Q.

1 Give a detail Compative study of all five models of

symmetric key algorithm?

Ans. Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and
decryption. the sender uses the key (or some set of rules) to encrypt the plaintext
and sends the ciphertext to the receiver. The receiver applies the same key (or
ruleset) to decrypt the message and recover the plaintext. Because a single key is
used for both functions, secret key cryptography is also called symmetric
encryption.

Secret key cryptography algorithms

Data Encryption Standard (DES)

Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size
that uses using a 56-bit key. DES encrypts and decrypts data in 64-bit blocks, using
a 56-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block
of ciphertext. Since it always operates on blocks of equal size and it uses both
permutations and substitutions in the algorithm. DES has 16 rounds, meaning the
main algorithm is repeated 16 times to produce the ciphertext. It has been found
that the number of rounds is exponentially proportional to the amount of time
required to find a key using a brute-force attack. So as the number of rounds
increases, the security of the algorithm increases exponentially.

• Two important variants that strengthen DES are:

o Triple-DES (3DES): A variant of DES that employs up to three 56-bit
keys and makes three encryption/decryption passes over the block;
3DES is also described in FIPS 46-3 and is the recommended
replacement to DES.
o DESX: A variant devised by Ron Rivest. By combining 64 additional
key bits to the plaintext prior to encryption, effectively increases the
keylength to 120 bits.

Advanced Encryption Standard (AES)

In 1997, NIST initiated a very public, 4-1/2 year process to develop a new secure
cryptosystem for U.S. government applications. The result, the Advanced Encryption
Standard, became the official successor to DES in December 2001. AES uses an SKC
scheme called Rijndael, a block cipher designed by Belgian cryptographers Joan
Daemen and Vincent Rijmen. The algorithm can use a variable block length and key
length; the latest specification allowed any combination of keys lengths of 128, 192,
or 256 bits and blocks of length 128, 192, or 256 bits. NIST initially selected Rijndael
in October 2000 and formal adoption as the AES standard came in December 2001.
FIPS PUB 197 describes a 128-bit block cipher employing a 128-, 192-, or 256-bit
key
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a
candidate algorithm for the AES. AES stands for Advanced Encryption Standard. AES
is a symmetric key encryption technique which will replace the commonly used
Data Encryption Standard (DES). The Advanced Encryption Standard algorithm
approved by NIST in December 2001 uses 128-bit blocks.
The cipher currently supports key lengths of 128, 192, and 256 bits. Each
encryption key size causes the algorithm to behave slightly differently, so the
increasing key sizes not only offer a larger number of bits with which you can
scramble the data, but also increase the complexity of the cipher algorithm.

International Data Encryption Algorithm (IDEA):

Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and
patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available
internationally.

IDEA stands for International Data Encryption Algorithm. IDEA is a symmetric

encryption algorithm that was developed by Dr. X. Lai and Prof. J. Massey to replace
the DES standard. Unlike DES though it uses a 128 bit key. This key length makes it
impossible to break by simply trying every key. It has been one of the best publicly
known algorithms for some time. It has been around now for several years, and no
practical attacks on it have been published despite of numerous attempts to
analyze it. IDEA is resistant to both linear and differential analysis.

Blowfish

Blowfish is a symmetric encryption algorithm designed in 1993 by Bruce Schneier

as an alternative to existing encryption algorithm. Blowfish has a 64-bit block size
and a variable key length - from 32 bits to 448 bits. It is a 16-round Feistel cipher
and uses large key-dependent S-boxes. While doing key scheduling, it generates
large pseudo-random lookup tables by doing several encryptions. The tables
depend on the user supplied key in a very complex way. This approach has been
proven to be highly resistant against many attacks such as differential and linear
cryptanalysis. Unfortunately, this also means that it is not the algorithm of choice
for environments where a large memory space is not available. Blowfish was
designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption
algorithms. Since then it has been analyzed considerably, and it is slowly gaining
acceptance as a strong encryption algorithm. Blowfish is unpatented and license-
free, and is available free for all uses.

The only known attacks against Blowfish are based on its weak key classes. A
symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit
processors with large data caches, it is significantly faster than DES on a
Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length.
Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in
over 80 products.
CAST

CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST. CAST is
a popular 64-bit block cipher which belongs to the class of encryption algorithms
known as Feistel ciphers.
CAST-128 is a DES-like Substitution-Permutation Network (SPN) cryptosystem. It has
the Feistel structure and utilizes eight fixed S-boxes. CAST-128 supports variable
key lenghts between 40 and 128 bits.
CAST-128 is resistant to both linear and differential cryptanalysis. Currently, there is
no known way of breaking CAST short of brute force. CAST is now the default cipher
in PGP.

