dce
TRANSCRIPT
CHAPTER 1 CONVENTIONAL ENCRYPTION
PAGE 1Kalpana Coaching Classess BE-SEM-VII-EXTC-DCE-Notes by Rohit Sinha
Ph. Dadar-24330916 Thane-25440393 For private circulation only
Syllabus
Chapter 1: Data compression and encryption
Need for data compression, lossy/lossless compression, compression ratio, run length encoding (RLE) for text and image compression, relative encoding and its applications in facsimile data compression and telemetry, scalar quantization.
Chapter 2: Statistical methods
Statistical modeling of information source, coding redundancy, variable size codes, prefix codes, Shannon-Fano coding, Huffman coding, adaptive Huffman coding, arithmetic coding and text compression using PPM method.
Chapter 3: Dictionary methods
String compression, sliding window compression, LZ77, LZ78 and LZW algorithms and applications in text compression, Zip and Gzip, ARC and cyclic redundancy code.
Chapter 4: Image compression
Lossless techniques of image compression, gray codes, two dimensional image transforms, discrete cosine transform and its applications in lossy image compression, quantization, zig-zag coding sequences, JPEG and JPEG-LS compression standards, pulse code modulation and differential pulse code modulation methods of image compression, video compression and MPEG industry standard.
Chapter 5: Audio compression
Digital audio, Lossy sound compression, M-law and A-law companding DPCM and ADPCM audio compression, MPEG audio compression, frequency domain coding, format of compressed data.
Chapter 6: Conventional encryption
Security of information, security attacks, classical techniques, Caesar cipher, block cipher principle, design and modes of operation, S-box design, triple DES with two three keys, introduction to international data encryption algorithm.
Chapter 7: Number Theory and public encryption
Modular arithmetic, Fermats and Eulers theorems, Chinese remainder theorem, discrete logarithm, principles of public key cryptosystems, RSA algorithm, key management, Diffie-Hellman key exchange, elliptic curve cryptography.
Chapter 8: Message authentication
Authentication requirements and functions, message authentication functions (MAC), hash functions and their security, hash and MAC algorithms, digital signatures and authentication protocols, digital signature standard and algorithms.
CHAPTER 1 CONVENTIONAL ENCRYPTION
1.1 Cryptography and related terms
Cryptography:
Cryptography is the practice of storing and communicating data in such a form that only whom it is intended for can read and process it.
The basic purpose of cryptography is to protect the information from unauthorized individuals who may exploit it for their own benefit and cause loss to the organization.
In cryptography we encode the data to be transmitted into an unreadable format using certain algorithms so that it cannot be used and modified to produce unauthorized effects.
Practical goal of cryptographyPractically most of the cryptographic algorithms can be broken down if the attacker has enough time and resources. Therefore the more realistic goal of cryptography is to make obtaining the information work intensive for the attacker.
In other words the encryption algorithm should be strong enough that the time and resources lost by the attacker while decoding the code and tracking the algorithm should be more than actual value of information.
The encryption algorithm is considered secure even if the time taken by the attacker to break the code and obtain the information exceeds the useful lifetime of the information.
Following figure shows the basic encryption procedure:
The sender generates the message containing the information to be communicated. This message is in plain text and therefore cannot be transmitted on an insecure channel. Hence this message is encrypted using the encryption algorithm to generate cipher text. A secret key is used by the encryption algorithm to generate cipher text which is known only to the sender and the intended receiver. This cipher text can be interpreted only by those individuals whose know how it was encrypted i.e. who have the decryption algorithm and the secret key. The intended receivers decrypt the message by running the decryption algorithm and obtain the readable copy of the message.
Plain text: original message to be transmitted.
Cipher text: encrypted message.
Cipher: algorithm used to convert plain text to cipher text.
Key: secret data used sender and the receiver for encryption and decryption purposes.
Cryptography: study of encryption and decryption techniques.
Cryptanalysis: practice of decoding the encrypted message without the knowledge of the key.
Cryptology: study of both cryptography and cryptanalysis.
