### Create a StudySoup account

#### Be part of our community, it's free to join!

Already have a StudySoup account? Login here

# NW SECUR CNCPT CS 772

ODU

GPA 3.7

### View Full Document

## 36

## 0

## Popular in Course

## Popular in ComputerScienence

This 71 page Class Notes was uploaded by Armani Kunde on Monday September 28, 2015. The Class Notes belongs to CS 772 at Old Dominion University taught by Staff in Fall. Since its upload, it has received 36 views. For similar materials see /class/215317/cs-772-old-dominion-university in ComputerScienence at Old Dominion University.

## Reviews for NW SECUR CNCPT

### What is Karma?

#### Karma is the currency of StudySoup.

#### You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/28/15

Network Authentication Standards Kerbefro s Kerberos designed at MIT and it is name of a 3 headed dog It is a secret key based service for providing authentication in a network Some applications that use Kerberos telnet rsh and NFS The KDC shares a secret key called the master key with each principle each user and each resource Alice s master key K A is derived from her password The workstation asks the KDC for a limitedlifetime session key SA The KDC sends the workstation KASA and a ticketgranting ticket TGT dec T T contains Alice39s name SA and expiration time K W is the he KDC master key The workstation forgets Alice s password K A and remembers SA and the TGT This is illustrated as I Alice workstation KDC Alice passwd gt Alice needs a T GT gt lt KASA dec Her workstation sends the TGT to the KDC The KDC generates K AB and send to the workstation SAKAB amp a ticket to Bob KB quotAlicequot KAB Her workstation sends this ticket to Bob along with an authenticator KAB t where t is the current time to prove to Bob that she knows K A B Kerberos allows up to 5 minutes skew between clocks Bob sends back K AB t1 to prove that he is indeed Bob since he must knows K B to find out K AB Thereafter messages between Alice and Bob may be encrypted and integrity protected This is illustrated as l M workstation m rsh Bob gt Alice wants Bob T GT gt lt SA B0bquot KAB ticket to Bob ticket to Bob KB quotAlicequot KAB KAB t gt KAB t1 Public Key Cryptography All secret key algorithms amp hash algorithms do the same thing but public key algorithms look very different from each other What is common among all of them is that each participant has two keys and i and most of them are based on modular arithmetic Modular Arithmetic x mod n is the remainder of x when divided by n eg 8mod10 8 18 mod 10 8 24 mod 104 8mod7l 18mod74 24mod73 7 addition mod 10 886 l90 763 See Fig 61 for addition mod 10 Table quaunmlua Flame in Amman Mod11w to uAddition mod 10 can be used for encryption of digits Addk a secret key between 19 to each digit ifk 7 then 1987 is enttypttdto 8654 m Addl the of k to each digit innL131quot ifk 7 then skis 3 since 73 0 Thus 8654 will is decrypted to 1987 In the above table Eig 51 each quotIquot isthe intersection of I anal eg o is the intersection of3 and 7 gt Mu i 39 a nn multiplication mod 10 8x841x997x62 See Fig 52 for multiplication mod 10 Table qummwa c quure 62 Multipln miun ModIla m m multiplication by 1 3 7 9 works as a cipher since it peifomis 11 mapping ifk 7 then 1987 is encrypted to 7369 is dune by multiplying each digit by I the of It is the number to multiply by k to get I ifk7then kquot is3 since 7x3 1 In the above table Fig 62 each quot1quot is the intersection of k and k39l Note that only 3 have multiplicative inverse mod 10 gt What is so special about the set These numbers are to 10 ie they do not share with 10 any common factors other than 1 Note that 9 is not a prime number but it is relatively prime to 10 gt How many numbers less than n are relatively prime to n This quantity is referred to as 1397 n394 and is called the o Ifn isprime then 12 nI are all relatively prime and thus 0n nI o If n pq where p and q are two distinct primes then 0n 1q 1 for n 10 25 0102151l44 which is the set l379 gt E j cgone ntatibti eXponentiation mod 10 42686191759 See Fig 63 for exponen ation mod 10 Table Figure s3 memmim Mudqu it Amazing fact about since 0104 in