Cryptography &

Network Security

10/9/2024 1
 Syllabus

10/9/2024 2
10/9/2024 3
 Objective of Unit -1

• Introduction to security attacks, services and mechanism,

• To understand Classical encryption techniques substitution
and transposition ciphers,
• Study about cryptanalysis, and block
ciphers. Modern Block Ciphers: Block ciphers principles,
• To understand Shannon’s theory of confusion and
fiestal structure.
• Learn how Data encryption standard(DES) works, and what
are the Strength of DES,
• Study about differential cryptanalysis, block cipher modes of
operations, Triple DES

4
 Brief Introduction about subject

Computer data often travels from one computer to another, leaving the
safety of its protected physical surroundings. Once the data is out of hand,
people with bad intention could modify or forge your data, either for
amusement or for their own benefit.
Cryptography can reformat and transform our data, making it safer on its trip
between computers. The technology is based on the essentials of secret
codes, augmented by modern mathematics that protects our data in powerful
ways.
Computer Security - generic name for the collection of tools designed to
protect data and to thwart hackers
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission
over a collection of interconnected networks

5
 Introduction to security

• Computer Security - generic name for the collection of

tools designed to protect data and to thwart hackers

• Network Security - measures to protect data during

their transmission

• Internet Security - measures to protect data during their

transmission over a collection of interconnected
networks

10/9/2024 6
 Introduction to Security

10/9/2024 7
 Computer Security Challenges
1. not simple – easy to get it wrong
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
a process, not an event
9. too often an after-thought
10. regarded as impediment to using system
“Unusable security is not secure”
 Aspects of Security
• consider 3 aspects of information security:
– security attack
– security mechanism (control)
– security service
• note terms
– threat – a potential for violation of security
– vulnerability – a way by which loss can happen
– attack – an assault on system security, a
deliberate attempt to evade security services
 Network Security(Attack)

• A network attack can be defined as any method, process,

or means used to maliciously attempt to compromise
network security.

• Network security is the process of preventing network

attacks across a given network infrastructure, but the
techniques and methods used by the attacker further
distinguish whether the attack is an active cyber attack, a
passive type attack, or some combination of the two.

10/9/2024 10
 Security Attacks
• A useful means of classifying security attacks,
is in terms of passive attacks and active
attacks.
• A passive attack attempts to learn or make
use of information from the system but does
not affect system resources.
• An active attack attempts to alter system
resources or affect their operation.
 Network Security(Attack)

Normal Flow:

10/9/2024 12
 Network Security(Attack)

• Four types of possible attacks are:

1. Interruption: services or data become unavailable,

unusable, destroyed, and so on, such as lost of file,
denial of service, etc.

Cut wire lines,

Jam wireless
signals,
Drop packets,
10/9/2024 13
 Network Security(Attack)

2. Interception: an unauthorized subject has gained

access to an object, such as stealing data, overhearing
others communication, etc.

Wiring,
eavesdrop

10/9/2024 14
 Network Security(Attack)

3. Modification: unauthorized changing of data or

tempering with services, such as alteration of data,
modification of messages, etc.

Replaced info
intercept

10/9/2024 15
 Network Security(Attack)

4. Fabrication: additional data or activities are generated

that would normally no exist, such as adding a password
to a system, replaying previously send messages, etc.

Also called impersonation

10/9/2024 16
 Network Security(Attack)

• An active attack is a network exploit in which attacker

attempts to make changes to data on the target or data en
route to the target.

10/9/2024 17
 Types of Active Attacks

10/9/2024 18
 1. Masquerade
An unauthorized entity tries to gain more privileges than it is
authorized for.
Masquerading is generally done by using stolen IDs and
passwords, or through by passing authentication mechanisms.

10/9/2024 19
 2. Replay

This active attack involves capturing a copy of the message

sent by the original sender and retransmitting it later to
bring about an unauthorized result.

10/9/2024 20
 3. Modification of messages

This attack involves making certain modifications to the captured

message, or delaying or reordering the messages to cause an
unauthorized effect.

10/9/2024 21
 4. Denial of service (DoS)

An intruder may fix a specific target machine (server) and send

some unwanted messages to that particular target machine in
order to jam the communication media.

10/9/2024 22
 Types of Active Attacks

• Takes place when one entity pretends to be a different

Masquerade entity
• Usually includes one of the other forms of active attack

• Involves the passive capture of a data unit and its

Replay subsequent retransmission to produce an unauthorized
effect

Modification • Some portion of a legitimate message is altered, or

messages are delayed or reordered to produce an
of messages unauthorized effect

Denial of • Prevents or inhibits the normal use or management of

communications facilities
service
10/9/2024 23
 Passive Attacks

• A passive attack is a network attack in which a system is

monitored and sometimes scanned for open ports and
vulnerabilities, but does not affect system resources.

