SlideShare a Scribd company logo

Unit 2

Download as DOCX, PDF
Vinod Kumar Gorrepati
Vinod Kumar Gorrepati
Technology
1 of 13
10 INFORMATION SECURITY A.DHASARADHI UNIT - II CONVENTIONAL ENCRYPTION PRINCIPLES or SYMMETRIC CIPHER MODEL A symmetric encryption scheme has five ingredients: Plaintext: This is the original intelligible message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. Figure: Simplified Model of Conventional Encryption There are two requirements for secure use of conventional encryption: 1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that an opponent who knows the algorithm and has access to one or more ciphertexts would be unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a stronger form: The opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a number of ciphertexts together with the plaintext that produced each ciphertext. 2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable. Cryptography Cryptographic systems are characterized along three independent dimensions: 1. The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost (that is, that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions. 2. The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption . If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption. 3. The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.
11 INFORMATION SECURITY A.DHASARADHI Cryptanalysis: Typically, the objective of attacking an encryption system is to recover the key in use rather then simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme: Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. Types of Attacks on Encrypted Messages Type of Attack Known to Cryptanalyst Ciphertext only Encryption algorithm Ciphertext Known plaintext Encryption algorithm Ciphertext One or more plaintext-ciphertext pairs formed with the secret key Chosen plaintext Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key Chosen ciphertext Encryption algorithm Ciphertext Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key Chosen text Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. Feistel Cipher Structure Figure depicts the structure proposed by Feistel. The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K. The plaintext block is divided into two halves, L 0and R0. The two halves of the data pass through n rounds of processing and then combine to produce the ciphertext block. Each round i has as inputs Li-1 and R i-1, derived from the prev ious round, as well as a subkey K, derived from the overall K. In general, the subkeys K I are different from K and from each other. All rounds have the same structure. Asubstitution is performed on the left half of the data. This is done by applying a round function F to the right half of the data and then taking the exclusive-OR of the output of that function and the left half of the data. The round function has the same general structure for each round but is parameterized by the round subkey Ki. Following this substitution, a permutation is performed that consists of the interchange of the two halves of the data.This structure is a particular form of the substitution-permutation network (SPN) proposed by Shannon.The exact realization of a Feistel network depends on the choice of the following parameters and design features: Block size: Larger block sizes mean greater security (all other things being equal) but reduced encryption/decryption speed for a given algorithm. The greater security is achieved by greater diffusion traditionally; a block size of 64 bits has been considered a reasonable trade-off and was nearly universal in block cipher design. However, the new AES uses a 128-bit block size. Key size: Larger key size means greater security but may decrease encryption/decryption speed. The greater security is achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size.
12 INFORMATION SECURITY A.DHASARADHI Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate securitybut that multiple rounds offer increasing security. A typical size is 16 rounds. Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. Round function: Again, greater complexity generally means greater resistance to cryptanalysis. There are two other considerations in the design of a Feistel cipher: Fast software encryption/decryption:In many cases, encryption is embedded in applications or utility functions in such a way as to preclude a hardware implementation. Accordingly, the speed of execution of the algorithm becomes a concern. Ease of analysis: Although we would like to make our algorithm as difficult as possible to cryptanalyze, there is great benefit in making the algorithm easy to analyze. That is, if the algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. DES, for example, does not have an easily analyzed functionality. Figure: Classical Feistel Network
13 INFORMATION SECURITY A.DHASARADHI The process of decryption with a Feistel cipher is essentially the same as the encryption process. The rule is as follows: Use the ciphertext as input to the algorithm, but use the subkeys Ki in reverse order. That is, use Kn in the first round, Kn-1 in the second round, and so on until K1 is used in the last round. This is a nice feature because it means we need not implement two different algorithms, one for encryption and one for decryption. CONVENTIONAL ENCRYPTION ALGORITHMS The Data Encryption Standard The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA). For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption. DES Encryption Fig: General depiction of DES Encryption Algorithm The overall scheme for DES encryption is illustrated in figure. As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length. Looking at the left-hand side of the figure, we can see that the processing of the plaintext proceeds in three phases. First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted input. This is followed by a phase consisting of 16 rounds of the same function, which involves both permutation and substitution functions. The output of the last (sixteenth) round consists of 64 bits that are a function of the input plaintext and the key. The left and right halves of the output are swapped to produce the preoutput. Finally, the preoutput is passed through a permutation (IP-1) that is the inverse of the initial permutation function, to produce the 64-bit ciphertext. With the
14 INFORMATION SECURITY A.DHASARADHI exception of the initial and final permutations, DES has the exact structure of a Feistel cipher, as shown in figure. The right-hand portion of figure shows the way in which the 56-bit key is used. Initially, the key is passed through a permutation function. Then, for each of the 16 rounds, a subkey (Ki) is produced by the combination of a left circular shift and a permutation. The permutation function is the same for each round, but a different subkey is produced because of the repeated shifts of the key bits. Details of Single Round Figure shows the internal structure of a single round. Again, begin by focusing on the left-hand side of the diagram. The left and right halves of each 64-bit intermediate value are treated as separate 32-bit quantities, labelled L (left) and R (right). As in any classic Feistel cipher, the overall processing at each round can be summarized in the following formulas: Li = Ri-1 Ri = Li-1 F(Ri-1, Ki) Figure: Single Round of DES Algorithm The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table that defines a permutation plus an expansion that involves duplication of 16 of the R bits. The resulting 48 bits are XORed with Ki. This 48-bit result passes through a substitution function that produces a 32-bit output. Key Generation The 56-bit key is then treated as two 28-bit quantities, labelled C0 and D0. At each round, Ci-1 and Di-1 are separately subjected to a circular left shift, or rotation, of 1 or 2 bits, These shifted values serve as input to the next round. They also serve as input to Permuted Choice Two, which produces a 48-bit output that serves as input to the function F(Ri-1, Ki). DES Decryption As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of the subkeys is reversed. The Strength of DES Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES. These concerns, by and large, fall into two areas: key size and the nature of the algorithm . The Use of 56-Bit Keys With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 x 1016. Thus, on the face of it, a brute- force attack appears impractical. Assuming that, on average, half the key space has to be searched, a single machine performing one DES encryption per microsecond would take more than a thousand years to break the cipher. However, the assumption of one encryption per microsecond is overly conservative. As far back as 1977, Diffie and Hellman postulated that the technology existed to build a parallel machine with 1 million encryption devices, each of which could perform one encryption per microsecond. This would bring the average search time down to about 10 hours. The authors estimated that the cost would be about $20 million in 1977 dollars. DES finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took
