Please read this disclaimer before proceeding:

This document is confidential and intended solely for the educational purpose of
RMK Group of Educational Institutions. If you have received this document
through email in error, please notify the system manager. This document
contains proprietary information and is intended only to the respective group /
learning community as intended. If you are not the addressee you should not
disseminate, distribute or copy through e-mail. Please notify the sender
immediately by e-mail if you have received this document by mistake and delete
this document from your system. If you are not the intended recipient you are
notified that disclosing, copying, distributing or taking any action in reliance on
the contents of this information is strictly prohibited.
 AD8602- DATA AND
INFORMATION
SECURITY

DEPT: AI-DS
BATCH / YEAR: 2020-24 / III
CREATED BY: Ms. MARY SELVAN
Table of Contents

Sl. Topics Page

No. No.
1. Contents 5

2. Course Objectives 6

3. Pre Requisites (Course Name with Code) 8

4. Syllabus (With Subject Code, Name, LTPC details) 10

5. Course Outcomes (6) 12

6. CO-PO/PSO Mapping 14

Lecture Plan (S.No., Topic, No. of Periods, Proposed date, 16

7. Actual Lecture Date, pertaining CO, Taxonomy level, Mode of
Delivery)
8. Activity based learning 18

Lecture Notes ( with Links to Videos, e-book reference, PPTs, 21

9.
Quiz and any other learning materials )
Assignments ( For higher level learning and Evaluation - 71
10.
Examples: Case study, Comprehensive design, etc.,)
11. Part A Q & A (with K level and CO) 73

12. Part B Qs (with K level and CO) 77

Supportive online Certification courses (NPTEL, Swayam, 79

13.
Coursera, Udemy, etc.,)
14. Real time Applications in day to day life and to Industry 81

15. Assessment Schedule ( Proposed Date & Actual Date) 83

16. Prescribed Text Books & Reference Books 85

17. Mini Project 87

Course Objectives
Course Objectives
• To understand the basics of Number Theory and Security

• To understand and analyze the principles of different encryption techniques

• To understand the security threats and attacks

• To understand and evaluate the need for the different security aspects in real
time applications

• To learn the different applications of information security

PRE REQUISITES
 Prerequisites

SUBJECT CODE: MA8391

SUBJECT NAME: Probability and Statistics

SUBJECT CODE: CW8691

SUBJECT NAME: Computer Networks
Syllabus
Syllabus
AD8602 DATA AND INFORMATION SECURITY LTPC 3003

UNIT I FUNDAMENTALS OF SECURITY 9

Computer Security Concepts - Threats, Attacks and Assets – Security Functional
Requirements – Fundamental Security Design Principles – Attack Surfaces and Attack
Trees. Computer Security Strategy– Number Theory: Prime Numbers and
Factorization, Modular Arithmetic, GCD and Euclidean Algorithm, Chinese Remainder
Theorem, Multiplication Modulo m and the Totient Function, Problems, Fermat and
Euler Theorem. Primitive Roots and the Structure of F*p, Number in other Bases,
Fast Computation of Powers in Z/mZ, Multiplicative Functions, Group Theory, Fields
and Problems
UNIT II ENCRYPTION TECHNIQUES AND KEY MANAGEMENT 9
Symmetric Encryption Principles – Data Encryption Standard – Advanced Encryption
Standard – Stream Ciphers and RC4 - Cipher Block Modes Operation – Digital
Signatures - Key Distributions - Public Key Cryptosystem: RSA, Elliptic Curve
Cryptography - Key Exchange Algorithms: Diffie Hellmen and ELGamal Key Exchange
UNIT III AUTHENTICATION, INTEGRITY AND ACCESS CONTROL 9
Authentication: Security Hash Function – HMAC – Electronic User Authentication
Principles, Password Based Authentication, Token Based and Remote Authentication;
Internet Authentication Applications: Kerberos X.509 – Public Key Infrastructure;
Access Control: Access Control Principles - Subjects, Objects, and Access Rights -
Discretionary Access Control - Example: UNIX File Access Control – Role Based
Access Control - Attribute-Based Access Control - Identity, Credential, and Access
Management - Trust Frameworks
UNIT IV SECURITY 9
System Security: Firewall, Viruses, Worms, Ransomware, Keylogger, Greyware, IDS,
DDoS Network Security: SSL – TLs – HTTPS –IP Security; OS Security: Introduction
to Operating System Security - System Security Planning - Operating Systems
Hardening - Application Security - Security Maintenance - Linux/Unix Security -
Windows Security - Virtualization Security; Wireless Security: Risks and Threats of
Wireless- Wireless LAN Security- Wireless Security Policy-Wireless Security
Architectures-Wireless security Tools
UNIT V SECURITY APPLICATIONS 9
IOT security: Introduction- Architectures- Security challenges- Security
requirements- Trust, Data confidentiality, and privacy in IOT- Security in future IOT
systems; Cloud Security: Security requirements - Security patterns and Architectural
elements- Cloud Security Architecture Security Management in the Cloud- Availability
Management- SaaS Availability Management PaaS Availability Management- IaaS
Availability Management- Access control- Security Vulnerability, Patch and
Configuration Management.
Course Outcomes
Course Outcomes
CO# COs K Level
Understand the fundamentals of security and the significance of
CO1 K1
number theory in computer security
Learn the public key cryptographic standards and authentication
CO2 K3
scheme
CO3 Able to apply the security frameworks for real time applications K2

CO4 Understand the security threats and attacks in IoT, Cloud K3

Able to develop appropriate security algorithms understanding the
CO5 K3
possible threats

Knowledge Level Description

K6 Evaluation

K5 Synthesis

K4 Analysis

K3 Application

K2 Comprehension

K1 Knowledge
CO – PO/PSO Mapping
 CO – PO /PSO Mapping Matrix

CO PO PO PO PO PO PO PO PO PO PO PO PO PSO PSO PS0

# 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3

CO1 3 3 3 1 - 2 - - - - - - 1 2 1

CO2 3 3 3 1 - 2 - - - - - - 1 2 1

CO3 3 2 3 1 - 2 - - - - - - 1 2 1

CO4 3 2 3 1 - 2 - - - - - - 1 2 1

CO5 3 2 3 1 - 2 - - - - - - 1 2 1

1 – Low, 2 – Medium, 3 – Strong

Lecture Plan
Unit II
Lecture Plan – Unit 1 -
FUNDAMENTALS OF SECURITY
Sl. Topic Numb Propos Actual CO Taxo Mode
No er of ed Lecture nomy of
Period Date Date Level Deliver
s y

1 Symmetric 1 PPT /
Encryption Chalk &
Principles – Data Talk
Encryption
Standard
2 Advanced 1 PPT /
Encryption Chalk &
Standard Talk
3 Stream Ciphers 1 PPT /
and RC4 Chalk &
Talk
4 Cipher Block 1 PPT /
Modes Operation Chalk &
Talk
5 Digital Signatures - 1 PPT /
Key Distributions Chalk &
Talk
6 RSA 1 PPT /
Chalk &
Talk