Encipher: to encrypt
Decipher: to decrypt
1.2 Information security
There are three aspects of information security
Security service
Security mechanism
Security attack
Security service:
The security service is something that enhances the security of data processing systems and information transfers of an organization.
It is used to counter security attacks and it uses many security mechanisms to do so.
The security standards defined by ITU X.800 are:
1. Authentication:
Authentication refers to the authenticity of the contents of the messages being exchanged as well as that of the communicating entities.
2. Access control:
Access control is the ability to limit and control the access to host systems and applications via communication links. To achieve this control, each entity trying to gain access must first be identified, or authenticated, so that access rights can be provided to the individual.
3. Data confidentiality:
The contents of the message being transferred across the insecure medium should be readable to only those whom it is intended for and to no other entity.
4. Data integrity:
The contents of the message should not get modified during transit and even if the message is modified, it should be detected at the receiving end.
5. Non repudiation:
Repudiation disputes arise when one entity denies sending or receiving any message. The security mechanism should provide means to resolve such disputes.
Security mechanism:
A security mechanism is a mechanism designed to detect, prevent and recover from a security attack.
No single mechanism supports all the functions required to provide complete security and therefore many mechanisms work together.
Security attack:
A security attack is any action which compromises the security of information of an organization.
It is an assault on the system derived from a threat.
Following figures shows different types of security attacks:
Security threat:
A threat is potential for violation of security which exists when there is a circumstance, capability, action or event that could breach security.
In simple words a threat is the vulnerability of the system which may be exploited by an attacker.
Two types of security attacks:
Passive attacks
Active attacks
Passive attacks:
In a passive attack the attack monitors the transmissions to obtain message content or monitors traffic flows, but does not modify the message.
Active attacks:
In an active attack the attacker acquires the message and modifies the contents of the message to obtain unauthorized effects.
Types of active attacks-
Modification of messages in transit:
In such type of a part of the message is altered or the message is delayed to produce an unauthorized effect.
Masquerade:
In masquerade one entity pretends to be another entity to produce an unauthorized effect.
Replay:
In replay attack a message sequence is captured and then retransmitted to produce an unauthorized effect.
Denial of service:
Denial of service attack prevents or inhibits the normal use and management of communication facilities.
1.3 Classifications of cryptographic systems
1) Classification based on type of operations used for transforming plain text into cipher text:
Substitution cipher:In substitution cipher each element in the plain text is mapped into (replaced by) another element to generate the cipher text.
Transposition cipher:
In transposition cipher the elements of the plain text are rearranged to generate the cipher text.
Product systems:
Product systems involve multiple stages of substitution and transposition.
2) Classification based on number of keys used:
Symmetric, single key, secret key or conventional encryption:
In this encryption method both the sender and the receiver use the same single key. The key is used for both encryption and decryption purposes.
Asymmetric, two key or public key encryption:
In public key encryption the sender and the receiver use different keys.
3) Classification on the basis of manner in which plain text is processed:
Block cipher:
A block cipher processes the input one block at a time producing an output block for each input block.
Stream cipher:
Stream cipher processes the input elements continuously producing an output one element at a time as it goes along.
1.4 Symmetric cipher
In symmetric cipher encryption or secret key encryption the sender and the receiver share a secret key between them and all the messages are encrypted and decrypted using the same secret key.
Following figure shows the symmetric encryption process:
Here a source produces a plain text message of the form: P = [X1, X2, ... , Xm]
Where X1, X2, are characters.
A secret key is generated by the sender which is delivered to the receiver securely.
The plain text is encrypted using this secret key to generate the cipher text as: C = EK (P)
Where E is the encryption algorithm.
The receiver decrypts the cipher text using the same key to obtain the plain text as:
P = DK (C) Where D is the decryption algorithm.
Requirements of symmetric encryption:
1. The encryption algorithm should be unconditionally secure i.e. the it should be strong enough that the attacker should not be able to decrypt the cipher text or discover the key even if he possesses cipher text copies along with corresponding plain text copies.2. Sender and receiver should obtain the copies of secret key in a secure fashion and must keep the key secure.3. The algorithm should be computationally secure i.e. : The cost of breaking the cipher exceeds the value of the message.