10/9/2024 24
 Types of Passive Attacks

• Two types of passive attacks are:

– The release of message contents

– Traffic analysis

10/9/2024 25
 Release of Message Contents

This type of passive attack involves

(1) capturing the sensitive information that is sent via email or
(2) tapping a conversation that is conducted over a telephone
line.

10/9/2024 26
 Traffic analysis

An intruder observes the frequency and length of messages

being exchanged between communicating nodes. A passive
attacker can then use this information for guessing the nature of
the communication that was taking place.

10/9/2024 27
 Network Security Services

Security services are defined for the system resources and

data transfers to provide a specific kind of protection.
✓enhance security of data processing systems and
information transfers of an organization.
✓ intended to counter security attacks.
✓using one or more security mechanisms .
✓These services are also divided into five categories.

10/9/2024 28
 Network Security Services

10/9/2024 29
 Network Security Services

➢Authentication: assures recipient that the message is from the

source that it claims to be from.

➢Access Control: controls who can have access to resource under

what condition

➢Availability: available to authorized entities for 24/7.

➢Confidentiality: information is not made available to
unauthorized individual

➢Integrity: assurance that the message is unaltered

➢Non-Repudiation: protection against denial of sending or
receiving in the communication

10/9/2024 30
 Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic technique
 Security Mechanisms

10/9/2024 32
 Relation between security services and mechanisms

Relation between security services and mechanisms

10/9/2024 33
Model for Network Security
 Model for Network Security
• using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
 Network Security Techniques

➢Mechanisms are only theoretical recipes to implement

security
➢The actual implementation of security goals needs some
techniques.
➢Two techniques are prevalent today
1. cryptography
2. Steganography

10/9/2024 36
 Cryptography
Cryptography is technique of securing information and
communications through use of codes so that only those
person for whom the information is intended can
understand it and process it.

Decipher P = D(K2)(C)
Plaintext ciphertext

Encipher C = E(K1)(P)

K1, K2: from keyspace

10/9/2024 37
 Steganography

Steganography is a technique that facilitates the hiring of a

message that is to be kept secret inside other messages.
Earlier, people used methods to hide messages such as
invisible ink, minute variations, etc.

10/9/2024 38
Conventional Encryption
 Symmetric Encryption
• or conventional / private-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-
key
• was only type of encryption in use prior to
invention of public-key in 1970’s
• and by far most widely used
 Some Basic Terminology
• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
 Symmetric-Key Cipher

General idea of symmetric-key cipher

10/9/2024 42
 Requirements
• two requirements for secure use of symmetric
encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
• mathematically have:
Y = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key
 Symmetric-Key Cipher Co1

Locking and unlocking with the same key

10/9/2024 44
 Cryptography
• characterize cryptographic system by:
– type of encryption operations used
• substitution / transposition / product
– number of keys used
• single-key or private / two-key or public
– way in which plaintext is processed
• block / stream
 Cryptanalysis
• objective to recover key not just message
• general approaches:
– cryptanalytic attack
rely on the nature of the algorithm plus perhaps some
knowledge of the general characteristics of plaintext or
even some sample plaintext-cipher text pairs.
– brute-force attack
try every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained. On
average, half of all possible keys must be tried to achieve
success.
 Cryptanalysis

As cryptography is the science and art of creating secret

codes, cryptanalysis is the science and art of breaking those
codes.

Cryptanalysis attacks

10/9/2024 47
 Cryptanalysis(Ciphertext-only attack)Co1

Ciphertext-only attack

10/9/2024 48
 Cryptanalysis(Known-plaintext attack) CO1

Known-plaintext attack

10/9/2024 49
 Cryptanalysis(Chosen-plaintext attack) CO1

Chosen-plaintext attack

10/9/2024 50
 Cryptanalysis(Chosen-ciphertext attack) CO1

Chosen-ciphertext attack

10/9/2024 51
• Unconditionally Secure
• Computationally Secure
• Unconditionally Secure: An encryption scheme is
unconditionally secure if the ciphertext generated by the
scheme does not contain enough information to determine
uniquely the corresponding plaintext, no matter how much
ciphertext is available. That is, no matter how much time an
opponent has, it is impossible for him or her to decrypt the
ciphertext simply because the required information is not
there. There is no encryption algorithm that is unconditionally
secure(except One-Time pad).
• Computationally Secure: an algorithm that meets one or
both of the following criteria:
• • The cost of breaking the cipher exceeds the value of the
encrypted information.
• • The time required to break the cipher exceeds the useful
lifetime of the information.
 Classical Encryption Techniques
• Substitution Cipher Technique
• Transposition Cipher Technique
 Substitution cipher CO1

A substitution cipher replaces one symbol with another.

