Vigenere Cipher

Network Security

Posted by

0

What is Network Security ?
The objective of network security includes protection of information and property from theft, corruption, unauthorized access or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.

—Computer Criminals:

  • Amateurs: regular users, who exploit the vulnerabilities of the computer system
    –Motivation: easy access to vulnerable resources
  • Crackers: attempt to access computing facilities for which they do not have the authorization
    –Motivation: enjoy challenge, curiosity
  • Career criminals: professionals who understand the computer system and its vulnerabilities
    –Motivation: personal gain (e.g., financial)

Network Security requirements: ( CIA )

  • —Confidentiality – it refers to information protection from unauthorized users
  • —Integrity – it refers to information protection from modifications
  • —Availability – it ensures that access to information is not denied to authorized subjects

 

Goals of Security: ( PDR )

  • —Prevention – Prevent attackers from violating security policy
  • —Detection – Detect attackers’ violation of security policy
  • —Recovery – Stop attack, assess and repair damage  & continue to function correctly even if attack succeeds

Attack vs Threat

—A threat is a “potential” violation of security

—The actual violation of security is called an attack

 

Types of Attacks:

  1. Interruption : Asset or system is destroyed or becomes unusable or unavailable. (Attack on availability)
    Ex : Destruction of FAT, hard disk
  2. Interception : Unauthorized entity gets access to an asset or resource (Attack on Secrecy)
    Ex : Capture of data.
  3. Modification : Unauthorized entity not only gets access to an asset or resource but tampers with it. (Attack on Integrity)
    Ex : Altering  data.
  4. Fabrication : Unauthorized entity inserts counterfeit objects into the system (Attack on Authenticity)
    Ex : Addition or insertion of records in databases

 

Cryptography: Concepts and Techniques
“Cryptography is the art of achieving security by encoding messages to make them non-readable.”

Terminology:

  • ¨Cryptology¨ – the science of secure (often secret) communication
  • ¨Cryptography¨ – the study of principles and techniques through which information can be hidden in a cipher
  • ¨Cryptanalysis¨ – the science and art to recreate the information in a cipher without knowing the key (before hand)
  • ¨Cryptanalyst¨ is a person who attempts to break a cipher text message to obtain the original plain text message.
  • ¨Cipher¨ – secret or disguised writing
  • ¨Plaintext¨ – the original message
  • ¨Key¨ – info used in cipher known only to sender/receiver
  • ¨Encryption¨ – converting plaintext to ciphertext
  • ¨Decryption¨ – converting ciphertext to plain text

 

Cryptography Mechanisms:

  • Substitution:  ( Confusion )
    Replace one or more characters with other characters.
    Example: Replace each a with d, b with e, etc
  • Transposition: ( Diffusion )
    Rearrange the text.
    Example: Replace 1st character with 4th, 2nd with 5th, etc

Substitution techniques:

  • Mono-alphabetic Cipher:
    – Use random substitution
    – For each letter in a plain-text message, use a separate key
    – The crucial difference from Caesar Cipher is, no relation between the replacement of B and      replacement of A
    –  it takes 26! for brute-force attack- A cryptanalyst looks for patterns of alphabets in a cipher text, substitutes the various available alphabets in place of cipher text alphabets, and then tries his attacks
    Eg. Letter frequency technique
    -Therefore, it is easy to break this type of cipher
  • PolyGram Substitution Cipher :
    – replacing one plain text alphabet with one cipher text at a time, a block of alphabets is replaced with another block
    – e.g. HELLO could be replaced by YUQQW, but HELL could be replaced by a totally different cipher text block TEUI
    – Invented by Leon Battista in 1568.
    – Common examples are Vigenere Cipher and the Beaufort Cipher
  1. Caesar Cipher :
    – substitution cipher
    – Created by Julius Caesar
    Caesar Cipher
  2. Modified Version of Caesar Cipher :
    – replaces each letter by k’th letter
    – 1 <= k <=25
    – better than earlier, but easily breakable within 25 possibilities
  3. Vigenere Cipher:
    – best known and one of the simplest polyalphbetic cipher
    – Vigenere tableau is used;Each of the 26 ciphers is laid out horizontally, with the key letter for each cipher in a column
    Encryption :
    – Given a key letter x and a plaintext letter y, the cipher text letter is at the intersection of the row labeled x and the column labeled y; in this case the ciphertext is V.
    – a key is needed as long as the message.
    Decryption :
    – The key letter again identifies the row, the position of the cipher text letter in  that row determines the column, and the plain text letter is at the top of that column-Example: If the keyword is deceptive, the message “we are discovered save yourself” is encrypted as follows:Key :          deceptivedeceptivedeceptiveplaintext :   wearediscoveredsaveyourselfciphertext:  ZICVTWQNGRZGVTWAVZHCQYGLMGJ
  4. Playfair Cipher: (aka Playfair square)
    – Invented by Charles Wheatstone in 1854
    – 2 steps : a. Creation of Martix    b. Encrypt
    – Playfair Key Matrix :¨a 5X5 matrix of letters based on a keyword¨fill in letters of keyword (sans duplicates)¨fill rest of matrix with other letters¨Combine I and J in same cell
    Ex. using the keyword MONARCHY
    Playfair Cipher_Key MatrixEncryption : plaintext is encrypted two letters at a time