Fig 53 Wtde mod 10 x mmod 10 x the i tulumn is identical to the 144 Mm eg15 5quot asquot and339d739h 11 then for any number x m For n 10 0104 Since m9 is 1 mod 4 39mod103mod103amp 69 mod 106m0d 106 in general for any X X9m0d 10xm0d10x For n 10 0104 e3 and d7 are exponentiative inverses since 37211m0d4 EncgptDecyypt 0 To encrypt m compute c me mod n 0 To decrypt c compute m cdmod n encIyptm c83 deciypt c m27 SignVerify d 0 To sign m compute s m mod n 0 To verify s compute m se mod n sign ml s 87 verify si m23l In public cryptography RSA RivestI Shamir amp Adleman Key length Variable long for security short for efficiency Most common values is 512 amp 1024 bits Block size plain text length is variable but i i key length amp cipher text length E q wilur key length Thus RSA is used for encrypting imam amount of data eg a secret key and then use the secret key cryptography for encryptingdecrypting amount of data R324 gag ofiilim 1 Choose two large primes p and q Typically 256 bits each amp keep them secret 2 Compute n pq amp 0n 1q1 It is very hard to factor n into p amp q 3 Choose a number 6 that is relatively prime to 0n 4 Find a number d that is the eXponentiative inverse of e ie 311 1 mod 0n 5 The ltengt amp the ltdngt T quot i v To encrypt a message m less than n c memod n To decrypt c m cdmod n This works since cd mod n med mod n me39d mod n m mod n 5 In To sign a message in less than n s mdmod n To verify s m semod n This also works since d semodnme modnmmodnm Every one knows the public key lte ngt To find the private key ltdngt you need to know 0n since ed 1 mod 0n To know 0n you need to know p and q since 061 PDQl Thus to break RSA you should know how to factor n to nd p and q Factoring a big number like n is hard The best technique to factor 512 bit number takes 30000 MIPSyears 1232 123123 15129 213 mod 678 1233 123213 26199 435 mod 678 1234 123435 53505 621 mod 678 123 87 mod 678 This requires small number multiplications and small number divisions 1232 123123 15129 213 mod 678 1234 213213 45369 621 mod 678 1238 621621 385641 537 mod 678 12316 537537 288369 219 mod 678 12332 219219 47961 501 mod 678 This requires multiplications and divisions instead of To efficiently compute 123 54 is represented in binary as I 1 0 1 1 0 I I I I ltltltltlt123Igt gtl gt gtI This requires multiplications andl divisions instead of Each 1 requires two multipliactions and two divisions and each 0 requires one multipliaction and one division Thus in the above we have three ls and two 0s and that yields 32 21 8 Note that we ignore the leading Mollienexam ale y 14 is represented in binary as Q A Klt V Klt ltJA Klt VN o This requires I multiplications and I divisions instead of 32 Two popular values for e are I and 216 1 These make public key operations on message m faster encryption and signature verification is me m requires 2 multiplications amp 2 d1v1sions 65537 In Choose random numbers X and y then p 2Xl32 amp q 2y132 Randomly choose p and q and make sure that they are not 1 mod 65537 the probability of rejection is l in 216 Once we selected p and q then n pq amp 001 011tI1 How to fine d such that ed 1 mod 0n Use Euclid algorithm see Section 74 page 187 of textbook The RSA keys public key 3 65537 11 private key Dif eHellman Alice and Bob agree on p large prime amp g lt p Pick SA 512bit random number Pick SB 512bit random number Compute T A gSA mod p Compute T B gSB mod p H Compute X mod p X is the same as Y x TBSA gSBSA Y TASB gSASB No one can compute g SASB by knowing g SA amp g SB The bucket BrigadeManin theMiddle Attach Mr X Pick SA Pick SX Pick SB time T A gSA mod p T X gSX mod p T B TA gtgt TA TX gtgt TX TX ltlt TX TB ltlt TB KAX TXSA modp KAX TASXdep KBX TX KBX TBSXmodp Possible Defense 0 Each personipicks S and computes Tigsi modp and Keeps S private and makes T public If Alice like to communicate with Bob she nds TB and computes KAB TBSA modp Then tells Bob she likes to communicate with him 0 Bob nds TA and hen computes KBA TASB modp This requires PKI public Key Infrastructure to manage T ElGammal Siga ature gt Each person has longterm publicprivate key pair Private S Public ltgp Tgt Where T gS modp