The time required for breaking the cipher should exceed the useful lifetime of the message.Drawbacks of symmetric encryption:
There is no method which is completely secure for delivering the secret key and if the attacker obtains a copy of the secret key then all the communication of the organization will be compromised.
This method does not provide any mechanism for authentication of the communicating parties involved and therefore is vulnerable to masquerade attacks.
1.5 Fiestel cipher
Fiestel cipher is a product cipher and uses two basic ciphers in sequence in such a way that their result is cryptographically stronger.
This method uses a cipher that alternates substitution and permutation.
Principle of operation:
Fiestel cipher works on the principle of confusion of diffusion and confusion.
Diffusion:
In diffusion, the statistical nature of plain text is dissipated into long range statistics of cipher text. This is done by making each bit of the plain text affect many bits of cipher text.
The purpose of diffusion is to make the statistical relationship between the plain text and the cipher text as complex as possible to prevent the attacker from deducing the key.
Confusion:
In confusion, the relationship between statistics of the cipher text and the encryption key is made as complex as possible using a complex substitution algorithm.
This is done so that even if the attacker has understood the statistics of the cipher text he will not be able to discover the key due to complex relationship between the key and the cipher text.
Algorithm:
The inputs to the encryption algorithm are: a plain text block of size 2w bits and a key having many subkeys K = {K1, K2,, Kn}.
The plain text block is divided into two halves each of length w bits denoted by R0 for w rightmost bits and L0 for w leftmost bits. These two halves pass through n rounds of processing and are then combined to produce the cipher text block.
Each round i has inputs Li-1 and Ri-1 derived from previous round and a key Ki derived from K.
Li is subjected to substitution by first applying a round function on Ri-1 and ex-oring the result with Li-1. The round function has same structure for each round but is parameterized by the round key Ki.
Following this substitution, a permutation is performed that consists of interchange of the two halves of data.
Following fig. shows the Fiestel cipher algorithm:
Design principles:
1. Block size:Increasing the block size increases complexity and thus improves security. But it slows the cipher.
Typically block size is 64 bits
2. Key size:Increasing the key size improves security but slows the cipher.
Typically key size is 128 bits.
3. Round function:Complex functions improve security but slow the cipher.
4. Number of rounds:Increasing the number of rounds improves complexity but slows down the cipher.
Typically 16 rounds are used.
5. Complexity of subkey generation:Complexity of subkey generation improves security and makes the analysis harder.
Data encryption standard (DES)
DES is an encryption technique which encrypts the data in 64 bit blocks using 56 bit keys.
Following fig. shows the encryption procedure used by DES:
The inputs to the encryption function are a 64 bit block of plain text and a 56 bit key. Although the actual size of the key is 64 bits, only 56 bits are used and the remaining 8 bits are arbitrary.
Following processes are involved in encryption of a block of plain text data using DES:
1. Initial permutation
2. 16 rounds of complex key dependent round function involving substitution and permutation functions.
3. 32 bit swap
4. Permutation which is inverse of the initial permutation.
Initial permutation:The initial permutation is defined by the following table:
The table has to be interpreted in the following way:
The input to the table consists of 64 bits numbered from 1 to 64.
The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64.
Each entry in the permutation table indicates the position of a numbered input bit in the output, which also consists of 64 bits.
Inverse initial permutation:
The inverse initial permutation is defined by the following table:
Single round details:Following figure shows the details of a single round involved in data processing:
A 64 bit intermediate value is the input to every round. This value is divided into two data blocks each of length 32 bits.
The right hand side block Ri-1 is subjected to an expansion/permutation block which converts 32 bit block of data into a 48 bit block.
The expansion is done according to the following table:
32 bit block of data is expanded into a 48 bit block by repeating some of the bits from the original block. The repetition of bits is as given in the above table.
After expansion the 48 bit data block is ex-ored with the 48 bit key.
The 48 bit ex-or output block is then mapped into 32 bit block by a substitution function involving eight s-boxes.