Substitution ciphers can be categorized as either
monoalphabetic ciphers or polyalphabetic ciphers.
Note

A substitution cipher replaces one symbol

with another.

10/9/2024 55
 Types of substitution techniques
• Caesar Cipher
• Monoalphabetic Cipher
• Playfair Cipher
• Hill Cipher
• Polyalphabetic Cipher
• One time pad
 Caesar Cipher
• earliest known substitution cipher by Julius
Caesar
• replaces each letter by 3rd letter on
• example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 Caesar Cipher
• can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• mathematically give each letter a number

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:

c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)
 Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers
– A maps to A,B,..Z
• could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• do need to recognize when have plaintext
 Monoalphabetic Cipher
• rather than just shifting the alphabet
• could shuffle (jumble) the letters arbitrarily
• each plaintext letter maps to a different random
ciphertext letter
• hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
 Monoalphabetic Cipher Security
• now have a total of 26! = 4 x 1026 keys
 Playfair Cipher

• one approach to improving security was to

encrypt multiple letters
• the Playfair Cipher is an example
• invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
 Playfair Key Matrix
• a 5X5 matrix of letters based on a keyword
• fill in letters of keyword (sans duplicates)
• fill rest of matrix with other letters
• eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
 Encrypting and Decrypting
• plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like 'X’
eg. "balloon" encrypts as "ba lx lo on"
2. if both letters fall in the same row, replace each with letter
to right(wrapping back to start from end) e.g AR is
encrypted as RM
3. if both letters fall in the same column, replace each with
the letter below it (again wrapping to top from bottom) MU
is encrypted as CM
4. otherwise each letter is replaced by the letter in the same
row and in the column of the other letter of the pair. thus
HS becomes BP and EA becomes IM(or JM, as encipherer
wishes)
 Security of Playfair Cipher
• security much improved over monoalphabetic
• since have 26 x 26 = 676 digrams
• would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
• and correspondingly more ciphertext
• was widely used for many years
– eg. by US & British military in WW1
• it can be broken, given a few hundred letters
• since still has much of plaintext structure
 Polyalphabetic Ciphers
• polyalphabetic substitution ciphers
• improve security using multiple cipher alphabets
• make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution
• use a key to select which alphabet is used for each
letter of the message
• use each alphabet in turn
• repeat from start after end of key is reached
• Best algorithm used Vigenere cipher
 Vigenère Cipher
• simplest polyalphabetic substitution cipher
• effectively multiple caesar ciphers
• key is multiple letters long K = k1 k2 ... kd
• ith letter specifies ith alphabet to use
• use each alphabet in turn
• repeat from start after d letters in message
• decryption simply works in reverse
 Example of Vigenère Cipher
• write the plaintext out
• write the keyword repeated above it
• use each key letter as a caesar cipher key
• encrypt the corresponding plaintext letter
• eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
 Security of Vigenère Ciphers
• have multiple ciphertext letters for each
plaintext letter
• hence letter frequencies are obscured
• but not totally lost
• start with letter frequencies
– see if look monoalphabetic or not
• if not, then need to determine number of
alphabets, since then can attach each
 Hill Cipher
• Take m successive plaintext and substitute for m
successive cipher text letter.
• For m = 3, the system can be described as follows:
c1 = (k11P1 + k12P2 + k13P3) mod 26
c2 = (k21P1 + k22P2 + k23P3) mod 26
c3 = (k31P1 + k32P2 + k33P3) mod 26
• Expression in terms of Column vector and
matrix

C=KP mod 26

where C and P are column vectors of length 3, representing the

plaintext and ciphertext, and K is a 3 x 3 matrix, representing the
encryption key. Operations are performed mod 26.
 Polyalphabetic Substitution Cipher(Hill cipher) CO1

Example
For example, the plaintext “code is ready” can make a 3 × 4
matrix when adding extra bogus character “z” to the last
block and removing the spaces. The ciphertext is
“OHKNIHGKLISS”.