gt For each message m to be signed Generate a permessage publicprivate key pair Private Sm Public Tm gsm modp Compute the message digest dm MD m Tm Compute the message signature X Sm dms mod p 1 Send In Tm andX gt Compute the message digest dm MD m Tm gt Compute Y1 gX and Y2 Tdem and If Y1 Y2 then the signature is correct Y1gX gSmdegSm gde m sum Tdem Y2 Dl lal SIEature Standard DSS Proposed by NIST based on a modi ed Version of ElF mmal algorithm Zero Knowledge Proof Slslems Graph t39mnmtphixm problem We consider two graphs ixumtphic if we can rename the verljces of one to get a graph identical to the other This is a well known Nneomplete problem Public Key Cryptography All secret key algorithms amp hash algorithms do the same thing but public key algorithms look very different from each other What is common among all of them is that each participant has two keys and and most of them are based on modular arithmetic Modular Arithmetic x mod n is the remainder of x when divided by n eg 8mod108 18 mod 108 24mod104 8mod71 18mod74 24mod73 gt addition mod 10 886 190 763 See Fig 61 for addition mod 10 Table u oauousu Flgnre 61 mumquot Modulo Io Encmgtian Addmon mod 10 can be used for eneryptmn of 64915 Addk a secret key between 179 to each 64ng m if k 7Lhen 198715 encryptedw 8654 Dec uhn Addek the additive inverse of k to each 64ng An addmve mvetse ofxxs the number you d have to addto xto get 0 m 1fk7Lhenrkxs 3 smee730 Thus 8654 will is deeryptedto 1987 In the above table Eig 61 each quot0quot is the intersection of k andrk eg0 is the intersection 0f3 ahd7 gt lim nn multiplication mole 8x841x997x5 See Fig 62 for multiplication mod 10 Table 0123455 00000000 10123455 20246802 303s9253 404Tzao4 SolosOso 606T8406 70f41352 80864203 909E7654 Figure 52 Multiplication Module l0 Emma multiplication by 1 3 7 9 works as a cipher since it performs 11 mapping ifk 7 then 1987 is encryptedto 7369 Det un is done by multiplying each digit by kquot Axloxl woowum NAochAowom wbumqmcco the multiplicative inverse of k It is the number to multiply by k to get 1 ifk 7 then k 1 is 3 since 7X3 1 In the above table M each quot1quot is the intersection ofk and k39l Euclide39s Algorithm Section 74 Efficiently nd multiplicative inverses mod n Given x and n it finds a number y such that xy mod n 1 if there is such y Note that only 1379 have multiplicative inverse mod 10 What is so special about the set 1379 These numbers are relatively prime to 10 ie they do not share with 10 any common factors other than 1 Note that 9 is not a prime number but it is relatively prime to 10 How many numbers less than n are relatively prime to n This quantity is referred to as and is called the 125 o Ifn isprime then 12 n1 are all relatively prime and thus 0n n1 o If n pq where p and q are two distinct primes then 0n m1q1 v m forn 10 2 5g1o4271571144 whxch 15 the gem 1379 g2 oneni oh I aiponmuauonmodlo 4268E61997E9 SeeFxg 673 for aiponmuahon mod 10Table Iquot 0 I 2 3 4 5 6 7 8 9 IO ll 12 Y E n nllll 2 Illlllll 3 IIHIIIIIIIIII 4 Il ll llllllllll 5 In 6 Illl ll ll llll 7 IInIInEnII IIIIIquot IIIIII Figure 63 Exponentiale Modulo Ia Amazmg fact about mu Smce glt1o4 mF1g 673xmmod10xmm mod 10 the 1quot column is identical m the HI column eg 1st 5 h 9 h and 3rd 73911 11 then for any number X For n 10 0104 m5 x3 35mod103amp x6 65m0d106 and in general X5 mod 10 X mod 10 m9 x3 39mod103amp x6 69mod106amp and in general X9 mod 10 X mod 10 m For n 10 0104 e3 and d7 are exponentiative inverses since 37211m0d4 EncgptDechpt 0 To encrypt m compute c me mod n 0 To decrypt c compute m Cd mod n 7 3 encryptmi c78 7 decrypt c m27i SignVerify 0 To sign m compute s mdmodn 0 To verify s compute m Se mod n sign ml s87 verify sE m23l In Qublic crlggtograghlg RSA Rivist Shamir amp Adleman Key length Variable long for security short for ef ciency Most common values is 512 amp 1024 bits Block size plain text length is variable but lt key length amp cipher text length key length Thus RSA is used for encrypting amount of data e g secret key and then use secret key cryptography for encrypting decrypting amount of data R321 A7 britiimia E 4 V39 Choose two large primes p and q typically 