15 INFORMATION SECURITY A.DHASARADHI less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker. And, of course, hardware prices will continue to drop as speeds increase, making DES virtually worthless. Different Conventional encryption Algorithms Algorithm Key Size Number of Rounds Mathematical Operations Applications DES 56 bits 16 XOR, fixed S-boxes SET, Kerberos Triple DES 112 to 128 bits 48 XOR, fixed S-boxes Financial Key management, PGP, S/MIME IDEA 128 bits 8 XOR, Addition, Multiplication PGP Blowfish Variable to 448 bits 16 XOR, Variable S-boxes, Addition RC5 Variable to 2048 bits Variable to 255 Addition, Subtraction, XOR, Rotation Cast-128 40 to 128 bits 16 Addition, Subtraction, XOR, Rotation, Fixed S-boxes PGP BLOCK CIPHER MODES OF OPERATION A block cipher algorithm is a basic building block for providing data security. To apply a block cipher in a variety of applications, four "modes of operation" have been defined. In essence, a mode of operation is a technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream. The four modes are intended to cover virtually all the possible applications of encryption for which a block cipher could be used. These modes are intended for use with any symmetric block cipher, including triple DES and AES Mode Description Typical Application Electronic Codebook (ECB) Each block of 64 plaintext bits is encoded independently using the same key. Secure transmission of single values (e.g., an encryption key) Cipher Block Chaining (CBC) The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext. General-purpose block-oriented transmission  Authentication Cipher Feedback (CFB) Input is processed j bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext. General-purpose stream-oriented transmission  Authentication Output Feedback (OFB) Similar to CFB, except that the input to the encryption algorithm is the preceding DES output. Stream-oriented transmission over noisy channel (e.g., satellite communication) Counter (CTR) Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block. General-purpose block-oriented transmission  Useful for high-speed requirements Table: Block Cipher Modes of Operation Electronic Codebook Mode (ECB) The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key (Figure 6.3). The term codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible b-bit plaintext pattern showing its corresponding ciphertext. For a message longer than b bits, the procedure is simply to break the message into b-bit blocks, padding the last block if necessary. Decryption is performed one block at a time, always using the same key. In Figure 6.3, the plaintext (padded as
16 INFORMATION SECURITY A.DHASARADHI necessary) consists of a sequence of b-bit blocks, P1, P2,..., PN; the corresponding sequence of ciphertext blocks is C1, C2,..., CN. The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES key securely, ECB is the appropriate mode to use. Figure: Electronic Codebook (ECB) Mode Cipher Block Chaining Mode (CBC) To overcome the security deficiencies of ECB, we would like a technique in which the same plaintext block, if repeated, produces different ciphertext blocks. A simple way to satisfy this requirement is the cipher block chaining (CBC) mode. In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block. In effect, we have chained together the processing of the sequence of plaintext blocks. The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed. For decryption, each cipher block is passed through the decryption algorithm. The result is XORed with the preceding ciphertext block to produce the plaintext block. To see that this works, we can write To produce the first block of ciphertext, an initialization vector (IV) is XORed with the first block of plaintext. On decryption, the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. The IV is a data block that is that same size as the cipher block.
17 INFORMATION SECURITY A.DHASARADHI Figure: Cipher Block Chaining (CBC) Mode The IV must be known to both the sender and receiver but be unpredictable by a third party. For maximum security, the IV should be protected against unauthorized changes. This could be done by sending the IV using ECB encryption. One reason for protecting the IV is as follows: If an opponent is able to fool the receiver into using a different value for IV, then the opponent is able to invert selected bits in the first block of plaintext. To see this, consider the following: where the prime notation denotes bit complementation. This means that if an opponent can predictably change bits in IV, the corresponding bits of the received value of P1 can be changed. In conclusion, because of the chaining mechanism of CBC, it is an appropriate mode for encrypting messages of length greater than b bits. In addition to its use to achieve confidentiality, the CBC mode can be used for authentication. This use is described in Part Two. Cipher Feedback Mode (CFB) Represent the CFB scheme. In the figure, it is assumed that the unit of transmission is s bits; a common value is s = 8. As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a function of all the preceding plaintext. In this case, rather than units of b bits, the plaintext is divided into segments of s bits. First, consider encryption. The input to the encryption function is a b-bit shift register that is initially set to some initialization vector (IV). The leftmost (most significant) s bits of the output of the encryption function are XORed with the first segment of plaintext P1 to produce the first unit of ciphertext C1, which is then transmitted. In addition, the contents of the shift register are shifted left by s bits and C1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted. For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. Note that it is the encryption function that is used, not the decryption function. This is easily explained. Let Ss(X) be defined as the most significant s bits of X. Then
18 INFORMATION SECURITY A.DHASARADHI Figure: s-bit Cipher Feedback (CFB) Mode LOCATION OF ENCRYPTION DEVICES The most powerful and most common approach to securing the points of vulnerability highlighted in the preceding section is encryption. If encryption is to be used to counter these attacks, then we need to decide what to encrypt and where the encryption gear should be located. There are two fundamental alternatives:  Link encryption and  End-to-end encryption.
19 INFORMATION SECURITY A.DHASARADHI With link encryption, each vulnerable communications link is equipped on both ends with an encryption device. Thus, all traffic over all communications links is secured. Although this recourse requires a lot of encryption devices in a large network, its value is clear. One of its disadvantages is that the message must be decrypted each time it enters a switch (such as a frame relay switch) because the switch must read the address (logical connection number) in the packet header in order to route the frame. Thus, the message is vulnerable at each switch. If working with a public network, the user has no control over the security of the nodes. Figure: Encryption across a Packet-Switching Network Several implications of link encryption should be noted. For this strategy to be effective, all the potential links in a path from source to destination must use link encryption. Each pair of nodes that share a link should share a unique key, with a different key used on each link. Thus, many keys must be provided. With end-to-end encryption, the encryption process is carried out at the two end systems. The source host or terminal encrypts the data. The data in encrypted form are then transmitted unaltered across the network to the destination terminal or host. The destination shares a key with the source and so is able to decrypt the data. This plan seems to secure the transmission against attacks on the network links or switches. Thus, end-to-end encryption relieves the end user of concerns about the degree of security of networks and links that support the communication. There is, however, still a weak spot. Consider the following situation. A host connects to a frame relay or ATM network, sets up a logical connection to another host, and is prepared to transfer data to that other host by using end-to-end encryption. Data are transmitted over such a network in the form of packets that consist of a header and some user data. What part of each packet will the host encrypt? Suppose that the host encrypts the entire packet, including the header. This will not work because, remember, only