10/9/2024 72
 Example
• Plaintext =paymoremoney and encryption key

• First three line of the letter of plaintext represented by

vector(15 0 24)

• K(15 0 24)=(375 819 486)mod26=(11 13 18)=LNS

• Entire ciphertext is LNSHDLEWMTRW
 Decryption
• Decryption require using the inverse of matrix K.
• Inverse of K of matrix k is defined by equation KK-1=K-1K=I
• where I is the matrix that is all zeros except for ones along the main
diagonal from upper left to lower right. In the preceding case, the
inverse is

• This is demonstrated as follows:

• In general terms, the Hill system can be
expressed as follows:

C = E(K, P) = KP mod 26
P = D(K, C) = K-1C mod 26
 One-Time Pad
• if a truly random key as long as the message is used, the
cipher will be secure
• key is to be used to encrypt and decrypt a single message, and
then is discarded.
• Each new message requires a new key of the same length as
the new message.
• Such a scheme, known as a one-time pad, is unbreakable.
• It produces random output that bears no statistical
relationship to the plaintext. Because the ciphertext contains
no information whatsoever about the plaintext, there is
simply no way to break the code.
• problems in generation & safe distribution of key
 One Time Pad
• ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
• key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
• plaintext: mr mustard with the candlestick in the hall
• ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
• key: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
• plaintext: miss scarlet with the knife in the library
• In theory, we need look no further for a cipher. The one-time pad
offers complete security but, in practice, has two fundamental
difficulties:
• 1. There is the practical problem of making large quantities of
random keys. Any heavily used system might require millions of
random characters on a regular basis. Supplying truly random
characters in this volume is a significant task.
• 2. Even more daunting is the problem of key distribution and
protection. For every message to be sent, a key of equal length is
needed by both sender and receiver. Thus, a mammoth key
distribution problem exists.
• Because of these difficulties, the one-time pad is of limited utility
and is useful primarily for low-bandwidth channels requiring very
high security.
 Transposition Ciphers
• now consider classical transposition or permutation
ciphers
• these hide the message by rearranging the letter
order
• without altering the actual letters used
• can recognise these since have the same frequency
distribution as the original text
• Two Technique
Rail Fence Cipher
Row transpositions Cipher
 Transposition Chiper

A transposition cipher does not substitute one symbol for

another, instead it changes the location of the symbols.
Note

A transposition cipher reorders symbols.

Types

-Rail Fence
-Columnar transposition
-Double transposition
10/9/2024 80
 Transposition Chiper(Rail fence cipher) CO1

Simple transposition ciphers, which were used in the past,

are keyless. A good example of a keyless cipher using the first
method is the rail fence cipher. The ciphertext is created
reading the pattern row by row. For example, to send the
message “Meet me at the park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR”.

10/9/2024 81
 Row Transposition Ciphers
• a more complex transposition
• write letters of message out in rows over a specified
number of columns
• then reorder the columns according to some key
before reading off the rows
• “The simplest possible
Transposition”
• Key: 4 1 5 3 2

10/9/2024 83
 Transposition Chiper(Columner cipher) CO1

Alice and Bob can agree on the number of columns and use
the second method. Alice writes the same plaintext, row by
row, in a table of four columns.

She then creates the ciphertext “MMTAEEHREAEKTTP”.

10/9/2024 84
 Transposition Chiper(Columner cipher)

Example 1

10/9/2024 85
 Transposition Chiper(Double Columner cipher) CO1

Double transposition cipher

10/9/2024 86
 Symmetric ciphers CO1

The literature divides the symmetric ciphers into two broad

categories: stream ciphers and block ciphers. Although the
definitions are normally applied to modern ciphers, this
categorization also applies to traditional ciphers.

Types

1 Stream Ciphers

2 Block Ciphers

10/9/2024 87
 Block vs Stream Ciphers
• block ciphers process messages in blocks, each
of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or byte
at a time when en/decrypting
• many current ciphers are block ciphers
– better analysed
– broader range of applications
 Modern Block Cipher CO1

A symmetric-key modern block cipher encrypts an

n-bit block of plaintext or decrypts an n-bit block of cipher-
text. The encryption or decryption algorithm uses a k-bit
key.

10/9/2024 89
 Block Cipher Principles
• most symmetric block ciphers are based on a Feistel
Cipher Structure
• needed since must be able to decrypt ciphertext to
recover messages efficiently
• block ciphers look like an extremely large
substitution
• would need table of 264 entries for a 64-bit block
• instead create from smaller building blocks
• using idea of a product cipher
Block vs Stream Ciphers
 Claude Shannon and Substitution-
Permutation Ciphers
➢ Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
➢ form basis of modern block ciphers
➢ S-P nets are based on the two primitive
cryptographic operations seen before:
⚫ substitution (S-box)
⚫ permutation (P-box)
➢ provide confusion & diffusion of message & key
 Shannon’s Theory of Confusion and Diffusion CO1

Shannon introduced the concept of a product cipher. A

product cipher is a complex cipher combining substitution,
permutation, and other components.

Diffusion
The idea of diffusion is to hide the relationship between
the ciphertext and the plaintext.