256 bits each amp keep them secret Comute n p amp 0 n Choose a number e that 1s relat1vely prime to 0n lfivlmi that 5amp1ij all l y q 9H 3 Find a number d that is the multiplicative inverse of emonn ie ed1m0d0n The ltengt amp the ltdngt Endg ggtD fy tf To encrypt a message m less than n cm modn To decrypt c d mc modn This works since cdmod n med mod n To sign a message m less than n s md mod n To verify s m se mod n This also works since semod n me39dmod n m mod n m Every one knows the public key lte ngt To nd the private key ltdngt you need to know 0n since ed 1 mod 0n To know 0n you need to p and q since 0n plq1 Thus to break RSA you should know Factoring a big number like n is hard The best technique to factor 512 bit number will take 30000 MIPSyears 1232 123123 15129 213 mod 678 1233 123213 26199 435 mod 678 1234 123435 53505 621 mod 678 1234 87 mod 678 This requires small number multiplications and small number divisions 1232 123123 15129 213 mod 678 1234 21321345369 621mod 678 1238 621621385641 537mod 678 12316537537288369 219 mod 678 12332 219219 47961 501 mod 678 This requires multiplications and divisions instead of To efficiently compute 123 54 is represented in binary as 1 l 0 1 1 0 I I I 123m I This requires E multiplications and I divisions instead of Each 1 requires two multipliactions and two divisions and each 0 requires one multipliaction and one division Thus in the above we have three ls and two 0s and that yields 32 21 8 Note that we ignore the leading 1 mf erzfe xam l yi 14 is represented in binary as I I yzy Zy 2 This requires a multiplications and I divisions instead of 32 Choose a random number n and if it is a prime for a 100 digit number the chances of success is l in 230 39 pick a lt n if aw mod n 1 m n is not prime all n is prime the probability of being wrong is l in 1013 Instead of selecting p q and then e see RSA algorithm we will select e rst then p and q Two popular values for e are I and 216 1 These makes public key operations on message m faster encryption and signature veri cation is me m requires 2 multiplications amp 2 d1v1s1ons quot1655371 uires l7 multiplactions amp l7 divisions binary value of e is M how to choose p amp q so that 3 is relatively prime to 0n plql Choose random numbers X and y then p 2Xl32 amp q 2yl32 To ensure that pl relatively prime to 3 we choose pl l mod3 or p 2mod 3 Hence choose p as k32 and to make sure that p is odd let k2xl 7 v n randomly choose p and q and and make sure that they are not 1 mod 65537 the probability of rejection is l in 216 Once we selected p and q then It pq and 0n p lql How to ne d such that ad 1 mod 0n Use Euclid algorithm see Section 74 page 187 of textbook The RSA keys public key lt365537 11gt private key Dif e Hellman Alice and Bob agree on p large prime amp g lt p Pick SA 512bit random number Pick SB 512bit random number Compute T A gSA mod p Compute T B gSB mod p gtgtgt ltltlt Compute X Compute Y SB mod p X is the same as Y why X TBSA gSBSA Y TASB SASB No one can compute g SASB by knowing g SA amp gal The hurka Ri ioadeM in u F I quot Attach Mr X Pick SA Pick SX Pick SB 11111123 TAgsA modp TXgSXm0dp TBgSBm0dp TA gtgt TATX gtgt TX TX ltlt TXTB ltlt TB KAX TXSA modp KAX TASXmodp KBX TXSBmodp KBX TBSXmodp Possible Defense Each person 139 picks S and computes T gsi mm 1 and Keeps S private and makes T public If Alice like to communicate with Bob she nds T B and computes KAB TB SA modp Then tells Bob she likes to communicate with him Bob nds T A and hen computes KBA T A 3 mod 1 This requires PKI public Key Infrastructure to manage T ElGammal Signature Each person have longtermpublidprivate key pair private S public lt g p T gt where T gS mod p For each message m to be signed 1 Generate a permessage publicprivate key pair private Sm public T m gsm mull 2 Compute the message digest dm MD m Tm 3 Compute the message signature X Sm de mod p 1 4 Send mX and Tm Verify 1 Cnmpnte 111211123ng digest 4m MD m Tm z Cnmpllte Y1 f and Y2 1quot 7 and If Y1Yz Lhexigmmnzix comm Prnpnsed by MST based nn mm li ed versinn nfElGammal algnrithm Zeta Knnwledge Prnnf Systems 56 wel 6mg isomorphixmpmblem We Insider twn yzphsix