7 Elliptic Curve 1 PPT /

Cryptography Chalk &
Talk

8 Key Exchange 1 PPT /

Algorithms: Diffie Chalk &
Hellmen Talk

9 and ELGamal Key 1 PPT /

Exchange Chalk &
Talk
Activity Based Learning
Unit II
 Activity Based Learning

Across:
2. Obtaining access to another system without permission.
5. software that lets a user to obtain information about another's computer activities.
9. is a software that blocks access to the victim's data and threatens to publish or delete it
until ransom is paid.
11. is the attempt to obtain sensitive information such as usernames, passwords, and credit
card details.
13. a person who gains unauthorized access to computer files or networks in order to
further social or political ends.
14. the action of protecting, or the state of being protected.•a person or thing that protects
someone or something.
15. software which is specifically designed to damage a computer system.
18. the process of converting information or data into a code, especially to prevent
unauthorized access.
21. network of computers infected with malicious software and controlled as a group
without the owners' knowledge.
22. software that gets into your devise without you knowing.
24. Credit card fraud is a wide-ranging term for theft and fraud committed using or
involving a payment card, such as a credit card or debit card, as a fraudulent source of
funds in a transaction.
26. a piece of code which is capable of copying itself and typically has a detrimental effect,
such as corrupting the system or destroying data.
27. Irrelevant messages sent over the Internet, typically to large numbers of users, for
advertising.
Down:
1. A string of characters that allows access to a computer, interface, or system.
3. A group or system of interconnected people or things.
4. is a cyber attack redirecting a website's traffic to another from a fake site. It can
be conducted by changing the hosts file on the computer.
6. A threat, in the context of computer security, refers to anything that has the
potential to cause serious harm to a computer system.
7. A situation involving exposure to danger.
8. Eavesdropping is the unauthorized real-time interception of a private
communication, such as a phone call, instant message.
10. software that attaches itself to all you contacts and sends itself to others in an
endless cycle.
12. network an online community of people with a common interest who use a
website or other technologies to communicate with each other and share
information, resources You tend to be in a community with friends, colleagues and
family.
16. the fraudulent practice of using another person's name and personal information
in order to obtain credit, loans.
17. logger a computer program that records every keystroke made by a computer
user, especially in order to gain fraudulent access to passwords and other
confidential information.
19. an attempt by hackers to damage or destroy a computer network or system.
20. Antivirus or anti-virus software, sometimes known as anti-malware software, is
computer software used to prevent, detect and remove malicious software.
23. a person who uses computers to gain unauthorized access to data.
25. In computing, a denial-of-service attack is a cyber-attack where the perpetrator
seeks to make a machine or network resource unavailable for the user.
Lecture Notes – Unit 2
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
2.1 Symmetric Encryption Principles:

Symmetric encryption, also referred to as conventional encryption or single-key encryption,

was the only type of encryption in use prior to the introduction of public-key encryption in
the late 1970s.

• Plaintext: This is the original message or data that is fed into the algorithm as input.

• Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.

• Secret key: The secret key is also input to the algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key.

• Ciphertext: This is the scrambled message produced as output. It depends on the

plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It

takes the ciphertext and the same secret key and produces the original plaintext.

Cryptography:

Cryptographic systems are generically classified along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. All

encryption algorithms are based on two general principles: substitution, in which each
element in the plaintext (bit, letter, group of bits or letters) is mapped into another
element, and transposition, in which elements in the plaintext are rearranged.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
The fundamental requirement is that no information be lost (i.e., that all operations be
reversible). Most systems, referred to as product systems, involve multiple stages of
substitutions and transpositions.

2. The number of keys used. If both sender and receiver use the same key, the system
is referred to as symmetric, single-key, secret-key, or conventional encryption. If the
sender and receiver each use a different key, the system is referred to as asymmetric,
two-key, or public-key encryption.

3. The way in which the plaintext is processed. A block cipher processes the input
one block of elements at a time, producing an output block for each input block. A stream
cipher processes the input elements continuously, producing output one element at a time,
as it goes along.

Cryptanalysis:

The process of attempting to discover the plaintext or key is known as cryptanalysis.

Types of Attacks on Encrypted Messages:

 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Feistel Cipher Structure:

Many symmetric block encryption algorithms, including DES, have a structure first described
by Horst Feistel of IBM in 1973.

Figure 2.2 Classical Feistel Network

• The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key
K.
• The plaintext block is divided into two halves, L0 and R0.
• The two halves of the data pass through n rounds of processing and then combine to
produce the ciphertext block.
• Each round i has as inputs Li-1 and Ri-1, derived from the previous round, as well as a
subkey Ki, derived from the overall K.
• In general, the subkeys Ki are different from K and from each other and are generated
from the key by a subkey generation algorithm.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
All rounds have the same structure:

• A substitution is performed on the left half of the data. This is done by applying a round
function F to the right half of the data and then taking the exclusive-OR (XOR) of the
output of that function and the left half of the data.

• The round function has the same general structure for each round but is parameterized
by the round subkey Ki.

• Following this substitution, a permutation is performed that consists of the interchange

of the two halves of the data.

• The Feistel structure is a particular example of the more general structure used by all
symmetric block ciphers. In general, a symmetric block cipher consists of a sequence of
rounds, with each round performing substitutions and permutations conditioned by a
secret key value.

The exact realization of a symmetric block cipher depends on the choice of the
following parameters and design features:

• Block size: Larger block sizes mean greater security (all other things being equal) but
reduced encryption/decryption speed. A block size of 128 bits is a reasonable tradeoff and
is nearly universal among recent block cipher designs.

• Key size: Larger key size means greater security but may decrease encryption/
decryption speed. The most common key length in modern algorithms is 128 bits.

• Number of rounds: The essence of a symmetric block cipher is that a single round
offers inadequate security but that multiple rounds offer increasing security. A typical size is
16 rounds.

• Subkey generation algorithm: Greater complexity in this algorithm should lead to

greater difficulty of cryptanalysis.

• Round function: Again, greater complexity generally means greater resistance to

cryptanalysis.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
There are two other considerations in the design of a symmetric block cipher:

• Fast software encryption/decryption: In many cases, encryption is embedded in

applications or utility functions in such a way as to preclude a hardware implementation.
Accordingly, the speed of execution of the algorithm becomes a concern.

• Ease of analysis: Although we would like to make our algorithm as difficult as possible to
cryptanalyze, there is great benefit in making the algorithm easy to analyze. That is, if the
algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for
cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its
strength. DES, for example, does not have an easily analyzed functionality.

Decryption with a symmetric block cipher is essentially the same as the encryption
process. The rule is as follows: Use the ciphertext as input to the algorithm, but use the
subkeys Ki in reverse order. That is, use Kn in the first round, Kn-1 in the second round, and
so on until K1 is used in the last round. This is a nice feature because it means we need not
implement two different algorithms, one for encryption and one for decryption.

2.2 DATA ENCRYPTION STANDARD

The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created in
the early 1970s by an IBM team and adopted by the National Institute of Standards and
Technology (NIST). The algorithm takes the plain text in 64-bit blocks and converts them
into ciphertext using 48-bit keys.

Since it’s a symmetric-key algorithm, it employs the same key in both encrypting and
decrypting the data. The key length is 56 bits (Actually, the initial key consists of 64 bits.
However, before the DES process even starts, every 8th bit of the key is discarded to
produce a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded).

DES Encryption:

There are two inputs to the encryption function: the plaintext to be encrypted and the key.

DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of
which is called a round. Each round performs the steps of substitution and transposition.
Let us now discuss the broad-level steps in DES.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
DES Encryption Algorithm:

• In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP)
function.
• The initial permutation is performed on plain text.
• Next, the initial permutation (IP) produces two halves of the permuted block; saying Left
Plain Text (LPT) and Right Plain Text (RPT).
• Now each LPT and RPT go through 16 rounds of the encryption process.
• In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block
• The result of this process produces 64-bit ciphertext.
Initial Permutation and Final Permutation (IP & FP):
The input to a table consists of 64 bits numbered from 1 to 64.The 64 entries in
the permutation table contain a permutation of the numbers from 1 to 64. Each entry in
the permutation table indicates the position of a numbered input bit in the output, which
also consists of 64 bits.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we
first need to expand right input to 48 bits.

XOR − After the expansion permutation, DES does XOR operation on the expanded right
section and the round key. The round key is used only in this operation.

Substitution Boxes − The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output.

There are a total of eight S-box tables. The output of all eight s-boxes is then combined in
to 32 bit section.

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

DES Analysis

The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.

Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.

Completeness − Each bit of ciphertext depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when key
selected are weak keys. These keys shall be avoided.

DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
3-KEY Triple DES

Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of
three different DES keys K1, K2 and K3. This means that the actual 3TDES key has length
3×56 = 168 bits. The encryption scheme is illustrated as follows −

The encryption-decryption process is as follows −

 Encrypt the plaintext blocks using single DES with key K1.

 Now decrypt the output of step 1 using single DES with key K2.

 Finally, encrypt the output of step 2 using single DES with key K3.

 The output of step 3 is the ciphertext.

 Decryption of a ciphertext is a reverse process. User first decrypt using K3, then encrypt
with K2, and finally decrypt with K1.

Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to use

a 3TDES (hardware) implementation for single DES by setting K1, K2, and K3 to be the
same value. This provides backwards compatibility with DES.

Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is replaced by K1.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
ADVANCED ENCRYPTION STANDARD

The Advanced Encryption Standard (AES) was published by the National Institute of
Standards and Technology (NIST) in 2001. AES is a symmetric block cipher that is intended
to replace DES as the approved standard for a wide range of applications.

The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can
be 16, 24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-
128, AES-192, or AES-256, depending on the key length.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
The input to the encryption and decryption algorithms is a single 128-bit block. This block
is depicted as a 4 × 4 square matrix of bytes. This block is copied into the State array,
which is modified at each stage of encryption or decryption. After the final stage, State is
copied to an output matrix. These operations are depicted in the below Figure.

Similarly, the key is depicted as a square matrix of bytes. This key is then expanded into
an array of key schedule words. Below shows the expansion for the 128-bit key. Each word
is four bytes, and the total key schedule is 44 words for the 128-bit key.

The AES cipher in more detail, indicating the sequence of transformations in each round
and showing the corresponding decryption function. Some comments about the overall
AES structure.

AES processes the entire data block as a single matrix during each round using
substitutions and permutation.

The key that is provided as input is expanded into an array of forty-four 32-bit words, w[i].
Four distinct words (128 bits) serve as a round key for each round

Four different stages are used, one of permutation and three of substitution:

• Substitutebytes: Uses an S-box to perform a

byte-by-byte substitution of the block

• ShiftRows: A simple permutation

• MixColumns: A substitution that makes use of arithmetic over

• AddRoundKey: A simple bitwise XOR of the current block with a portion of the
expanded key
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
AES ENCRYPTION AND DECRYPTION

The structure is quite simple. For both encryption and decryption, the cipher
begins with an Add Round Key stage, followed by nine rounds that each includes all
four stages, followed by a tenth round of three stages.

AES processes the entire data block as a single matrix during each round using
substitutions and permutation.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Substitute bytes

The forward substitute byte transformation, called SubBytes, is a simple table

lookup. AES defines a 16 × 16 matrix of byte values, called an S-box, that contains a
permutation of all possible 256 8-bit values.

Each individual byte of State is mapped into a new byte in the following way:

The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits
are used as a column value. These row and column values serve as indexes into the S-box
to select a unique 8-bit output value.

For example, the hexadecimal value {95} references row 9, column 5 of the S-
box, which contains the value {2A}. Accordingly, the value {95} is mapped into the value
{2A}.

The S-box is constructed in the following fashion:

Initialize the S-box with the byte values in ascending sequence row by row. The
first row contains {00}, {01}, {02}, …, {0F}; the second row contains {10}, {11}, {12}, …,
{1F}, etc.; and so on. Thus, the value of the byte at row x, column y is {xy}.

Map each byte in the S-box to its multiplicative inverse in the finite field GF(28);
the value {00} is mapped to itself.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Consider that each byte in the S-box consists of 8 bits labeled(b7, b6, b5, b4, b3, b2, b1,
b0). Apply the following transformation to each bit of each byte in the S- box: , where is
the ith bit of byte c with the value {63}; that is, (c7c6c5c4c3c2c1c0) = (01100011). The
prime (‘) indicates that the variable is to be updated by the value on the right.

The AES standard depicts this transformation in matrix form as follows:

In the above equation, each element in the product matrix is the bitwise XOR of products
of elements of one row and one column. Furthermore, the final addition shown in equation
is a bitwise XOR. As an example, consider the input value {95}. The multiplicative inverse
in GF(28) is {95}-1 = {8A}, which is 10001010 in binary. Using Equation above the result
is {2A}, which should appear in row {09} column {05} of the S-box.

The inverse substitute byte transformation, called InvSubBytes, makes use of the
inverse S-box. It could be noted that the input {2A} produces the output {95}, and the
input {95} to the S-box produces {2A}. The inverse S-box is constructed by applying the
inverse of the transformation in equation stated above, followed by taking the
multiplicative inverse in GF(28). The inverse transformation is: where byte d={05}, or
00000101.

Shift Rows

The forward shift row transformation, called ShiftRows.

A circular byte shift in each

• 1st row is unchanged

• 2nd row does 1 byte circular shift to left

• 3rd row does 2 byte circular shift to left

• 4th row does 3 byte circular shift to left

 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Mix column

The forward mix column transformation, called Mix Columns, operates on each column
individually. Each byte of a column is mapped into a new value that is a function of all four
bytes in that column. The transformation can be defined by the following matrix
multiplication on State.

Each element in the product matrix is the sum of products of elements of one row and one
column. In this case, the individual additions and multiplications are performed in GF(28).
The Mix Columns transformation on a single column j(0 ≤ j ≤ 3)of State can be expressed
as:
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Add round key

In the forward add round key transformation, called Add Round Key, the 128 bits of State
are bitwise XORed with the 128 bits of the round key. The operation is viewed as a column
wise operation between the 4 bytes of a State column and one word of the round key; it
can also be viewed as a byte-level operation. The inverse add round key transformation is
identical to the forward add round key transformation, because the XOR operation is its
own inverse.

AES Key Expansion

The AES key expansion algorithm takes as input a four-word (16-byte) key and produces a
linear array of 44 words (176 bytes).
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

This is sufficient to provide a four-word round key for the initial Add Round Key stage and
each of the 10 rounds of the cipher. The key is copied into the first four words of the
expanded key. The remainder of the expanded key is filled in four words at a time. Each
added word w[i] depends on the immediately preceding word, w[i-1], and the word four
positions back, w[i-4]. In three out of four cases, a simple XOR is used. For a word whose
position in the w array is a multiple of 4, a more complex function is used.

The function g consists of the following subfunctions:

• RotWord performs a one-byte circular left shift on a word. This means that an input word
[B0, B1, B2, B3] is transformed into [B1, B2, B3, B0].

• SubWord performs a byte substitution on each byte of its input word, using the S-box.

• The result of steps 1 and 2 is XORed with a round constant, Rcon[j].

 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
The round constant is a word in which the three rightmost bytes are always 0. Thus, the
effect of an XOR of a word with Rcon is to only perform an XOR on the leftmost byte of the
word. The round constant is different for each round and is defined as Rcon[j] = (RC[j], 0,
0, 0),with RC[1] = 1, RC[j] = 2 * RC[j-1] and with multiplication defined over the field
GF(28).The values of RC[j] in hexadecimal are

The RC4 Algorithm

• RC4 is a stream cipher RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA
Security.

• It is a variable key-size stream cipher with byte-oriented operations. The algorithm is

based on the use of a random permutation.

• Eight to sixteen machine operations are required per output byte, and the cipher can be
expected to run very quickly in software.

• RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards
that have been defined for communication between Web browsers and servers.

• It is also used in the WEP (Wired Equivalent Privacy) protocol and the newer WiFi
Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN
standard. RC4 was kept as a trade.