Note
Diffusion hides the relationship between the
ciphertext and the plaintext.

10/9/2024 93
 Shannon’s Theory of Confusion and Diffusion

Confusion
The idea of confusion is to hide the relationship between
the cipher-text and the key.

Note

Confusion hides the relationship between the

ciphertext and the key.

Rounds
Diffusion and confusion can be achieved using iterated
product ciphers where each iteration is a combination of S-
boxes, P-boxes, and other components.

10/9/2024 94
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher.
• Feistel cipher is a design model designed to create different
block ciphers, such as DES.
• The model uses substitution and permutation alternately.
• This cipher structure is based on the Shannon model
proposed in 1945.

• partitions input block into two halves

– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s S-P net concept
 Classes of Product Cipher(Feistel Cipher) CO1
Feistel cipher design

Note

Diffusion hides the relationship between the

ciphertext and the plaintext.
10/9/2024 96
 Faculty Name Subject code and
10/9/2024 97
abbreviation Unit Number
 Faculty Name Subject code and
10/9/2024 98
abbreviation Unit Number
 Feistel Cipher Design Elements
➢block size
➢key size
➢number of rounds
➢subkey generation algorithm
➢round function
➢fast software en/decryption
➢ease of analysis
• Block size: Larger block sizes mean greater security But reduced
encryption/decryption speed. Greater security is achieved by greater diffusion.
Block size of 64 bits has been considered a reasonable. However, the new AES
uses a 128-bit block size.
• Key size: Larger key size means greater security but may decrease
encryption/decryption speed. Greater confusion. Key sizes of 64 bits or less are
now widely considered to be inadequate, and 128 bits has become a common
size
• Number of rounds: The essence of the Feistel cipher is that a single round
offers inadequate security but that multiple rounds offer increasing security. A
typical size is 16 rounds.
• Subkey generation algorithm: Greater complexity should lead to greater
difficulty of cryptanalysis.
• Round function: Greater complexity means greater resistance to cryptanalysis.
• Fast software en/decryption: speed of execution of the algorithm becomes a
concern.
• Ease of analysis: if the algorithm can be concisely and clearly explained, it is
easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore
develop a higher level of assurance as to its strength
 Data Encryption Standard (DES)
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST)
• encrypts 64-bit data using 56-bit key
• has widespread use
• has been considerable controversy over its
security
 Data Encryption Standard (DES) CO1

The encryption process is made of two permutations (P-

boxes), which we call initial and final permutations, and
sixteen Feistel rounds.

10/9/2024 102
10/9/2024 103
 Data Encryption Standard (DES) CO1

10/9/2024 104
 General structure of DES

10/9/2024 105
 Data Encryption Standard (DES) CO1

DES uses 16 rounds. Each round of DES is a Feistel cipher.

A round in DES
(encryption site)

10/9/2024 106
10/9/2024 108
 Data Encryption Standard (DES) CO1

10/9/2024 109
 Data Encryption Standard (DES) CO1

Note

The initial and final permutations are straight P-boxes

that are inverses of each other.
They have no cryptography significance in DES.

10/9/2024 110
 Data Encryption Standard (DES) Function CO1

10/9/2024 111
10/9/2024 112
 Data Encryption Standard (DES) Function CO1

Expansion P-box

Expansion permutation

Each 4-bit block is expanded to 6 bit

and produce 48 bit block

10/9/2024 113
 Faculty Name Subject code and
10/9/2024 114
abbreviation Unit Number
 Data Encryption Standard (DES) Function CO1

Expansion P-box table

Since right input is 32-bit and round key is a

48-bit, we first need to expand right input to 48
bits.

10/9/2024 115
 Faculty Name Subject code and
10/9/2024 116
abbreviation Unit Number
10/9/2024 117
 Data Encryption Standard (DES) Function CO1

•XOR (Whitener). − After the expansion permutation, DES does

XOR operation on the expanded right section and the round key.
The round key is used only in this operation.
•Substitution Boxes. − The S-boxes carry out the real mixing
(confusion). DES uses 8 S-boxes, each with a 6-bit input and a 4-
bit output.
10/9/2024 118
 Faculty Name Subject code and
10/9/2024 119
abbreviation Unit Number
10/9/2024 121
• Straight Permutation − The 32 bit output of S-
boxes is then subjected to the straight
permutation with rule shown in the following
illustration:

10/9/2024 122
10/9/2024 123
 Strength of DES
• Label of security provided by DES concern two area:-
(i) Key size (ii) nature of algorithm
Key Size
• 56-bit keys have 256 = 7.2 x 1016 values
• brute force search looks hard
• On average half of the key has to be searched
• DES finally and definitively proved insecure in July
1998by (EFF)
• still must be able to recognize plaintext
• must now consider alternatives to DES such as AES
,Double DES and Triple DES
 Multiple Data Encryption Standard (DES) Co1

The major criticism of DES regards its key length.