Irmrphir ifwe can rename the Venice nf nnetn get a g1th identical the nther mm zwall knuwn NE cnmplete prnhlem 6 3 Alice specify a large g1th GA and rename the Venice m prndnce annLhEr isnmnrphic g1th 65 gt The general way of encrypting a 64bit block is to take each of the 264 input values and may it to a unique one of the 264 output values This would take 264 64 270 bits to store this map Secret key cryptographic systems take a reasonable length I eg 64 bits and generate a oneone mapping that looks to someone who does not know the key completely random Ie any single bit change in the input results in a totally independent random number output For small values of k specify for each of the 2k possible values of the input the kbit output This takes k 2quot bits Eg for k8 we need 2048 bits For each of the I input bits specify the output position to which it goes This takes I log2 I bits Eg for I64 we need 645320 bits If we do only a single round then a bit of input can only affect 8 bits of output There is optimal number of rounds to achieve complete randomization e g 16 The following figure Fig 31 shows a secret key algorithm based on rounds of substations and permutation It takes the same effort to reverse decrypt Loop a n rounds A 64h nulput Figure 31 Example nfBlnck Encrypuon Divide input mm elghl srm pweces Eight 84m subs mlion iunctvons derived lrom the key Key length 54 bits 8 bits are used for parity check why is tha to make it 255 times less secure Read Why 56 bits section in the textbook How secure is DES 98 150K machine can break the key in 5 days For added security m39pte 125s is used I Basi shuctu39re of 1513 s Elg 239 niia Fermmauon Aarhu K mm K2 swap 2 and ngm nahes Fmar Pemmahun 1 A 54m aulpm Figure 32 Basic Smcmm mines The detty inn works by essentially running DES bat with keys in reverse order K16 K1 u The rierh39ru tsn inatng 339 This is not random to get IP and Reverse the arrows to get IP lnilial Permutation IP 50 42 34 26 18 102 40 8 48 16 56 5244362820124 397471555 54 46 3B 30 22 146 38646 14 54 56454032 24168 375451353 494133251791 364441252 5143352719113 353431151 5345372921135 342421050 5547393123157 33141949 1 2 a E 4 3 5 s 7 8 Figure 33 Inuial Pcrmulaliun 0mm Block momma um 1 mm umhil 5x hnzwmxmmhnsn 11 Final Permutation 1P4 m xnuzmunhzinpmAHCJDi dinrhuml mum mm uh umpul Amsdmz u Guida hg IliePeth 39 dlK ei E KIZLPermuIa nnL39 Fig 374 Praduczs Cg d Dg KtzG ne39ia nn Fig 35 Eight bits are discarded atpositions 9 18 22 25 from c amp 35 38 43 54 from D so that each K is 48 bits or next round 3 28 15 6 2 IO permutation to obtain the left half of K permutation to obtain the right half of Ki 1 39ADESR un39df Fig 376 64rdquot mput 54bit putput 644m oulpul 644m mput Encryp an Deeryuziun Figure 3 6 DES Round Wig denyp nn warkx a The output ofthe Mangm Func un M is the same for both encryption and decryption a In encryption M Ln RM 0 In decryption M amp M M Ln Ln u TheMana ermnctio Expands Rfrom 32 bit a 48 hits as shown in Egg7 It breaksR into eight 4bit chunks and Expand each to 6bit by concatenating the adj acent 2 bits lljllllllllllllllllll 1 39Lm39 39 Figure 37 Expansion nm to 43 bus Let CRirefer to i h chunk ofthe expandedR The 48bit K is broken to eight 6bit chunks Let CK refer to the i h chunk of K Let Si CR GK 5 is fed into an saw a substitution which produces 4bit output for each possible 6bit input Figure 38 ie 4 inputs are mappedto 1 output chunk f of chunk iofK Figure 35 Chunk nansronmnon The 8 Sboxes are speci ed in Fig 3910 316 Two ofthese tables are shown below Input 0115 1 and 6 Input bits 2 thru 5 L 000000010010001I01000101 0110011110001001101010111100110111101111 001110010011010001001011111011100000111010011011000101100100000111 01 Figure 3 9 Tabla 014th outputs 0fSrb0x 1 Ahits I thru 41 Input bi1s7and 12 Inpulbils sthru 11 0000000100100011010001010110011110001001101010111100110111101111 001111000110001110011010110011010010010111001011011100000001011010 01 The output ofthe eight Sboxes is permde as shown in Fig 3 g This is to ensurethat the output ofan Sbox in one round affects the input of multiple Sboxes on the next round Figure 317 Ptnllumlmn or the 32 bits