Network Security Cryptography

Module            8
Network Security Cryptography

Specific Instructional Objectives
On completion, the students will be able to:
􀂾 State the need for secured communication
􀂾 Explain the requirements for secured communication
􀂾Explain the following cryptographic algorithms:
􀂃 Symmetric-key Cryptography
•Traditional ciphers
•Monoalphabetic Substitution
•Polyalphabetic Substitution
•Transpositional Cipher
•Block ciphers
􀂃Public-key Cryptography
•The RSA Algorithm
8.1.1 Introduction
The word cryptography has come from a Greek word, which means secret writing. In the present day context it refers to the tools and techniques used to make messages secure for communication between the participants and make messages immune to attacks by hackers. For private communication through public network, cryptography plays a very crucial role. The role of cryptography can be illustrated with the help a simple model of cryptography as shown in Fig. 8.1.1. The message to be sent through an unreliable medium is known as plaintext, which is encrypted before sending over the medium. The encrypted message is known as ciphertext, which is received at the other end of the medium and decrypted to get back the original plaintext message. In this lesson we shall discuss various cryptography algorithms, which can be divided into two broad categorize - Symmetric key cryptography and Public key cryptography. Cryptography algorithms based on symmetric key cryptography are presented in Sec. 8.1.2. Public key cryptography has been addressed in Sec. 8.1.3.
Figure 8.1.1. A simple cryptography model
Version 2 CSE IIT, Kharagpur
8.1.2 Symmetric Key Cryptography
The cipher, an algorithm that is used for converting the plaintext to ciphertex, operates on a key, which is essentially a specially generated number (value). To decrypt a secret message (ciphertext) to get back the original message (plaintext), a decrypt algorithm uses a decrypt key. In symmetric key cryptography, same key is shared, i.e. the same key is used in both encryption and decryption as shown in Fig. 8.1.2. The algorithm used to decrypt is just the inverse of the algorithm used for encryption. For example, if addition and division is used for encryption, multiplication and subtraction are to be used for decryption.
Symmetric key cryptography algorithms are simple requiring lesser execution time. As a consequence, these are commonly used for long messages. However, these algorithms suffer from the following limitations:
􀂃Requirement of large number of unique keys. For example for n users the number of keys required is n(n-1)/2.
􀂃Distribution of keys among the users in a secured manner is difficult.
Figure 8.1.2. A simple symmetric key cryptography model
8.1.2.1 Monoalphabetic Substitution

One simple example of symmetric key cryptography is the Monoalphabetic substitution. In this case, the relationship between a character in the plaintext and a character in the ciphertext is always one-to-one. An example Monoalphabetic substitution is the Caesar cipher. As shown in Fig. 8.1.3, in this approach a character in the ciphertext is substituted by another character shifted by three places, e.g. A is substituted by D. Key feature of this approach is that it is very simple but the code can be attacked very easily.

Figure 8.1.3. The Caesar cipher
Version 2 CSE IIT, Kharagpur

8.1.2.2 Polyalphabetic Substitution
This is an improvement over the Caesar cipher. Here the relationship between a character in the plaintext and a character in the ciphertext is always one-to-many.
Example 8.1: Example of polyalphabetic substitution is the Vigenere cipher. In this case, a particular character is substituted by different characters in the ciphertext depending on its position in the plaintext. Figure 8.1.4 explains the polyalphabetic substitution. Here the top row shows different characters in the plaintext and the characters in different bottom rows show the characters by which a particular character is to be replaced depending upon its position in different rows from row-0 to row-25.
• Key feature of this approach is that it is more complex and the code is harder to attack successfully.

Figure 8.1.4. Polyalphabetric substitution

8.1.2.3 Transpositional Cipher
The transpositional cipher, the characters remain unchanged but their positions are changed to create the ciphertext. Figure 8.1.5 illustrates how five lines of a text get modified using transpositional cipher. The characters are arranged in two-dimensional matrix and columns are interchanged according to a key is shown in the middle portion of the diagram. The key defines which columns are to be swapped. As per the key shown in the figure, character of column is to be swapped to column 3, character of column 2 is to be swapped to column 6, and so on. Decryption can be done by swapping in the reverse order using the same key.

Transpositional cipher is also not a very secure approach. The attacker can find the plaintext by trial and error utilizing the idea of the frequency of occurrence of characters.

