Transposition or permutation Ciphers Transposition ciphers hide the message by rearranging the letter order without altering the actual letters used We can recognise these since have the same frequency distribution as the original text Rail Fence cipher write message letters out diagonally over a number of rows then read off cipher row by row eg write message out as m e m a t e o a a t e t e t h t g p r y giving ciphertext memateoaatetethtgpry Row Transposition Ciphers a more complex scheme write letters of message out in rows over a specified number of columns then reorder the columns according to some key before reading off the columns Key 4 3 1 2 5 6 7 Plaintext a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ Product Ciphers Ciphers using substitutions or transpositions are not secure because of language characteristics hence consider using several ciphers in succession to make harder but two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new much harder cipher XOR Operation 0 0 1 0 1 1 1 0 Example 1100 0111 1011 Permutations Example P 0101 1010 Left Circular rotation or shift of a Block of Bits Input bit 1 bit 2 bit3 bit 4 Output bit2 bit 3 bit 4 bit1 Input Output bit 1 bit 2 bit3 bit 4 bit3 bit 4 bit 1 bit2 Basic Operation i th round Li Ri 1 Ri Li 1 F Ri 1 Ki Feistel Cipher Structure Virtually all conventional block ciphers have a structure first described by H Feistel of IBM in 1973 Parameters Block size larger block sizes mean greater security all other things being equal but reduce encryption decryption speed A block size of 64 bits is a reasonable tradeoff and is nearly universal in block cipher design Key Size Larger key size means greater security but may decrease encryption decryption speed The most common key length in modern algorithms is 128 bits Number of rounds The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security A typical size is 16 rounds 7 8 Feistel Cipher Structure Subkey generation algorithm Greater complexity in this algorithm lead to greater difficulty of cryptanalysis Round Function Again greater complexity generally means greater resistance to cryptanalysis Decryption Process The decryption process is as follows use the ciphertext as input to the algorithm but use the subkeys Ki in reverse order That is use Kn in the first round Kn 1 in the second and so on until K1 is used in the last round 9 Data Encryption Standard DES The most widely used encryption scheme is defined in the data encryption standard DES adopted in 1977 by National Institute of Standards and Technology NIST as a Federal Information Processing Standard 46 FIPS PUB 46 In 1994 NIST reaffirmed DES for federal use for another five years in FIPS PUB46 2 Block cipher 64 bits Key 64 bits but 8 bits are used as parity bits DES has a Feistel cipher structure with 16 rounds 10 Data Encryption Standard DES The process of decryption with DES is essentially the same as the encryption process The rule is as follows use the ciphertext as input to the DES algorithm but use the keys in reverse order That is use K16 in the first iteration K15 in the second iteration and so on until K1 is used o0n the sixteenth and last iteration The strength of DES Concerns about the strength of DES fall in two categories 1 Concerns about the design of the algorithm Despite numerous approaches no one has so far succeeded in discovering a fatal weakness in DES 2 Concerns about the use of a 56 bit key a 56 bit key is too small TRIPLE DEA Triple Data Encryption Algorithm TDEA uses three executions of the DES algorithm C EK3 DK2 EK1 P C ciphertext P plaintext EK X encryption of X using key K DK Y decryption of Y using key K Decryption is simply the same operation with the keys reversed P DK1 EK2 DK3 C C EK1 DK1 EK1 P With three different keys TDEA has an effective key length of 168 bits Other Symmetric Block Ciphers IDEA Blowfish RC5 CAST 128 Location Of Encryption Devices 1 2 The most powerful and most common approach to countering the threats to network security is encryption In order to use encryption it is necessary to decide what to encrypt and where the encryption process will be located There are two fundamental alternatives Link encryption End to end encryption 19 Link encryption In this case there is a encryption device on each side of each vulnerable link All traffic over all communications links is secured This approach requires a lot encryption devices in a large network Another disadvantage of this approach is that the message must be decrypted each time it enters a packet switch This is necessary because the switch must read the address in the packet header to route the packet Thus the message is vulnerable in each switch End to End Encryption The encryption process is carried out at the two end systems This solutions guarantees that the user data are secure However the traffic pattern is not protected because packet headers are transmitted in the clear 22