1. Data Security
B. R. Chandavarkar Asst. Prof., CSE Dept., NITK, Surathkal. brc.nitk.ac.in

2. Contents Data Security Introduction Classification1
Contents
Data Security
Introduction 2 3 4
Classification
Substitution Techniques
Transposition Techniques 9 12
Asymmetric Crypto System
SSL/TLS 5 10 13
Symmetric Crypto System
RSA
OpenSSL 6 7 14
Data Encryption Standard (DES)
Advanced DES
LINUX
Implementation 8 11
Advanced Encryption Standard (AES)
MATLAB Implementation

3. Introduction
Data is the raw form of information stored as columns and rows in our databases, network servers and personal computers. This may be a wide range of information from personal files and intellectual property to market analytics and details intended to top secret. Data could be anything of interest that can be read or otherwise interpreted in human form.
Data security is the practice of keeping data protected from corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data. -
Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption. Data security is the main priority for organizations of every size and genre. Data security is also known as information security (IS) or computer security. –

4. Plaintext - An original message. Ciphertext - Coded message.
Terminologies
Plaintext - An original message.
Ciphertext - Coded message.
Enciphering (Encryption) - The process of converting from plaintext to ciphertext.
Deciphering (Decryption) - Restoring the plaintext from the ciphertext.
Cryptography - The many schemes used for encryption constitute the area of study known as cryptography.
Cryptographic system (Cipher) - Such a scheme is known as a cryptographic system or a cipher.
Cryptanalysis (Breaking the Code) - Techniques used for deciphering a message without any knowledge of the enciphering details.
Cryptology - The areas of cryptography and cryptanalysis together are called cryptology.
Back

5. Characteristic of Cryptographic Systems
1. The type of operations used for transforming plaintext to ciphertext.
All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext is mapped into another element, and transposition, in which elements in the plaintext are rearranged. Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.
2. The number of keys used.
If both sender and receiver use the same key, the system is referred to as symmetric (single-key, secret-key, or conventional encryption).
If the sender and receiver use different keys, the system is referred to as asymmetric (two-key, or public-key encryption).
3. The way in which the plaintext is processed.
A block cipher processes the input one block of elements at a time, producing an output block for each input block.
A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.
Back

6. Substitution Techniques
Caesar Cipher
Encryption: C = E(k, p) = (p + k) mod 26
Decryption: p = D(k, C) = (C - k) mod 26
Monoalphabetic Cipher
Uses permutation of plain text characters
Playfair Cipher
Uses 5 X 5 matrix of keys
Hill Cipher
Uses linear equations
Polyalphabetic Ciphers
Vigenère Cipher
Encryption: Ci = (Pi + Ki mod m) mod 26, Decryption: Pi = (Ci - Ki mod m) mod 26
Vernam Cipher
Encryption / Decryption: X-OR of Pi and Ki
One-Time Pad

7. 1. Caesar Cipher
Plaintext
h (7)
e (4)
l (11)
o (14)
g (6)
d (3)
Key 3
Ciphertext k h o p m r j
2. Monoalphabetic Cipher
(a) Key A B C D E F G H I J K L M N O P R T W X S Y
(b) Example
Plaintext H E L O G D
Ciphertext E X S N D W

8. (a) Key M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z
3. Playfair Cipher
(b) Example
Plaintext S E C U R I T Y D
Ciphertext L
I / J E M A K Q D C H
4. Hill Cipher 4 9 15 17 6 24
(a) Key 17 5 21 18 2 19
(b) Inverse Key
(c) Example
Plaintext
p (15)
a (0)
y (24)
m (12)
o (14)
r (17)
e (4)
Ciphertext r l m w b k a s

9. 5. Polyalphabetic Cipher – Vigenere Cipher
Plaintext
h (7)
e (4)
l (11)
o (14)
g (6)
d (3)
Key
a (0)
t (19)
Ciphertext k e l r g h o
5. Polyalphabetic Cipher – Vernam Cipher
Plaintext 1
Key Stream
Ciphertext 1
6. One-Time Pad
Plaintext H E L O G D
Key S C U R I T Y
Ciphertext ?
Back

10. Symmetric (Private) Key Encryption
User A (Sender)
User B (Receiver)
Secrete Key
Secrete Key
Plain Text
Encryption
Cipher Text
Cipher Text
Decryption
Plain Text
Back

