Note - Basics in Netwok Security
This is a information age.In the network, the privacy is needed when the information are tranfered through internet and informations need to be secured from attacks.
There are three major goals of information security.
These key ciphers are not used today since it is simple and easy to attack.In this case the encryption key and the decryption key are same. So when using this cipher keys, the data has to be encrypted and send the key using a secure channel and can use an un-secure channel to send the encrypted data.
Kerchoff's principle
The resistance of the cipher attack must be based only on the key.
Cryptanalysis attacks:
The simplest mono-alphabetic cipher is the additive cipher called shift cipher and also Caeser cipher. When the cipher is additive then the plaintext and the cipher-text ,and key are integers in mod of 26.
C = (P + k) mod 26 P = (C - k) mod 26
In a Multiplicative cipher, the encryption algorithm specifies multiplication of the plain-text by the key and decryption algorithm specifies division of the ciphertext by the key.
C = (P x k) mod 26 P = (C x k) mod 26
In Affine cipher, these multiplication and the addition are combined with the pair of keys.
T= (P x k1) mod 26 P = (T x inverse of k1) mod 26
C = (T x k2) mod 26 T = (C x inverse of k2) mod 26
since these have small key domains, the are very vulnerable to brute-force attack.
-Poly-alphabetic substitution(One to Many relationship)
Each occurrence of a character may have a different substitution.
Auto-key cipher, play-fair cipher(used by the British army during World Wars), Vigenere cipher(use a word as the key and this is a combination of m additive ciphers)
In the past, the text was written row by row in a table and read column by column and the text was written column by column and read, row by row.
Rail-Fence cipher : arrange the message in zig-zag pattern and write row by row.
Transposition ciphers are vulnerable to several kinds of cipher-text only attacks.
-Statical attacks : does not change the frequency of the letters in the cipher text, it only reorders the letters.
-Brute force attacks : try all the possible keys to decrypt the message.
Stream and Block ciphers
-Stream ciphers : typically encryption and decryption are done on one symbol. Additive cipher(Mono-alphabetic),Mono-alphabetic substitution cipher(mono-alphabetic), and Vigenere cipher(Poly-alphabetic) are stream ciphers.
-Block ciphers : a group of plain-text symbols of m(m>1) are encrypted together creating a group of cypher text of the same size.
Play-fair cipher, Hill cipher are block ciphers.
And also every block cipher is a pol-alphabetic cipher cipher because each character in the cipertext depends on the plain-text.
until now so far are Character-Oriented ciphers
Modern Symmetric-Key cipher
Full-size key ciphers :
-Full-size Transposition block ciphers : Transposes bits without changing their values, so it has n! possible keys and the key should have log2 n! bits.
-Full-size Substitution block cipher : does not transpose, but substitute bits.
Key-less ciphers : Although it is useless partially, used in keyed ciphers as components.
-Key-less Transposition cipher : A key-less(or fixed-key) transposition cipher(or unit) can be thought as a previewed transposition cipher when implemented in hardware.
-Key-less Substitution cipher : A key-less(or fixed-key) transposition cipher(or unit) can be thought of as a predefined mapping from the input to output.
Components of a Modern- Key cipher
-Compression P-Box
-Expansion P-Box
Product Ciphers :
A complex cipher combining substitution,permutation and other components.
l
-Feistel Ciphers
can use of three types of components : self-invertible, invertible and non-invertible components.
-Non-Feistel Ciphers
uses only invertible components.
Confusion and Diffusion
-Diffusion : hides the relationship between the cipher-text and the plain-text.
-Confusion : hides the relationship between the cipher-text and the key.
Attacks on Block ciphers
These attacks use differential and linear cryptanalysis attack.
Encryption and Decryption are done r bits at a time.
Data Encryption Standard(DES)
DES is a symmetric Block cipher.
The encryption process is made of two permutations, initial and final permutations and 16 feistel rounds.In here key - 56 bits, parity bits - 8 bits.