the other host can perform the decryption. The frame relay or ATM switch will receive an encrypted packet and be unable to read the header. Therefore, it will not be able to route the packet. It follows that the host may encrypt only the user data portion of the packet and must leave the header in the clear. Thus, with end-to-end encryption, the user data are secure. However, the traffic pattern is not, because packet headers are transmitted in the clear. On the other hand, end-to-end encryption does provide a degree of authentication. If two end systems share an encryption key, then a recipient is assured that any message that it receives comes from the alleged sender, because only that sender shares the relevant key. Such authentication is not inherent in a link encryption scheme. To achieve greater security, both link and end-to-end encryption are needed, When both forms of encryption are employed, the host encrypts the user data portion of a packet using an end-to-end encryption key. The entire packet is then encrypted using a link encryption key. As the packet traverses the network, each switch decrypts the packet, using a link encryption key to read the header, and then encrypts the entire packet again for sending it out on the next link. Now the entire packet is secure except for the time that the packet is actually in the memory of a packet switch, at which time the packet header is in the clear. Key Distribution For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others. Furthermore, frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key. Therefore, the strength of any cryptographic system rests with the key distribution technique, a term
20 INFORMATION SECURITY A.DHASARADHI that refers to the means of delivering a key to two parties who wish to exchange data, without allowing others to see the key. For two parties A and B, key distribution can be achieved in a number of ways, as follows: 1. A can select a key and physically deliver it to B. 2. A third party can select the key and physically deliver it to A and B. 3. If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key. 4. If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B. Options 1 and 2 call for manual delivery of a key. For link encryption, this is a reasonable requirement, because each link encryption device is going to be exchanging data only with its partner on the other end of the link. However, for end-to-end encryption, manual delivery is awkward. In a distributed system, any given host or terminal may need to engage in exchanges with many other hosts and terminals over time. Thus, each device needs a number of keys supplied dynamically. The problem is especially difficult in a wide area distributed system. Option 3 is a possibility for either link encryption or end-to-end encryption, but if an attacker ever succeeds in gaining access to one key, then all subsequent keys are reviled. Even if frequent changes are made to the link encryption keys, these should be done manually. to provide for end-to-end encryption, option 4 is preferable. Figure illustrates an implementation that satisfies option 4 for end-to-end encryption. In the figure link encryption is ignored. This can be added, or not, as required. For this scheme, two kinds of keys are identified. Session key: when two end systems wish to communicate, they establish a logical connection. For the duration of that logical connection, all user data are encrypted with a one-time session key. At the conclusion of the session, or connection, the session key is destroyed. Permanent Key: A permanent key is a key between entities for the purpose of distributing session keys. The configuration consists of the following elements: Key distribution center: the key distribution center determines which systems are allowed to communicate with each other. When permission is granted for two systems to establish a connection, the key distribution center provides a one time session key for that connection. Front –end processor: the front end processor performs end-to-end encryption and obtains session keys on behalf of its hosts or terminal. Steps involved in establishing a connection: 1. When one host wishes to establish a connection to another host, it transmits a connection-request packet. 2.The front-end processor saves that packet and applies to KDC for permission to establish the connection. 3.The communication between the FEP and KDC is encrypted using a master key shared only by the FEP and KDC. If the KDC approves the connection-request, it generates the session key and delivers it to the two appropriate front-end processors, using a unique front-end key for each front-end.
21 INFORMATION SECURITY A.DHASARADHI 4.The requesting front-end processor can now release the connection-request packet, and a connection is set up between the two end systems. All the user data exchanged between the two end systems are encrypted by their respective front-end processors using the one-time session key. HMAC A hash function such as SHA was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key. There have been a number of proposals for the incorporation of a secret key into an existing hash algorithm. The approach that has received the most support is HMAC. HMAC has been issued as RFC 2104, has been chosen as the mandatory-to-implement MAC for IP security, and is used in other Internet protocols, such as SSL. HMAC has also been issued as a NIST standard (FIPS 198). HMAC Design Objectives RFC 2104 lists the following design objectives for HMAC: To use, without modifications, available hash functions. In particular, hash functions that perform well in software, and for which code is freely and widely available. To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required. To preserve the original performance of the hash function without incurring a significant degradation. To use and handle keys in a simple way. To have a well understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions about the embedded hash function. The first two objectives are important to the acceptability of HMAC. HMAC treats the hash function as a "black box." This has two benefits. First, an existing implementation of a hash function can be used as a module in implementing HMAC. In this way, the bulk of the HMAC code is prepackaged and ready to use without modification. Second, if it is ever desired to replace a given hash function in an HMAC implementation, all that is required is to remove the existing hash function module and drop in the new module. This could be done if a faster hash function were desired. More important, if the security of the embedded hash function were compromised, the security of HMAC could be retained simply by replacing the embedded hash function with a more secure one (e.g., replacing SHA with Whirlpool). The last design objective in the preceding list is, in fact, the main advantage of HMAC over other proposed hash-based schemes. HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strength. We return to this point later in this section, but first we examine the structure of HMAC. HMAC Algorithm Table lustrates the overall operation of HMAC. Define the following terms: H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160) IV = initial value input to hash function M = message input to HMAC(including the padding specified in the embedded hash function) Yi = ith block of M, 0 =< i =< (L - 1) L = number of blocks in M b = number of bits in a block n = length of hash code produced by embedded hash function K = secret key recommended length is >= n; if key length is greater than b; the key is input to the hash function to produce an n-bit key K+ = K padded with zeros on the left so that the result is b bits in length ipad = 00110110 (36 in hexadecimal) repeated b/8 times opad = 01011100 (5C in hexadecimal) repeated b/8 times
22 INFORMATION SECURITY A.DHASARADHI Figure: HMAC Structure In words, Append zeros to the left end of K to create a b-bit string K+(e.g., if K is of length 160 bits and b = 512 then K will be appended with 44 zero bytes 0 x 00). XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si. Append M to Si. Apply H to the stream generated in step 3. XOR K+ with opad to produce the b-bit block So Append the hash result from step 4 to So Apply H to the stream generated in step 6 and output the result. Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly, the XOR with opad results in flipping one-half of the bits of K, but a different set of bits. In effect, by passing Si and So through the compression function of the hash algorithm, we have pseudorandomly generated two keys from K. HMAC should execute in approximately the same time as the embedded hash function for long messages. HMAC adds three executions of the hash compression function (for Si,So and the block produced from the inner hash).

