Network Security
CS-5
By: Prof. Ganesh Ingle
Session 2 objective
CS-5 Revision Previous Session revision
CS -5 Block Ciphering
CS -5 Revision of DES,Feistel Cipher Structure
CS -5 Confusion and Diffusion Theory
CS -5 AES and its importance in security
CS-5 Efficient implementation of AES using C and C# demo.
SUMMARY
CS -5 Block Ciphering
This functionality is similar to block cipher
Only difference is key
CS -5 Block Ciphering
This functionality is similar to
block cipher Only difference is key
CS -5 Block Ciphering
This functionality is
similar to block
cipher Only
difference
is key And must
be reversible
CS -5 Block Ciphering
CS -5 Block Ciphering
Can any function be used as a block cipher ???
CS -5 Block Ciphering
Block Cipher Algorithms:
DES (Explanation done in session two ,refer video lecture Module 7)
AES
RC6
9
CS -5 Feistel Cipher Structure
1. PT=2 halves
2. Apply function to right
3. Function can be anything a logical model
4. For function a separate key will be used
5. O/p from 5 is XORed with left
6. O/P of left and right is swapped
7. Process 1 to 7 is a round
8. Number of rounds
Block Cipher Design Principles
1.Block Size (10B PT=10B CT)
2.Key size
3.Sub Keys Count
4.Round Function
5.Plain Text in Two equal Halves
10
CS -5 Confusion and Diffusion Theory
11
CS -5 Confusion and Diffusion Theory
12
CS -5 AES and its importance in security
 AES(Applications in commercial market)
 Intel and AMD processors include the AES instruction set.
 Signal Protocol
 Google Allo (optional)
 Facebook Messenger (optional)
 Signal
 TextSecure
 WhatsApp
 Linux kernel's Crypto API, now exposed to userspace
 DataLocker Uses AES 256-bit CBC and XTS mode hardware encryption
 BitLocker (part of certain editions of Windows operating systems)
 7z ,Amanda Backup,PeaZip,PKZIP,RAR,WinZip,UltraISO
 Hadoop
13
CS -5 AES and its importance in security
 AES(Advance Encryption Standard):
 Symmetric Key Block cipher (Same key ???)
 128 bit data
 128 bit key size
 56 bit size key was used in DES vulnerable for the brut
force attack
 Stronger and faster than DES
14
CS -5 AES and its importance in security
Rounds Key
10 128
12 192
14 256
15
CS -5 AES and its importance in security
AES Structure: AES Encryption process:
16
CS -5 AES and its importance in security
 AES(Advance Encryption Standard):
 Considering 10 rounds
 S1:Input PT=128 bits
 S2:Pre round transformation ( a key goes here k0) like
DES here also we have key expansion block
 S3:Now starts number of rounds (key is added to each
round)
 It runs up to round n depending upon key size
17
CS -5 AES and its importance in security
 AES(Advance Encryption Standard):
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than Feistel cipher
 processes data as block of 4 columns of 4 bytes
 operates on entire data block in every round
 designed to have:
 resistance against known attacks
 speed and code compactness on many CPUs
 design simplicity
CS -5 AES key expansion block
CS -5 AES encryption process
 S1:Input PT=128 bits
 S2:Pre round transformation ( a key goes
here k0) like DES here also we have key
expansion block
 S3:Now starts number of rounds (key is
added to each round)
 Sub bytes : its matrix of 4x4 (s-boxes)
 Shift rows (Left shift only) & create
new matrix for net step
 Mix columns : Columns are mixed with
some mathematical function
 Add round key : Bit streams are now
XORed with round key
 This process is repeated till last round
Row number Shift left
1 0
2 1
3 2
4 3
Decryption process
is exact reverse of this
20
CS-5 Efficient implementation of AES.
Sub bytes : Wikipedia reference
CS -5 AES encryption process S box
CS -5 AES encryption process
 Substitute Bytes
 Example
CS -5 AES encryption process
Shift Rows
 A circular byte shift in each each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
 Decrypt inverts using shifts to right
 Since state is processed by columns, this step
permutes bytes between the columns
CS -5 AES encryption process
Shift Rows
CS -5 AES encryption process
Mix Columns
 each column is processed separately
 each byte is replaced by a value dependent on all 4 bytes in the
column
 effectively a matrix multiplication in GF(28) using prime poly m(x)
=x8+x4+x3+x+1
CS -5 AES encryption process
Mix Columns
CS -5 AES encryption process
AES Arithmetic
 uses arithmetic in the finite field GF(28)
 with irreducible polynomial
 m(x) = x8 + x4 + x3 + x + 1
 which is (100011011) or {11b}
 e.g.