Following figure shows s-box design:
Each s-box takes 6 bits of data as input and maps it into 4 bit data.
s-box design:
Following figure shows the design of an s-box: S1
Mapping 6 bits data into 4-bits:
Consider the 6 bit input as 110101
4 bit number = binary equivalent of 3 = 0011
i. The 2 bit number formed by the first and last bits gives the row number to be referred in the table.
ii. The remaining 4 bits give the column number.
iii. The number at the corresponding row and column when converted into 4 bit binary equivalent is the 4 bit mapped output. The output of s-box is then subjected to a permutation block which rearranges the bits in order to increase the complexity of the encryption.
Following table defines the permutation operation:
The permuted output is then ex-ored with the left hand side input to the round: Li-1 to generate the right hand side output block Ri.
The input block Ri-1 is the left hand side output of the round i.e. Li = Ri-1.
Key generation in DES:
DES uses a 64 bit key as input. Out of the 64 bits every 8th bit is ignored and only 56 bits are used as given by the following table:
The resultant 56 bit key is then subjected to a permutation defined by the following permutation choice -1 table:
The permuted 56 bit key is then divided into two halves Co and Do each of size 28 bits. At each round Ci-1 and Di-1 are subjected to a circular left shift given by the following table:
The shifted values serve as input to the next round. They also serve as input to the permuted choice-2 table which produces the 48 bit key for the round function.
PC-2 table:
DES decryption:DES uses the same algorithm for decryption of the message except that the order of application of the keys is reversed.
Triple DES:DES is vulnerable to brute force attacks and therefore using DES for encryption does not ensure complete security. Hence to improve the security of encryption, the plain text is encrypted multiple times using same DES algorithm but with different keys.
In triple DES the plain text is encrypted by subjecting it to DES algorithm thrice.
Triple DES using two keys:
C = EK1 [DK2 {EK1 (P)}]
P = DK1 [EK2 {EK1 (C)}]
Triple DES using three keys:
C = EK3 [DK2 (EK1 (P))]
P = DK3 [EK2 (DK1(C))]
Block cipher principles:1. Electronic codebook mode:
In electronic codebook (ECB) mode the plain text is encrypted in 64 bit blocks using the same encryption key K. The plain text message is divided into 64 bit blocks and if the size of any block is less than 64 bits then bits are padded. Each 64 bit block is encrypted independent of other blocks. Hence each block will result in a unique cipher text block and therefore the codebook is used.
This method is useful for small blocks of data.
The drawback of this method is that if the attacker discovers the encryption algorithm and the key entire data becomes visible to him.
2. Cipher block chaining mode:
In CBC mode the cipher text output of the previous round is ex-ored with the current plain text block and the ex-or output is subjected to the encryption block.
For the first block of data no previous cipher text block is known and therefore an initial value is used to ex-or it with the plain text block.
The advantage of this method is that even if an attacker finds out the encryption key and the encryption algorithm, he will not be able to decrypt the cipher text block unless the previous cipher text blocks are known to him.
Another advantage of this method is that same blocks of cipher text will produce different blocks of cipher text and therefore the structural analysis of data is not possible. 3. Cipher feedback mode:
CFB mode converts a block cipher into stream cipher by padding with appropriate number of bits.
This mode is suitable for real time applications where s bits of stream data are to be transmitted immediately.
4. Output feedback mode:
5. Counter mode:
The advantage of this method is that even if the attacker knows the encryption algorithm and the secret key, he will not be able to decrypt the cipher text until he knows the cipher text.
Key management in symmetric encryption:
In this method the key distribution center which is a highly trusted organization generates the secret keys to be used by two communicating entities. Following steps take place for key distribution:1. The initiator A has to establish a data transfer session with B. Hence A sends a request message to KDC. Along with the request message a nonce N1 is added which can be a time stamp or any counter number depending on the application.2. KDC responds by a message encrypted using the secret key shared between KDC and A and another message encrypted using the secret key shared between KDC and B. The first message contains a secret key Ks to be used for communication message along with a copy of the request message sent by A so that A can verify that the message did not get modified during transit.
