Network Security
Unit-2
1. Explain the DES Algorithm with an example?
The DES (Data Encryption Standard) algorithm is the most widely used encryption
algorithm in the world. For many years, and among many people, "secret code making"
and DES have been synonymous. And despite the recent coup by the Electronic Frontier
Foundation in creating a $220,000 machine to crack DES-encrypted messages, DES will
live on in government and banking for years to come through a life- extending version
called "triple-DES
NBS waited for the responses to come in. It received none until August 6, 1974, three
days before Nixon's resignation, when IBM submitted a candidate that it had developed
internally under the name LUCIFER. After evaluating the algorithm with the help of the
National Security Agency (NSA), the NBS adopted a modification of the LUCIFER
algorithm as the new Data Encryption Standard (DES) on July 15, 1977.
DES was quickly adopted for non-digital media, such as voice-grade public telephone
lines. Within a couple of years, for example, International Flavors and Fragrances was
using DES to protect its valuable formulas transmitted over the phone
Some Preliminary Examples of DES
DES works on bits, or binary numbers--the 0s and 1s common to digital computers. Each
group of four bits makes up a hexadecimal, or base 16, number. Binary "0001" is equal to
the hexadecimal number "1", binary "1000" is equal to the hexadecimal number "8",
"1001" is equal to the hexadecimal number "9", "1010" is equal to the hexadecimal
number "A", and "1111" is equal to the hexadecimal number "F".
DES works by encrypting groups of 64 message bits, which is the same as 16
hexadecimal numbers. To do the encryption, DES uses "keys" where are also apparently
16 hexadecimal numbers long, or apparently 64 bits long. However, every 8th key bit is
N HARI BABU
HOD, Dept of CSE
Network Security
Unit-2
ignored in the DES algorithm, so that the effective key size is 56 bits. But, in any case, 64
bits (16 hexadecimal digits) is the round number upon which DES is organized.
For example, if we take the plaintext message "8787878787878787", and encrypt it with
the
DES
key
"0E329232EA6D0D73",
we
end
up
with
the
ciphertext
"0000000000000000". If the ciphertext is decrypted with the same secret DES key
"0E329232EA6D0D73", the result is the original plaintext "8787878787878787".
This example is neat and orderly because our plaintext was exactly 64 bits long. The
same would be true if the plaintext happened to be a multiple of 64 bits. But most
messages will not fall into this category. They will not be an exact multiple of 64 bits
2. Explain the AES Algorithm?
Encryption is the process of changing data into a form that can be read only by the
intended receiver. To decipher the message, the receiver of the encrypted data must have
the proper decryption key (password).
In traditional encryption schemes, the sender and the receiver use the same key to encrypt
and decrypt data. In this case the key is the password you supply when adding files to
your ZIP-file - to unzip the file the same password must be supplied.
N HARI BABU
HOD, Dept of CSE
Network Security
Unit-2
Encryption schemes supported by Bit Zipper
Bit Zipper 4.1 and newer supports two encryption schemes, ZIP 2.0 encryption and AES
encryption:
1. ZIP 2.0 encryption
Also known as standard password protected ZIP-files. This protection scheme is rather
weak and tools that can 'recover' (crack) these passwords exist. All ZIP-tools support this
encrypton scheme and can be used to unzip your protected files, but you should not rely
on this protection scheme to protect sensitive data.
2. AES encryption
AES stands for Advanced Encryption Standard. AES is a symmetric key encryption
technique which will replace the commonly used Data Encryption Standard (DES).
It was the result of a worldwide call for submissions of encryption algorithms issued by
the US Government's National Institute of Standards and Technology (NIST) in 1997 and
completed in 2000.
The winning algorithm, Rijndael, was developed by two Belgian cryptologists, Vincent
Rijmen and Joan Daemen.
AES provides strong encryption and has been selected by NIST as a Federal Information
Processing Standard in November 2001 (FIPS-197), and in June 2003 the U.S.
Government (NSA) announced that AES is secure enough to protect classified
information up to the TOP SECRET level, which is the highest security level and
defined as information which would cause "exceptionally grave damage" to national
security if disclosed to the public.
The AES algorithm uses one of three cipher key strengths: a 128-, 192-, or 256-bit
encryption key (password). Each encryption key size causes the algorithm to behave
slightly differently, so the increasing key sizes not only offer a larger number of bits with
N HARI BABU
HOD, Dept of CSE
Network Security
Unit-2
which you can scramble the data, but also increase the complexity of the cipher
algorithm.
BitZipper supports 128- and 256-bit encryption keys, which is the two key strengths
supported by WinZip 9. Both key strengths provide significantly better security than
standard ZIP 2.0 encryption. It is slightly faster to encrypt and decrypt data protected
with 128-bit AES, but with today's fast PCs the time difference is barely notable.