• The RC4 algorithm is remarkably simply and quite easy to explain. A variable-length key
of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S,
with elements S[0], S[1],..., S[255]. At all times, S contains a permutation of all 8-bit
numbers from 0 through 255. For encryption and decryption, a byte k (see Figure 6.8) is
generated from S by selecting one of the 255 entries in a systematic fashion. As each
value of k is generated, the entries in S are once again permuted.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Initialization of S

To begin, the entries of S are set equal to the values from 0 through 255 in ascending
order; that is; S [0] = 0, S[1] = 1,..., S[255] = 255. A temporary vector, T, is also created.
If the length of the key K is

256 bytes, then K is transferred to T. Otherwise, for a key of length keylen bytes, the first
keylen elements of T are copied from K and then K is repeated as many times as
necessary to fill out T. These preliminary operations can be summarized as follows:

These preliminary operations can be summarized as follows:

/* Initialization */

for i = 0 to 255 do

S[i] = i;

T[i] = K[i mod keylen];

Next we use T to produce the initial permutation of S. This involves starting with S[0] and
going through to S[255], and, for each S[i], swapping S[i] with another byte in S according
to a scheme dictated by T[i]:
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

Because the only operation on S is a swap, the only effect is a permutation. S still contains
all the numbers from 0 through 255.

Stream Generation

Once the S vector is initialized, the input key is no longer used. Stream generation involves
cycling through all the elements of S[i], and, for each S[i], swapping S[i] with another byte
in S according to a scheme dictated by the current configuration of S. After S[255] is
reached, the process continues, starting over again at S[0]:

/* Stream Generation */

i, j = 0;

while (true)

i = (i + 1) mod 256;

j = (j + S[i]) mod 256;

Swap (S[i], S[j]);

t = (S[i] + S[j]) mod 256;

k = S[t];

To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the value k
with the next byte of ciphertext.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
BLOCK CIPHER MODES OF OPERATION

A block cipher considers fixed-length of text block say n bits and key as input and will
generate n bit block of cipher text as output. If suppose the length of the input been
considered is greater than n bits then the block cipher has to perform the encryption
process or decryption process by breaking the input text block into number of blocks with
n bits each. Similarly, there is an issue that if the same key been used for multiple blocks
there are chances that the key can be compromised. To solve this problem NIST has
proposed five modes of operation to apply block cipher in a variety of applications. These
five modes can be used in symmetric ciphers like DES and AES.

Five modes of Operation:

1. Electronic codebook (ECB) mode

2. Cipher block chaining (CBC) mode

3. Cipher feedback (CFB) mode

4. Output feedback (OFB) mode

5. Counter (CTR) mode

Electronic Codebook (ECB) Mode

This is the simplest mode of operation. Here in this approach plain text is considered one
block at a time and each block of plain text is been converted into cipher text block with a
key k as shown in the figure below. As there is unique cipher text been generated for every
plain text block it is termed as codebook.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
As specified if the plain text block has a greater number of bits then it will be divided into
number of blocks each having the length of n bits. Last block may have bits lesser than n
bits where padding of bits will be done. Above diagram depicts about encryption and
decryption. In encryption plain text Pi of n bits considered and key of n bits considered
and it is converted to cipher text Ci of n bits based on the algorithm used either DES or
AES.

Limitations:

If the plain text blocks are repeated in the input the cipher text blocks generated will also
be same. For lengthy messages this mode of operation is not appropriate due to its
weakness. So mostly this mode can be used if the data is less, for example encryption key.

Cipher block chaining (CBC) mode

To overcome the limitations specified earlier in ECB mode, if the same plain text block
appears more than once in the input also it should generate different cipher text blocks.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Initial block operation can be specified as

Ci = E ( k [ IV XOR Pi]) as depicted in the diagram for encryption and

Pi = IV XOR D (k, Ci) as depicted in the diagram for decryption

Thus, Decryption equation is derived from the encryption formula by applying decryption
function.

This initialization vector value has to shared between the sender and the receiver but it is
assumed it is not predicted by an adversary or an attacker. So IV can also be shared by
encrypting using ECB mode of operation.

Limitation:

If there is any change in the first block output it will be propagated to all the remaining
blocks. Consider a scenario that n+1 bits of plain text to converted to cipher text using n
bit encryption algorithm. As the number of bits are greater than n bits it will be divided
into two blocks as n-bit block and one-bit block. As per the concepts of the two modes of
operation if the number of bits is lesser then padding will be done. Here n-1 bits will be
padded to make the number of bits as n-bits in the second block. So, for one bit to be
converted to cipher text, n-1 values are added which is not necessary. This problem arises
due to the concept of block cipher. There are options where block cipher can be converted
into stream cipher so for processing stream ciphers there is a necessity of different modes
of operation. Here comes these modes of operation Cipher feedback (CFB) mode, output
feedback (OFB) mode and Counter (CTR) mode

Cipher feedback (CFB) mode

Padding a message is eliminated in a stream cipher to make the message blocks as an

integral number of blocks. If a single character to be transmitted it can be encrypted using
stream cipher.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

The above diagram depicts the CFB mode of operation. Here the unit of transmission is in
bits. Most commonly the bits considered is of length 8. Similar to CBC mode, chaining
process is considered. In an encryption process, previous cipher text is provided to n bits
shift register. Based on the encryption algorithm number of bits from MSB bits are
considered. In the diagram above, 64-bit encryption algorithm is been used. So, 64 MSB bits
are taken from the shift register and been provided as input to the algorithm along with key.
After encryption process output generated is also represented as 64 bits shift register. Based
on the plain text input size, the MSB bits from the shift register considered, which is
XORed with plain text to generate the cipher text output. When the next plain text unit to
be encrypted the shift register will be shifted left side by s bits, if the number of plain text
bits considered is s bits. After shifted the previous cipher text units generated is fed to the
LSB of shift register.

This process continues until there are no plain text units to be encrypted. When it is
depicted in the diagram for the encryption algorithm input is previous cipher text units along
with key K. So in decryption process also the same encryption algorithm been used. In
the final stage instead of plain text units to be XORed with the output of encryption
algorithm, cipher text units will be XORed to generate plain text units.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
It can be represented as
Encryption:

Ci = Pi XOR MSB(Oi) ----- (1)

Decryption:
Pi = Ci XOR MSB(Oi) ----- (2)
Here Oi represents the output generated from encryption algorithm.
Oi = E(k, Ii) where Ii is the input considered by the encryption algorithm.
Ii = LSB(Ii-1 || Ci-1 )
Limitation:
Here the number of bits XORed with plain text also have dependency with the plain text
bits. As in case of CFB if there is small change ( bit error) in the input, it will be

propagated until the last blocks.

Output feedback (OFB) mode

To avoid error propagation instead of considering cipher text units as fed

back units, output generated in the encryption algorithm Oi is fed back to the shift register.
Similarly, IV is nonce in OFB and it is unique to each execution of the encryption process.

It can be represented as
Encryption:

Ci = Pi XOR Oi ----- (1)

Decryption:
Pi = Ci XOR Oi ----- (2)
Here Oi represents the output generated from encryption algorithm.
Oi = E(k, Ii) where Ii is the input considered by the encryption algorithm.
Ii = Oi-1

One advantage of the OFB method is that bit errors in transmission do not propagate.

Limitation:
It is vulnerable to message modification attack.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Cipher
Feedback

Output
Feedback
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Counter (CTR) mode

In this mode of operation, counter value is used equivalent to the plain text block size.
Main requirement is that the counter value should be unique for each block. To make this
uniqueness the counter value will be incremented for subsequent blocks. Here there is no
chaining process as in case of OFB or CFB. Encryption is done by performing XOR
operation with the encrypted counter value and the plain text. In decryption, same order
of counter value is used. Encrypted counter value is XORed with cipher text to generate
the plain text. Here is the number of bits in the last block is lesser, only those number of
bits are considered, remaining bits are discarded. As in case of OFB initial counter value is
nonce value considered.

Advantages:

• Encryption can be done parallel for multiple blocks of plaintext or ciphertext. As there is
no chaining process involved.

• Software Efficiency is achieved due to parallelism in process like aggressive pipelining,

multiple instruction dispatch per clock cycle.