Recommended

Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Unit 5
Unit 5Unit 5
Unit 5Vinod Kumar Gorrepati
 
Network security
Network securityNetwork security
Network securityanoop negi
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 

Recommended

Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Unit 5
Unit 5Unit 5
Unit 5Vinod Kumar Gorrepati
 
Network security
Network securityNetwork security
Network securityanoop negi
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
RSA 32-bit Implementation Technique
RSA 32-bit Implementation TechniqueRSA 32-bit Implementation Technique
RSA 32-bit Implementation TechniqueUniversitas Pembangunan Panca Budi
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches forijcsa
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10Infinity Tech Solutions
 
Ch34508510
Ch34508510Ch34508510
Ch34508510IJERA Editor
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Hybrid AES DES
Hybrid AES DESHybrid AES DES
Hybrid AES DESHardik Manocha
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security EncryptionJoel Briza
 
Cryptography and network security
Cryptography and network security Cryptography and network security
Cryptography and network security Mathan Gopal
 
Cryptography & Security
Cryptography & SecurityCryptography & Security
Cryptography & SecurityChanaka Lasantha
 
Encryption
EncryptionEncryption
EncryptionNaiyan Noor
 
Security and Cryptography
Security and CryptographySecurity and Cryptography
Security and CryptographyPresentaionslive.blogspot.com
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDFaniruddh Tyagi
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
The effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksThe effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksIOSR Journals
 
O017128591
O017128591O017128591
O017128591IOSR Journals
 

More Related Content

What's hot

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches forijcsa
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security EncryptionJoel Briza
 
Cryptography and network security
Cryptography and network security Cryptography and network security
Cryptography and network security Mathan Gopal
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 

What's hot (20)

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
RSA 32-bit Implementation Technique
RSA 32-bit Implementation TechniqueRSA 32-bit Implementation Technique
RSA 32-bit Implementation Technique
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
Ch34508510
Ch34508510Ch34508510
Ch34508510
 
Ipsec
IpsecIpsec
Ipsec
 
Pgp
PgpPgp
Pgp
 
Ipsec
IpsecIpsec
Ipsec
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Hybrid AES DES
Hybrid AES DESHybrid AES DES
Hybrid AES DES
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security Encryption
 
Cryptography and network security
Cryptography and network security Cryptography and network security
Cryptography and network security
 
Cryptography & Security
Cryptography & SecurityCryptography & Security
Cryptography & Security
 
Encryption
EncryptionEncryption
Encryption
 
Security and Cryptography
Security and CryptographySecurity and Cryptography
Security and Cryptography
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
Ip Sec
Ip SecIp Sec
Ip Sec
 

Similar to Unit 2

The effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksThe effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksIOSR Journals
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 
Lesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptx
Lesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptxLesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptx
Lesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptxMohamedNowfeek1
 
Php text processing by softroniics
Php text processing by softroniicsPhp text processing by softroniics
Php text processing by softroniicsaswin tbbc
 
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docxhttpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docxpooleavelina
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmeSAT Publishing House
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...ams1ams11
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportsakhi rehman
 
Enhanced Hybrid Encryption Algorithm
Enhanced Hybrid Encryption AlgorithmEnhanced Hybrid Encryption Algorithm
Enhanced Hybrid Encryption AlgorithmShivaditya Jatar
 
Chapter 2 part 1.ppt
Chapter 2 part 1.pptChapter 2 part 1.ppt
Chapter 2 part 1.pptMikiAbera
 
Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Jayanth Dwijesh H P
 
CNS Case study.pptx
CNS Case study.pptxCNS Case study.pptx
CNS Case study.pptxKannanN45
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodelpriyapavi96
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 

Similar to Unit 2 (20)

The effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksThe effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networks
 
O017128591
O017128591O017128591
O017128591
 
Unit 2
Unit 2Unit 2
Unit 2
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
Lesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptx
Lesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptxLesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptx
Lesson 04 - Symmetric and Asymmetric Key Encryptions (1).pptx
 
Php text processing by softroniics
Php text processing by softroniicsPhp text processing by softroniics
Php text processing by softroniics
 
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docxhttpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
httpswww.youtube.comwatchtime_continue=8&v=rFV0aes0vYAN.docx
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
 
Enhanced Hybrid Encryption Algorithm
Enhanced Hybrid Encryption AlgorithmEnhanced Hybrid Encryption Algorithm
Enhanced Hybrid Encryption Algorithm
 
Chapter 2 part 1.ppt
Chapter 2 part 1.pptChapter 2 part 1.ppt
Chapter 2 part 1.ppt
 
Day5
Day5Day5
Day5
 
Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..
 
