Network Security Unit-2 1. Explain the DES Algorithm with an example? The DES (Data Encryption Standard) algorithm is the most widely used encryption algorithm in the world. For many years, and among many people, "secret code making" and DES have been synonymous. And despite the recent coup by the Electronic Frontier Foundation in creating a $220,000 machine to crack DES-encrypted messages, DES will live on in government and banking for years to come through a life- extending version called "triple-DES NBS waited for the responses to come in. It received none until August 6, 1974, three days before Nixon's resignation, when IBM submitted a candidate that it had developed internally under the name LUCIFER. After evaluating the algorithm with the help of the National Security Agency (NSA), the NBS adopted a modification of the LUCIFER algorithm as the new Data Encryption Standard (DES) on July 15, 1977. DES was quickly adopted for non-digital media, such as voice-grade public telephone lines. Within a couple of years, for example, International Flavors and Fragrances was using DES to protect its valuable formulas transmitted over the phone Some Preliminary Examples of DES DES works on bits, or binary numbers--the 0s and 1s common to digital computers. Each group of four bits makes up a hexadecimal, or base 16, number. Binary "0001" is equal to the hexadecimal number "1", binary "1000" is equal to the hexadecimal number "8", "1001" is equal to the hexadecimal number "9", "1010" is equal to the hexadecimal number "A", and "1111" is equal to the hexadecimal number "F". DES works by encrypting groups of 64 message bits, which is the same as 16 hexadecimal numbers. To do the encryption, DES uses "keys" where are also apparently 16 hexadecimal numbers long, or apparently 64 bits long. However, every 8th key bit is N HARI BABU HOD, Dept of CSE Network Security Unit-2 ignored in the DES algorithm, so that the effective key size is 56 bits. But, in any case, 64 bits (16 hexadecimal digits) is the round number upon which DES is organized. For example, if we take the plaintext message "8787878787878787", and encrypt it with the DES key "0E329232EA6D0D73", we end up with the ciphertext "0000000000000000". If the ciphertext is decrypted with the same secret DES key "0E329232EA6D0D73", the result is the original plaintext "8787878787878787". This example is neat and orderly because our plaintext was exactly 64 bits long. The same would be true if the plaintext happened to be a multiple of 64 bits. But most messages will not fall into this category. They will not be an exact multiple of 64 bits 2. Explain the AES Algorithm? Encryption is the process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key (password). In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data. In this case the key is the password you supply when adding files to your ZIP-file - to unzip the file the same password must be supplied. N HARI BABU HOD, Dept of CSE Network Security Unit-2 Encryption schemes supported by Bit Zipper Bit Zipper 4.1 and newer supports two encryption schemes, ZIP 2.0 encryption and AES encryption: 1. ZIP 2.0 encryption Also known as standard password protected ZIP-files. This protection scheme is rather weak and tools that can 'recover' (crack) these passwords exist. All ZIP-tools support this encrypton scheme and can be used to unzip your protected files, but you should not rely on this protection scheme to protect sensitive data. 2. AES encryption AES stands for Advanced Encryption Standard. AES is a symmetric key encryption technique which will replace the commonly used Data Encryption Standard (DES). It was the result of a worldwide call for submissions of encryption algorithms issued by the US Government's National Institute of Standards and Technology (NIST) in 1997 and completed in 2000. The winning algorithm, Rijndael, was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. AES provides strong encryption and has been selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197), and in June 2003 the U.S. Government (NSA) announced that AES is secure enough to protect classified information up to the TOP SECRET level, which is the highest security level and defined as information which would cause "exceptionally grave damage" to national security if disclosed to the public. The AES algorithm uses one of three cipher key strengths: a 128-, 192-, or 256-bit encryption key (password). Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with N HARI BABU HOD, Dept of CSE Network Security Unit-2 which you can scramble the data, but also increase the complexity of the cipher algorithm. BitZipper supports 128- and 256-bit encryption keys, which is the two key strengths supported by WinZip 9. Both key strengths provide significantly better security than standard ZIP 2.0 encryption. It is slightly faster to encrypt and decrypt data protected with 128-bit AES, but with today's fast PCs the time difference is barely notable. 