• Preprocessing is achieved because the encryption algorithm does not depend on the
plain text.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
• Random access is possible as any block of inputs can be processed. But in previous
modes of operation as previous block output to be provided as input this random access
is not possible.
• Security is achieved
• Simple to use
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
DIGITAL SIGNATURE STANDARD
The most important development from the work on public-key cryptography is the
digital signature. Message authentication protects two parties who exchange messages
from any third party. However, it does not protect the two parties against each
other either fraudulently creating, or denying creation, of a message. A digital signature
is analogous to the handwritten signature, and provides a set of security capabilities
that would be difficult to implement in any other way. It must have the following
properties:

• It must verify the author and the date and time of the signature
• It must to authenticate the contents at the time of the signature
• It must be verifiable by third parties, to resolve disputes
Thus, the digital signature function includes the authentication function.

Bob can sign a message using a digital signature generation algorithm. The inputs to the
algorithm are the message and Bob's private key. Any other user, say Alice, can verify the
signature using a verification algorithm, whose inputs are the message, the signature,
and Bob's public key.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
KEY DISTRIBUTION

There are two aspects for Key Management:

1. Distribution of public keys.
2. Use of public-key encryption to distribute secrets.

Keys distribution can be categorized into public key distribution and secret key distribution.

To distribute public keys there are various schemes like

1. Public announcement
2. Publicly available directory
3. Public key authority
4. Public key certificates

Public Announcement of Public Keys

In this distribution scheme the public keys are broadcasted to the large
community. The limitation in this public announcement is that anyone can announce the key.
Similarly a person A can pretend to be another person B and can publicly announce a public
key for that user B. So when all users are sending the messages encrypted using the public
key of user B it is actually can be decrypted only by user A.

Publicly Available Directory

To overcome the drawback of the public announcement all users can share their
public keys to the public directory which is maintained by an authority. Initially all users has
to register in this public directory and each user is authenticated by the authority to access
the public directory. So, it is not possible to perform masquerade attack. i.e., user A cannot
send another person B’s key. At any point of time the keys can be replaced by the
concerned user. This scheme also has a drawback that an adversary can compromise the
private key shared between the user and public authority.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Public-Key Authority

To avoid the weakness in the public directory scheme, each participant has to request the
public authority for user B’s public key by sending a time stamped request message. After
receiving the request message, public key authority sends a response as encrypted
message to the user A. Encryption is done using authority’s private key which
authenticates that the message is sent by the authority. Encrypted message has B's public
key, and the user A’s request message. Now if A wants to communicate with user B , user
A will send an encrypted message to user B with a nonce and identifier of user A.

After receiving user B will send the reply as an encrypted message with the nonce sent by
A and a new nonce value to uniquely identify the communication and to make an
assurance that user B has received the message correctly. Later A will also send the new
nonce value encrypted to make an assurance that both intended users are only
communicating.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Public-Key Certificates

In the public key authority, as each user has to contact authority in-order to get the public
keys. So bottleneck problem occurs. To avoid this issue each user will share the public key
to the central authority who is responsible for issuing certificates to the users. Each user
will be provided with certificate. So if any user wants to communicate they will exchange
the certificates to authenticate themselves. Certificate will have users public key and the
central authority’s private key.

Each certificate has

CA = E(PRauth, [T||IDA||PUa])

where PRauth is the private key used by the authority and T is a timestamp.

This certificate can be verified by performing

D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa)

SYMMETRIC KEY DISTRIBUTION USING SYMMETRIC ENCRYPTION

The scenario assumes that each user shares a unique master key with the key distribution

center (KDC).
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

1. A issues a request to the KDC for a session key to protect a logical connection to B. The
message includes the identity of A and B and a unique identifier,N1, for this transaction,
which we refer to as a nonce. The nonce may be a time-stamp, a counter, or a random
number; the minimum requirement is that it differs with each request. Also, to prevent
masquerade, it should be difficult for an opponent to guess the nonce. Thus, a random
number is a good choice for a nonce.

2. The KDC responds with a message encrypted using . Thus, A is the only one who can
successfully read the message, and A knows that it originated at the KDC. The message
includes two items intended for A:

• The one-time session key, , to be used for the session

• The original request message, including the nonce, to enable A to match this response
with the appropriate request

Thus, A can verify that its original request was not altered before reception by the KDC
and, because of the nonce, that this is not a replay of some previous request.

In addition, the message includes two items intended for B:

• The one-time session key, , to be used for the session

• An identifier of A (e.g., its network address),

These last two items are encrypted with (the master key that the KDC shares with B).They
are to be sent to B to establish the connection and prove A’s identity.
 UNIT II - ENCRYPTION TECHNIQUES AND
KEY MANAGEMENT
3. A stores the session key for use in the upcoming session and forwards to B the
information that originated at the KDC for B, namely,

Because this information is encrypted with , it is protected from eavesdropping. B now

knows the session key , knows that the other party is A (from), and knows that the
information originated at the KDC (because it is encrypted using ).

At this point, a session key has been securely delivered to A and B, and they may begin
their protected exchange. However, two additional steps are desirable:

4. Using the newly minted session key for encryption, B sends a nonce,N2 , to A.

5. Also, using ,A responds with , where f is a function that performs some transformation
on (e.g., adding one).

These steps assure B that the original message it received (step 3) was not a replay.

Note that the actual key distribution involves only steps 1 through 3, but that steps 4
and 5, as well as step 3, perform an authentication function.

SYMMETRIC KEY DISTRIBUTION USING ASYMMETRIC ENCRYPTION:

Simple Secret Key Distribution:

If A wishes to communicate with B, the following procedure is employed:

1. A generates a public/private key pair {PUa,PRa}and transmits a message to B
consisting of PUa and an identifier of A,IDA
2. B generates a secret key,KS , and transmits it to A, which is encrypted with A’s public
key.
3. A computes D(PRa,E(PUa,KS) to recover the secret key. Because only A can decrypt
the message, only A and B will know the identity of KS .
4. A discards PUa and Pra and B discards PUa.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Secret Key Distribution with Confidentiality and Authentication:

1. A uses B’s public key to encrypt a message to B containing an identifier of A(IDA)and a

nonce (N1) , which is used to identify this transaction uniquely.
2. B sends a message to A encrypted with Pua and containing A’s nonce (N1) as well as a
new nonce generated by B (N2). Because only B could have decrypted message (1), the
presence of N1 in message (2) assures A that the correspondent is B.
3. A returns N2 , encrypted using B’s public key, to assure B that its correspondent is A.
4. A selects a secret key KS and sends M=E(Pub,E(PRa,KS)to B. Encryption of this message
with B’s public key ensures that only B can read it; encryption with A’s private key ensures
that only A could have sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.

PUBLIC-KEY CRYPTOSYSTEMS:
Asymmetric algorithms rely on one key for encryption and a different but related key for
decryption. These algorithms have the following important characteristic.
• It is computationally infeasible to determine the decryption key given only knowledge of
the cryptographic algorithm and the encryption key.
In addition, some algorithms, such as RSA, also exhibit the following characteristic.
• Either of the two related keys can be used for encryption, with the other used for
decryption.
A public-key encryption scheme has six ingredients:
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT

Applications for Public-Key Cryptosystems:

 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
• Plaintext: This is the readable message or data that is fed into the algorithm as input.

• Encryption algorithm: The encryption algorithm performs various transformations on

the plaintext.

• Public and private keys: This is a pair of keys that have been selected so that if one is
used for encryption, the other is used for decryption. The exact transformations performed
by the algorithm depend on the public or private key that is provided as input.

• Ciphertext: This is the scrambled message produced as output. It depends on the

plaintext and the key. For a given message, two different keys will produce two different
ciphertexts.

• Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

Conventional Public-key

Needed to Work: Needed to Work:

1. The same algorithm with the 1. One algorithm is used for encryption
same key is used and
for encryption and decryption. decryption with a pair of keys, one for
2. The sender and receiver must encryption
share the and one for decryption.
algorithm and the key. 2. The sender and receiver must each
Needed for Security: have one of
1. The key must be kept secret. the matched pair of keys (not the same
2. It must be impossible or at least one).
impractical Needed for Security:
to decipher a message if no other 1. One of the two keys must be kept
information secret.
is available. 2. It must be impossible or at least
3. Knowledge of the algorithm impractical
plus samples of to decipher a message if no other
ciphertext must be insufficient to information
determine is available.
the key. 3. Knowledge of the algorithm plus one of
the keys
plus samples of ciphertext must be
insufficient
to determine the other key.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
RSA
RSA was developed by Ron Rivest, Adi Shamir, and Len Adleman at MIT in 1977.
It is a public-key cryptographic algorithm.
The RSA scheme is a block cipher in which the plaintext and ciphertext are integers
between 0 and n - 1 for some n.
A typical size for n is 1024 bits, or 309 decimal digits.
Applications of RSA
• Key Exchange in TLS, WTLS etc.
• Producing Digital Signatures in SSL Certificate, PGP, S/MIME etc.
• Encrypting Symmetric Keys in PGP, S/MIME etc.
Algorithm Description
Let Plaintext block - M, Ciphertext block - C
C = Me mod n

M = Cd mod n = (Me)d mod n = Med mod n

Both sender and receiver must know the value of n.
Sender knows the value of e and only receiver knows the value of d.
Public Key PU = {e, n}

Private Key PR = {d, n}

For this algorithm to be satisfactory for public-key encryption, the following requirements
must be met.

1. It is possible to find values of e, d, n such that Med mod n = M for all M < n.
2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n.
3.It is infeasible to determine d given e and n.
ɸ(n) = ɸ(pq) = ɸ(p) ɸ(q)

= (p-1) (q-1) ed mod ɸ(n) = 1

ed ≡1 mod ɸ(n)
d ≡e-1 modɸ(n)
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
RSA Algorithm

User B (Receiver):

1. Select p,q p and q both prime, p ≠ q

2. Calculate n = p * q
3. Calculate ɸ(n) = (p - 1)(q - 1)
4. Select integer e, gcd (ɸ(n), e) = 1; 1 < e < ɸ(n)
5. Calculated d d ≡e-1 mod ɸ(n)
Public key PU = {e, n} Private key PR = {d, n}
Encryption by User A (Sender) with User B’s Public Key:
Plaintext: M < n
Ciphertext: C = Me mod n

Decryption by User B (Receiver) with User B’s Private Key:

Ciphertext: C
Plaintext: M = Cd mod n
Decryption using CRT
M = Cd mod n
Vp = Cd mod p Vq = Cd mod q
Vp = Cd mod (p-1) mod p Vq = Cd mod (q-1) mod q
Xp = q ✕(q-1 mod p) Xq = p ✕(p-1 mod q)
M = (VpXp + VqXq) mod n

#Problem: Perform encryption and decryption for the parameters

p=3, q=11, e=7, M=5
Solution:
Encryption
C = Me mod n
n = p ✕q = 3 ✕11 = 33
C = 57 mod 33

53 = 125 ≡ 26 mod 33
56 ≡ 676 ≡ 16 mod 33
57 ≡16.5 ≡80 ≡14 mod 33
C = 14
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Decryption
M = Cd mod n
ɸ(n) = (p - 1)(q - 1) = 2.10 = 20
d ≡e-1 mod ɸ(n) => d ≡7-1 mod 20 => d=3
M = 143 mod 33
142 = 196 ≡31 mod33
M =5
Decryption
C=14, p=3, q=11 n=33
Vp = Cd mod (p-1) mod p Vq = Cd mod (q-1) mod q
Vp = 143 mod 2 mod 3 Vq = 143 mod 10 mod 11
Vp = 14 mod 3 =2 Vq = 143 mod 11 ≡33 mod 11 = 5
Xp = 11 ✕(11-1 mod 3) Xq = 3 ✕(3-1 mod 11)
Xp = 11 ✕(2-1 mod 3) = 11✕2 = 22 Xq = 3 ✕(3-1 mod 11) = 3 ✕4 = 12
M = (VpXp + VqXq) mod n = (2.22 + 5.12) mod 33 = (44+60) mod 33 = 5
M =5

Security of RSA
 Brute force
This involves trying all possible private keys.
 Mathematical attacks
There are several approaches, all equivalent in effort to factoring the product of two
primes.
 Timing attacks
• These depend on the running time of the decryption algorithm.
• Countermeasures to prevent timing attacks are (i) Constant exponentiation time,
(ii) Random delay, and (iii) Blinding

 Chosen ciphertext attacks

 This type of attack exploits properties of the RSA algorithm.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Elliptic Curve Cryptography

A major issue with the use of Public-Key Cryptography, is the size of numbers used, and
hence keys being stored. Recently, an alternate approach has emerged, elliptic curve
cryptography (ECC), which performs the computations using elliptic curve arithmetic
instead of integer or polynomial arithmetic.

The principal attraction of ECC, compared to RSA, is that it appears to offer equal security
for a far smaller key size, thereby reducing processing overhead.

Elliptic Curve

An elliptic curve is defined by an equation in two variables with coefficients. In general,

cubic equations for elliptic curves take the following form, known as a Weierstrass
equation: y2 + axy + by = x3 + cx2 + dx + e

where a, b, c, d, e are real numbers and x and y take on values in the real numbers.

Figure Example of Elliptic Curves

For our purpose, it is sufficient to limit ourselves to equations of the form
y2 = x3 + ax + b
where x,y,a,b are all real numbers, also define zero point O
• consider set of points E(a,b) that satisfy
• have addition operation for elliptic curve
geometrically sum of P+Q is reflection of the intersection R
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
If three points on an elliptic curve lie on a straight line, their sum is O. hence define
addition as:
1. O serves as the additive identity. Thus O = –O; for any point P on the elliptic curve, P +
O = P. In what follows, we assume P <> O and Q <> O.
2. The negative of a point P is the point with the same x coordinate but the negative of
the y coordinate; that is, if P = (x, y), then –P = (x, –y). These two points can be
joined by a vertical line & that P + (–P) = P – P = O.
Elliptic Curve Cryptography
 ECC addition is analog of modulo multiply
 ECC repeated addition is analog of modulo exponentiation
 need “hard” problem equivalent to discrete log
 Q=kP, where Q,P belong to a prime curve
 is “easy” to compute Q given k,P
 but “hard” to find k given Q,P
 known as the elliptic curve logarithm problem

 Certicom example: E23(9,17)

ECC Diffie-Hellman
 can do key exchange analogous to D-H
 users select a suitable curve Eq(a,b)
 select base point G=(x1,y1)
 with large order n s.t. nG=O
 A & B select private keys nA<n, nB<n
 compute public keys: PA=nAG, PB=nBG
 compute shared key: K=nAPB, K=nBPA
 same since K=nAnBG
 attacker would need to find k, hard

ECC Encryption/Decryption
 several alternatives, will consider simplest
 must first encode any message M as a point on the elliptic curve P m
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
 select suitable curve & point G as in D-H
 each user chooses private key nA<n
 and computes public key PA=nAG
 to encrypt Pm : Cm={kG, Pm+kPb}, k random
 decrypt Cm compute:
Pm+kPb–nB(kG) = Pm+k(nBG)–nB(kG) = Pm

Let us consider a simple example. The global public elements are q = 257;
Eq(a, b) = E257(0, -4), which is equivalent to the curve y2 = x3 - 4; and G =(2, 2).
Bob’s private key is nB = 101, and his public key is
PB = nBG = 101(2, 2)
= (197, 167).
Alice wishes to send a message to Bob that is encoded in the elliptic point
Pm = (112, 26).
Alice chooses random integer k = 41 and computes kG =41(2, 2) = (136, 128),
kPB = 41(197, 167) = (68, 84)
Pm + kPB = (112, 26)+ (68, 84) = (246,174).
Alice sends the ciphertext
Cm = (C1, C2) = {(136, 128),(246, 174)} to Bob.
Bob receives the ciphertext and computes
C2 - nBC1 =(246, 174) - 101(136,128)
= (246, 174) - (68, 84)
= (112, 26).
ECC Security
 relies on elliptic curve logarithm problem
 fastest method is “Pollard rho method”
 compared to factoring, can use much smaller key sizes than with RSA etc
 for equivalent key lengths computations are roughly equivalent
 hence for similar security ECC offers significant computational advantages
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Comparable Key Sizes for Equivalent Security

Symmetric ECC-based RSA/DSA

scheme scheme (modulus size in
(key size in bits) (size of n in bits) bits)

56 112 512

80 160 1024

112 224 2048

128 256 3072

192 384 7680

256 512 15360

DIFFIE HELLMAN KEY EXCHANGE

Whittfield Diffie and Martin Hellman are called the inventors of public key cryptography.