CNS Case study.pptx
CNS Case study.pptxCNS Case study.pptx
CNS Case study.pptx
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodel
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 

More from Vinod Kumar Gorrepati

9 d57206b cryptography & network security
9 d57206b cryptography & network security9 d57206b cryptography & network security
9 d57206b cryptography & network securityVinod Kumar Gorrepati
 
9 d57105 hardware software co design
9 d57105 hardware software co design9 d57105 hardware software co design
9 d57105 hardware software co designVinod Kumar Gorrepati
 
9 d55205 cryptography and network security
9 d55205 cryptography and network security9 d55205 cryptography and network security
9 d55205 cryptography and network securityVinod Kumar Gorrepati
 
9 d55204 fpga architectures & applications
9 d55204 fpga architectures & applications9 d55204 fpga architectures & applications
9 d55204 fpga architectures & applicationsVinod Kumar Gorrepati
 
9 d06106a network security & cryptography
9 d06106a network security & cryptography9 d06106a network security & cryptography
9 d06106a network security & cryptographyVinod Kumar Gorrepati
 
9 d57206c real time operating systems
9 d57206c real time operating systems9 d57206c real time operating systems
9 d57206c real time operating systemsVinod Kumar Gorrepati
 

More from Vinod Kumar Gorrepati (19)

Unit 7
Unit 7Unit 7
Unit 7
 
Unit 1
Unit 1Unit 1
Unit 1
 
Unit 1
Unit 1Unit 1
Unit 1
 
Unit 6
Unit 6Unit 6
Unit 6
 
9 d57206b cryptography & network security
9 d57206b cryptography & network security9 d57206b cryptography & network security
9 d57206b cryptography & network security
 
9 d57105 hardware software co design
9 d57105 hardware software co design9 d57105 hardware software co design
9 d57105 hardware software co design
 
9 d55205 cryptography and network security
9 d55205 cryptography and network security9 d55205 cryptography and network security
9 d55205 cryptography and network security
 
9 d55204 fpga architectures & applications
9 d55204 fpga architectures & applications9 d55204 fpga architectures & applications
9 d55204 fpga architectures & applications
 
9 d55201 testing & testability
9 d55201 testing & testability9 d55201 testing & testability
9 d55201 testing & testability
 
9 d06106a network security & cryptography
9 d06106a network security & cryptography9 d06106a network security & cryptography
9 d06106a network security & cryptography
 
9 d57206c real time operating systems
9 d57206c real time operating systems9 d57206c real time operating systems
9 d57206c real time operating systems
 
Cc430f6137
Cc430f6137Cc430f6137
Cc430f6137
 
Doc
DocDoc
Doc
 
Status report i
Status report iStatus report i
Status report i
 
Power Supply Management
Power Supply ManagementPower Supply Management
Power Supply Management
 