3. Explain the RC5 Algorithm with an example? The RC5 cipher was invented by Professor Ronald L. Rivest of the Massachusetts Institute of Technology in 1994. It is a very fast and simple algorithm that is parameterized by the block size, the number of rounds, and key length. These parameters can be adjusted to meet different goals for security, performance, and exportability Unlike many schemes, RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255). The original suggested choices of parameters were a block size of 64 bits, a 128-bit key and 12 rounds. A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was to prompt the study and evaluation of such operations as a cryptographic primitive. RC5 N HARI BABU HOD, Dept of CSE Network Security Unit-2 also consists of a number of modular additions and eXclusive OR (XOR)s. The general structure of the algorithm is a Feistel-like network. The encryption and decryption routines can be specified in a few lines of code. The key schedule, however, is more complex, expanding the key using an essentially one-way function with the binary expansions of both e and the golden ratio as sources of "nothing up my sleeve numbers". The tantalising simplicity of the algorithm together with the novelty of the datadependent rotations has made RC5 an attractive object of study for cryptanalysts. The RC5 is basically denoted as RC5-w/r/b where w=word size in bits, r=number of rounds, b=number of 8-bit byte in the key 4. Explain the RSA algorithm with an example? RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978. A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.[1] Whether breaking RSA encryption is as hard as factoring is an open question known as the RSA problem. The RSA algorithm involves three steps: key generation, encryption and decryption. Key generation RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way: 1. Choose two distinct prime numbers p and q. o For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test. N HARI BABU HOD, Dept of CSE Network Security Unit-2 2. Compute n = pq. o n is used as the modulus for both the public and private keys 3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e,φ(n)) = 1, i.e. e and φ(n) are coprime. o e is released as the public key exponent. o e having a short bit-length and small Hamming weight results in more efficient encryption - most commonly 0x10001 = 65537. However, small values of e (such as 3) have been shown to be less secure in some settings.[4] 5. Determine d = e–1 mod φ(n); i.e. d is the multiplicative inverse of e mod φ(n). o This is more clearly stated as solve for d given (d*e)mod φ(n) = 1 o This is often computed using the extended Euclidean algorithm. o d is kept as the private key exponent. The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret Encryption Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then wishes to send message M to Alice. He first turns M into an integer m, such that 0 < m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to c = me (mod n). This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to Alice. Note that at least nine values of m will yield a ciphertext c equal to m, But this is very unlikely to occur in practice. Decryption Alice can recover m from c by using her private key exponent d via computing m = cd (mod n). Given m, she can recover the original message M by reversing the padding scheme. N HARI BABU HOD, Dept of CSE Network Security Unit-2 (In practice, there are more efficient methods of calculating cd using the pre computed values below.) Example: Here is an example of RSA encryption and decryption. The parameters used here are artificially small, but one can also use OpenSSL to generate and examine a real keypair. 1. Choose two distinct prime numbers, such as p = 61 and q = 53. 2. Compute n = pq giving n = 61 · 53 = 3233. 3. Compute the totient of the product as ϕ(n) = (p − 1)(q − 1) giving ϕ(3233) = (61 − 1)(53 − 1) = 3120. 4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is not a divisor of 3120. Let e = 17. 5. Compute d, the modular multiplicative inverse of e (mod ϕ(n)) yielding d = 2753. The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is m17 (mod 3233). The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is c2753 (mod 3233). For instance, in order to encrypt m = 65, we calculate c = 6517 (mod 3233) = 2790. To decrypt c = 2790, we calculate m = 27902753 (mod 3233) = 65. N HARI BABU HOD, Dept of CSE Network Security N HARI BABU HOD, Dept of CSE Unit-2