ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD ◆ AES is a block cipher intended to replace DES for commercial applications. It uses a 128-bit block size and a key size of 128, 192, or 256 bits. ◆ AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic operations over a finite field, and XOR with a key. ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
General Structure
AES Data Structures
AES Encryption AES Decryption
Four different stages are used, one of permutation and three of substitution: • Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block • ShiftRows: A simple permutation • MixColumns: A substitution that makes use of arithmetic over • AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key
1. Substitute bytes transformation
2. Shift Rows transformation 3. Mix Column Transformation
Multiple Encryption and Triple DES Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption algorithm. This ciphertext is then used as input and the algorithm is applied again. This process may be repeated through any number of stages. Double DES Triple DES with Two Keys Triple DES with Three Keys
Double DES Triple encryption Encryption Encryption Decryption
Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cipher Feedback Mode Output Feedback Mode Counter Mode
Electronic Code Book
2. Cipher Block Chaining Mode
3. Cipher Feedback Mode
4. Output Feedback Mode
5. Counter Mode
RC4 RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. RC4 cipher is officially named "Rivest Cipher 4", it is also known as "Ron's Code 4" It is a variable key size stream cipher with byte-oriented operations. The RC4 algorithm generates a pseudo-random keystream that is then used to generate the ciphertext (by XORing it with the plaintext). A variable- length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S, with elements . At all times, contains a permutation of all 8-bit numbers from 0 through 255. For encryption and decryption, a byte is generated from S by selecting one of the 255 entries in a systematic fashion. As each value of is generated, the entries in S are once again permuted.
Initialization of S /* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen];
Initial Permutation of S j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]);
Stream Generation /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t];
Encryption and decryption
PUBLIC-KEY CRYPTOGRAPHY AND RSA Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys—one a public key and one a private key. It is also known as public-key encryption. Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an encryption algorithm. Using the paired key and a decryption algorithm, the plaintext is recovered from the ciphertext. Asymmetric encryption can be used for confidentiality, authentication, or both. The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on the difficulty of finding the prime factors of a composite number.
THE RSA ALGORITHM
Traffic Confidentiality Security from traffic analysis attack Knowledge about the number and length of messages between nodes may enable an opponent to determine who is talking to whom Types of information derivable from traffic analysis Identities of communicating partners Frequency of communication Message patterns, e.g., length, quantity, (encrypted) content Correlation between messages and real world events Can (sometimes) be defeated through traffic padding
Countermeasure to Traffic Analysis Link encryption approach Link encryption hides address information Traffic padding is very effective End-to-End encryption approach Leaves addresses in the clear Measures available to the defender are more limited Pad out data units to a uniform length at either the transport or application level Null message can be inserted randomly into the stream