The other message contains the secret key Ks along with identity of A and it is encrypted using the key shared between KDC and B so that once B receives this message it trusts the key source.
3. A extracts the second part of the message and sends it to B.4. B derives the key and sends an encrypted nonce to A.5. A decrypts the nonce N2 and sends it to B so that the identity of A is authenticated to B.CHAPTER 2 NUMBER THEORY AND PUBLIC KEY ENCRYPTION
2.1 Number theory
Modular arithmetic:Modulus operator:
Consider a positive integer n and any other integer a.
When a is divided by n we get remainder r and quotient q such that: a = nq + r
When the remainder is required and the quotient is not of much significance, then the operation can be represented using modulus operator as: a mod n = r
a mod n operation gives the remainder when a is divided by n.
For example:
7 mod 5 = 2
11 mod 7 = 4
Congruent modulo integers:
Two integers a and b are said to be congruent modulo n if: a mod n = b mod n and it is represented as:
For example:
17 13 mod 4
35 52 mod 17
Rules of modular arithmetic:
1. a mod n + b mod n = (a + b) mod n
2. a mod n - b mod n = (a - b) mod n
3. a mod n x b mod n = (a x b) mod n
Relatively prime numbers: Two numbers are said to be relatively prime to each other if there is no factor common between them other than 1 i.e. if their G.C.D is 1.
Thus a and b are relatively prime to each other if gcd (a,b) = 1
Any prime number is relatively prime to all numbers other than 1 and its multiples.
For example:
25 and 33 are relatively prime to each other.
7 and 21 are not relatively prime to each other.
Eulers totient function:
For any natural number n the Eulers totient function (n) is defined as the total number of natural numbers less than n and relatively prime to n.
For example let n = 15
The set of natural numbers less than 15 and relatively prime to 15 is:
{1, 2, 4, 7, 8, 11, 13, 14}
(15) is number of elements in this set i.e. 8
Hence (15) = 8
For any prime number n, all the numbers less than n are relatively prime to n.
Hence for any prime number n, (n) = n 1
Fermats theorem:Fermats theorem states that if p is a prime number and a is a positive integer not divisible by p, then:
Proof:If p is a prime number and a is a positive integer not divisible by p, then according to modular arithmetic the set of numbers: { 0 mod p, a mod p, 2a mod p, ...... ,(p-1)a mod p } is identical to set { 0, 1, 2, ...... , p-1 }.
Since 0 mod p = 0 the first element of the two sets are equal.
Now multiplying the remaining elements of the two sets and taking modulus we get:
[(1a mod p)(2a mod p).....((p-1)a mod p)] mod p = (1(2(3(.......((p-1)) mod p
Using product rule on RHS:
(a(2a(.....((p-1)a) mod p = (1(2(3(.......((p-1)) mod p
ap-1(p-1)! mod p = (p-1)! mod p
Canceling (p-1)! on both sides:
ap-1 mod p = 1 mod p
or ap-1 1 mod pEulers theorem:Eulers theorem states that for every a and n that are relatively prime:
2.2 Principles of public key cryptographic systems
Drawbacks of single key encryption:
Single key encryption uses one key shared by both the sender and the receiver. If this key is disclosed, all communication between the sender and the receiver becomes transparent to the attacker.
This is symmetric system and therefore it does not prevent the parties from forging a message and claiming it to be sent by the other party.
Public key encryption:Public key encryption is based on using different keys for encryption and decryption purposes.
In public key encryption each communicating party generates a pair of keys. One of the keys is publicly available and is therefore called the public key KU. The other key is known only to the respective party and therefore called as private key KR.
The keys are generated in such a way that a message encrypted using the public key can be decrypted using the private key only while a message encrypted using the public key can be decrypted using the private key only.
Public key encryption can be used for authentication and confidentiality both and it also eliminates the need for a secure medium for distribution of secure keys.
Steps involved in public key encryption:1. Each communicating entity generates a pair of keys to be used for encryption and decryption of messages.
