Network 1
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Network 1 as PDF for free.
More details
- Words: 1,503
- Pages: 6
Cataniag, Saul Mel Ng, Johnson Santos, Marvin
Network Security Encryption/ Decryption I. Introduction Figure 1 Cryptography components II. Symmetric-Key Cryptography •
Traditional Ciphers 1. Substitution Cipher 2. Transpositional Cipher In a transpositional cipher, the characters retain their plaintext form but change their positions to create the ciphertext. The text is organized into a twodimensional table, and the columns are interchanged according to a key. For example, we can organize the plaintext into an 8-column table and then reorganize the columns according to a key that indicates the interchange rule. Figure 7 shows an example of transpositional cryptography. The key defines which columns should be swapped. The character frequencies are preserved, and the attacker can find the plaintext through trial and error. Figure 7 Transpositional cipher
•
Block Cipher Traditional ciphers used a character or symbol as the unit of encryption/ decryption. Modern ciphers, on the other hand, use a block of bits as the units of encryption/ decryption. Figure 8 shows the concept of the block cipher; the plaintext and ciphertext are blocks of bits. Figure 8 Block cipher 1. P-box A P-box (P for permutation) performs a transposition at the bit level; it transposes bits as shown in Figure 9. It can be implemented in software or hardware, but hardware is faster. The key and the encryption/ decryption algorithm are normally embedded in the hardware. Figure 9 P-box 2. S-box
An S-box (S for substitution) performs a substitution at the bit level; it transposes permuted bits as shown in Figure 10. The S-box substitutes one decimal digit with another. Three components: • The decoder changes an input of n bits to an output of 2n bits. This output has one single 1 (the rest are 0s) located at a position determined by the input. • The P-box permutes the output of decoder. • The encoder changes the output of the P-box back to a binary number in the same way as the decoder, but inversely. Figure 10 S-box 3. Product Block The P-boxes and S-boxes can be combined to get more complex cipher block. This is called a product block, as shown in Figure 11. Figure 11 Product box 4. Data Encryption Standard (DES) DES was designed by IBM and adopted by the US government as the standard encryption method for nonmilitary and nonclassified use. The algorithm encrypts a 64-bit plaintext using a 56-bit key. The text is put through 19 different and complex procedures to create a 64-bit ciphertext, as shown in Figure12. DES has two transposition blocks, one swapping block, and 16 complex blocks called iteration blocks. Figure 13 shows the general scheme. Figure 12 DES Figure 13 General scheme of DES Figure 14 Iteration block The 16 iteration blocks use different key derived from the original key. Figure 14 hows the schematics of an iteration block. In each block, the previous right 32 bits become the next left 32 bits (swapping). The next right 32 bits, however, come from first applying an operation (a function) on the previous right 32 bits and then XORing the result with the left 32 bits. 5. Triple DES This uses three DES blocks and two 56-bit keys, as shown in Figure 15. The encrypting block uses an encryption-decryption-encryption combination of DESs, while the decryption block uses a decryption-encryption-decryption combination. It was designed this way to provide compatibility between triple DES and the original DES when K1 and K2 are the same.
Figure15 Triple DES •
Operation Modes 1. Electronic Code Block (ECB) Mode In ECB mode, we divide the long message into 64-bit blocks and encrypt each block separately, as shown in Figure 16. The encryption of each block is independent of the other blocks in ECB mode. The problem with the ECB mode is that the encryption of each 8-byte block is independent of the others; the encryption of each block does not depend on the other blocks in the processor. Figure 16 ECB Mode 2. Cipher Block Chaining (CBC) Mode In CBC mode, the encryption (or decryption) of a block depends on all previous blocks, as shown in Figure 17. Figure17 CBC Mode For example, to encrypt the second plaintext block (P2), we first XOR it with the first ciphertext block (C1) and then pass it through the encryption process. In this way, C2 depends on C1. 3. Cipher Feedback Mode (CFM) In the Cipher Feedback Mode (CFB) is data encrypted in units smaller than the block size. This mode can be used to encrypt any number of bits e.g. single bits or single characters (bytes) before sending across an insecure data link.