Q.2 Explain three each types of stream cipher and block

cipher models?

Ans. Stream ciphers

In cryptography, a stream cipher is a symmetric key cipher where plaintext bits

are combined with a pseudorandom cipher bit stream (keystream), typically by an
exclusive-or (xor) operation. In a stream cipher the plaintext digits are encrypted
one at a time, and the transformation of successive digits varies during the
encryption. An alternative name is a state cipher, as the encryption of each digit is
dependent on the current state. In practice, the digits are typically single bits or
bytes.

Stream ciphers represent a different approach to symmetric encryption from block

ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying
transformation. This distinction is not always clear-cut: in some modes of operation,
a block cipher primitive is used in such a way that it acts effectively as a stream
cipher. Stream ciphers typically execute at a higher speed than block ciphers and
have lower hardware complexity.

Stream ciphers can be extremely fast compared with block ciphers although some
block ciphers working in certain modes (such as DES in CFB or OFB) effectively
operate as stream ciphers. Stream ciphers operate on small groups of bits, typically
applying bitwise XOR operations to them using as a key a sequence of bits, known
as a keystream. Some stream ciphers are based on what is termed a Linear
Feedback Shift Register (LFSR), a mechanism for generating a sequence of binary
bits.
Types of stream ciphers

A stream cipher generates successive elements of the keystream based on an

internal state. This state is updated in essentially two ways: if the state changes
independently of the plaintext or ciphertext messages, the cipher is classified as a
synchronous stream cipher. By contrast, self-synchronising stream ciphers update
their state based on previous ciphertext digits.

Synchronous stream ciphers

In a synchronous stream cipher a stream of pseudo-random digits is generated

independently of the plaintext and ciphertext messages, and then combined with
the plaintext (to encrypt) or the ciphertext (to decrypt). In the most common form,
binary digits are used (bits), and the keystream is combined with the plaintext using
the exclusive or operation (XOR). This is termed a binary additive stream cipher.

In a synchronous stream cipher, the sender and receiver must be exactly in step for
decryption to be successful. If digits are added or removed from the message
during transmission, synchronisation is lost. To restore synchronisation, various
offsets can be tried systematically to obtain the correct decryption. Another
approach is to tag the ciphertext with markers at regular points in the output.

If, however, a digit is corrupted in transmission, rather than added or lost, only a
single digit in the plaintext is affected and the error does not propagate to other
parts of the message. This property is useful when the transmission error rate is
high; however, it makes it less likely the error would be detected without further
mechanisms. Moreover, because of this property, synchronous stream ciphers are
very susceptible to active attacks — if an attacker can change a digit in the
ciphertext, he might be able to make predictable changes to the corresponding
plaintext bit; for example, flipping a bit in the ciphertext causes the same bit to be
flipped in the plaintext

Self-synchronizing stream ciphers

Another approach uses several of the previous N ciphertext digits to compute the
keystream. Such schemes are known as self-synchronizing stream ciphers,
asynchronous stream ciphers or ciphertext autokey (CTAK). The idea of self-
synchronization was patented in 1946, and has the advantage that the receiver will
automatically synchronise with the keystream generator after receiving N
ciphertext digits, making it easier to recover if digits are dropped or added to the
message stream. Single-digit errors are limited in their effect, affecting only up to N
plaintext digits.

An example of a self-synchronising stream cipher is a block cipher in cipher

feedback (CFB) mode.
Linear feedback shift register-based stream ciphers

Linear feedback shift registers (LFSRs) are popular components in stream ciphers as
they can be implemented cheaply in hardware, and their properties are well-
understood.

Binary stream ciphers are often constructed using linear feedback shift registers
(LFSRs) because they can be easily implemented in hardware and can be readily
analysed mathematically. The use of LFSRs on their own, however, is insufficient to
provide good security. Various schemes have been proposed to increase the
security of LFSRs.

Block ciphers

Block ciphers convert a fixed-length block of plain text into cipher text of the same
length, which is under the control of the secret key. Decryption is effected using the
reverse transformation and the same key. For many current block ciphers the block
size is 64 bits, but this is likely to increase.

