Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit -1.

Published byPhilip Lynch Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit -1."— Presentation transcript:

1 Unit -1

2 Triple DES

3 Triple DES 3DES was first Standardized for use in financial application in ANSI standard X9.17 in 1985 3DES uses three keys and three executions of DES algorithm . The Function Follows (EDE) Encrypt – Decrypt – Encrypt NETWORK SECURITY BY: Homera Durani

4 C= E(K 3,D(K2,E(K1,P))) WHERE C= cipher text P = Palin text
NETWORK SECURITY BY: Homera Durani

5 NETWORK SECURITY BY: Homera Durani

6 Decryption is simply the same operation with the key reversed
P=D(K1,E(K2,D(K3,C))) NETWORK SECURITY BY: Homera Durani

7 C=E(K1,D(K1,E(K1,P)))=E[K,P]
The only advantage is that it allows users of 3DES to decrypt data encrypted by users C=E(K1,D(K1,E(K1,P)))=E[K,P] With three distinct key , 3DES has key length of 168 bits. NETWORK SECURITY BY: Homera Durani

8 The following Guidelines for 3DES
3DES is the FIPS approved symmetric encryption algorithm of choice. Original DES uses 56- bit key, So new procurement should support 3DES DES systems are encouraged to 3DES 3DES and AES (Advanced Encryption standard ) will coexits. NETWORK SECURITY BY: Homera Durani

9 Advanced Encryption Standard
The Principal drawback of 3DES is that algorithm is sluggish in software. Original DEA was designed for 1970 3DES has three times rounds as DEA Major draw back Both 3DES and DEA use 64- bit block size Thus for long term use NIST , in 1997 call for proposals for Advanced Encryption Standard (AES), for security strength better than 3DES. NETWORK SECURITY BY: Homera Durani

10 In a first round 15 proposed algorithm were accepted.
NIST specified that AES must be symmetric block cipher with block length of 128 bits and support key length of 128,192 and 256 bits. In a first round 15 proposed algorithm were accepted. Second Round 5 algorithm . NIST completed its evaluation process and published final in November 2001. NETWORK SECURITY BY: Homera Durani

11 NIST selected Rijndael as proposed AES algorithm
Two Researchers who developed and submitted Rijndael for AES are cryptographers from Belgium : Dr. Joan Daemen Dr. Vincent Rijmen. NETWORK SECURITY BY: Homera Durani

12 Overview of the Algorithm
AES uses a block length of 128 bits and a key length of 128,192 or 256 bits. This block is depicted as a square matrix of bytes. The block is copied to STATE array which is modified at each stage of encryption or decryption . Final Stage , State is Copied to Matrix NETWORK SECURITY BY: Homera Durani

13 So, 128 bit key is depicted as a square matrix of bytes.
Therefore each word is four bytes and total key is 44 words for 128 – bit key. Ordering of bytes within a matrix is by column NETWORK SECURITY BY: Homera Durani

14 4Transformations: Substitute Bytes Shift Rows Mix Columns
Add Round Key NETWORK SECURITY BY: Homera Durani

15 It is not Feistel Structure
Key Provided as input is expanded into an array of 44 , 32 bit words. Four Different Stages are used and three of substitution Substitute bytes Shift rows Mix Columns Add Round key NETWORK SECURITY BY: Homera Durani

16 Each stage is easily reversible.
It is quite Simple , Both Encryption and Decryption , cipher begins with an Add round Key stage, followed by nine rounds that each includes four stages , and tenth round of three stage. Add Round only use key Each stage is easily reversible. Decryption algorithm make use of the expanded key in reverse order. NETWORK SECURITY BY: Homera Durani

17 Final round of both encryption and decryption consists of three stage.
When all the four stages are reversible , it is easy to verify that decryption covers plain text. Final round of both encryption and decryption consists of three stage. NETWORK SECURITY BY: Homera Durani

18 2.3 STREAM CIPHERS AND RC4

19 A block cipher processes the input one block of elements at a time producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along. The most popular is Stream Cipher RC4 NETWORK SECURITY BY: Homera Durani

20 Stream Cipher Structure
Stream cipher encrypts plaintext one byte at a time , although stream cipher is designed to operate one bit at a time In this structure a key is input to a pseudorandom bit generator that produces a stream of 8- bit numbers that are apparently random. Stream is unpredictable without knowledge of the input key and which has a apparently random character. NETWORK SECURITY BY: Homera Durani

21 The output of the generator , called a key stream , is combined one byte at a time with the plain text stream using the bitwise exclusive OR(XOR) operation. Example plain text ⊕ key stream ___________ ciphertext NETWORK SECURITY BY: Homera Durani

22 Decryption requires use of the same sequence
cipher text ⊕ key stream ____________ plain text NETWORK SECURITY BY: Homera Durani

23 Important Design for stream cipher
Encryption sequence should have a large period. Key stream should have true random number stream Output of the pseudorandom number generator is conditioned on the value of the input key. Advantage Stream cipher is always faster and use less code than block ciphers. NETWORK SECURITY BY: Homera Durani

24 RC4 can be implemented in few lines code.
Advantage of block cipher is reuse of key If two plaintext are encrypted with the same key using a stream cipher then cryptanalysis is often quite simple. NETWORK SECURITY BY: Homera Durani

25 RC4 RC4 is a stream cipher designed in by Ron Rivest for RSA Security It is variable key –size stream cipher with byte – oreinted operations. Algorithm is based on use of random permutation Analysis shows that cipher is greater than NETWORK SECURITY BY: Homera Durani

