Professional Documents
Culture Documents
With secret key cryptography, a single key is used for both encryption and
decryption. the sender uses the key (or some set of rules) to encrypt the plaintext
and sends the ciphertext to the receiver. The receiver applies the same key (or
ruleset) to decrypt the message and recover the plaintext. Because a single key is
used for both functions, secret key cryptography is also called symmetric
encryption.
Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size
that uses using a 56-bit key. DES encrypts and decrypts data in 64-bit blocks, using
a 56-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block
of ciphertext. Since it always operates on blocks of equal size and it uses both
permutations and substitutions in the algorithm. DES has 16 rounds, meaning the
main algorithm is repeated 16 times to produce the ciphertext. It has been found
that the number of rounds is exponentially proportional to the amount of time
required to find a key using a brute-force attack. So as the number of rounds
increases, the security of the algorithm increases exponentially.
In 1997, NIST initiated a very public, 4-1/2 year process to develop a new secure
cryptosystem for U.S. government applications. The result, the Advanced Encryption
Standard, became the official successor to DES in December 2001. AES uses an SKC
scheme called Rijndael, a block cipher designed by Belgian cryptographers Joan
Daemen and Vincent Rijmen. The algorithm can use a variable block length and key
length; the latest specification allowed any combination of keys lengths of 128, 192,
or 256 bits and blocks of length 128, 192, or 256 bits. NIST initially selected Rijndael
in October 2000 and formal adoption as the AES standard came in December 2001.
FIPS PUB 197 describes a 128-bit block cipher employing a 128-, 192-, or 256-bit
key
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a
candidate algorithm for the AES. AES stands for Advanced Encryption Standard. AES
is a symmetric key encryption technique which will replace the commonly used
Data Encryption Standard (DES). The Advanced Encryption Standard algorithm
approved by NIST in December 2001 uses 128-bit blocks.
The cipher currently supports key lengths of 128, 192, and 256 bits. Each
encryption key size causes the algorithm to behave slightly differently, so the
increasing key sizes not only offer a larger number of bits with which you can
scramble the data, but also increase the complexity of the cipher algorithm.
Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and
patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available
internationally.
Blowfish
The only known attacks against Blowfish are based on its weak key classes. A
symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit
processors with large data caches, it is significantly faster than DES on a
Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length.
Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in
over 80 products.
CAST
CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST. CAST is
a popular 64-bit block cipher which belongs to the class of encryption algorithms
known as Feistel ciphers.
CAST-128 is a DES-like Substitution-Permutation Network (SPN) cryptosystem. It has
the Feistel structure and utilizes eight fixed S-boxes. CAST-128 supports variable
key lenghts between 40 and 128 bits.
CAST-128 is resistant to both linear and differential cryptanalysis. Currently, there is
no known way of breaking CAST short of brute force. CAST is now the default cipher
in PGP.
Stream ciphers can be extremely fast compared with block ciphers although some
block ciphers working in certain modes (such as DES in CFB or OFB) effectively
operate as stream ciphers. Stream ciphers operate on small groups of bits, typically
applying bitwise XOR operations to them using as a key a sequence of bits, known
as a keystream. Some stream ciphers are based on what is termed a Linear
Feedback Shift Register (LFSR), a mechanism for generating a sequence of binary
bits.
Types of stream ciphers
In a synchronous stream cipher, the sender and receiver must be exactly in step for
decryption to be successful. If digits are added or removed from the message
during transmission, synchronisation is lost. To restore synchronisation, various
offsets can be tried systematically to obtain the correct decryption. Another
approach is to tag the ciphertext with markers at regular points in the output.
If, however, a digit is corrupted in transmission, rather than added or lost, only a
single digit in the plaintext is affected and the error does not propagate to other
parts of the message. This property is useful when the transmission error rate is
high; however, it makes it less likely the error would be detected without further
mechanisms. Moreover, because of this property, synchronous stream ciphers are
very susceptible to active attacks — if an attacker can change a digit in the
ciphertext, he might be able to make predictable changes to the corresponding
plaintext bit; for example, flipping a bit in the ciphertext causes the same bit to be
flipped in the plaintext
Another approach uses several of the previous N ciphertext digits to compute the
keystream. Such schemes are known as self-synchronizing stream ciphers,
asynchronous stream ciphers or ciphertext autokey (CTAK). The idea of self-
synchronization was patented in 1946, and has the advantage that the receiver will
automatically synchronise with the keystream generator after receiving N
ciphertext digits, making it easier to recover if digits are dropped or added to the
message stream. Single-digit errors are limited in their effect, affecting only up to N
plaintext digits.