Plain text messages are typically much longer than the particular block size and
different techniques, or modes of operation, that are used. Examples of such modes
are electronic codebook (ECB), cipher block chaining (CBC) or cipher feedback
(CFB). ECB simply encrypts each block of plain text, one after another, using the
same key; in CBC mode, each plain text block is XORed with the previous cipher
text block before being encrypted, thus adding a level of complexity that can make
certain attacks harder to mount. Output FeedBack mode (OFB) resembles CBC
mode although the quantity that's XORed is generated independently. CBC is widely
used, for example in DES (qv) implementations, and these various modes are
discussed in depth in appropriate books on technical aspects of cryptography. Note
that a common vulnerability of roll-your-own cryptosystems is to use some
published algorithm in a simple form rather than in a particular mode that gives
additional protection.

Iterated block ciphers are those where the process of encryption has several
rounds, thus improving security. In each round, an appropriate transformation may
be applied using a subkey derived from the original secret key that uses a special
function. Inevitably, this additional computing requirement has an impact on the
speed at which encryption can be managed, therefore there is a balance between
security needs and speed of execution. Nothing is free and in cryptography; as
elsewhere, part of the skill in applying appropriate methods is derived from
understanding the tradeoffs that need to be made and how these relate to the
balance of requirements.

Block ciphers include DES, IDEA, SAFER, Blowfish, and Skipjack -- this last being the
algorithm used in the US National Security Agency (NSA) Clipper chip.

Cipher feedback (CFB)

The cipher feedback (CFB) mode, a close relative of CBC, makes a block cipher
into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB
decryption is almost identical to CBC encryption performed in reverse:
In notation, where Si is the ith state of the shift register, a << x is a shifted up x
bits, head(a, x) is the x highest bits of a and n is number of bits of IV:

If x bits are lost from the ciphertext, the cipher will output incorrect plaintext until
the shift register once again equals a state it held while encrypting, at which point
the cipher has resynchronized. This will result in at most one blocksize of output
being garbled.

CFB shares two advantages over CBC mode with the stream cipher modes OFB and
CTR: the block cipher is only ever used in the encrypting direction, and the message
does not need to be padded to a multiple of the cipher block size (though ciphertext
stealing can also be used to make padding unnecessary).

Output feedback (OFB)

The output feedback (OFB) mode makes a block cipher into a synchronous stream
cipher. It generates keystream blocks, which are then XORed with the plaintext
blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the
ciphertext produces a flipped bit in the plaintext at the same location. This property
allows many error correcting codes to function normally even when applied before
encryption.

Because of the symmetry of the XOR operation, encryption and decryption are
exactly the same:
Each output feedback block cipher operation depends on all previous ones, and so
cannot be performed in parallel. However, because the plaintext or ciphertext is
only used for the final XOR, the block cipher operations may be performed in
advance, allowing the final step to be performed in parallel once the plaintext or
ciphertext is available.
It is possible to obtain an OFB mode keystream by using CBC mode with a constant
string of zeroes as input. This can be useful, because it allows the usage of fast
hardware implementations of CBC mode for OFB mode encryption.

Using OFB mode with a partial block as feedback like CFB mode reduces the
average cycle length by a factor of 232 or more. A mathematical model proposed by
Davies and Parkin and substantiated by experimental results showed that only with
full feedback an average cycle length near to the obtainable maximum can be
achieved. For this reason, support for truncated feedback was removed from the
specification of OFB.

Counter (CTR)

counter mode turns a block cipher into a stream cipher. It generates the next
keystream block by encrypting successive values of a "counter". The counter can be
any function which produces a sequence which is guaranteed not to repeat for a
long time, although an actual counter is the simplest and most popular. The usage
of a simple deterministic input function used to be controversial; critics argued that
"deliberately exposing a cryptosystem to a known systematic input represents an
unnecessary risk. By now, CTR mode is widely accepted, and problems resulting
from the input function are recognized as a weakness of the underlying block cipher
instead of the CTR mode. Nevertheless, there are specialized attacks like a
Hardware Fault Attack that is based on the usage of a simple counter function as
input.CTR mode has similar characteristics to OFB, but also allows a random access
property during decryption. CTR mode is well suited to operation on a multi-
processor machine where blocks can be encrypted in parallel.

Note that the nonce in this graph is the same thing as the initialization vector (IV) in
the other graphs. The IV/nonce and the counter can be concatenated, added, or
XORed together to produce the actual unique counter block for encryption.
Q.3 Explain the principle of security? What is attack and
what kind of attaks?

