Transposition or permutation CiphersRail Fence cipherRow Transposition CiphersProduct CiphersSlide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Data Encryption Standard (DES)The strength of DESTRIPLE DEA (Triple Data Encryption Algorithm)Slide 16Slide 17Location Of Encryption DevicesSlide 19Slide 20Slide 21Slide 22Transposition or permutation Ciphers•Transposition ciphers hide the message by rearranging the letter order without altering the actual letters used.•We can recognise these since have the same frequency distribution as the original text.Rail Fence cipher•write message letters out diagonally over a number of rows •then read off cipher row by row•eg. write message out as:m e m a t e o a a t e t e t h t g p r y •giving ciphertextmemateoaatetethtgpryRow Transposition Ciphers•a more complex scheme•write letters of message out in rows over a specified number of columns•then reorder the columns according to some key before reading off the columnsKey: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZProduct Ciphers•Ciphers using substitutions or transpositions are not secure because of language characteristics•hence consider using several ciphers in succession to make harder, but: –two substitutions make a more complex substitution –two transpositions make more complex transposition –but a substitution followed by a transposition makes a new much harder cipherXOR Operation: Permutations:0 10 0 11 1 0Example1100 0111=1011Example P(0101)=1010Left Circular rotation (or shift) of a Block of Bits :Input: bit 1 bit 2 bit3 bit 4Output: bit2 bit 3 bit 4 bit1Input: bit 1 bit 2 bit3 bit 4Output: bit3 bit 4 bit 1 bit2Basic Operation (i-th round)Li=Ri-1Ri=Li-1 F(Ri-1, Ki)7Virtually all conventional block ciphers have a structure first described by H. Feistel of IBM in 1973.Parameters•Block size: larger block sizes mean greater security (all other things being equal) but reduce encryption/decryption speed. A block size of 64 bits is a reasonable tradeoff and is nearly universal in block cipher design.•Key Size: Larger key size means greater security but may decrease encryption/decryption speed. The most common key length in modern algorithms is 128 bits.•Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 roundsFeistel Cipher Structure8(+)(+)(+)•Subkey generation algorithm: Greater complexity in this algorithm lead to greater difficulty of cryptanalysis.•Round Function: Again, greater complexity generally means greater resistance to cryptanalysis.Decryption ProcessThe decryption process is as follows: use the ciphertext as input to the algorithm, but use the subkeys Ki in reverse order. That is, use Kn in the first round, Kn-1 in the second, and so on until K1 is used in the last round.Feistel Cipher Structure9•The most widely used encryption scheme is defined in the data encryption standard (DES) adopted in 1977 by National Institute of Standards and Technology (NIST), as a Federal Information Processing Standard 46 (FIPS PUB 46). In 1994, NIST reaffirmed DES for federal use for another five years in FIPS PUB46-2.•Block cipher (64 bits)•Key (64 bits, but 8 bits are used as parity bits)•DES has a Feistel cipher structure with 16 roundsData Encryption Standard (DES)10Data Encryption Standard (DES)•The process of decryption with DES is essentially the same as the encryption process. The rule is as follows: use the ciphertext as input to the DES algorithm, but use the keys in reverse order. That is, use K16 in the first iteration, K15 in the second iteration, and so on until K1 is used o0n the sixteenth and last iteration.The strength of DESConcerns about the strength of DES fall in two categories:1. Concerns about the design of the algorithm: Despite numerous approaches, no one has so far succeeded in discovering a fatal weakness in DES.2. Concerns about the use of a 56-bit key: a 56-bit key is too small!TRIPLE DEA(Triple Data Encryption Algorithm)•TDEA uses three executions of the DES algorithm.•C=EK3 [DK2 [EK1[P]]]C= ciphertext P=plaintextEK[X]= encryption of X using key KDK[Y]=decryption of Y using key K•Decryption is simply the same operation with the keys reversed P=DK1 [EK2 [DK3[C]]]•C=EK1 [DK1 [EK1[P]]]=?•With three different keys, TDEA has an effective key length of 168 bits.Other Symmetric Block Ciphers•IDEA •Blowfish•RC5•CAST-128Location Of Encryption Devices•The most powerful, and most common, approach to countering the threats to network security is encryption.•In order to use encryption, it is necessary to decide what to encrypt and where the encryption process will be located.•There are two fundamental alternatives:1. Link encryption2. End-to- end encryption19•Link encryptionIn this case there is a encryption device on each side of each vulnerable link.•All traffic over all communications links is secured. •This approach requires a lot encryption devices in a large network.•Another disadvantage of this approach is that the message must be decrypted each time it enters a packet switch. This is necessary because the switch must read the address in the packet header to route the packet. Thus the message is vulnerable in each switch.End-to-End Encryption•The encryption process is carried out at the two end systems.•This solutions guarantees that the user data are secure.•However the traffic pattern is not protected, because packet headers are transmitted in the