Abstract
AbstractAbstract
Abstract
 
Status report ii
Status report iiStatus report ii
Status report ii
 
1st review
1st review1st review
1st review
 
Presentation1
Presentation1Presentation1
Presentation1
 

Recently uploaded

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Unit 2

  • 1. 10 INFORMATION SECURITY A.DHASARADHI UNIT - II CONVENTIONAL ENCRYPTION PRINCIPLES or SYMMETRIC CIPHER MODEL A symmetric encryption scheme has five ingredients: Plaintext: This is the original intelligible message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. Figure: Simplified Model of Conventional Encryption There are two requirements for secure use of conventional encryption: 1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that an opponent who knows the algorithm and has access to one or more ciphertexts would be unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a stronger form: The opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a number of ciphertexts together with the plaintext that produced each ciphertext. 2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable. Cryptography Cryptographic systems are characterized along three independent dimensions: 1. The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost (that is, that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions. 2. The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption . If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption. 3. The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.
  • 2. 11 INFORMATION SECURITY A.DHASARADHI Cryptanalysis: Typically, the objective of attacking an encryption system is to recover the key in use rather then simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme: Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. Types of Attacks on Encrypted Messages Type of Attack Known to Cryptanalyst Ciphertext only Encryption algorithm Ciphertext Known plaintext Encryption algorithm Ciphertext One or more plaintext-ciphertext pairs formed with the secret key Chosen plaintext Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key Chosen ciphertext Encryption algorithm Ciphertext Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key Chosen text Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. Feistel Cipher Structure Figure depicts the structure proposed by Feistel. The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K. The plaintext block is divided into two halves, L 0and R0. The two halves of the data pass through n rounds of processing and then combine to produce the ciphertext block. Each round i has as inputs Li-1 and R i-1, derived from the prev ious round, as well as a subkey K, derived from the overall K. In general, the subkeys K I are different from K and from each other. All rounds have the same structure. Asubstitution is performed on the left half of the data. This is done by applying a round function F to the right half of the data and then taking the exclusive-OR of the output of that function and the left half of the data. The round function has the same general structure for each round but is parameterized by the round subkey Ki. Following this substitution, a permutation is performed that consists of the interchange of the two halves of the data.This structure is a particular form of the substitution-permutation network (SPN) proposed by Shannon.The exact realization of a Feistel network depends on the choice of the following parameters and design features: Block size: Larger block sizes mean greater security (all other things being equal) but reduced encryption/decryption speed for a given algorithm. The greater security is achieved by greater diffusion traditionally; a block size of 64 bits has been considered a reasonable trade-off and was nearly universal in block cipher design. However, the new AES uses a 128-bit block size. Key size: Larger key size means greater security but may decrease encryption/decryption speed. The greater security is achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size.
  • 3. 12 INFORMATION SECURITY A.DHASARADHI Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate securitybut that multiple rounds offer increasing security. A typical size is 16 rounds. Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. Round function: Again, greater complexity generally means greater resistance to cryptanalysis. There are two other considerations in the design of a Feistel cipher: Fast software encryption/decryption:In many cases, encryption is embedded in applications or utility functions in such a way as to preclude a hardware implementation. Accordingly, the speed of execution of the algorithm becomes a concern. Ease of analysis: Although we would like to make our algorithm as difficult as possible to cryptanalyze, there is great benefit in making the algorithm easy to analyze. That is, if the algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. DES, for example, does not have an easily analyzed functionality. Figure: Classical Feistel Network
  • 4. 13 INFORMATION SECURITY A.DHASARADHI The process of decryption with a Feistel cipher is essentially the same as the encryption process. The rule is as follows: Use the ciphertext as input to the algorithm, but use the subkeys Ki in reverse order. That is, use Kn in the first round, Kn-1 in the second round, and so on until K1 is used in the last round. This is a nice feature because it means we need not implement two different algorithms, one for encryption and one for decryption. CONVENTIONAL ENCRYPTION ALGORITHMS The Data Encryption Standard The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA). For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption. DES Encryption Fig: General depiction of DES Encryption Algorithm The overall scheme for DES encryption is illustrated in figure. As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length. Looking at the left-hand side of the figure, we can see that the processing of the plaintext proceeds in three phases. First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted input. This is followed by a phase consisting of 16 rounds of the same function, which involves both permutation and substitution functions. The output of the last (sixteenth) round consists of 64 bits that are a function of the input plaintext and the key. The left and right halves of the output are swapped to produce the preoutput. Finally, the preoutput is passed through a permutation (IP-1) that is the inverse of the initial permutation function, to produce the 64-bit ciphertext. With the
  • 5. 14 INFORMATION SECURITY A.DHASARADHI exception of the initial and final permutations, DES has the exact structure of a Feistel cipher, as shown in figure. The right-hand portion of figure shows the way in which the 56-bit key is used. Initially, the key is passed through a permutation function. Then, for each of the 16 rounds, a subkey (Ki) is produced by the combination of a left circular shift and a permutation. The permutation function is the same for each round, but a different subkey is produced because of the repeated shifts of the key bits. Details of Single Round Figure shows the internal structure of a single round. Again, begin by focusing on the left-hand side of the diagram. The left and right halves of each 64-bit intermediate value are treated as separate 32-bit quantities, labelled L (left) and R (right). As in any classic Feistel cipher, the overall processing at each round can be summarized in the following formulas: Li = Ri-1 Ri = Li-1 F(Ri-1, Ki) Figure: Single Round of DES Algorithm The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table that defines a permutation plus an expansion that involves duplication of 16 of the R bits. The resulting 48 bits are XORed with Ki. This 48-bit result passes through a substitution function that produces a 32-bit output. Key Generation The 56-bit key is then treated as two 28-bit quantities, labelled C0 and D0. At each round, Ci-1 and Di-1 are separately subjected to a circular left shift, or rotation, of 1 or 2 bits, These shifted values serve as input to the next round. They also serve as input to Permuted Choice Two, which produces a 48-bit output that serves as input to the function F(Ri-1, Ki). DES Decryption As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of the subkeys is reversed. The Strength of DES Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES. These concerns, by and large, fall into two areas: key size and the nature of the algorithm . The Use of 56-Bit Keys With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 x 1016. Thus, on the face of it, a brute- force attack appears impractical. Assuming that, on average, half the key space has to be searched, a single machine performing one DES encryption per microsecond would take more than a thousand years to break the cipher. However, the assumption of one encryption per microsecond is overly conservative. As far back as 1977, Diffie and Hellman postulated that the technology existed to build a parallel machine with 1 million encryption devices, each of which could perform one encryption per microsecond. This would bring the average search time down to about 10 hours. The authors estimated that the cost would be about $20 million in 1977 dollars. DES finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took