2. One of the keys is kept secret and is known only to the user. This key is the private key.
3. The other key is placed in the public register and is accessible to every one. This key is the public key.
4. Keys are used for encryption and decryption depending on the application.
Data confidentiality using public key encryption:
Confidentiality refers to the security of the information while it is transmitted through an insecure channel. No other entity except the intended receiver should be able to view the message.
Following figure shows how data confidentiality is obtained using public key encryption:
A source A produces messages in plain text P = [P1, P2, ......] where the elements P1, P2, P3, ...... are letters in some finite alphabet.
The receiver of the message B generates a pair of key i.e. a private key KRB known only to B and a public key KUB known to everyone including A.
For confidentiality the receivers public key is used for encryption. A message encrypted using the receivers public key can be decrypted using the receivers private key only. Since the private key is known to no one else, the message will be secure from everyone and confidentiality will be achieved.
Therefore A encrypts the plain text message using the receivers public key KUB and the cipher text of the form C = [C1, C2, ......].
C = EKUB[P]
Upon reception B decrypts this message using the private key and generates the plain text message as:
P = DKRB[C]
This method ensures confidentiality but not authentication as anyone having the public key of B can forge a message masquerading as A.
Authentication using public key encryption:Authentication refers to the genuineness of the communicating entities. For example if A and B are communicating, both A and B should be aware of each others identities.
Authentication can be implemented using public key encryption in the following manner:
Here the sender A generates a plain text message P and encrypts this message using his private key KRA to generate the cipher text C as:
C = EKRA[X]
Since this message is encrypted using the private key of the sender, it can be decrypted only using the public key of the sender. Therefore if a communicating party is able to decrypt the message using the public key, the identity of the sender will be authenticated as no one else can encrypt a message using the private key.
Upon reception the receiver decrypts the message as: P = DKUA[C]
This method provides authentication but not confidentiality as the message is encrypted using the senders private key and everyone having the public key can decrypt the message and view the contents.
Authentication and confidentiality using public key encryption:Authentication and confidentiality both can ensured using public key encryption by subjecting the plain text message to two rounds of encryption as shown in the figure:
As shown in the figure the message is encrypted twice first using the senders private key and then using the receivers public key.
The public key of the receiver is used to ensure confidentiality the private key of the sender is used to authenticate the sender.
The cipher text is generated as:
C = EKUB[EKRA(P)]
The cipher text is decrypted as:
P = DKRB[DKUA(C)]
The disadvantage of this method is that the complex encryption algorithm has to be executed twice at each end which increases the processing time.
Requirements of public key encryption:1. It should be computationally feasible for all the communicating parties to generate a key pair (KU, KR)
2. It should be computationally feasible for a sender A knowing the public key of the receiver B to generate cipher text as C = EKUB(P).
3. It should be computationally feasible for the receiver B to decrypt the cipher text and obtain the original message as P = DKRB(C).
4. It should be computationally infeasible for an attacker who knows KU to find KR.
5. It should be computationally infeasible for an attacker who knows C and KU to find P.
6. Encryption and decryption functions can be applied in any order:
M = EKUB[DKRB(M)] = DKUB[EKRB(M)] = EKRB[DKUB(M)] = DKRB[EKUB(M)]
2.3 RSA algorithm:RSA algorithm is a practical implementation of public key encryption.
It is a block cipher scheme where the plain text and cipher text are integers between 0 and n-1. Typically n=1024.
Here the plain text is encrypted in blocks where the size of each block is k bits, such that 2k < n 2k+1.
For a block of plain text M, the cipher text C is generated as: C = Me mod n
The cipher text is decrypted as P = Cd mod n = Med mod n
Both sender and the receiver know the value of n and e whereas only the receiver knows the value of d.
Thus the public key of the receiver is KU = {e, n} and the private key of the receiver is
KR = {d, n}
The RSA algorithm consists of following modules:I. Key generation:1. Generate two large random and distinct prime numbers p and q which are approximately of same size in terms of bit length.
2. Compute n = pq and = (p-1)(q-1).
3. Select a random integer e, 1