    1.if a pair is a repeated letter, insert filler like ‘X’

    2.if both letters fall in the same row, replace each with letter to right  (wrapping back to start from end)

    3.if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom)

    4.otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair

    5.Ignore spaces and punctuation marks

    Playfair Cipher
    Decryption:
    – reverse the encryption

 

Transposition techniques:
– Substitution ciphers preserve the order of plaintext letters but disguise them.
– Transposition ciphers reorder the letters but do not disguise them

  1. Rail Fence Technique:
    – writing plain text as sequence of diagonals and then reading it row-by-row to produce cipher text.
    Rail Fence Technique
  2. Simple Columnar Transposition
    Encryption :Simple Columnar Transposition
     Decryption :
    a. Rewrite the ciphertext column-wise according to the keyb.Number of columns = number of characters in keyc. Number of rows = (number of characters in ciphertext) mod (number of characters in key)d. Read the plaintext row-wise
  3. Simple Columnar Transposition  Technique with multiple rounds
  4. Vernam Cipher (One-Time pad)
    -Use a random set of non-repeating characters as input cipher text.
    -Length of cipher text = original plain text- Encryption :1.Treat each plain text alphabet as a number in an increasing sequence. (0, 1, 2, …)2.Do the same for the input cipher text chosen only once.3.Add each number corresponding to the plain text alphabet to the corresponding input cipher text alphabet number.4. make mod 26 from it.

    5.Translate each number of the sum back to the corresponding alphabet. This gives the output cipher text.

    Decryption :
    1. Subtract each input cipher text alphabet number from corresponding cipher text numbers
    2. mod 26

    Eg.

    Vernam Cipher

     

Algorithm Types:

  1. Stream:
  2. Block:
    —An obvious problem with block ciphers is repeating text.—It gives clue to the cryptanalyst regarding the original plain text.—Even If the cryptanalyst cannot guess the remaining words, suppose he changes all debit to credit and vice versa in a funds transfer message, it could cause havoc!.—Solution is to use block ciphers in chaining mode.

    —In this mode, the previous block of cipher text is mixed with the current block, so as to obscure the cipher text, thus avoiding repeated patterns of blocks with the same contents.

Algorithm Modes:
An algorithm mode is a combination of a series of the basic algorithm steps on block cipher, and some kind of feedback from the previous step.

Four types of algorithm modes:

1.Electronic Code Book (ECB) :

—Since a single key is used for encrypting all the blocks of a message, if a plain text block repeats in the original message, the corresponding cipher text block also repeats.

—Therefore, ECB is suitable only for encrypting small messages, where the scope for repetition is quite less.

ECB

Decryption:
Same key with Cipher to convert into plaintext.

2.Cipher Block Chaining (CBC):

—Chaining adds a feedback mechanism to a block cipher.

—In CBC, the results of the previous block are fed back into the encryption of the current block. i.e. each block is used to modify the encryption of the next block.

—Thus, each block of cipher text is dependent on the corresponding current input plain text block, as well as all the previous plain text blocks.

—The first step receives two inputs; the first block of plain text and a random block of text, called as Initialization Vector (IV).

—The IV has no special meaning. It is simply used to make each message unique. It is randomly generated.

Cipher Block Chaining

Decryption:

—The cipher text block 1 is passed through the decryption algorithm using the same key, which was used during the encryption process for all the plain text blocks. The output of this step is then XORed with the IV. This process yields plain text block 1.