the figure above shows how single bytes can be encrypted and decrypted using a block cipher in CFB mode. The shift register is initially filled with an initialization vector, and the encryption algorithm is run once to produce 64 output bits. The leftmost 8 bits of the output bits are then XOR'ed with the byte to be transmitted. The result of this XOR operation is sent over the network and also fed back to the 64 bit shift register, shifting the left-most 8 bits out. Then, the encryption algorithm is run again and the next character is encrypted in the same manner. 4. Cipher Stream Mode (CSM) In cryptography, a stream cipher is a symmetric cipher in which the plaintext digits are encrypted one at a time, and at the same time be independent of the previous bits. In this mode, data are XORed bit by bit with a long, one-time bit stream that is generated by an innitialization vector in looping process. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly. III. Public-Key Cryptography Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. What has been encrypted by the first key, can only be decrypted by the second - and vice versa. In public key cryptography, the private key is kept secret, while the public key may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be feasible to deduce the private key of a pair given the public key, and in high quality algorithms no such technique is known. One analogy is that of a locked store front door with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot. However, only the person who possesses the matching private key, the store owner in this case, can open the door and read the message. The term asymmetric key cryptography is a synonym for public key cryptography though a somewhat misleading one. There are asymmetric key encryption algorithms that do not have the public key-private key property noted above. For these algorithms, both keys must be kept secret, that is both are private keys. But public-key cryptography has two disadvantages. The big disadvantages is the complexity of the algorithm. If we want an effective algorithm we must have large numbers. Calculating the ciphertext from plaintext using the long keys takes a lot of time. That is why it is not recommended for long message.
The second disadvantage of the public-key method is that the association between an entity and its public key must be verified. Certification is really important when we use public-key cryptography for authentication. However this can be overcome using a certification authority (CA). The most common algorithm is RSA. RSA In cryptology, RSA is an algorithm for public-key encryption. It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is still widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. Encrypting Messages: Alice transmits her public key ( & ) to Bob and keeps the private key secret. Bob then wishes to send message M to Alice. He first turns M into a number < by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext corresponding to:
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice. Decrypting Message: Alice can recover
Given
from by using her private key in the following procedure:
, she can recover the original message M.
The decryption procedure works because . Now, since and
Fermat's little theorem yields and . Since and are distinct prime numbers, applying the Chinese remainder theorem to these two congruences yields . Thus, .
Reference: http://www.pvv.ntnu.no/~asgaut/crypto/thesis/node16.html http://en.wikipedia.org/wiki/Stream_cipher http://en.wikipedia.org/wiki/Public-key_cryptography http://en.wikipedia.org/wiki/RSA#Decrypting_messages
Network Security Encryption/ Decryption I. Introduction Figure 1 Cryptography components II. Symmetric-Key Cryptography •
Traditional Ciphers 1. Substitution Cipher 2. Transpositional Cipher In a transpositional cipher, the characters retain their plaintext form but change their positions to create the ciphertext. The text is organized into a twodimensional table, and the columns are interchanged according to a key. For example, we can organize the plaintext into an 8-column table and then reorganize the columns according to a key that indicates the interchange rule. Figure 7 shows an example of transpositional cryptography. The key defines which columns should be swapped. The character frequencies are preserved, and the attacker can find the plaintext through trial and error. Figure 7 Transpositional cipher
•
Block Cipher Traditional ciphers used a character or symbol as the unit of encryption/ decryption. Modern ciphers, on the other hand, use a block of bits as the units of encryption/ decryption. Figure 8 shows the concept of the block cipher; the plaintext and ciphertext are blocks of bits. Figure 8 Block cipher 1. P-box A P-box (P for permutation) performs a transposition at the bit level; it transposes bits as shown in Figure 9. It can be implemented in software or hardware, but hardware is faster. The key and the encryption/ decryption algorithm are normally embedded in the hardware. Figure 9 P-box 2. S-box
An S-box (S for substitution) performs a substitution at the bit level; it transposes permuted bits as shown in Figure 10. The S-box substitutes one decimal digit with another. Three components: • The decoder changes an input of n bits to an output of 2n bits. This output has one single 1 (the rest are 0s) located at a position determined by the input. • The P-box permutes the output of decoder. • The encoder changes the output of the P-box back to a binary number in the same way as the decoder, but inversely. Figure 10 S-box 3. Product Block The P-boxes and S-boxes can be combined to get more complex cipher block. This is called a product block, as shown in Figure 11. Figure 11 Product box 4. Data Encryption Standard (DES) DES was designed by IBM and adopted by the US government as the standard encryption method for nonmilitary and nonclassified use. The algorithm encrypts a 64-bit plaintext using a 56-bit key. The text is put through 19 different and complex procedures to create a 64-bit ciphertext, as shown in Figure12. DES has two transposition blocks, one swapping block, and 16 complex blocks called iteration blocks. Figure 13 shows the general scheme. Figure 12 DES Figure 13 General scheme of DES Figure 14 Iteration block The 16 iteration blocks use different key derived from the original key. Figure 14 hows the schematics of an iteration block. In each block, the previous right 32 bits become the next left 32 bits (swapping). The next right 32 bits, however, come from first applying an operation (a function) on the previous right 32 bits and then XORing the result with the left 32 bits. 5. Triple DES This uses three DES blocks and two 56-bit keys, as shown in Figure 15. The encrypting block uses an encryption-decryption-encryption combination of DESs, while the decryption block uses a decryption-encryption-decryption combination. It was designed this way to provide compatibility between triple DES and the original DES when K1 and K2 are the same.