Ans. Security principles

For over twenty years, information security has held confidentiality, integrity and
availability (known as the CIA triad) to be the core principles of information security.

There is continuous debate about extending this classic trio. Other principles such
as Accountability have sometimes been proposed for addition - it has been pointed
out that issues such as Non-Repudiation do not fit well within the three core
concepts, and as regulation of computer systems has increased (particularly
amongst the Western nations) Legality is becoming a key consideration for practical
security installations.

In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he
called the six atomic elements of information. The elements are confidentiality,
possession, integrity, authenticity, availability, and utility. The merits of the
Parkerian hexad are a subject of debate amongst security professionals.

Confidentiality

Confidentiality is the term used to prevent the disclosure of information to

unauthorized individuals or systems. For example, a credit card transaction on the
Internet requires the credit card number to be transmitted from the buyer to the
merchant and from the merchant to a transaction processing network. The system
attempts to enforce confidentiality by encrypting the card number during
transmission, by limiting the places where it might appear (in databases, log files,
backups, printed receipts, and so on), and by restricting access to the places where
it is stored. If an unauthorized party obtains the card number in any way, a breach
of confidentiality has occurred.

Breaches of confidentiality take many forms. Permitting someone to look over your
shoulder at your computer screen while you have confidential data displayed on it
could be a breach of confidentiality. If a laptop computer containing sensitive
information about a company's employees is stolen or sold, it could result in a
breach of confidentiality. Giving out confidential information over the telephone is a
breach of confidentiality if the caller is not authorized to have the information.

Confidentiality is necessary (but not sufficient) for maintaining the privacy of the
people whose personal information a system holds.

Integrity

In information security, integrity means that data cannot be modified without

authorization. This is not the same thing as referential integrity in databases.
Integrity is violated when an employee accidentally or with malicious intent deletes
important data files, when a computer virus infects a computer, when an employee
is able to modify his own salary in a payroll database, when an unauthorized user
vandalizes a web site, when someone is able to cast a very large number of votes in
an online poll, and so on.

There are many ways in which integrity could be violated without malicious intent.
In the simplest case, a user on a system could mis-type someone's address. On a
larger scale, if an automated process is not written and tested correctly, bulk
updates to a database could alter data in an incorrect way, leaving the integrity of
the data compromised. Information security professionals are tasked with finding
ways to implement controls that prevent errors of integrity.

Availability

For any information system to serve its purpose, the information must be available
when it is needed. This means that the computing systems used to store and
process the information, the security controls used to protect it, and the
communication channels used to access it must be functioning correctly. High
availability systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.
Ensuring availability also involves preventing denial-of-service attacks.

Authenticity

In computing, e-Business and information security it is necessary to ensure that the

data, transactions, communications or documents (electronic or physical) are
genuine. It is also important for authenticity to validate that both parties involved
are who they claim they are.
Non-repudiation

In law, non-repudiation implies one's intention to fulfill their obligations to a

contract. It also implies that one party of a transaction cannot deny having received
a transaction nor can the other party deny having sent a transaction.

Cryptographic attacks

A cryptographic attack is a method for circumventing the security of a

cryptographic system by finding a weakness in a code, cipher,
cryptographic protocol or key management scheme. This process is also
called "cryptanalysis".

Types of attacks

A useful means of classifying security attacks, used both in X.800 and RFC 2828, is
in terms of passive attacks and active attacks. A passive attack attempts to learn or
make use of information from the system but does not affect system resources. An
active attack attempts to alter system resources or affect their operation.

Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of,

transmissions. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are release of message contents and
traffic analysis.

The release of message contents is easily understood. A telephone conversation, an

electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of
these transmissions.

Passive Attacks

(This item is displayed on page 14 in the print version)

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a
way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information
from the message. The common technique for masking contents is encryption. If we
had encryption protection in place, an opponent might still be able to observe the
pattern of these messages. The opponent could determine the location and identity
of communicating hosts and could observe the frequency and length of messages
being exchanged. This information might be useful in guessing the nature of the
communication that was taking place.

Passive attacks are very difficult to detect because they do not involve any
alteration of the data. Typically, the message traffic is sent and received in an
apparently normal fashion and neither the sender nor receiver is aware that a third
party has read the messages or observed the traffic pattern. However, it is feasible
to prevent the success of these attacks, usually by means of encryption. Thus, the
emphasis in dealing with passive attacks is on prevention rather than detection.