  • 6. 15 INFORMATION SECURITY A.DHASARADHI less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker. And, of course, hardware prices will continue to drop as speeds increase, making DES virtually worthless. Different Conventional encryption Algorithms Algorithm Key Size Number of Rounds Mathematical Operations Applications DES 56 bits 16 XOR, fixed S-boxes SET, Kerberos Triple DES 112 to 128 bits 48 XOR, fixed S-boxes Financial Key management, PGP, S/MIME IDEA 128 bits 8 XOR, Addition, Multiplication PGP Blowfish Variable to 448 bits 16 XOR, Variable S-boxes, Addition RC5 Variable to 2048 bits Variable to 255 Addition, Subtraction, XOR, Rotation Cast-128 40 to 128 bits 16 Addition, Subtraction, XOR, Rotation, Fixed S-boxes PGP BLOCK CIPHER MODES OF OPERATION A block cipher algorithm is a basic building block for providing data security. To apply a block cipher in a variety of applications, four "modes of operation" have been defined. In essence, a mode of operation is a technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream. The four modes are intended to cover virtually all the possible applications of encryption for which a block cipher could be used. These modes are intended for use with any symmetric block cipher, including triple DES and AES Mode Description Typical Application Electronic Codebook (ECB) Each block of 64 plaintext bits is encoded independently using the same key. Secure transmission of single values (e.g., an encryption key) Cipher Block Chaining (CBC) The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext. General-purpose block-oriented transmission  Authentication Cipher Feedback (CFB) Input is processed j bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext. General-purpose stream-oriented transmission  Authentication Output Feedback (OFB) Similar to CFB, except that the input to the encryption algorithm is the preceding DES output. Stream-oriented transmission over noisy channel (e.g., satellite communication) Counter (CTR) Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block. General-purpose block-oriented transmission  Useful for high-speed requirements Table: Block Cipher Modes of Operation Electronic Codebook Mode (ECB) The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key (Figure 6.3). The term codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible b-bit plaintext pattern showing its corresponding ciphertext. For a message longer than b bits, the procedure is simply to break the message into b-bit blocks, padding the last block if necessary. Decryption is performed one block at a time, always using the same key. In Figure 6.3, the plaintext (padded as
  • 7. 16 INFORMATION SECURITY A.DHASARADHI necessary) consists of a sequence of b-bit blocks, P1, P2,..., PN; the corresponding sequence of ciphertext blocks is C1, C2,..., CN. The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES key securely, ECB is the appropriate mode to use. Figure: Electronic Codebook (ECB) Mode Cipher Block Chaining Mode (CBC) To overcome the security deficiencies of ECB, we would like a technique in which the same plaintext block, if repeated, produces different ciphertext blocks. A simple way to satisfy this requirement is the cipher block chaining (CBC) mode. In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block. In effect, we have chained together the processing of the sequence of plaintext blocks. The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed. For decryption, each cipher block is passed through the decryption algorithm. The result is XORed with the preceding ciphertext block to produce the plaintext block. To see that this works, we can write To produce the first block of ciphertext, an initialization vector (IV) is XORed with the first block of plaintext. On decryption, the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. The IV is a data block that is that same size as the cipher block.
  • 8. 17 INFORMATION SECURITY A.DHASARADHI Figure: Cipher Block Chaining (CBC) Mode The IV must be known to both the sender and receiver but be unpredictable by a third party. For maximum security, the IV should be protected against unauthorized changes. This could be done by sending the IV using ECB encryption. One reason for protecting the IV is as follows: If an opponent is able to fool the receiver into using a different value for IV, then the opponent is able to invert selected bits in the first block of plaintext. To see this, consider the following: where the prime notation denotes bit complementation. This means that if an opponent can predictably change bits in IV, the corresponding bits of the received value of P1 can be changed. In conclusion, because of the chaining mechanism of CBC, it is an appropriate mode for encrypting messages of length greater than b bits. In addition to its use to achieve confidentiality, the CBC mode can be used for authentication. This use is described in Part Two. Cipher Feedback Mode (CFB) Represent the CFB scheme. In the figure, it is assumed that the unit of transmission is s bits; a common value is s = 8. As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a function of all the preceding plaintext. In this case, rather than units of b bits, the plaintext is divided into segments of s bits. First, consider encryption. The input to the encryption function is a b-bit shift register that is initially set to some initialization vector (IV). The leftmost (most significant) s bits of the output of the encryption function are XORed with the first segment of plaintext P1 to produce the first unit of ciphertext C1, which is then transmitted. In addition, the contents of the shift register are shifted left by s bits and C1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted. For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. Note that it is the encryption function that is used, not the decryption function. This is easily explained. Let Ss(X) be defined as the most significant s bits of X. Then
  • 9. 18 INFORMATION SECURITY A.DHASARADHI Figure: s-bit Cipher Feedback (CFB) Mode LOCATION OF ENCRYPTION DEVICES The most powerful and most common approach to securing the points of vulnerability highlighted in the preceding section is encryption. If encryption is to be used to counter these attacks, then we need to decide what to encrypt and where the encryption gear should be located. There are two fundamental alternatives:  Link encryption and  End-to-end encryption.
  • 10. 19 INFORMATION SECURITY A.DHASARADHI With link encryption, each vulnerable communications link is equipped on both ends with an encryption device. Thus, all traffic over all communications links is secured. Although this recourse requires a lot of encryption devices in a large network, its value is clear. One of its disadvantages is that the message must be decrypted each time it enters a switch (such as a frame relay switch) because the switch must read the address (logical connection number) in the packet header in order to route the frame. Thus, the message is vulnerable at each switch. If working with a public network, the user has no control over the security of the nodes. Figure: Encryption across a Packet-Switching Network Several implications of link encryption should be noted. For this strategy to be effective, all the potential links in a path from source to destination must use link encryption. Each pair of nodes that share a link should share a unique key, with a different key used on each link. Thus, many keys must be provided. With end-to-end encryption, the encryption process is carried out at the two end systems. The source host or terminal encrypts the data. The data in encrypted form are then transmitted unaltered across the network to the destination terminal or host. The destination shares a key with the source and so is able to decrypt the data. This plan seems to secure the transmission against attacks on the network links or switches. Thus, end-to-end encryption relieves the end user of concerns about the degree of security of networks and links that support the communication. There is, however, still a weak spot. Consider the following situation. A host connects to a frame relay or ATM network, sets up a logical connection to another host, and is prepared to transfer data to that other host by using end-to-end encryption. Data are transmitted over such a network in the form of packets that consist of a header and some user data. What part of each packet will the host encrypt? Suppose that the host encrypts the entire packet, including