mm the Sbuxes 11 Wh39sit39s39 So sneci f 1boutDE The sboxest Are they random No one knows Playing around With the S boxes can be dangerous gt Encrypts 64bit blocks using 128bit key It is similar to DES since it o operates in rounds o the mangler function runs in the same direction for both encryption and decryption Fig 318 shows the basic Structure of IDEA Flgure 313 Basic sinian 0mm Exclusiveo A quotonmodlmand x Multiplicationmoclz 6 These operations are mcmmc gtgt A gtgt A gtgt AX since a since aKK since axKxK a Th2 lZKbnkzyxs expunidmm m l rbnrkzys K1 K2 K52 A ugemmmg 3911 am kzys Fug m sm 25m andcammlzthz gemmmn g m I Figure 3720 Total number ofrounds 17 odd1317 amp even 24 15 Odd Round Fig 521 This is reversible using the inverse keys K4 xa x xi xd gure 33921 IDEA om Round 5 3722 39 Xu X5 XL xd Mangler Function we n Zn 69 I9 2M In m Yum Flgule 322 IDEA Evan Round How to reverse Just apply it again using the same m not the inverse keys asin oddroundsl Why From Figure 322 we have X a Xa Yout X b Xb Yout Yin Xa Xb Thus X a X b Xa Yout Xb Yout Xa Xb Yin Yin is the same if we use either Xa Xb 0r X a X b Similarly Zin is the same if we use either Xc Xd 0r X c X d Thus Yout amp Zout are the same in both encryption and decryption Since we know Yout and Zout we can get X a Yout Xa Yout Yout Xa Similarly we can get Xb Xc and Xd Encryption keys K1 K2 K3 K4 K5 K6 Decryption Keys K49391 K50 K51 K52391 K47 K48 gt Developed with the help of NIST as an Efficient Flexible Secure and Unencnmbered free to implement Encryption Standard for protecting sensitive nonclassi ed U S government information NIST selected an algorithm called Rijndael named after two Belgium cryptographers It uses a variety of block and key sizes 128 192 and 256 and the standards are named AES128 AES 192 AES25 6 Block sizes are fixed in all to 128 bits It is similar to both DES and IDEA in that there is rounds and key expansion mm N1 the number ofSZbit words in an encryption block for AESIZB Nb 4 Nk the number of 32bit words in an encryption key for AES128Nk 4 Nr the number of rounds It should be large enough to allow sufficient mixing so that each bit of a plain text block or a key has a complex effect on each bit of the resulting cipher text Nr 6 Max NbNk for ABS128 Nr 10 OctetSubstitution S box Figure 324 Rearrangement of octets rotating rows and columns AnMixColumn operation Replace a column with another Each octet of the input column is used as index to retrieve a column from a table Figure 326 Each retrieved column is rotated and The four rotated columns are d to produce the output column Figure 325 E E i n 11 19k high order nihbte Himaslm uup nghl towrarder rubble leu munmum mums Figlre 26 N xColumn Table a 14 2 dc I ad 3 4 luokups is its own inverse The inverse ofSbox is given by a different table Fig 327 Rotating is inverted by another rotation in the opposite direction The inverse ofMixColumn is called InvMixCoumn is similar to MixColumn using a different table Fig 3 28 Kc Exnanslo Arrange the key as Nk columns and Iterativer generate the next Nk columns see Figure 329 and 330 The Ci are constants de ned in Figure 331 mo Figuxe 329 gum key Wmquot mm ofsel 0 C m I I I W J Figure 3 30 mm kcy cxpamlun mm M Nk s s und Each roundis an identical sequence 0f3 operations 1 Each octet of the state has the Sbox applied 2 For ABS128 Row i of the state is rotated left i columns i0 I 2 3 3 Each column of the state has MiXColumn applied to it Im39eers e Rifu d s Since each operation is invertible decryption is done by performing the inverse of each operation in the opposite order and using the round keys in the reverse order gt RC4 is a stream cipher designed by Ron Rivest A long random string is called a onetime pad Page 93 gives a C code for RC4 onetime pad generator A stream cipher generates a onetime pad and applies it to a stream of plain text with Break the message into 64bit blocks padding the last one and Encrypt each block with the secret key Two problems Two identical plaintext blocks produces two identical cipher blocks Blocks can be rearranged or modi ed Example See Fig 43 where an eavesdropper Can see which sets of employees