26 Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. RC4 is used in the SSL/TLS (Secure Sockets Layer/ Transport Layer Security) standards that have been defined for communication between web browsers and servers. Also used in WEP(Wired Equivalent privacy) protocol and in WIFI Protected Access(WPA) NETWORK SECURITY BY: Homera Durani

27 Protocol that are part of IEEE 802.11 wireless LAN Standard.
RC4 was kept as a trade secret by RSA security. In September 1994, RC4 algorithm was posted on the internet on the cypherpunks RC4 is simple and quite easy to explain. Its key length is 1 to 256 bytes ( 8 to bits) NETWORK SECURITY BY: Homera Durani

28 Initialized to S with elements s[0],s[1]…s[255].
For encryption and decryption byte k is generated from S by selecting one of the 255 entries in a systematic fashion. NETWORK SECURITY BY: Homera Durani

29 Initialization of S For i=0 to 255 do S[i]=i; T[i]=k[i mod keylen];
NETWORK SECURITY BY: Homera Durani

30 Initial permutation of s
Swapping J=0; For i=0 to 255 do J=(j + s[i] + T[i] ) mod 256; Swap (s[i],s[j]); NETWORK SECURITY BY: Homera Durani

31 Stream Generation Stream Generation I ,j,=0; While (true)
i=(i+1) mod 256; J=(j+ s[i] ) mod 256; Swap (s [i], s[j] ); T= (s [i] + s [j] ) mod 256; K= s [t]; NETWORK SECURITY BY: Homera Durani

32 Strength of RC4 Number of paper have been published analyzing methods of attacking RC4 NETWORK SECURITY BY: Homera Durani

33 CIPHER BLOCK MODES OF OPERATION

34 CIPHER BLOCK MODES OF OPERATION
CHIPER BLOCK CHAINING MODE CIPHER FEEDBACK MODE NETWORK SECURITY BY: Homera Durani

35 Two common alternatives defined by FIPS PUB 81.
ECB (Electronic code book) may not be secure, if the message is highly structured with the period of repetition of a multiple 64 bits. To overcome the security deficiencies of ECB, technique in which same plain text block , if repeated , produces different cipher text blocks Two common alternatives defined by FIPS PUB 81. NETWORK SECURITY BY: Homera Durani

36 CHIPER BLOCK CHAINING MODE CIPHER FEEDBACK MODE
NETWORK SECURITY BY: Homera Durani

37 Cipher Block Chaining Mode
CBC mode, the input to encryption algorithm is the XOR of the current plaintext block & preceding cipher text block. Same key Is used for each block. Here input to the encryption function for each plain text block bears no fixed relationship to the plain text block. Thus 64 bits are not used. Same way decryption , each cipher lock is passed through decryption algorithm. NETWORK SECURITY BY: Homera Durani

38 NETWORK SECURITY BY: Homera Durani

39 NETWORK SECURITY BY: Homera Durani

40 Cipher Feedback Mode Convert any block cipher into a stream cipher by using CFB mode. It eliminates the need to pad a message to be integral number of blocks. Also operate in real time. If Character stream is transmitted , immediately using character-oriented stream cipher. If 8 bit character are being transmitted , each character should be encrypted using 8 bits. NETWORK SECURITY BY: Homera Durani

41 The unit of transmission is s bits. A common value is s=8.
In CBC unit of plaintext are chained together , so that the cipher text of any plain text unit is a function of all preceding plaintext. The input to the encryption function is a 64- bit shift register that is initially set to some initialization vector. The left most s bits of the output of the encryption function are XORed with the first NETWORK SECURITY BY: Homera Durani

42 Unit of cipher text C1, which is then transmitted.
Then shift register are shifted by s bits and C1 is placed in the right most. This process continuous until all plaintext have been encrypted, For decryption same scheme is except. NETWORK SECURITY BY: Homera Durani

43 Location of encryption devices

44 End-to-end encryption
Link encryption: A lot of encryption devices High level of security Decrypt each packet at every switch End-to-end encryption The source encrypt and the receiver decrypts Payload encrypted Header in the clear High Security: Both link and end-to-end encryption are needed NETWORK SECURITY BY: Homera Durani

45 NETWORK SECURITY BY: Homera Durani

46 Key Distribution

47 A key could be selected by A and physically delivered to B.
A third party could select the key and physically deliver it to A and B. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. NETWORK SECURITY BY: Homera Durani

48 Key Distribution center
Session key: Data encrypted with a one-time session key.At the conclusion of the session the key is destroyed Permanent key: Used between entities for the purpose of distributing session keys Key Distribution center KDC determines which systems are allowed to communicate with each other. When permission is granted for two systems to establish a connection, the key distribution provides one- time session. NETWORK SECURITY BY: Homera Durani

49 Security service module(SSM)
This module , which may consist of functionality at one protocol layer , performs end- to- end encryption and obtains session keys on behalf of users. NETWORK SECURITY BY: Homera Durani

Download ppt "Unit -1."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.

Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
Slide 1 Stream Ciphers uBlock ciphers generate ciphertext Ciphertext(Key,Message)=Message  Key Key must be a random bit sequence as long as message uIdea:

Slide 1 Stream Ciphers uBlock ciphers generate ciphertext Ciphertext(Key,Message)=Message  Key Key must be a random bit sequence as long as message uIdea:
Computer Networks with Internet Technology William Stallings Network Security.

Computer Networks with Internet Technology William Stallings Network Security.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.

TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Stream Cipher July 2011.

Stream Cipher July 2011.

Similar presentations

Ads by Google