Active Attacks

Active attacks involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories: masquerade, replay,
modification of messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity. A

masquerade attack usually includes one of the other forms of active attack. For
example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with
few privileges to obtain extra privileges by impersonating an entity that has those
privileges.

Active Attacks

(This item is displayed on pages 15 - 16 in the print version)

Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect

Modification of messages simply means that some portion of a legitimate message

is altered, or that messages are delayed or reordered, to produce an unauthorized
effect (Figure 1.4c). For example, a message meaning "Allow John Smith to read
confidential file accounts" is modified to mean "Allow Fred Brown to read
confidential file accounts."

The denial of service prevents or inhibits the normal use or management of

communications facilities. This attack may have a specific target; for example, an
entity may suppress all messages directed to a particular destination (e.g., the
security audit service). Another form of service denial is the disruption of an entire
network, either by disabling the network or by overloading it with messages so as to
degrade performance.

Active attacks present the opposite characteristics of passive attacks. Whereas

passive attacks are difficult to detect, measures are available to prevent their
success. On the other hand, it is quite difficult to prevent active attacks absolutely,
because of the wide variety of potential physical, software, and network
vulnerabilities. Instead, the goal is to detect active attacks and to recover from any
disruption or delays caused by them. If the detection has a deterrent effect, it may
also contribute to prevention.

Q. Comparison between the DES, IDEA, BLOWFISH, RC5

,AES?

Ans. . AES
Developed by : Joan Daemen, Vincent Rijmen (Banksys/Katholieke Universiteit
Leuven, Belgium)

Description: For AES Rijndael is defined as a 10 to 14 rounds iterative cipher. The

round transformation in Rijndael does not have the Feistel structure. Instead of this
the round transformation consists of three unambiguously invertible
transformations (Layer of linear mixes, non-linear layer and the key addition layer).
This is supposed to increase the resistance to linear and differential cryptoanalysis.
Every round uses four functions:An initial and a final addition of the key is applied.
Rijndael was developed from the SQUARE cipher.

Cipher Mode: ECB,CBC,CFB,OFB,CTR,CCM,OCB,COA

Blocksize: 16, 24 und 32 Byte

KeySize: 16, 24, 32 Byte (corresponds to 128 to 256 Bit)*

RC6

Developed by : Ron Rivest, Robshaw, Sidney, Yin (RSA Labs/MIT, USA)

Description: For AES RC6 was defined as a 20-rounds (encryption Depth 3)

iterative Cipher. It was developed from RC5 (and fully parameterized). RC6 uses six
basic 32-bit operations to mix the data in every round. These operations are
addition, subtraction, bitwise XOR, integer multiplications as well as left and right
rotations of 32 bit words.

Cipher Mode: ECB,CBC,CFB,OFB,CTR,CCM,OCB,COA

Blocksize: 16

KeySize: 16, 24, 32 Byte (corresponds to 128 to 256 Bit)*

Depth: Defines the encryption-deep. For AES a depth of 3 was defined, this
corresponds to 20 encryption rounds. The depth can be adjusted continuously from
3 to 64.

Blowfish

Developed by : B. Schneier, 1994

Description: Blowfish is a 64 bit block, 16 rounds Feistel Blockcipher with a

variable key length. It is optimized for data encryption which needs no key change,
since the key change operation is slow. Blowfish uses four very large 8* 32 bit key-
dependend lookup tables for the data substitution. Every round consists of a key-
dependent permutation and a key and data-dependent substitution. The output
function uses additions and XOR operations. Blowfish uses a great number of
subkeys (4168 bytes)
Particular keys can lead in Blowfish to the generation of weak S-Boxes, which can
lead to attacks in a reduced round version. However, this attack is completely
inefficient in the defined 16 rounds version. Through that no successful attacks are
known on Blowfish up to now .

Cipher Mode: ECB,CBC,CFB,OFB,CTR,CCM

Blocksize: 8 Byte

KeySize: Actual Password length until a maximum of 448 Bit.

- Relative Strength Comparisons of Algorithms
-
Type Security Implementati Speed
Level* on

Idea Military 128 bit Shared Fast

Grade Secret

Blowfis Military 256 to 448 bit Fastest

h Grade Shared Secret

DES Low 40 to 56 bit Fast

Shared Secret