Linear feedback shift registers (LFSRs) are popular components in stream ciphers as
they can be implemented cheaply in hardware, and their properties are well-
understood.
Binary stream ciphers are often constructed using linear feedback shift registers
(LFSRs) because they can be easily implemented in hardware and can be readily
analysed mathematically. The use of LFSRs on their own, however, is insufficient to
provide good security. Various schemes have been proposed to increase the
security of LFSRs.
Block ciphers
Block ciphers convert a fixed-length block of plain text into cipher text of the same
length, which is under the control of the secret key. Decryption is effected using the
reverse transformation and the same key. For many current block ciphers the block
size is 64 bits, but this is likely to increase.
Plain text messages are typically much longer than the particular block size and
different techniques, or modes of operation, that are used. Examples of such modes
are electronic codebook (ECB), cipher block chaining (CBC) or cipher feedback
(CFB). ECB simply encrypts each block of plain text, one after another, using the
same key; in CBC mode, each plain text block is XORed with the previous cipher
text block before being encrypted, thus adding a level of complexity that can make
certain attacks harder to mount. Output FeedBack mode (OFB) resembles CBC
mode although the quantity that's XORed is generated independently. CBC is widely
used, for example in DES (qv) implementations, and these various modes are
discussed in depth in appropriate books on technical aspects of cryptography. Note
that a common vulnerability of roll-your-own cryptosystems is to use some
published algorithm in a simple form rather than in a particular mode that gives
additional protection.
Iterated block ciphers are those where the process of encryption has several
rounds, thus improving security. In each round, an appropriate transformation may
be applied using a subkey derived from the original secret key that uses a special
function. Inevitably, this additional computing requirement has an impact on the
speed at which encryption can be managed, therefore there is a balance between
security needs and speed of execution. Nothing is free and in cryptography; as
elsewhere, part of the skill in applying appropriate methods is derived from
understanding the tradeoffs that need to be made and how these relate to the
balance of requirements.
Block ciphers include DES, IDEA, SAFER, Blowfish, and Skipjack -- this last being the
algorithm used in the US National Security Agency (NSA) Clipper chip.
The cipher feedback (CFB) mode, a close relative of CBC, makes a block cipher
into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB
decryption is almost identical to CBC encryption performed in reverse:
In notation, where Si is the ith state of the shift register, a << x is a shifted up x
bits, head(a, x) is the x highest bits of a and n is number of bits of IV:
If x bits are lost from the ciphertext, the cipher will output incorrect plaintext until
the shift register once again equals a state it held while encrypting, at which point
the cipher has resynchronized. This will result in at most one blocksize of output
being garbled.
CFB shares two advantages over CBC mode with the stream cipher modes OFB and
CTR: the block cipher is only ever used in the encrypting direction, and the message
does not need to be padded to a multiple of the cipher block size (though ciphertext
stealing can also be used to make padding unnecessary).
The output feedback (OFB) mode makes a block cipher into a synchronous stream
cipher. It generates keystream blocks, which are then XORed with the plaintext
blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the
ciphertext produces a flipped bit in the plaintext at the same location. This property
allows many error correcting codes to function normally even when applied before
encryption.
Because of the symmetry of the XOR operation, encryption and decryption are
exactly the same:
Each output feedback block cipher operation depends on all previous ones, and so
cannot be performed in parallel. However, because the plaintext or ciphertext is
only used for the final XOR, the block cipher operations may be performed in
advance, allowing the final step to be performed in parallel once the plaintext or
ciphertext is available.
It is possible to obtain an OFB mode keystream by using CBC mode with a constant
string of zeroes as input. This can be useful, because it allows the usage of fast
hardware implementations of CBC mode for OFB mode encryption.