11. Data Encryption Standard (DES)

12. History
In the late 1960s, IBM set up a research project in computer cryptography led by Horst Feistel. The project concluded in 1971 with the development of an algorithm with the designation LUCIFER, which was sold to Lloyd's of London for use in a cash-dispensing system, also developed by IBM.
LUCIFER is a Feistel block cipher that operates on blocks of 64 bits, using a key size of 128 bits.
Because of the promising results produced by the LUCIFER project, IBM embarked on an effort to develop a marketable commercial encryption product that ideally could be implemented on a single chip. The effort was headed by Walter Tuchman and Carl Meyer, and it involved not only IBM researchers but also outside consultants and technical advice from NSA.

13. The outcome of this effort was a refined version of LUCIFER that was more resistant to cryptanalysis but that had a reduced key size of 56 bits, to fit on a single chip.
The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards (NBS), now the National Institute of Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA).
DES Characteristics:
Plaintext and Ciphertext – 64-bit block
Key – 56-bit
Product cipher with 16 rounds
Follows Feistel cipher structure

14. Feistel Cipher

15. Inverse Initial Permutation
64-bit Plain Text
DES- Encryption
64-bit Key
Initial Permutation
Permuted
Choice 1
64-bit
56-bit K1
Round 1
Permuted
Choice 2
Left Circular Shift
48-bit
64-bit
56-bit
56-bit K2
Key Generation
Round 2
Permuted
Choice 2
Left Circular Shift
48-bit
56-bit
Encryption
64-bit
56-bit
K16
Round 16
Permuted
Choice 2
Left Circular Shift
48-bit
56-bit
64-bit
32-bit Swap
64-bit
Inverse Initial Permutation
Back
64-bit Cipher Text

16. Initial Permutation
Inverse of Initial Permutation
Back

17. Expansion / Permutation
32-bit Input
32-bit Input
Expansion / Permutation
(E-Table)
48-bit
48-bit
48-bit Key
48-bit
Round
Substitution / Choice
(S-Box)
32-bit
Permutation
32-bit
32-bit
32-bit
32-bit Input
32-bit Input
Back

18. Expansion / Permutation
(E-Table)
Back

19. 32-bit Data
Sub Key
Round
32-bit
Expansion
48-bit
48-bit
Substitution (S-Box)
48-bit
6-bit
6-bit
6-bit
6-bit
6-bit
6-bit
6-bit
6-bit S5 S6 S7 S8 S1 S2 S3 S4
4-bit
4-bit
4-bit
4-bit
4-bit
4-bit
4-bit
4-bit
32-bit
Permutation
32-bit
Back

20. S-Box
Back

21. Permutation
Back

22. Key Generation 64-bit Key Permuted Choice 1 Permuted Choice 2
Left Circular Shift
48-bit
56-bit
56-bit
28-bit
28-bit K2
Permuted
Choice 2
Left Circular Shift
48-bit
56-bit
56-bit
28-bit
28-bit
K16
Permuted
Choice 2
Left Circular Shift
48-bit
56-bit
Back

23. Before Permutation Choice - 1
Schedule of Left Shifts
Back

24. Double DES (a) Encryption K1 K2 Encryption Encryption P C
(b) Decryption K2 K1
Decryption
Decryption C P

25. Triple DES with Two Keys
(a) Encryption K1 K2 K1
Encryption
Decryption
Encryption P C
(b) Decryption K1 K2 K1
Decryption
Encryption
Decryption C P

26. Triple DES with Three Keys
(a) Encryption K1 K2 K3
Encryption
Decryption
Encryption P C
(b) Decryption K3 K2 K1
Decryption
Encryption
Decryption C P
Back

27. Advanced Encryption Standard (AES)

28. The Advanced Encryption Standard (AES) was published by the National Institute of Standards and Technology (NIST) in AES is a symmetric block cipher that is intended to replace DES as the approved standard for a wide range of applications.
Compared to public-key ciphers such as RSA, the structure of AES and most symmetric ciphers is quite complex.
AES takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the key length.
The cipher consists of N rounds, where the number of rounds depends on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key.