have identical or similar Can alter own salary to match another employee with higher salary Name Position Adams John 9 s t Bush 1 Accounting Clerk Houvex J Edgar wardrobe Consultant stem owatd fiirmatave Action Officer Woe Rosemary Audiovisual Supervisor i Block boundaries Figure 43 Payroll Data See Figure Fi 45 en on ampFi 46 dec lm I Initialization Vector is a randqu chosen number Thus continue holding continue holding Start attach produces different cipher blocks This also prevents the Chosen plain text attach Figum 45 mm Block cunning Entrypllan Decryption IS simple becaus e is its own inverse Figure 45 Clphcr Bloch chaining Decrypimn Modifying cipher Blocks You can modify the contents of one cipher block to make the plain text of next block as ou wish However the preceding plain text block will be garbled For example in Flagre 45 To change m6 to m396 we can change c5 to c395 Where CS is computed as c5 m6 m396 However the content 0fm5 will be garbage Eg change Jo Tacker salary from 354K to 374K as tree a c d A cy sesn sea urrry officer Rum l Tackex an A Syscem Securlty orttrares l 741221n l I I l bum 1 FB It is a stream cipher EncryptionDecryption is performed by x ing the message with onetime pad generated as follows 1 A 64bit IV is generated and is transmitted with the encrypted message 2 hr is the DES encryption of IV with the secret key 3 h i gt 1 is e ES encryption of h with secret key 4 The resulting onetime pad is m l b2 l b3 l 5 ch mfor39 The pad can be generated in advance of the message arrival If some hits of cipher text get garbled only the conesponding hits in the plain text get garbled I If one block is lost the rest ofthe blocks will be garbled If data is stored on disk you can not randomly read any block unless you decrypt all the preceding blocks Lfthe ltplaintext ni ciphertext c gt are lmown by midy he can modify rn into anything he wants nil 1 Calculate X c m c39 m39 X 2 Sends 039 instead ofc 3 The receiver calculates 339 X 11139 X X m39 o n e dback39Mod CFB CFB solves the rst two problems of on If one block is lost only the next block is garbled and the rest ofthe blocks will decrypt properly To randomly access one block you only need to access the preceding block 1 A 64bit IV is generated and is transmitted with the encrypted message 2 hr is the DES encryption of IV with the secret key 3 h i gt 1 is the DES encry tjon 0139th with secret key Thus you can39t generate a onetime pad in advance like OFB 4 t bl m for i1 2 Coun te n39M dde gbimj cm Figure 410 have the following advantages Y H can generate the onetime padin a 39 Youc dvance an randomly access any block without decrypting an the preceding blocks Disadvantage I If one block is lost the rest ofthe blocks will be garbled Efl Figure 410 It is called SDES or EDE encryplrdeu39yplrenu39ypl mgtgtgtgt E gtgtgtgt D gtgtgtgt E gtgtgtgtc K1 K2 K1 c gtgtgtgt E gtgtgtgt D gtgtgtgt E gtgtgtgt m CBC is used for stream encryption as shown is Fig 415 E encryp w m secrel key K D deanm w h seam key K1 encrypt mm seem key Kl Figure 415 EDE wuh cuc Am um mum AJDES P gtgtgt P39I 39 P gtgtgt Pquot39P gtgtgt P39I E E E A hash or message digest is a oneway function since it is not practical to reverse A function is cryptographicaly secure if it is computationally infeasible to find I A message that has a given message digest I A different message With the same message digest I Two messages that have the same message digest gt I Ron Rivest Message Digest MDfamily MD2 MD4 and MD5 w I NIST Secure Hash Algorithm SHAI ll 13101515111 They take an arbitrarylength string and map it to a xedlength quantity that appears to be randomly chosen For example two inputs that differ by only one bit should have outputs that look like completely independently chosen random numbers Ideally the message digest function should be easy to compute Like secret key algorithms digest algorithms tends to be computed in rounds The designers finds the smallest number of rounds necessary before the output passes various randomness tests and then add few more to be safe Alice authenticating Bob r gtgtgtgtgtgtgt r d ltltltltltltlt d MDKr r is a random number MDKr is the