Figure15 Triple DES •
Operation Modes 1. Electronic Code Block (ECB) Mode In ECB mode, we divide the long message into 64-bit blocks and encrypt each block separately, as shown in Figure 16. The encryption of each block is independent of the other blocks in ECB mode. The problem with the ECB mode is that the encryption of each 8-byte block is independent of the others; the encryption of each block does not depend on the other blocks in the processor. Figure 16 ECB Mode 2. Cipher Block Chaining (CBC) Mode In CBC mode, the encryption (or decryption) of a block depends on all previous blocks, as shown in Figure 17. Figure17 CBC Mode For example, to encrypt the second plaintext block (P2), we first XOR it with the first ciphertext block (C1) and then pass it through the encryption process. In this way, C2 depends on C1. 3. Cipher Feedback Mode (CFM) In the Cipher Feedback Mode (CFB) is data encrypted in units smaller than the block size. This mode can be used to encrypt any number of bits e.g. single bits or single characters (bytes) before sending across an insecure data link.
the figure above shows how single bytes can be encrypted and decrypted using a block cipher in CFB mode. The shift register is initially filled with an initialization vector, and the encryption algorithm is run once to produce 64 output bits. The leftmost 8 bits of the output bits are then XOR'ed with the byte to be transmitted. The result of this XOR operation is sent over the network and also fed back to the 64 bit shift register, shifting the left-most 8 bits out. Then, the encryption algorithm is run again and the next character is encrypted in the same manner. 4. Cipher Stream Mode (CSM) In cryptography, a stream cipher is a symmetric cipher in which the plaintext digits are encrypted one at a time, and at the same time be independent of the previous bits. In this mode, data are XORed bit by bit with a long, one-time bit stream that is generated by an innitialization vector in looping process. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly. III. Public-Key Cryptography Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. What has been encrypted by the first key, can only be decrypted by the second - and vice versa. In public key cryptography, the private key is kept secret, while the public key may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be feasible to deduce the private key of a pair given the public key, and in high quality algorithms no such technique is known. One analogy is that of a locked store front door with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot. However, only the person who possesses the matching private key, the store owner in this case, can open the door and read the message. The term asymmetric key cryptography is a synonym for public key cryptography though a somewhat misleading one. There are asymmetric key encryption algorithms that do not have the public key-private key property noted above. For these algorithms, both keys must be kept secret, that is both are private keys. But public-key cryptography has two disadvantages. The big disadvantages is the complexity of the algorithm. If we want an effective algorithm we must have large numbers. Calculating the ciphertext from plaintext using the long keys takes a lot of time. That is why it is not recommended for long message.
The second disadvantage of the public-key method is that the association between an entity and its public key must be verified. Certification is really important when we use public-key cryptography for authentication. However this can be overcome using a certification authority (CA). The most common algorithm is RSA. RSA In cryptology, RSA is an algorithm for public-key encryption. It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is still widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. Encrypting Messages: Alice transmits her public key ( & ) to Bob and keeps the private key secret. Bob then wishes to send message M to Alice. He first turns M into a number < by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext corresponding to:
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice. Decrypting Message: Alice can recover
Given
from by using her private key in the following procedure:
, she can recover the original message M.
The decryption procedure works because . Now, since and
Fermat's little theorem yields and . Since and are distinct prime numbers, applying the Chinese remainder theorem to these two congruences yields . Thus, .
Reference: http://www.pvv.ntnu.no/~asgaut/crypto/thesis/node16.html http://en.wikipedia.org/wiki/Stream_cipher http://en.wikipedia.org/wiki/Public-key_cryptography http://en.wikipedia.org/wiki/RSA#Decrypting_messages