—In step 2, the cipher text block 2 is decrypted, and its output is XORed with cipher text block 1.

CBC_Decryption

3.Cipher Feedback (CFB)
Cipher Feedback

4.Output Feedback (OFB)
Output Feedback_Encryption

 

Symmetric Key Encryption: (Private Key Encryption)
– Each party has only one key
– —Key must be kept secret
– The same key is used for encryption and decryption
Examples: DES,AES, Blowfish

Data Encryption Standard ( DES ) : aka Data Encryption Algorithm (DEA)

—It is a block cipher.

—It encrypts data in blocks of size 64 bits each, which produces 64 bits of cipher text.

—The same algorithm and key are used for encryption and decryption, with minor differences.

—The key length used is 56 bits. In fact, the initial key consists of 64 bits.

However, before the DES process even starts, every 8th bit of the key is discarded.

—It is based on the two fundamental attributes of cryptography: substitution (also called as confusion) and transposition (also called as diffusion).

—It consists of 16 steps, each of which is called as a round.

Steps:

1.The 64-bit plain text is inputted to an Initial Permutation (IP) function.

2.The IP is performed on plain text.

3.The IP produces two halves of the permuted block; Left Plain Text (LPT) and Right Plain Text (RPT).

4.Each of LPT and RPT goes through 16 rounds of encryption process, each with its own key.

5.In the end, LPT and RPT are rejoined, and a Final Permutation (FP) is performed.

The result of this process produces 64-bit cipher text

Data Encryption Standard

 

Asymmetric Key Encryption : Public key

—Each party has two keys

◦Public Key (say K1)

◦Private Key (say K2)

—Public Key is known to everybody

—Private Key must be kept secret

—Encrypt with K1, Decrypt with K2

Public key encryption

Ex. RSA

RSA : Developed By Rivest, Shamir, Adelman

  • RSA was the first and most widely used public key cryptosystem. Developed in 1977 by three M.I.T. professors
  • It is based on the mathematical properties of modulo arithmetic.
  • It is the only widely and accepted approach to public key algorithms.
  • It is a block cipher in which plaintext and ciphertext are integers between 0 and n-1 for some n.
  • Divide the plaintext ( regarded as bit strings) into blocks so that each falls in the range 0 to n-1.
  • The private and public keys in RSA are based on very large (made up of 100 or more digits) prime numbers.
  • —The real challenge in the case of RSA is the selection and generation of the public and private keys.

 

—A ) Key generation

◦1. Select two large prime numbers p and q.

◦2. Calculate n = p * q

◦3. Calculate integer z = (p-1) * (q-1)

◦4. Choose integer d ( d<n) such that it has no common factors with z

◦5. Find e such that e * d  mod z = 1

—

—Public key  KU = {e,n}  Private key FR = {d,n}

—B) Encryption  Plaintext : P < n

—  Ciphertext : C = Pe (mod n)

—C) Decryption   Ciphertext : C

—  Plaintext :  P = Cd (mod n)

Difference between Private & Public  Key Encryption Techniques:

Public Vs Private key Encryption

 

Key Management & Exchange :


Key Length:

  • —Symmetric Key Cryptography :
    If the key is 8 bits long, there are 28, or 256, possible keys. Therefore, it will take 256 attempts to find the correct key.If the key is 56 bits long, then there are 256 possible keys.
  • —Asymmetric Key Cryptography :
    Public-key encryption algorithms are based on the difficulty of factoring large numbers that are the product of two large primes
    – Breaking these algorithms does not involve trying every possible key; breaking these algorithms involves trying to factor the large number
    – If the number is too small, you have no security.

 

Key Generation:

  • —Security rests on keys
  • —Hardest part of cryptography
  • —Keeping keys secret is hard
  • —Cryptanalysts often attack key management protocols and algorithms
  • —If you’re using a cryptographically weak process to generate keys, then your whole system is weak.

 

Key Exchange:
Diffie Hellman key exchange protocol allows strangers to establish a shared secret key.

Diffie Hellman Protocol

—Advantage :

◦If Intruder T knows g and n and can find the secret key if x and y are known.

—Disadvantages :

◦Once B gets the message, B has no way of knowing that it came from A.

◦T can use this fact to deceive both.

 

One Way Hashing :

The goal is integrity, not secrecy
MD5 Vs. SHA