message digest ofK concatenated with r Alice computes MDKr and if d then Bob must know K Using Secret Key K between Alice amp Bob md where d MDKm gtgt md OK ifd MD Klm K is the shared secret between Alice and Bob This works for some MD algorithms that have the following property if dMDx then for some y d39MDxy dMDy 1 w 2vwl may intercepts ltmdgt and replace it with ltm39d39gt Where m39my and d39dMDy m receives ltm39d39gt and will compute MDKm9MDKmyMDKmMDydMDyd39 Thinking that Alice send m39 C0mputeMD m K instead ofMD Km C0mputeMDKmK Both Alice and Bob knows the shared secret K and generates b1 MDK bi MDKbi1 i23 send ci mi bi gtgt recv ci and compute mi ci bi Unix uses a modified DES to compute the hash of a password to prevent DES hardware from cracking Unix passwords I DES secret Key Pack the 7bit ASCII associated with each of the rst eight characters of the password into 56bit DES key I Salt A 12bit random number salt is stored with the hashed password to prevent dictionary attack The salt is used to modify the DES data expansion algorithm I H ashed password The modified DES is used with the secret key to encrypt the constant 0 The result is stored with the salt as the user s hashed password ypcat passwd grep wahab v f T39 1l39l l wahab homeWahab usrlocalbintc sh I is the salt 2x J 391 l is the 64 bit encryption of 8 char key In base64 encoding 64 bit block requires 646ll char It takes a message afarbitraty length and produces message digest The message must be multiple of 16 octets 128bit If the message is already multiple of 16 octets l6 octets of padding are added Otherwise p octets 1lt p lt15 are added Each pad octet contains the value n of padding 1ltnlt16 Eithp39 16 consider a message m of 10 bytes the padding length is 6 and the padded message is A b L MD padded message 16Aoctet checksum m1 mod 16quot1 octet n mod 16quot octet Figure 54 MDz Chccksum CultHamquot Figure Fig 55 is used for Pi substitution If time bl39naly representa nn nfpl um Htttfald time B 41 an 67 201 I612K1124 1 61 54 14 1612362411 6 19 911 167 5 242 192 199 115 140 152 147 43 217 122 76 110 202 341 155 117 so 253 212 224 22 105 2A 133 23 229 111 1911 72 196 214 211 ISE 222 71 1611 251 245 142 137 47 253 122 169 1114 121 145 21 17s 7 63 145194 16 137 11 54 95 13 123127 93 154 9a 144 5n 9 53 62 2114251 191247 151 3 255 25 4x 179 72 165 1x1 209 215 94 146 42 172 116 17111911 56 2101501641251le11 252107 226156116 4 241 51 14 1112 x11 49 68 so 150 143237 31 26 219153141 51 159 17 131 20 Flgun H MDZ mSuhinquon n61 padded message wilh appended 16mm checksum 16aclaf black message block nan ulna 0 MD intermemate m nexl musagc block Final MDZ after checksum processed Flam 5 6 MM Fnul p MD4 Was designed tn he zSZrhitwnn l nrienterl Sn it Cal1 he cnmpnted faster nn 324m CPU than an nctetrnnented MDz MD5 Was designed m hemm39e cnncerned with security than Speed Designed by NIST to produce 160bit digests It is more secure than MDS but little slower Fig 510 HMAC prepends the key to the data digests it and then prepends the key to the result and digests that It takes a varaiblelength key and a varaiblesized message and produces a fixedsize output of the same size as the underlying digest algorithm The key is padded with Os to be 512 bits

### BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.

### You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

## Why people love StudySoup

#### "I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

#### "I signed up to be an Elite Notetaker with 2 of my sorority sisters this semester. We just posted our notes weekly and were each making over $600 per month. I LOVE StudySoup!"

#### "I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

#### "It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

### Refund Policy

#### STUDYSOUP CANCELLATION POLICY

All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email support@studysoup.com

#### STUDYSOUP REFUND POLICY

StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here: support@studysoup.com

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to support@studysoup.com

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.