Fortunately DES is not a group. This means that we can
use double or triple DES to increase the key size.

Types

1. Double DES
2. Triple DES

10/9/2024 125
 Double Data Encryption Standard (DES) CO1

 In this approach, we use two instances of DES ciphers for

encryption and two instances of reverse ciphers for decryption.

 Each instances use a different key.

• The size of the key is doubled.

 However, double DES is vulnerable to meet-in-the-middle

attack.

10/9/2024 126
 Double Data Encryption Standard (DES) CO1

 Given a plaintext P and two encryption keys 𝐾1 and 𝐾2,

a cipher text can be generated as,
C = E(𝐾2, E(𝐾1, P))

 Decryption requires that the keys be applied in reverse

order,

P = D(𝐾1, D(𝐾2, C))

10/9/2024 127
 Double Data Encryption Standard (DES) CO1

Meet-in-the-middle attack for double DES

10/9/2024 128
 Double Data Encryption Standard (DES) CO1

Meet-in-the-middle attack for double DES

 The middle text, the text created by the first encryption
or the first decryption, M, should be same
M = 𝐸𝐾1(P) M = 𝐷𝐾2(C)
 Encrypt P using all possible values of 𝐾1 and records all values
obtained for M.
 Decrypt C using all possible values of 𝐾2 and records all values
obtained for M.
 Create two tables sorted by M values.
 Now compares the values for M until we finds those pairs of 𝐾1
& 𝐾2 for which the value of M is same in both tables.

10/9/2024 129
 Double Data Encryption Standard (DES) CO1

Meet-in-the-middle attack for double DES

 Instead of using 2112 key search tests, we have to use 256 key
search tests two times.
 Moving from a Single DES to Double DES, we have to
increased the strength from 256 to 257.

10/9/2024 130
 Triple Data Encryption Standard (DES) CO1

Triple DES with two keys

 Use three stages of DES for encryption and decryption.

 The 1st, 3rd stage use 𝐾1 key and 2nd stage use 𝐾2 key.

 To make triple DES compatible with single DES, the middle

stage uses decryption in the encryption side and encryption
in the decryption side.

 It’s much stronger than double DES.

10/9/2024 131
 Triple Data Encryption Standard (DES) CO1

Triple DES with two keys

 The function follows an encrypt-decrypt-encrypt

(EDE) sequence.

C = E(𝐾1, D(𝐾2, E(𝐾1, P)))

P = D(𝐾1, E(𝐾2, D(𝐾1, C)))

 By the use of triple DES with 2-key encryption, it raises the
cost of meet- in-the-middle attack to 2112.

 It has the drawback of requiring a key length of 56 × 3 =

168bits which may be somewhat unwieldy.
10/9/2024 132
 Triple Data Encryption Standard (DES) CO1

Triple DES with 3-key

 Although the attacks just described appear impractical,
anyone using two- key 3DES may feel some concern.
 Thus, many researchesnow feel that 3-key 3DES is the
preferred alternative.
 Use three stages of DES for encryption and decryption
with three different keys.
 3-key 3DES has an effective key length of 168 bits and is
defined as,
• C = E(𝐾3, D(𝐾2, E(𝐾1, P)))
• P = D(𝐾1, E(𝐾2, D(𝐾3, C)))

10/9/2024 133
 Triple Data Encryption Standard (DES) CO1

Triple DES with 3-key

10/9/2024 134
 Avalanche effect
• Desirable property of any encryption algorithm is
that a small change in either the plaintext or the key
should produce a significant change in the
ciphertext. This effect is called avalanche effect
• In particular, a change in one bit of the plaintext or
one bit of the key should produce a change in many
bits of the ciphertext.
• If the change were small, this might provide a way to
reduce the size of the plaintext or key space to be
searched.
• DES exhibits a strong avalanche effect.
 Strength of DES
• Label of security provided by DES concern two area:-
(i) Key size (ii) nature of algorithm
Key Size
• 56-bit keys have 256 = 7.2 x 1016 values
• brute force search looks hard
• On average half of the key has to be searched
• DES finally and definitively proved insecure in July
1998by (EFF)
• still must be able to recognize plaintext
• must now consider alternatives to DES such as AES
,Double DES and Triple DES
 Strength of DES
• Label of security provided by DES concern two area:-
(i) Key size (ii) nature of algorithm
Key Size
• 56-bit keys have 256 = 7.2 x 1016 values
• brute force search looks hard
• On average half of the key has to be searched
• DES finally and definitively proved insecure in July
1998by (EFF)
• still must be able to recognize plaintext
• must now consider alternatives to DES such as AES
,Double DES and Triple DES
 Block Cipher Modes of Operation
A block cipher takes a fixed-length block of text of length b bits and a key as input
and produces a b-bit block of ciphertext. If the amount of plaintext to be encrypted
is greater than b bits, then the block cipher can still be used by breaking the
plaintext up into b-bit blocks. When multiple blocks of plaintext are encrypted using
the same key, a number of security issues arise. To apply a block cipher in a variety
of applications, five modes of operation have been defined by NIST.

