Encryption
Security Protocols
 • A security protocol can be defined as a security
procedure for regulating data transmission
between computers.
 • If sensitive data is transmitted over the network in
clear text, then anyone can read the data if they
intercept it intentionally or accidentally.
 • To preserve the data confidentiality, we use
different encryption techniques.
Methods of Encryption
 At a broad level, regardless of the technique used for
encryption, the generation of ciphers from the plaintext itself
can be done in two ways:
 Stream Ciphers
 Block Ciphers
 Stream Cipher
 It involves the encryption of one plaintext bit at a time. The
decryption also happens one bit at a time
 Block Cipher
 It involves the encryption of one block of text at a time. Decryption
also takes one block of encrypted text at a time.
Stream Cipher
 Is one of the simplest way to encrypt data
 When it is employed each bit of the data is encrypted
using one bit of the key
 Faster than block cipher.
 Can encrypt the same message twice and the cipher
text will be different
 To make a stream cipher more difficult to crack, you
can use a crypto key that varies in length
 The process of continually varying the crypto key is
known as One-time pad
Block Cipher
 Unlike Stream Cipher which encrypts every single bit, Block
Cipher encrypts data in chunks of specific size
 It specifies how much data should be encrypted on each pass
and what size key should be applied to each block
 E.g DES specifies that DES encrypted data should be processed in
64-bit blocks using a 56-bit key
 You can use a number of algorithms when processing block
cipher
 The most basic is to simply take the data and break it into
blocks while applying the key to each
 A better solution is to take the earlier resultants from the
algorithm and combine them with later keys
XOR Operation
 An interesting property of XOR is that when used twice, it
produces the original data
 Example:
 Two binary numbers A=101, B=110
 C = A XORB
 C = 101 XOR110 = 011
 Now, if we perform C XOR A, we will get B
 011 XOR101 = 110 = B
 Now, if we perform C XOR B, we will get A
 011 XOR110 = 101 = A
 This reversibility of XOR operations has many implications
in cryptographic algorithms
Data Encryption Standard
(DES)
Data Encryption Standard
 DES is a symmetric key encryption standard
 Published in 1977 by the U.S. National Institute of
Standards and Technology (NIST)
 It is developed by IBM
 NIST states the goal of DES as
 The goal is to completely scramble the data and key so
that every bit of the ciphertext depends on every bit of
data and every bit of key.
 With a good algorithm, there should be no correlation
between the ciphertext and either the original data or key
Data Encryption Standard
 It was widely adopted by the industry for use in
security products
 a de facto standard
 It takes as an input data blocks of 64-bits length and
generates 64-bit cipher blocks
 56-bit key size
 Today, DES is not considered secure in its original
form, but in its modified form (3DES) it is still
considered secure
DES Basic Operation
 The algorithm, which is parameterized by a 56-bit key, has
16 distinct stages
 It involves 16 rounds of plaintext transformations, including breaking
the plain text into two 32 bit chunks that are swapped repeatedly
during rounds
 Each round expands 32bit block to 48bits,which are XORd with 48bit
sub-key
 The sub-key has been generated by a “key schedule”
 An algorithm that creates the 48-bit sub-key based on the original
56bit key
 After XORing with sub-key, 48-bit text is divided into 6-bit chunks
(S-boxes), which then output 4-bit blocks
 Reducing the overall plaintext block back to its original 32 bits
Data Encryption Standard
 most widely used block cipher in world
 adopted in 1977 by NBS (now NIST)
 as FIPS PUB 46
 encrypts 64-bit data using 56-bit key
 has widespread use
 has seen considerable controversy over
its security
DES History
 IBM developed Lucifer cipher
 by team led by Feistel
 used 64-bit data blocks with 128-bit key
 then redeveloped as a commercial cipher with
input from NSA and others
 in 1973 NBS issued request for proposals for
a national cipher standard
 IBM submitted their revised Lucifer which
was eventually accepted as the DES
DES Design Controversy
 although DES standard is public
 had considerable controversy over design
 in choice of 56-bit key
 and because design criteria were classified
 subsequent events and public analysis show in
fact design was appropriate
 DES has become widely used, especially in
financial applications
Data Encryption Standard
Strength of DES –Key Size
 56-bit keys have 256
= 7.2 x 1016
values
 brute force search looks hard
 recent advances have shown is possible
 in 1997 on Internet in a few months
 in 1998 on dedicated h/w (EFF) in a few days
 in 1999 above combined in 22hrs!
 still must be able to recognize plaintext
DES Encryption Strength
 The strength of any encryption algorithm lies in the
fact that it would take a long time to guess the used
key
 DES is 56 bits, that is the key to decrypt DES will be 56
bits in length
 56 bit is made up of 8 bytes with 7 data bits (8*7=56)
 Thus we can have 128 (27
) values to choose from each
character
 Possible number of combinations through some simple
math:
 (128)8
= 72 thousand plus billion combinations
DES Weaknesses
 DES is considered non secure for very
sensitive encryption.