Key generation : the round key generator creates six-teen 48 bit keys out of a 56 bit key.
This is self invertible because of Exclusive OR operation. The security depends on the DES function.
P-boxes,S-Boxes,mixers, swappers and etc are used.
DES analysis
-Avalanche effect : small change in the plain-text(or key) should create a significant change in the cipher-text.
-Completeness : each bit of the cipher-text needs to depend on many bits on plain-text.
DES weaknesses
-weaknesses in cipher design and weaknesses in cipher key.
Asymmetric-key Cryptography
In here, it uses two different keys , one is a public key and other is a private key.
Using Fermatt's theorem and Euler's theorem the two keys are produced. one key is published and other one is with the owner.
If some one wants to send a message, then he should take receivers public key and encrypt, after encrypting even the sender would not be able to open the message again.Because of this, there is no need of a secure channel to send keys.
But when considering about a long message, it takes time to decrypt and because of that first encrypt a session key and send it through un-secure channel using public key encryption. after that both have the keys and then can do communication with a symmetric key.
This is use to Digital signatures.
Content was taken from the book "Cryptography and Network Security" by Behrouz A. Forouzan, Debdeep Mukhopadhyay.
- Confidentiality(Unauthorized access)
- Integrity(Unauthorized change)
- Availability(Available to authorized entities when it is needed)
- confidentiality:
- Snooping -Refers unauthorized access to or interception of data.
- Traffic analysis - obtaining some other type of information by monitoring online traffic.
- Modification - attacker intercepts and change the message.
- Masquerading - (Spoofing) when attacker impassionate somebody else.
- Replaying- have a copy of the message and try to reply it.
- Repudiation - the party who sends the message refuse to take the responsibility.
- Denial of service
- Data confidentiality
- Data integrity : Anti-change and anti-reply
- Authentication : peer-entity and data origin
- Non-Repudiation : proof of origin and proof of delivery
- Access control
- Encipherment
- Data integrity : requires some form of explicit ordering such as sequence of numbering, time stamping or encryptographic changing.
- Data signature : Uses hash functions.
- Authentication exchange : vulnerable ti passing wire tapping and reply attacks.
- Traffic padding : encrypt and sens the data.
- Routing control : use dynamically or prearranged specific routes.
- Notarization : the assurance is provided by a trusted third party (TTP) in a terrific manner.
- Access control : use authenticated identities of principles.
- Cryptography : Secret writing
- Steganography : Covered writing
These key ciphers are not used today since it is simple and easy to attack.In this case the encryption key and the decryption key are same. So when using this cipher keys, the data has to be encrypted and send the key using a secure channel and can use an un-secure channel to send the encrypted data.
Kerchoff's principle
The resistance of the cipher attack must be based only on the key.
Cryptanalysis attacks:
- cipher text only
- known plain text only
- chosen plain text only
- chosen cipher text only
- substitution cipher : replaces one symbol with another
The simplest mono-alphabetic cipher is the additive cipher called shift cipher and also Caeser cipher. When the cipher is additive then the plaintext and the cipher-text ,and key are integers in mod of 26.
C = (P + k) mod 26 P = (C - k) mod 26
In a Multiplicative cipher, the encryption algorithm specifies multiplication of the plain-text by the key and decryption algorithm specifies division of the ciphertext by the key.
C = (P x k) mod 26 P = (C x k) mod 26
In Affine cipher, these multiplication and the addition are combined with the pair of keys.
T= (P x k1) mod 26 P = (T x inverse of k1) mod 26
C = (T x k2) mod 26 T = (C x inverse of k2) mod 26
since these have small key domains, the are very vulnerable to brute-force attack.
-Poly-alphabetic substitution(One to Many relationship)
Each occurrence of a character may have a different substitution.
Auto-key cipher, play-fair cipher(used by the British army during World Wars), Vigenere cipher(use a word as the key and this is a combination of m additive ciphers)
- Transposition cipher : changes the location of the symbols. In this cipher reorders the symbols.