A mode of operation is a technique for enhancing the effect of a cryptographic

algorithm or adapting the algorithm for an application, such as applying a block
cipher to a sequence of data blocks or a data stream.

(1) Electronic code book (ECB): The simplest mode, in which plaintext is handled
one block at a time and each block of plaintext is encrypted using the same key. The
term codebook is used because, for a given key, there is a unique ciphertext for
every b-bit block of plaintext. The ECB method is ideal for a short amount of data,
such as an encryption key.

138
10/9/2024 139
 Block Cipher Modes of Operation

(2) Cipher Block Chaining Mode (CBC): In this scheme, the input to the encryption algorithm
is the XOR of the current plaintext block and the preceding ciphertext block; the same key is
used for each block. Therefore, if the same plaintext block is repeated, different ciphertext
blocks are produced. For decryption, each cipher block is passed through the decryption
algorithm. The result is XORed with the preceding ciphertext block to produce the plaintext
block. We can define CBC mode as

The IV is an initialization block, which is produced using random number generator and it
should be the same size as the cipher block. This must be known to both the sender and
receiver but it should be unpredictable by a third party.

10/9/2024 140
10/9/2024 141
 Stream Modes of Operation
• block modes encrypt entire block
• may need to operate on smaller units
– real time data
• convert block cipher into stream cipher
– cipher feedback (CFB) mode
– output feedback (OFB) mode
– counter (CTR) mode
• use block cipher as some form of pseudo-
random number generator
Cipher Feedback Mode (CFB) –

In this mode the cipher is given as feedback to the next block of encryption
with some new specifications: first, an initial vector IV is used for first
encryption and output bits are divided as a set of s and b-s bits. The left-hand
side s bits are selected along with plaintext bits to which an XOR operation is
applied. The result is given as input to a shift register having b-s bits to lhs,s bits
to rhs and the process continues. The encryption and decryption process for
the same is shown below, both of them use encryption algorithms.

10/9/2024 143
 Faculty Name Subject code and
10/9/2024 144
abbreviation Unit Number
(4) Output Feedback Mode (OFB): This scheme operates on full blocks of plaintext
and ciphertext where the output of the encryption function is fed back to become
the input for encrypting the next block of plaintext.

Let the size of a block be b. If the last block of plaintext contains u bits, with u < b,
the most significant u bits of the last output block ON are used for the XOR
operation. In the case of OFB, the IV must be a nonce; that is, the IV must be unique
to each execution of the encryption operation.

10/9/2024 145
10/9/2024 146
 Cipher Modes of Operation

(5) Counter Mode (CTR): In this mode, each block of plaintext is XORed with an
encrypted counter. Typically, the counter is initialized to some value and then
incremented by 1 for each subsequent block being encrypted using the same key.
Given a sequence of counters T1, T2, …, TN, we can define CTR mode as follows:

The advantages of the CTR are (1) hardware and software efficiency, (2)
preprocessing, (3) random access, (4) provable security and (5) simplicity.

10/9/2024 147
10/9/2024 148
 Faculty Video Links, Youtube & NPTEL Video Links and Online
Courses Details

• Youtube/other Video Links

1. https://youtu.be/Q-HugPvA7GQ

• NPTEL Video link

1. https://nptel.ac.in/courses/106105162/

2. http://www.nptelvideos.in/2012/11/cryptography-and-network-
security.html

10/9/2024 Gaurav Singhania RIT-701 CNS Unit 1 149

 Daily Quiz

What are the types of attacks on

encrypted message?

Differentiate between passive

attacks and active attacks.

10/9/2024 150
 Daily Quiz

What is cryptanalysis and

cryptography?

What are the key principles of

security?.

10/9/2024 151
 Daily Quiz

Define threat and attack?

Define Diffusion & confusion.

10/9/2024 152
 MCQ s

1. __________ ensures that a message was received by

the receiver from the actual sender and not from an
attacker.