29. Expanded Key Size (W/B)
AES Parameters
AES-128
AES-192
AES-256
Key Size (w/B/b)
4/16/128
6/24/192
8/32/256
Block Size (w/B/b)
Nos. of Rounds 10 12 14
Round Key Size (w/B/b)
Expanded Key Size (W/B)
44/176
52/208
60/240

30. AES
Encryption
and
Decryption

31. Encryption
Decryption

32. S-Box (Encryption)

33. S-Box (Decryption)

34. Mix Columns

35. AES Key Generation

37. Coverts Block Cipher into Stream Cipher
Modes of Operation
What if the block of plaintext to be encrypted is greater than b-bits ?
A mode of operation is a technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream.
These modes are intended for use with any symmetric block cipher, including triple DES and AES.
Examples:
Electronic Code Book (ECB)
Cipher Block Chaining (CBC) Mode
Cipher Feedback (CFB) Mode
Output Feedback (OFB) Mode
Counter (CTR) Mode
Coverts Block Cipher into Stream Cipher

39. Modes of Operation 1. Electronic Codebook (ECB) Mode (a) Encryption P1Pn
64-bit
64-bit
64-bit
56-bit
56-bit
56-bit
Encrypt
Encrypt
Encrypt K K K
64-bit
64-bit
64-bit C1 C2 Cn
(b)
Decryption C1 C2 Cn
64-bit
64-bit
64-bit
56-bit
56-bit
56-bit
Decrypt
Decrypt
Decrypt K K K
64-bit
64-bit
64-bit P1 P2 Pn

40. 2. Cipher Block Chaining (CBC) Mode
Encryption P1 P2 Pn
64-bit
64-bit
64-bit IV
56-bit
56-bit
56-bit
Encrypt
Encrypt
Encrypt K K K
64-bit
64-bit
64-bit C1 C2 Cn
(b)
Decryption C1 C2 Cn
64-bit
64-bit
64-bit
56-bit
56-bit
56-bit
Decrypt
Decrypt
Decrypt K K K
64-bit
64-bit
64-bit IV P1 P2 Pn

41. S-bit Cipher Feedback Mode (CFB)

43. Output Feedback Mode (OFB)

45. Counter Mode (OFB)

47. Back

48. Asymmetric (Public) Key Encryption
User A (Sender)
User B (Receiver)
Receiver Public Key
Receiver Private Key
Plain Text
Encryption
Cipher Text
Cipher Text
Decryption
Plain Text
Entities:
Public-key and Private-key with every user.
Encryption – Using public-key of receiver
Decryption – Using private-key of receiver

49. Public-Key Cryptosystem
Public-key algorithms are based on mathematical functions rather than on substitution and permutation.
Public-key cryptography is asymmetric, involving the use of two separate keys, in contrast to symmetric encryption, which uses only one key.
We can classify the use of public-key cryptosystems into three categories:
Encryption/decryption: The sender encrypts a message with the recipient’s public key.
Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message.
Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.

50. Algorithm
Enc /Dec
Digital Sign.
Key Exchange
RSA
Yes
Elliptic-Curve
Diffie-Hellman No
DSS
Back

51. Rivest-Shamir-Adleman (RSA)
The scheme developed in 1978 by Rivest, Shamir, and Adleman makes use of an expression with exponentials.
The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.
A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than
Plaintext is encrypted in blocks, with each block having a binary value less than some number n. That is, the block size must be less than or equal to log2(n);

52. Rivest-Shamir-Adleman (RSA)
User A M
Step 1: Select two primes p1 and q1 (p1 ≠ q1)
Step 2: Calculate n1 = p1 X q1
Step 3: Calculate Ø (n1) = (p1-1)(q1-1)
Step 4: Select integer e1
[gcd (Ø (n1), e1) = 1 and 1 < e1 < Ø (n1)]
Step 5: Calculate d1 ≡ e1-1 (mod Ø (n1))
C = Me2 (mod n2)
(e1, n1) C
User B
(e2, n2) C
Step 1: Select two primes p2 and q2 (p2 ≠ q2)
Step 2: Calculate n2 = p2 X q2
Step 3: Calculate Ø (n2) = (p2-1)(q2-1)
Step 4: Select integer e2
[gcd (Ø (n2), e2) = 1 and 1 < e2 < Ø (n2)]
Step 5: Calculate d2 ≡ e2-1 (mod Ø (n2))
M = Cd2 (mod n2) M

53. RSA
Example
Back