Using OFB mode with a partial block as feedback like CFB mode reduces the
average cycle length by a factor of 232 or more. A mathematical model proposed by
Davies and Parkin and substantiated by experimental results showed that only with
full feedback an average cycle length near to the obtainable maximum can be
achieved. For this reason, support for truncated feedback was removed from the
specification of OFB.
Counter (CTR)
counter mode turns a block cipher into a stream cipher. It generates the next
keystream block by encrypting successive values of a "counter". The counter can be
any function which produces a sequence which is guaranteed not to repeat for a
long time, although an actual counter is the simplest and most popular. The usage
of a simple deterministic input function used to be controversial; critics argued that
"deliberately exposing a cryptosystem to a known systematic input represents an
unnecessary risk. By now, CTR mode is widely accepted, and problems resulting
from the input function are recognized as a weakness of the underlying block cipher
instead of the CTR mode. Nevertheless, there are specialized attacks like a
Hardware Fault Attack that is based on the usage of a simple counter function as
input.CTR mode has similar characteristics to OFB, but also allows a random access
property during decryption. CTR mode is well suited to operation on a multi-
processor machine where blocks can be encrypted in parallel.
Note that the nonce in this graph is the same thing as the initialization vector (IV) in
the other graphs. The IV/nonce and the counter can be concatenated, added, or
XORed together to produce the actual unique counter block for encryption.
Q.3 Explain the principle of security? What is attack and
what kind of attaks?
For over twenty years, information security has held confidentiality, integrity and
availability (known as the CIA triad) to be the core principles of information security.
There is continuous debate about extending this classic trio. Other principles such
as Accountability have sometimes been proposed for addition - it has been pointed
out that issues such as Non-Repudiation do not fit well within the three core
concepts, and as regulation of computer systems has increased (particularly
amongst the Western nations) Legality is becoming a key consideration for practical
security installations.
In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he
called the six atomic elements of information. The elements are confidentiality,
possession, integrity, authenticity, availability, and utility. The merits of the
Parkerian hexad are a subject of debate amongst security professionals.
Confidentiality
Breaches of confidentiality take many forms. Permitting someone to look over your
shoulder at your computer screen while you have confidential data displayed on it
could be a breach of confidentiality. If a laptop computer containing sensitive
information about a company's employees is stolen or sold, it could result in a
breach of confidentiality. Giving out confidential information over the telephone is a
breach of confidentiality if the caller is not authorized to have the information.
Confidentiality is necessary (but not sufficient) for maintaining the privacy of the
people whose personal information a system holds.
Integrity
There are many ways in which integrity could be violated without malicious intent.
In the simplest case, a user on a system could mis-type someone's address. On a
larger scale, if an automated process is not written and tested correctly, bulk
updates to a database could alter data in an incorrect way, leaving the integrity of
the data compromised. Information security professionals are tasked with finding
ways to implement controls that prevent errors of integrity.
Availability
For any information system to serve its purpose, the information must be available
when it is needed. This means that the computing systems used to store and
process the information, the security controls used to protect it, and the
communication channels used to access it must be functioning correctly. High
availability systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.
Ensuring availability also involves preventing denial-of-service attacks.
Authenticity
Cryptographic attacks
Types of attacks
A useful means of classifying security attacks, used both in X.800 and RFC 2828, is
in terms of passive attacks and active attacks. A passive attack attempts to learn or
make use of information from the system but does not affect system resources. An
active attack attempts to alter system resources or affect their operation.
Passive Attacks
Passive Attacks
Passive attacks are very difficult to detect because they do not involve any
alteration of the data. Typically, the message traffic is sent and received in an
apparently normal fashion and neither the sender nor receiver is aware that a third
party has read the messages or observed the traffic pattern. However, it is feasible
to prevent the success of these attacks, usually by means of encryption. Thus, the
emphasis in dealing with passive attacks is on prevention rather than detection.
Active Attacks
Active attacks involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories: masquerade, replay,
modification of messages, and denial of service.
Active Attacks
Ans. . AES
Developed by : Joan Daemen, Vincent Rijmen (Banksys/Katholieke Universiteit
Leuven, Belgium)
RC6
Blocksize: 16
Depth: Defines the encryption-deep. For AES a depth of 3 was defined, this
corresponds to 20 encryption rounds. The depth can be adjusted continuously from
3 to 64.
Blowfish
Blocksize: 8 Byte