 {02} • {87} mod {11b} = (1 0000 1110) mod {11b}
 = (1 0000 1110) xor (1 0001 1011) = (0001 0101)
CS -5 AES encryption process
Add Round Key
 XOR state with 128-bits of the round key
 again processed by column (though effectively a series of
byte operations)
 inverse for decryption identical
 since XOR own inverse, with reversed keys
 designed to be as simple as possible
 a form of Vernam cipher on expanded key
 requires other stages for complexity / security
CS -5 AES encryption process
Add Round Key
CS -5 AES encryption process
Key Expansion
 takes 128-bit (16-byte) key and
expands into array of 44/52/60
32-bit words
 start by copying key into first 4
words
 then loop creating words that
depend on values in previous &
4 places back
 in 3 of 4 cases just XOR these
together
 1st word in 4 has rotate + S-box
+ XOR round constant on
previous, before XOR 4th back
31
CS -5 AES and its importance in security
32
CS -5 AES and its importance in security
 Summary
 an iterative rather than Feistel cipher
 key expanded into array of 32-bit words
 four words form round key in each round
 4 different stages are used as shown
 has a simple structure
 only AddRoundKey uses key
 AddRoundKey a form of Vernam cipher
 each stage is easily reversible
 decryption uses keys in reverse order
 decryption does recover plaintext
 final round has only 3 stages
33
CS -5 AES and its importance in security
34
CS-5 Efficient implementation of AES.
35
CS-5 Efficient implementation of AES.
36
CS-5 Efficient implementation of AES.
37
CS-5 Efficient implementation of AES.
38
CS-5 Efficient implementation of AES.
39
CS-5 Efficient implementation of AES.
40
CS-5 Efficient implementation of AES.
41
CS-5 Efficient implementation of AES.
CS-5 AES vs DES
Thank you
Image Source
searchenterpriseai.techtarget.com
wikipedia

Network security cs5

  • 1.
  • 2.
    Session 2 objective CS-5Revision Previous Session revision CS -5 Block Ciphering CS -5 Revision of DES,Feistel Cipher Structure CS -5 Confusion and Diffusion Theory CS -5 AES and its importance in security CS-5 Efficient implementation of AES using C and C# demo. SUMMARY
  • 3.
    CS -5 BlockCiphering This functionality is similar to block cipher Only difference is key
  • 4.
    CS -5 BlockCiphering This functionality is similar to block cipher Only difference is key
  • 5.
    CS -5 BlockCiphering This functionality is similar to block cipher Only difference is key And must be reversible
  • 6.
    CS -5 BlockCiphering
  • 7.
    CS -5 BlockCiphering Can any function be used as a block cipher ???
  • 8.
    CS -5 BlockCiphering Block Cipher Algorithms: DES (Explanation done in session two ,refer video lecture Module 7) AES RC6
  • 9.
    9 CS -5 FeistelCipher Structure 1. PT=2 halves 2. Apply function to right 3. Function can be anything a logical model 4. For function a separate key will be used 5. O/p from 5 is XORed with left 6. O/P of left and right is swapped 7. Process 1 to 7 is a round 8. Number of rounds Block Cipher Design Principles 1.Block Size (10B PT=10B CT) 2.Key size 3.Sub Keys Count 4.Round Function 5.Plain Text in Two equal Halves
  • 10.
    10 CS -5 Confusionand Diffusion Theory
  • 11.
    11 CS -5 Confusionand Diffusion Theory
  • 12.
    12 CS -5 AESand its importance in security  AES(Applications in commercial market)  Intel and AMD processors include the AES instruction set.  Signal Protocol  Google Allo (optional)  Facebook Messenger (optional)  Signal  TextSecure  WhatsApp  Linux kernel's Crypto API, now exposed to userspace  DataLocker Uses AES 256-bit CBC and XTS mode hardware encryption  BitLocker (part of certain editions of Windows operating systems)  7z ,Amanda Backup,PeaZip,PKZIP,RAR,WinZip,UltraISO  Hadoop
  • 13.
