info
Version
Recipient ID (issuer and s.no.)
Key Encryption Algorithm
Encrypted Key
Content Encryption Alg.
Content type
Encrypted Content
Originator Info
S/MIME/messageformats

Cyptography and network security

Cyptography and network security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Cyptography and network security

Similar to Cyptography and network security (20)

Recently uploaded

Recently uploaded (20)

Cyptography and network security

Editor's Notes