Diffie Hellman key exchange is the first public key algorithm published in 1976. Diffie
Hellman is a public key algorithm. It only used for key exchange. Does not used for
encryption and decryption. It is based on discrete logarithm. It is widely used in security
protocols and commercial products.

Primitive roots

Let ‘P’ be a prime then ‘b’ is a primitive root for P if the powers of b, 1, b, b2 , b3…. by
including all of the residue classes mod P except 0. Hence there must be P – 1 power of b.

Example 1:

If P = 7, then 3 is a primitive root for P because the power of 3 are 1, 3, 2, 6, 4, 5.

1, 3, 32, 33, 34 , …

1, 3, 9 mod 7, 27 mod 7, 31 mod 7

1, 3, 2, 6, 4, 5.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Example 2:

If P = 13, then 2 is a primitive root for P because the power of 2 are 1, 2, 22, 23, 24 , 25 ,
26 , …

1, 2, 4 mod 13, 8 mod 13, 16 mod 13, 32 mod 13m 128 mod 13, 256 mod 13

1, 2, 4, 8, 3, 6, 12, 11, 9, 5, 10, 7

Diffie Hellman Algorithm
Let ‘q ’ be a prime.
Given  where  < q and  s a primitive root of q.

User ‘A’ key generation

Select prime key XA where XA < q.
Calculate public key YA where YA =  XA mod q.

User ‘B’ generation

Select private key XB where XB < q.
Calculate public key YB where YB =  XB mod q.

Generationof secret key by user ‘A’

K = (YB)XA mod q
Generation of secret key by user ‘B’
K = (YA) XB mod q

Derivation
K = (YB)XA mod q
= ( XB mod q) XA mod q
= ( XB )XA mod q
= ( XA )XB mod q
= ( XA mod q) XB mod q
K = (YA) XB mod q
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
ElGamal cryptosystem

In 1984, T. ElGamal announced a public-key scheme based on discrete logarithms, closely

related to the Diffie-Hellman technique. The ElGamal cryptosystem is used in some form in
a number of standards including the digital signature standard (DSS) and the S/MIME
email standard. As with Diffie-Hellman, the global elements of ElGamal are a prime
number q and a, which is a primitive root of q.

Key Generation

User A generates a private/public key pair as shown.

1. chooses a private -secret key (number): 1 < xA < q-1

2. compute their public key: yA = a xA mod q.
3. A’s private key is XA and A’s public key is {q, a, YA}.

Encryption

B encrypts a message to send to A computing

1. Represent message M in range 0 <= M <= q-1 longer messages must be sent as blocks

2. Choose random integer k with 1 <= k <= q-1 one-time key K = yAk mod q

3. Encrypt M as a pair of integers (C1,C2) where C1 = ak mod q ; C2 = KM mod q

Decryption

A then recovers message by recovering key K as K = C1 xA mod q and computing M as M =

C2 K-1 mod q

Note: a unique k must be used each time otherwise result is insecure.

For example, let us start with the prime field GF(19); that is, q = 19. It has primitive roots
{2, 3, 10, 13, 14, 15}, We choose a = 10.
Use field GF(19) q=19 and a=10
Alice computes her key:

A chooses xA=5 & computes yA=105 mod 19 = 3

 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
Bob send message m=17 as (11,5) by

chosing random k=6

computing K = yAk mod q = 36 mod 19 = 7

computing C1 = ak mod q = 106 mod 19 = 11;

C2 = KM mod q = 7.17 mod 19 = 5

Alice recovers original message by computing:

recover K = C1 mod q = 11 mod 19 = 7

xA 5
compute inverse K-1 = 7-1 = 11

recover M = C2 K-1 mod q = 5.11 mod 19 = 17

If a message must be broken up into blocks and sent as a sequence of encrypted blocks, a
unique value of k should be used for each block.
Assignments
 Assignments

1. Perform encryption and decryption using the RSA algorithm for the following: p = 17; q
= 31, e = 7;M = 2. Use CRT for decryption.
2. Users A and B use the Diffie-Hellman key exchange technique, a common prime p=71
and a primitive root g=7 are used. If user A has private key XA=5, what is A’s public key YA?
If user B has private key XB=12, what is B’s public key YB? What is the shared secret key?
3. Using Elliptic curve encryption/decryption scheme, key exchange between users A and B
is accomplished. The cryptosystem parameters are, elliptic group of points E11(1,6) and
point G on the elliptic curve is G=(2,7). B’s secret key is nB=7.

Now when
(i) A wishes to encrypt the message Pm=(10,9) and chooses the random value K=3.
Determine the ciphertext Cm.

(ii) How will B recover Pm from Cm.

(iii) Find out B’s public key PB.
Part A – Q & A
Unit - II
 UNIT II - ENCRYPTION TECHNIQUES AND KEY MANAGEMENT
PART - A Questions
1. What are the different modes of operation in DES?

Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output
Feedback (OFB) Counter Mode

2. Write down the purpose of S-Boxes in DES?

Each row of a S-box defines a general reversible substitution. It consists of a set of eight
S-boxes, each of which accepts 6 bits as input and produces 4 bits as output.

3. What is the difference between diffusion and confusion?

In diffusion, the statistical structure of the plain text is dissipated into long-range
statistics of the cipher text. This is achieved by permutation. In confusion, the
relationship between the statistics of the cipher text and the value of the encryption key
is made complex. It is achieved by substitution

4. What is the difference between differential and linear cryptanalysis?

Differential cryptanalysis is the first published attack that C401.2 BTL 1 is capable of
breaking DES in less than encryptions. Linear Cryptanalysis method can find a DES key
given known 243plaintexts, as compared to247chosen plaintexts for differential
cryptanalysis

5. What are disadvantages of double DES?

Reduction to a single stage.

Meet in the middle attacks.

6. What is an avalanche effect?

It is that a small change in either the plaintext or the key should produce a significant
change in the cipher text. A change in one of the bit of the plaintext or one bit of the key
should produce a change in many bits of the cipher text

7. Define product cipher.

Product cipher performs two or more basic ciphers in sequence in such a way that the
final result or product is crypto logically stronger than any of the component ciphers.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
9. Brief the strength of triple DES.

It is a reuse DES implementation by cascading three instances of DES. It is believed to be

secure up to at least security

10. Define Cipher Feedback (CFB).

In Cipher Feedback (CFB) Input is processed s-bits at a time. Preceding cipher text is used
as input to the encryption algorithm to produce pseudorandom output, which is XOR ed
with plaintext to produce next unit of cipher text.