    13 CS -5 AESand its importance in security  AES(Advance Encryption Standard):  Symmetric Key Block cipher (Same key ???)  128 bit data  128 bit key size  56 bit size key was used in DES vulnerable for the brut force attack  Stronger and faster than DES
  • 14.
    14 CS -5 AESand its importance in security Rounds Key 10 128 12 192 14 256
  • 15.
    15 CS -5 AESand its importance in security AES Structure: AES Encryption process:
  • 16.
    16 CS -5 AESand its importance in security  AES(Advance Encryption Standard):  Considering 10 rounds  S1:Input PT=128 bits  S2:Pre round transformation ( a key goes here k0) like DES here also we have key expansion block  S3:Now starts number of rounds (key is added to each round)  It runs up to round n depending upon key size
  • 17.
    17 CS -5 AESand its importance in security  AES(Advance Encryption Standard):  designed by Rijmen-Daemen in Belgium  has 128/192/256 bit keys, 128 bit data  an iterative rather than Feistel cipher  processes data as block of 4 columns of 4 bytes  operates on entire data block in every round  designed to have:  resistance against known attacks  speed and code compactness on many CPUs  design simplicity
  • 18.
    CS -5 AESkey expansion block
  • 19.
    CS -5 AESencryption process  S1:Input PT=128 bits  S2:Pre round transformation ( a key goes here k0) like DES here also we have key expansion block  S3:Now starts number of rounds (key is added to each round)  Sub bytes : its matrix of 4x4 (s-boxes)  Shift rows (Left shift only) & create new matrix for net step  Mix columns : Columns are mixed with some mathematical function  Add round key : Bit streams are now XORed with round key  This process is repeated till last round Row number Shift left 1 0 2 1 3 2 4 3 Decryption process is exact reverse of this
  • 20.
    20 CS-5 Efficient implementationof AES. Sub bytes : Wikipedia reference
  • 21.
    CS -5 AESencryption process S box
  • 22.
    CS -5 AESencryption process  Substitute Bytes  Example
  • 23.
    CS -5 AESencryption process Shift Rows  A circular byte shift in each each  1st row is unchanged  2nd row does 1 byte circular shift to left  3rd row does 2 byte circular shift to left  4th row does 3 byte circular shift to left  Decrypt inverts using shifts to right  Since state is processed by columns, this step permutes bytes between the columns
  • 24.
    CS -5 AESencryption process Shift Rows
  • 25.
    CS -5 AESencryption process Mix Columns  each column is processed separately  each byte is replaced by a value dependent on all 4 bytes in the column  effectively a matrix multiplication in GF(28) using prime poly m(x) =x8+x4+x3+x+1
  • 26.
    CS -5 AESencryption process Mix Columns
  • 27.
    CS -5 AESencryption process AES Arithmetic  uses arithmetic in the finite field GF(28)  with irreducible polynomial  m(x) = x8 + x4 + x3 + x + 1  which is (100011011) or {11b}  e.g.  {02} • {87} mod {11b} = (1 0000 1110) mod {11b}  = (1 0000 1110) xor (1 0001 1011) = (0001 0101)
  • 28.
    CS -5 AESencryption process Add Round Key  XOR state with 128-bits of the round key  again processed by column (though effectively a series of byte operations)  inverse for decryption identical  since XOR own inverse, with reversed keys  designed to be as simple as possible  a form of Vernam cipher on expanded key  requires other stages for complexity / security
  • 29.
    CS -5 AESencryption process Add Round Key
  • 30.
    CS -5 AESencryption process Key Expansion  takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words  start by copying key into first 4 words  then loop creating words that depend on values in previous & 4 places back  in 3 of 4 cases just XOR these together  1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back
  • 31.
    31 CS -5 AESand its importance in security
  • 32.
    32 CS -5 AESand its importance in security  Summary  an iterative rather than Feistel cipher  key expanded into array of 32-bit words  four words form round key in each round  4 different stages are used as shown  has a simple structure  only AddRoundKey uses key  AddRoundKey a form of Vernam cipher  each stage is easily reversible  decryption uses keys in reverse order  decryption does recover plaintext  final round has only 3 stages
  • 33.
    33 CS -5 AESand its importance in security
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.