Version 2 CSE IIT, Kharagpur
Figure 8.1.5. Operation of a transpositional cipher

8.1.2.4 Block Ciphers
Block ciphers use a block of bits as the unit of encryption and decryption. To encrypt a 64-bit block, one has to take each of the 264 input values and map it to one of the 264 output values. The mapping should be one-to-one. Encryption and decryption operations of a block cipher are shown in Fig. 8.1.6. Some operations, such as permutation and substitution, are performed on the block of bits based on a key (a secret number) to produce another block of bits. The permutation and substitution operations are shown in Figs

8.1.7 and 8.1.8, respectively. In the decryption process, operations are performed in the reverse order based on the same key to get back the original block of bits.
Version 2 CSE IIT, Kharagpur

Figure 8.1.6. Transformations in Block Ciphers
Permutation: As shown in Fig. 8.1.7, the permutation is performed by a permutation box at the bit-level, which keeps the number of 0s and 1s same at the input and output. Although it can be implemented either by a hardware or a software, the hardware implementation is faster.
Figure 8.1.7. Permutation operation used in Block Ciphers
Substitution: As shown in Fig. 8.1.8, the substitution is implemented with the help of three building blocks – a decoder, one p-box and an encoder. For an n-bit input, the decoder produces an 2n bit output having only one 1, which is applied to the P-box. The P-box permutes the output of the decoder and it is applied to the encoder. The encoder, in turn, produces an n-bit output. For example, if the input to the decoder is 011, the output of the decoder is 00001000. Let the permuted output is 01000000, the output of the encoder is 011.
Version 2 CSE IIT, Kharagpur
A         operations is shown in Fig. 8.1.9. It performs the following steps:
Step-2: Substitute each 8-bit based on
Step-3: Permute the bits based on the key
A         Figure 8.1.9
Version 2 CSE IIT, Kharagpur
Encryption Standard (DES)
One example of the block cipher is the Data Enc
of the DES algorithm are given below: • A monoalphabetic substitution c
•It has 19 distinct stages
•Although the input key f
only 56 bits in length. • The decryption can be
carried out in reverse order. • DES has 16 rounds, meaning
the ciphertext. • As the number o
exponentially. • Once the key sc
actual encryption or decryption is performed with the help of the main DES algorithm as shown in Fig. 8.1.10.
Version 2 CSE IIT, Kharagpur
Caining (CBC)
In this mode of operation, encrypted cipher
next plaintext block to be encrypted, thus making all the blocks dependent on all the previous blocks. The initialization vecto
Version 2 CSE IIT, Kharagpur
Figure 8.1.13 Cipher Feedback Mode (CFB) encryption technique Output Feedback Mode (OFB) The encryption technique of Output Feedback Mode (OFB) is shown in Fig. 8.1.14. Key features of this mode are mentioned below: • OFB is also a stream cipher • Encryption is performed by XORing the message with the one-time pad • One-time pad can be generated in advance • If some bits of the ciphertext get garbled, only those bits of plaintext get garbled • The message can be of any arbitrary size • Less secure than other modes
Version 2 CSE IIT, Kharagpur
8.1.2.7 Triple DES
Tincreasing the key length. Its operation is explained below: • Each block of plaintext is subjected to en
encryption by K1 in a sequen
•
CBC is used to turn the block encryption scheme into a stream encryption
Version 2 CSE IIT, Kharagpur
8.1.3 Public key Cryptography
In public key cryptography, there are two keys: a private key and a public key. The public
key is announced to the public, where as the private key is kept by the receiver. The
sender uses the public key of the receiver for encryption and the receiver uses his private
key for decryption as shown in Fig. 8.1.16.
• Advantages: o The pair of keys can be used with any other entity The number of keys required is small
o
• Disadvantages: It is not efficient for long messages
O
o Association between an entity and its public key must be verified
• Com
r d relatively prime to z
Version 2 CSE IIT, Kharagpur
• Find e such that e x d mod (p-1)x(q-1)•
For decryption: P = Cd (mod n)
n and decryption?
Ans: Ey
ncrption transforms a message (plaintext) into a form ryption trans
to an unauthorized person. On the other hand, dec into meaningful (plaintext) inform
(ciphertext) message
2. What are the two approaches of encryption/decryption technique?
AOne key techniencryption and
transmitting end key is known (or public), whereas the receiving end key is secret. 3. For n numb
key cryptography schemes?
Ans: For n users n(n-1)/2 keys are required in private key cryptography and 2n keys are required in public key cryptography.
4. How triple DES enhances performance compared to the original DES?
1.Ans: It was realized that the DES key length was too short tecure by effectively in
Triple DES was used to make DES more sHere two keys are used in three stages.
Version 2 CSE IIT, Kharagpur
5. Explain how RSA works.
Version 2 CSE IIT, Kharagpur