In the past, the text was written row by row in a table and read column by column and the text was written column by column and read, row by row.
Rail-Fence cipher : arrange the message in zig-zag pattern and write row by row.
Transposition ciphers are vulnerable to several kinds of cipher-text only attacks.
-Statical attacks : does not change the frequency of the letters in the cipher text, it only reorders the letters.
-Brute force attacks : try all the possible keys to decrypt the message.
Stream and Block ciphers
-Stream ciphers : typically encryption and decryption are done on one symbol. Additive cipher(Mono-alphabetic),Mono-alphabetic substitution cipher(mono-alphabetic), and Vigenere cipher(Poly-alphabetic) are stream ciphers.
-Block ciphers : a group of plain-text symbols of m(m>1) are encrypted together creating a group of cypher text of the same size.
Play-fair cipher, Hill cipher are block ciphers.
And also every block cipher is a pol-alphabetic cipher cipher because each character in the cipertext depends on the plain-text.
until now so far are Character-Oriented ciphers
Modern Symmetric-Key cipher
Full-size key ciphers :
-Full-size Transposition block ciphers : Transposes bits without changing their values, so it has n! possible keys and the key should have log2 n! bits.
-Full-size Substitution block cipher : does not transpose, but substitute bits.
Key-less ciphers : Although it is useless partially, used in keyed ciphers as components.
-Key-less Transposition cipher : A key-less(or fixed-key) transposition cipher(or unit) can be thought as a previewed transposition cipher when implemented in hardware.
-Key-less Substitution cipher : A key-less(or fixed-key) transposition cipher(or unit) can be thought of as a predefined mapping from the input to output.
Components of a Modern- Key cipher
- P-Box :
-Compression P-Box
-Expansion P-Box
- S-Box : (may or may not be invertible)
Product Ciphers :
A complex cipher combining substitution,permutation and other components.
l
-Feistel Ciphers
can use of three types of components : self-invertible, invertible and non-invertible components.
-Non-Feistel Ciphers
uses only invertible components.
Confusion and Diffusion
-Diffusion : hides the relationship between the cipher-text and the plain-text.
-Confusion : hides the relationship between the cipher-text and the key.
Attacks on Block ciphers
These attacks use differential and linear cryptanalysis attack.
- Differential cryptanalysis : chosen-plaintext attack.
- Linear cryptanalysis : know-plaintext attack.
Encryption and Decryption are done r bits at a time.
Data Encryption Standard(DES)
DES is a symmetric Block cipher.
The encryption process is made of two permutations, initial and final permutations and 16 feistel rounds.In here key - 56 bits, parity bits - 8 bits.
Key generation : the round key generator creates six-teen 48 bit keys out of a 56 bit key.
This is self invertible because of Exclusive OR operation. The security depends on the DES function.
P-boxes,S-Boxes,mixers, swappers and etc are used.
DES analysis
-Avalanche effect : small change in the plain-text(or key) should create a significant change in the cipher-text.
-Completeness : each bit of the cipher-text needs to depend on many bits on plain-text.
DES weaknesses
-weaknesses in cipher design and weaknesses in cipher key.
Asymmetric-key Cryptography
In here, it uses two different keys , one is a public key and other is a private key.
Using Fermatt's theorem and Euler's theorem the two keys are produced. one key is published and other one is with the owner.
If some one wants to send a message, then he should take receivers public key and encrypt, after encrypting even the sender would not be able to open the message again.Because of this, there is no need of a secure channel to send keys.
But when considering about a long message, it takes time to decrypt and because of that first encrypt a session key and send it through un-secure channel using public key encryption. after that both have the keys and then can do communication with a symmetric key.
This is use to Digital signatures.
Content was taken from the book "Cryptography and Network Security" by Behrouz A. Forouzan, Debdeep Mukhopadhyay.
Comments
Post a Comment