 It is crack able in a short period of time.
 The short key length makes it easy to break
 To overcome the weaknesses of DES, Triple
DES is developed from original DES.
Triple DES
Triple-DES
 In Triple-DES, the DES algorithm is applied three
times using two or three different 56-bit keys
 This approach produces Ciphertext that is scrambled
to the equivalent of a 112-bit or 168-bit key
 (2)168
= 3.7 * (10)50
 370 trillion, trillion, trillion, trillion combinations
 Looking at the name, it may seem that 3DES makes
your encryption three times more difficult to break
 3DES actually makes your encryption five billion,
trillion, trillion times harder to break that is 5 *(10)33
Advanced Encryption Standard (AES)
 In 1990s, the U.S. Government wanted to standardize a
cryptographic algorithm, which was to be used universally.
 Many proposals were submitted, and after a lot of debate, an
algorithm called Rijndaelwas accepted
 The need for coming up with a new algorithm is actually
because of the perceived weakness in DES.
 The 56-bit keys of DES were no longer considered safe
against attacks based on exhaustive key searches, and the 64
bit blocks were also considered as weak
 AES was based on 128 bits blocks, with 128-bit key
IDEA
 International Data Encryption
Standard
 Takes input of 64-bits plain text blocks
 Produces output of 64-bits cipher text
 Key Length: 128 bits
AES
 Worldwide a new cryptographic protocol standard
was needed because:
 Key used in DES was too small (56-bit)
 Triple DES (3-DES) was too slow
 IDEA was patent protected and slow
 Advanced Encryption Standard
 NIST chose an algorithm that supports a variety of Data
Blockand Key Sizes
 Two parameters (block size and key) can be chosen
independently from 128, 160, 192, 224 and 256 bit sizes
AES
 According to AES Designers, the main
features of AES are
 Symmetric and parallel structure
 Adapted to modern processors
 Suited to smart cards
 After seeing the review of IETF protocols( SSL,
S/MIME, SSH) will have now modifications to
accommodate these algorithms
AES –The Advanced Encryption
Standard
 Rules for AES proposals
1. The algorithm must be a symmetric block cipher.
2. The full design must be public.
3. Key lengths of 128, 192, and 256 bits supported.
4. Both software and hardware implementations
required
5. The algorithm must be public or licensed on
nondiscriminatory terms.

Encryption

  • 1.
  • 2.
    Security Protocols  •A security protocol can be defined as a security procedure for regulating data transmission between computers.  • If sensitive data is transmitted over the network in clear text, then anyone can read the data if they intercept it intentionally or accidentally.  • To preserve the data confidentiality, we use different encryption techniques.
  • 3.
    Methods of Encryption At a broad level, regardless of the technique used for encryption, the generation of ciphers from the plaintext itself can be done in two ways:  Stream Ciphers  Block Ciphers  Stream Cipher  It involves the encryption of one plaintext bit at a time. The decryption also happens one bit at a time  Block Cipher  It involves the encryption of one block of text at a time. Decryption also takes one block of encrypted text at a time.
  • 4.
    Stream Cipher  Isone of the simplest way to encrypt data  When it is employed each bit of the data is encrypted using one bit of the key  Faster than block cipher.  Can encrypt the same message twice and the cipher text will be different  To make a stream cipher more difficult to crack, you can use a crypto key that varies in length  The process of continually varying the crypto key is known as One-time pad
  • 5.
    Block Cipher  UnlikeStream Cipher which encrypts every single bit, Block Cipher encrypts data in chunks of specific size  It specifies how much data should be encrypted on each pass and what size key should be applied to each block  E.g DES specifies that DES encrypted data should be processed in 64-bit blocks using a 56-bit key  You can use a number of algorithms when processing block cipher  The most basic is to simply take the data and break it into blocks while applying the key to each  A better solution is to take the earlier resultants from the algorithm and combine them with later keys
  • 6.
    XOR Operation  Aninteresting property of XOR is that when used twice, it produces the original data  Example:  Two binary numbers A=101, B=110  C = A XORB  C = 101 XOR110 = 011  Now, if we perform C XOR A, we will get B  011 XOR101 = 110 = B  Now, if we perform C XOR B, we will get A  011 XOR110 = 101 = A  This reversibility of XOR operations has many implications in cryptographic algorithms
  • 7.
  • 8.
    Data Encryption Standard DES is a symmetric key encryption standard  Published in 1977 by the U.S. National Institute of Standards and Technology (NIST)  It is developed by IBM  NIST states the goal of DES as  The goal is to completely scramble the data and key so that every bit of the ciphertext depends on every bit of data and every bit of key.  With a good algorithm, there should be no correlation between the ciphertext and either the original data or key
  • 9.