11. Define Cipher Block Chaining (CBC) mode.

In Cipher Block Chaining (CBC) mode the input to the encryption algorithm is the XOR of
the next 64 bits of plaintext and the preceding 64 bits of cipher text

12. Define Counter (CTR).

In Counter (CTR) mode each block of plaintext is XOR ed with an encrypted counter. The
counter is incremented for each subsequent block

13. Define electronic codebook (ECB).

The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled
one block at a time and each block of plaintext is encrypted using the same key. The term
codebook is used because, for a given key, there is a unique ciphertext for every b-bit block
of plaintext

14. Perform encryption and decryption using RSA Alg. for the following.. P=17;
q=11; e=7; M=88.

Soln: n=pq n=17*11=187 ö(n)=(p-1) (q-1) =16*10 = 160 e=7 C= Me mod n M = Cd mod
n

15. Perform encryption and decryption using RSA Alg. for the following.. P=7;
q=11; e=17; M=8.

Soln: n=pq n=7*11=77 ö(n)=(p-1) (q-1) =6*10 = 60 e=17 d =27 C= Me mod n C = 817
mod 77 = 57 M = Cd mod n = 5727 mod 77 = 8

16. What is an elliptic curve?

It is a plane algebraic curve defined by an equation of the form y2 = x3 +ax +b that is

non-singular also graph has no cusps or self intersections.
 UNIT II - ENCRYPTION TECHNIQUES AND KEY
MANAGEMENT
17. What is the difference between Rijndael and AES?

AES was developed by NIST .AES is a symmetric block cipher that is intended to replace
DES.NIST selected rijndael as the proposed AES algorithm. The two researchers who
developed and submitted Rijndael for the AES are the both cryptographers from Belgium.

18. What is the difference between the AES decryption algorithm and the
equivalent inverse cipher?

In AES decryption, we use inverse shift rows inverse sub bytes, add round key, inverse mix
columns. But in equivalent inverse cipher, we interchange inverse shift rows and inverse
sub bytes.

19. What are the operations used in AES?

Substitute bytes • ShiftRows • MixColumns • AddRoundKey

20. What is a Substitute byte transformation in AES?

The forward substitute byte transformation, called SubBytes, is a simple table lookup. AES
defines a 16x16 matrix of byte values, called an S-box that contains a permutation of all
possible 256 8-bit values. Each individual byte of State is mapped into a new byte in the
following way: The leftmost 4 bits of the byte are used as a row value and the rightmost 4
bits are used as a column value. These row and column values serve as indexes into the S-
box to select a unique 8-bit output value

21. Difference between private key and public key algorithm

Public key encryption encrypts data using the recipient’s public key and it cannot be
decrypted without using a matching private key. i.e., you need one key to lock (encrypt the
plaintext) and another key to unlock (decrypt the ciphertext). Private key cannot be used in
the place of the public key. If the locking key is made private, this system makes it possible
to verify that the documents were locked by the owner. The reason is that a message
encrypted by the sender can only be opened by a person with the matching public key,
thus verifying that the sender did actually hold the private key (meaning that the original
and non-tampered message has been received). Therefore, this is used for digital
signatures.

22. What is a Shift rows?

In shift row, a row shift moves an individual byte from one column to another, which is a
linear distance of a multiple of 4 bytes. In Forward Shift Row, each row perform circular left
shift. Second Row a 1-byte circular left shift is performed. Third Row a 2-byte circular left
shift is performed. For the C401.2 BTL 1 Fourth Row a 3-byte circular left shift is
performed. In Inverse Shift Row, each row perform circular right shift.
Part B – Questions
 Part-B Questions

Q. Questions CO K Level
No. Level

1 Explain in detail about DES and Triple DES. CO2 K1

2 Explain about AES in detail. CO2 K2

3 Explain about RC4 Algorithm. CO2 K2

Explain the RSA algorithm and explain the RSA

4 CO2 K2
with p=7,q=11,e=17,M=8. Discuss its merit.
Discuss the discrete logarithm and explain Diffie
5 Hellman Key Exchange algorithm with its merits CO2 K2
and demerits
Explain in detail about elliptic curve
6 cryptography CO2 K2

Users Alice and Bob use the Diffie Hellman key

exchange technique with

common prime q = 83 and primitive root α= 5.

7 (i) If Alice has a private key as 6, what is public key of CO2 K2

Alice?

(ii) If Bob has a private key as 10 , what is the public

key of Bob?

(iii) What is the shared secret key?

2. Users A and B use the Diffie-Hellman key exchange
technique, a common
prime p=71 and a primitive root g=7 are used. If
user A has private key X A =5, what is A’s public
8 key Y A ? If user B has private key X B =12, what CO2 K2
is B’s public key Y B ? What is the shared secret
key? Explain briefly about man-in-the-middle
man attack.
Supportive online
Certification courses
(NPTEL, Swayam, Coursera,
Udemy, etc.,)
Supportive Online Certification
Courses

Sl. Courses Platform

No.
1 Cryptography and Network Security NPTEL
2 Introduction to Cryptology NPTEL
3 Foundations of Cryptography NPTEL
4 Computational number theory and cryptography NPTEL
5 Cryptography Coursera
6 Applied Cryptography Coursera
7 Number theory and cryptography Coursera
8 Cryptography and Information theory Coursera
9 Asymmetric cryptography and key management Coursera
10 Symmetric Cryptography Coursera
11 Introduction to Cryptography Udemy
12 Cryptography with Python Udemy
13 Complete Cryptography master class Udemy
Real time Applications in
day to day life and to
Industry
Real Time Applications

1. Secure Communication
2. Diffie Hellman Algorithm can be used in
i. Transport Layer Security (TLS) / Secure Sockets Layer (SSL)
ii. Public Key Infrastructure (PKI)
iii. Internet Key Exchange (IKE)
iv. Internet Protocol Security (IPSec)
Assessment Schedule
(Proposed Date &
Actual Date)
 Assessment Schedule

Assessment Proposed Actual Course Program

Tool Date Date Outcome Outcome
(Filled Gap)
Assessment I

Assessment II
Model
Prescribed Text Books
& Reference
Prescribed Text & Reference
Books

Sl. Book Name & Author Book

No.

1 William Stallings, “Cryptography and Network Security Text Book

Principles and Practice”, Fifth Edition, 2011, Pearson Education
International

2 William Stallings and Lawrie Brown, “Computer Security Text Book

Principles and Practice”, Third Edition,2015, Pearson Education
International

3 Tim Mather, Subra Kumaraswamy and Shahed Latif, “Cloud Reference

Security and Privacy: An Enterprise Perspective on Risks and Book
Compliance”, 2009, Oreilly

4 Mikhail Gloukhovtsev, “IoT Security: Challenges, Solutions & Reference

Future Prospects”, 2018, Knowledge Sharing Article, Dell Inc. Book

5 Pradip KumarDas, Hrudaya Kumar Tripathy, Shafiz Affendi Mohd Reference

yusuf, Privacy and Security Issues in Big Data, An Analytical Book
View on Business Intelligence. Springer 2021.
Mini Project Suggestions
Mini Project
1. Command line interface for crypto functionality
2. Action history view with replay functionality (like a macro recorder) for all
algorithm operations (classic and modern)
3. An implementation of pairing based multi-partite key exchange protocols
4. Visualization of classic algorithms and its analysis
5. A demonstration of the interchangeability of PGP and S/MIME formats.
6. A demonstration of the S/MIME standard for secure e-mail.
7. Educational game for pupils
8. A visualization of zero-knowledge proofs
9. A visualization of the ACO algorithm for cryptanalysis of simple transposition
algorithms.
10. A visualization of Huffman codes.
 Thank you

Disclaimer:

This document is confidential and intended solely for the educational purpose of RMK Group of
Educational Institutions. If you have received this document through email in error, please notify the
system manager. This document contains proprietary information and is intended only to the
respective group / learning community as intended. If you are not the addressee you should not
disseminate, distribute or copy through e-mail. Please notify the sender immediately by e-mail if you
have received this document by mistake and delete this document from your system. If you are not
the intended recipient you are notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.