the header. This will not work because, remember, only the other host can perform the decryption. The frame relay or ATM switch will receive an encrypted packet and be unable to read the header. Therefore, it will not be able to route the packet. It follows that the host may encrypt only the user data portion of the packet and must leave the header in the clear. Thus, with end-to-end encryption, the user data are secure. However, the traffic pattern is not, because packet headers are transmitted in the clear. On the other hand, end-to-end encryption does provide a degree of authentication. If two end systems share an encryption key, then a recipient is assured that any message that it receives comes from the alleged sender, because only that sender shares the relevant key. Such authentication is not inherent in a link encryption scheme. To achieve greater security, both link and end-to-end encryption are needed, When both forms of encryption are employed, the host encrypts the user data portion of a packet using an end-to-end encryption key. The entire packet is then encrypted using a link encryption key. As the packet traverses the network, each switch decrypts the packet, using a link encryption key to read the header, and then encrypts the entire packet again for sending it out on the next link. Now the entire packet is secure except for the time that the packet is actually in the memory of a packet switch, at which time the packet header is in the clear. Key Distribution For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others. Furthermore, frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key. Therefore, the strength of any cryptographic system rests with the key distribution technique, a term
  • 11. 20 INFORMATION SECURITY A.DHASARADHI that refers to the means of delivering a key to two parties who wish to exchange data, without allowing others to see the key. For two parties A and B, key distribution can be achieved in a number of ways, as follows: 1. A can select a key and physically deliver it to B. 2. A third party can select the key and physically deliver it to A and B. 3. If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key. 4. If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B. Options 1 and 2 call for manual delivery of a key. For link encryption, this is a reasonable requirement, because each link encryption device is going to be exchanging data only with its partner on the other end of the link. However, for end-to-end encryption, manual delivery is awkward. In a distributed system, any given host or terminal may need to engage in exchanges with many other hosts and terminals over time. Thus, each device needs a number of keys supplied dynamically. The problem is especially difficult in a wide area distributed system. Option 3 is a possibility for either link encryption or end-to-end encryption, but if an attacker ever succeeds in gaining access to one key, then all subsequent keys are reviled. Even if frequent changes are made to the link encryption keys, these should be done manually. to provide for end-to-end encryption, option 4 is preferable. Figure illustrates an implementation that satisfies option 4 for end-to-end encryption. In the figure link encryption is ignored. This can be added, or not, as required. For this scheme, two kinds of keys are identified. Session key: when two end systems wish to communicate, they establish a logical connection. For the duration of that logical connection, all user data are encrypted with a one-time session key. At the conclusion of the session, or connection, the session key is destroyed. Permanent Key: A permanent key is a key between entities for the purpose of distributing session keys. The configuration consists of the following elements: Key distribution center: the key distribution center determines which systems are allowed to communicate with each other. When permission is granted for two systems to establish a connection, the key distribution center provides a one time session key for that connection. Front –end processor: the front end processor performs end-to-end encryption and obtains session keys on behalf of its hosts or terminal. Steps involved in establishing a connection: 1. When one host wishes to establish a connection to another host, it transmits a connection-request packet. 2.The front-end processor saves that packet and applies to KDC for permission to establish the connection. 3.The communication between the FEP and KDC is encrypted using a master key shared only by the FEP and KDC. If the KDC approves the connection-request, it generates the session key and delivers it to the two appropriate front-end processors, using a unique front-end key for each front-end.
  • 12. 21 INFORMATION SECURITY A.DHASARADHI 4.The requesting front-end processor can now release the connection-request packet, and a connection is set up between the two end systems. All the user data exchanged between the two end systems are encrypted by their respective front-end processors using the one-time session key. HMAC A hash function such as SHA was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key. There have been a number of proposals for the incorporation of a secret key into an existing hash algorithm. The approach that has received the most support is HMAC. HMAC has been issued as RFC 2104, has been chosen as the mandatory-to-implement MAC for IP security, and is used in other Internet protocols, such as SSL. HMAC has also been issued as a NIST standard (FIPS 198). HMAC Design Objectives RFC 2104 lists the following design objectives for HMAC: To use, without modifications, available hash functions. In particular, hash functions that perform well in software, and for which code is freely and widely available. To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required. To preserve the original performance of the hash function without incurring a significant degradation. To use and handle keys in a simple way. To have a well understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions about the embedded hash function. The first two objectives are important to the acceptability of HMAC. HMAC treats the hash function as a "black box." This has two benefits. First, an existing implementation of a hash function can be used as a module in implementing HMAC. In this way, the bulk of the HMAC code is prepackaged and ready to use without modification. Second, if it is ever desired to replace a given hash function in an HMAC implementation, all that is required is to remove the existing hash function module and drop in the new module. This could be done if a faster hash function were desired. More important, if the security of the embedded hash function were compromised, the security of HMAC could be retained simply by replacing the embedded hash function with a more secure one (e.g., replacing SHA with Whirlpool). The last design objective in the preceding list is, in fact, the main advantage of HMAC over other proposed hash-based schemes. HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strength. We return to this point later in this section, but first we examine the structure of HMAC. HMAC Algorithm Table lustrates the overall operation of HMAC. Define the following terms: H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160) IV = initial value input to hash function M = message input to HMAC(including the padding specified in the embedded hash function) Yi = ith block of M, 0 =< i =< (L - 1) L = number of blocks in M b = number of bits in a block n = length of hash code produced by embedded hash function K = secret key recommended length is >= n; if key length is greater than b; the key is input to the hash function to produce an n-bit key K+ = K padded with zeros on the left so that the result is b bits in length ipad = 00110110 (36 in hexadecimal) repeated b/8 times opad = 01011100 (5C in hexadecimal) repeated b/8 times
  • 13. 22 INFORMATION SECURITY A.DHASARADHI Figure: HMAC Structure In words, Append zeros to the left end of K to create a b-bit string K+(e.g., if K is of length 160 bits and b = 512 then K will be appended with 44 zero bytes 0 x 00). XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si. Append M to Si. Apply H to the stream generated in step 3. XOR K+ with opad to produce the b-bit block So Append the hash result from step 4 to So Apply H to the stream generated in step 6 and output the result. Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly, the XOR with opad results in flipping one-half of the bits of K, but a different set of bits. In effect, by passing Si and So through the compression function of the hash algorithm, we have pseudorandomly generated two keys from K. HMAC should execute in approximately the same time as the embedded hash function for long messages. HMAC adds three executions of the hash compression function (for Si,So and the block produced from the inner hash).