    Data Encryption Standard It was widely adopted by the industry for use in security products  a de facto standard  It takes as an input data blocks of 64-bits length and generates 64-bit cipher blocks  56-bit key size  Today, DES is not considered secure in its original form, but in its modified form (3DES) it is still considered secure
  • 10.
    DES Basic Operation The algorithm, which is parameterized by a 56-bit key, has 16 distinct stages  It involves 16 rounds of plaintext transformations, including breaking the plain text into two 32 bit chunks that are swapped repeatedly during rounds  Each round expands 32bit block to 48bits,which are XORd with 48bit sub-key  The sub-key has been generated by a “key schedule”  An algorithm that creates the 48-bit sub-key based on the original 56bit key  After XORing with sub-key, 48-bit text is divided into 6-bit chunks (S-boxes), which then output 4-bit blocks  Reducing the overall plaintext block back to its original 32 bits
  • 11.
    Data Encryption Standard most widely used block cipher in world  adopted in 1977 by NBS (now NIST)  as FIPS PUB 46  encrypts 64-bit data using 56-bit key  has widespread use  has seen considerable controversy over its security
  • 12.
    DES History  IBMdeveloped Lucifer cipher  by team led by Feistel  used 64-bit data blocks with 128-bit key  then redeveloped as a commercial cipher with input from NSA and others  in 1973 NBS issued request for proposals for a national cipher standard  IBM submitted their revised Lucifer which was eventually accepted as the DES
  • 13.
    DES Design Controversy although DES standard is public  had considerable controversy over design  in choice of 56-bit key  and because design criteria were classified  subsequent events and public analysis show in fact design was appropriate  DES has become widely used, especially in financial applications
  • 14.
  • 15.
    Strength of DES–Key Size  56-bit keys have 256 = 7.2 x 1016 values  brute force search looks hard  recent advances have shown is possible  in 1997 on Internet in a few months  in 1998 on dedicated h/w (EFF) in a few days  in 1999 above combined in 22hrs!  still must be able to recognize plaintext
  • 16.
    DES Encryption Strength The strength of any encryption algorithm lies in the fact that it would take a long time to guess the used key  DES is 56 bits, that is the key to decrypt DES will be 56 bits in length  56 bit is made up of 8 bytes with 7 data bits (8*7=56)  Thus we can have 128 (27 ) values to choose from each character  Possible number of combinations through some simple math:  (128)8 = 72 thousand plus billion combinations
  • 17.
    DES Weaknesses  DESis considered non secure for very sensitive encryption.  It is crack able in a short period of time.  The short key length makes it easy to break  To overcome the weaknesses of DES, Triple DES is developed from original DES.
  • 18.
  • 19.
    Triple-DES  In Triple-DES,the DES algorithm is applied three times using two or three different 56-bit keys  This approach produces Ciphertext that is scrambled to the equivalent of a 112-bit or 168-bit key  (2)168 = 3.7 * (10)50  370 trillion, trillion, trillion, trillion combinations  Looking at the name, it may seem that 3DES makes your encryption three times more difficult to break  3DES actually makes your encryption five billion, trillion, trillion times harder to break that is 5 *(10)33
  • 20.
    Advanced Encryption Standard(AES)  In 1990s, the U.S. Government wanted to standardize a cryptographic algorithm, which was to be used universally.  Many proposals were submitted, and after a lot of debate, an algorithm called Rijndaelwas accepted  The need for coming up with a new algorithm is actually because of the perceived weakness in DES.  The 56-bit keys of DES were no longer considered safe against attacks based on exhaustive key searches, and the 64 bit blocks were also considered as weak  AES was based on 128 bits blocks, with 128-bit key
  • 21.
    IDEA  International DataEncryption Standard  Takes input of 64-bits plain text blocks  Produces output of 64-bits cipher text  Key Length: 128 bits
  • 22.
    AES  Worldwide anew cryptographic protocol standard was needed because:  Key used in DES was too small (56-bit)  Triple DES (3-DES) was too slow  IDEA was patent protected and slow  Advanced Encryption Standard  NIST chose an algorithm that supports a variety of Data Blockand Key Sizes  Two parameters (block size and key) can be chosen independently from 128, 160, 192, 224 and 256 bit sizes
  • 23.
    AES  According toAES Designers, the main features of AES are  Symmetric and parallel structure  Adapted to modern processors  Suited to smart cards  After seeing the review of IETF protocols( SSL, S/MIME, SSH) will have now modifications to accommodate these algorithms
  • 24.
    AES –The AdvancedEncryption Standard  Rules for AES proposals 1. The algorithm must be a symmetric block cipher. 2. The full design must be public. 3. Key lengths of 128, 192, and 256 bits supported. 4. Both software and hardware implementations required 5. The algorithm must be public or licensed on nondiscriminatory terms.