3. Explain the RC5 Algorithm with an example?
The RC5 cipher was invented by Professor Ronald L. Rivest of the Massachusetts
Institute of Technology in 1994. It is a very fast and simple algorithm that is
parameterized by the block size, the number of rounds, and key length. These parameters
can be adjusted to meet different goals for security, performance, and exportability
Unlike many schemes, RC5 has a variable block size (32, 64 or 128 bits), key size (0 to
2040 bits) and number of rounds (0 to 255). The original suggested choices of parameters
were a block size of 64 bits, a 128-bit key and 12 rounds.
A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was
to prompt the study and evaluation of such operations as a cryptographic primitive. RC5
N HARI BABU
HOD, Dept of CSE
Network Security
Unit-2
also consists of a number of modular additions and eXclusive OR (XOR)s. The general
structure of the algorithm is a Feistel-like network. The encryption and decryption
routines can be specified in a few lines of code. The key schedule, however, is more
complex, expanding the key using an essentially one-way function with the binary
expansions of both e and the golden ratio as sources of "nothing up my sleeve numbers".
The tantalising simplicity of the algorithm together with the novelty of the datadependent rotations has made RC5 an attractive object of study for cryptanalysts. The
RC5 is basically denoted as RC5-w/r/b where w=word size in bits, r=number of rounds,
b=number of 8-bit byte in the key
4. Explain the RSA algorithm with an example?
RSA is an algorithm for public-key cryptography that is based on the presumed difficulty
of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir
and Leonard Adleman, who first publicly described it in 1978. A user of RSA creates and
then publishes the product of two large prime numbers, along with an auxiliary value, as
their public key. The prime factors must be kept secret. Anyone can use the public key to
encrypt a message, but with currently published methods, if the public key is large
enough, only someone with knowledge of the prime factors can feasibly decode the
message.[1] Whether breaking RSA encryption is as hard as factoring is an open question
known as the RSA problem.
The RSA algorithm involves three steps: key generation, encryption and decryption.
Key generation
RSA involves a public key and a private key. The public key can be known to everyone
and is used for encrypting messages. Messages encrypted with the public key can only be
decrypted using the private key. The keys for the RSA algorithm are generated the
following way:
1. Choose two distinct prime numbers p and q.
o
For security purposes, the integers p and q should be chosen at random,
and should be of similar bit-length. Prime integers can be efficiently found
using a primality test.
N HARI BABU
HOD, Dept of CSE
Network Security
Unit-2
2. Compute n = pq.
o
n is used as the modulus for both the public and private keys
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of
(e,φ(n)) = 1, i.e. e and φ(n) are coprime.
o
e is released as the public key exponent.
o
e having a short bit-length and small Hamming weight results in more
efficient encryption - most commonly 0x10001 = 65537. However, small
values of e (such as 3) have been shown to be less secure in some settings.[4]
5. Determine d = e–1 mod φ(n); i.e. d is the multiplicative inverse of e mod φ(n).
o
This is more clearly stated as solve for d given (d*e)mod φ(n) = 1
o
This is often computed using the extended Euclidean algorithm.
o
d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The
private key consists of the modulus n and the private (or decryption) exponent d which
must be kept secret
Encryption
Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then
wishes to send message M to Alice.
He first turns M into an integer m, such that 0 < m < n by using an agreed-upon
reversible protocol known as a padding scheme. He then computes the ciphertext c
corresponding to
c = me (mod n).
This can be done quickly using the method of exponentiation by squaring. Bob then
transmits c to Alice.
Note that at least nine values of m will yield a ciphertext c equal to m, But this is very
unlikely to occur in practice.
Decryption
Alice can recover m from c by using her private key exponent d via computing
m = cd (mod n).
Given m, she can recover the original message M by reversing the padding
scheme.
N HARI BABU
HOD, Dept of CSE
Network Security
Unit-2
(In practice, there are more efficient methods of calculating cd using the pre
computed values below.)
Example:
Here is an example of RSA encryption and decryption. The parameters used here are
artificially small, but one can also use OpenSSL to generate and examine a real keypair.
1. Choose two distinct prime numbers, such as
p = 61 and q = 53.
2. Compute n = pq giving
n = 61 · 53 = 3233.
3. Compute the totient of the product as ϕ(n) = (p − 1)(q − 1) giving
ϕ(3233) = (61 − 1)(53 − 1) = 3120.
4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime
number for e leaves us only to check that e is not a divisor of 3120.
Let e = 17.
5. Compute d, the modular multiplicative inverse of e (mod ϕ(n)) yielding
d = 2753.
The public key is (n = 3233, e = 17). For a padded plaintext message m, the
encryption function is m17 (mod 3233).
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption
function is c2753 (mod 3233).
For instance, in order to encrypt m = 65, we calculate
c = 6517 (mod 3233) = 2790.
To decrypt c = 2790, we calculate
m = 27902753 (mod 3233) = 65.
N HARI BABU
HOD, Dept of CSE
Network Security
N HARI BABU
HOD, Dept of CSE
Unit-2