(a) Authentication

(b) Authorization

(c) Integration

(d) None of these

10/9/2024 153
 MCQ s

2. Which of the following services is not an

authentication service?

(a) Peer entity authentication

(b) Data origin authentication

(c) Data destination authentication

(d) None of these

10/9/2024 154
 MCQ s

3. Which of the following is a passive attack?

(a) Masquerade

(b) Replay

(c) Denial of service (DoS)

(d) Traffic analysis

10/9/2024 155
 MCQ s

4. Which of the following attacks is not a threat to the

integrity of data?

(a) Masquerade

(b) Modification

(c) Repudiation

(d) Snooping

10/9/2024 156
 MCQ s

5. The conversion of ciphertext into plaintext is known

as __________.

(a) Encryption

(b) Decryption

(c) Cryptography

(d) Cryptanalyst

10/9/2024 157
 MCQ s

6. Which of the following is a component of

cryptography?

(a) Ciphertext

(b) Ciphers

(c) Key

(d) All of these

10/9/2024 158
 MCQ s

7. Which of the following is needed to implement a

chosen-plaintext attack?
(a) The attacker must have knowledge of the ciphertext.
(b) The attacker must have access to the receiver's
computer.
(c) The attacker must have access to the sender's
computer.
(d) Both (a) and (b)

10/9/2024 159
 MCQ s

8. Which of the following is needed to implement a

chosen-ciphertext attack?
(a) The attacker must have knowledge of the ciphertext.
(b) The attacker must have access to the receiver's
computer.
(c) The attacker must have access to the sender's
computer.
(d) Both (a) and (b)

10/9/2024 160
 MCQ s

9. Which of the following is true in the context of

steganography?

(a) It conceals the existence of the message.

(b) It conceals the contents of the message.

(c) It involves less overhead than cryptography.

(d) Both (a) and (b)

10/9/2024 161
 MCQ s

10. In public-key cryptography, _______ key is used for

encryption.

(a) Public

(b) Private

(c) Both (a) and (b)

(d) Shared

10/9/2024 162
 MCQ s

11. Which of the following is a monoalphabetic cipher?

(a) Caesar cipher

(b) Autokey cipher

(c) Vigenere cipher

(d) All of these

10/9/2024 163
 MCQ s

12. The __________ cipher is a combination of

additive and multiplicative ciphers with a pair of
keys.

(a) Affine

(b) Caesar

(c) Autokey

(d) Shift

10/9/2024 164
 MCQ s

13. In the polyalphabetic cipher, the characters in

plaintext have a __________ relationship with the
characters in ciphertext.

(a) One-to-one

(b) One-to-many

(c) Many-to-one

(d) Many-to-many

10/9/2024 165
 MCQ s

14. The Hill cipher belongs to the category of ciphers,

named _________.

(a) Stream cipher

(b) Block cipher

(c) Both (a) and (b)

(d) None of these

10/9/2024 166
 MCQ s

15. The __________ cipher can be categorized as a

stream cipher.

(a) Additive

(b) Hill

(c) Playfair

(d) None of these

10/9/2024 167
 MCQ s

16. Which of the following is/are components of a

modern block cipher?

(a) Circular shift

(b) S-box

(c) P-box

(d) All of these

10/9/2024 168
 MCQ s

17. __________ is based on the idea of hiding the

relationship between the ciphertext and the key.

(a) Diffusion

(b) Confusion

(c) Both (a) and (b)

(d) None of these

10/9/2024 169
 MCQ s

18. Each round in DES uses _________ S-boxes.

(a) Five

(b) Ten

(c) Eight

(d) Six

10/9/2024 170
 MCQ s

19. DES encrypts/decrypts blocks of

_________ bits.
(a) 128
(b) 64
(c) 56
(d) 192

10/9/2024 171
 MCQ s

20. Which of the following is/are components of a

modern block cipher?

(a) Circular shift

(b) S-box

(c) P-box

(d) All of these

10/9/2024 172
 Old Question Papers

• AKTU Previous year question paper

https://aktu.ac.in/question-bank.html

10/9/2024 173
 Expected Questions for University Exam

A. What is Symmetric Cipher Model? Also explain

difference between Symmetric and Asymmetric
model.

B. Explain Playfair cipher. If Plain Text

wearecomputersciencestudents

find cipher text.

10/9/2024 174
 Summary
➢ computer, network, internet security
➢ X.800 standard
➢ Security attacks, services, mechanisms
➢ Models for network (access) security
➢ Classical cipher techniques and terminology
➢ Transposition cipher
➢ Product ciphers and Rotor machines
➢ Stenography and Cryptography
➢ DES

10/9/2024 175
 Thank You
10/9/2024 176