Network Security Encryption Decryption

Document Sample
Network Security Encryption Decryption Powered By Docstoc
					    Network Security
(Encryption & Decryption)

       Dr. R. K. Rao
      Entropy & Equivocation
• The concept entropy is employed in the
  design of secure systems.
• Entropy is a measure of uncertainty of a
  message source
• Entropy also defines the average amount
  of information per message
     Information in a Message
• Is related to the probability of occurrence
  of the message
• Messages with probability of either 0 or 1
  contain no information, since we can be
  confident concerning our prediction of their
• What is Information and how do we define
     Measure of Information
• Consider two messages:
  M1: Today temperature in London is 8
  degrees Centigrade
  M2: Today there was an earthquake in
  London downtown which leveled down
  many buildings.
• Which of the two messages convey more
  information? M1 or M2
      Measure of Information
• M1 does convey some information, which
  has cleared our uncertainty about the
  temperature in London (such temperatures
  are common around this time of the year)
• M2 is more surprising and certainly
  conveys more information
• Therefore, we can say that the information
  is related to the probability of occurrence
  of the message
      Measure of Information
• More probable the occurrence of the
  message, less is the information it
• Less probable the message is, more is the
  information it conveys

            I (M 1)  log 2
                            P(M 1)
        Definition of Entropy
• Suppose we have a message source:
            [M ]  M1 , M 2 ,...,M n

• The Entropy or the Average Uncertainty of
  the source is
                      n                  1
           H ( M )   P( M i ) log 2
                     i 1             P( M i )
       Definition of Entropy
• The Entropy can be considered as a
  measure of how much choice is involved
  in the selection of a message M
• When base of the logarithm is 2, the
  amount of uncertainty is expressed in
• When base is e, it is expressed in
 What the Cryptanalyst wants?
• Cryptanalyst will have intercepted some
  ciphertext, C, and will want to know how
  confidently he can predict a message (or
  key) given that particular ciphertext is
• That is, the conditional Entropy, H(M|C), of
  M given C.
                    n   m                    1
      H ( M / C )    P( M , C ) log 2
                    i 1 j 1            P( M / C )
• Equivocation, H(M|C), can be thought of
  as the uncertainty that message M was
  sent, having received C.
• The cryptanalyst would like this
  equivocation to approach to ZERO as the
  the amount of intercepted ciphertext, C,
   Practical Security Systems
• Consider, for example, a key is configured
  as a permutation of the alphabet.
• There are then 26! possibilites
• In an exhaustive search, one might expect
  to reach the right key at about halfway
  through the search.
• If we assume that each trial requires
  1micro second, what is the total time
  required to end the search?
       Confusion & Diffusion
• In practice, a statistical analysis using the
  frequency of occurrence of individual
  characters and character combinations
  can be used to solve many cipher systems
• Shannon, suggested two encryption
  concepts for frustrating the statistical
  endeavors of cryptanalysts
• These are: Confusion and Diffusion
• Confusion involves substitutions that
  render the final relationship between the
  key and ciphertext as complex as possible
• This makes it difficult to utilize a statistical
  analysis to narrow the search to a
  particular subset of the key variable space
• Confusion ensures that the majority of the
  key is needed to decrypt even very short
  sequences of ciphertext
• Involves transformations, nonlinear, that
  smooth out the statistical differences
  between characters and between
  character combinations
• An example of diffusion with 26-letter
  alphabet is to transform a message
  sequence M , M ,..., into a new message
              0   1

  sequence Y0 , Y1 ,..., .
• Use the transformation
                s 1
            Yn   M ni mod ulo  26
                i 0

• Where each character in the sequence is
  regarded as an integer modulo-26, s is
  some chosen integer and n=0, 1,..
• The letter frequency in the new message
  Y will be uniform than that of M
• Substitution encryption techniques, such
  as Caesar cipher and Trithemius
  progressive key cipher, are widely used in
• These ciphers offer little encryption
  protection. For substitution ciphers to fulfill
  Shannon’s concept of confusion, a more
  complex relationship is required
Substitution Box (Example)
          S-box (Example)
• This is an example of providing greater
  substitution complexity through the use of
  a non-linear transformation
• In general, n input bits are first
  represented as one of 2^n different
• The set of 2^n characters are then
  permuted so that each character is
  transposed to one of the others in the set
• The character is then converted back to an
  n-bit output
           S-box (Example)
• In general, it can be shown that there are
  (2^n)! different substitution or connection
  patterns possible
• When n=128, (2^128)! Is an astronomical
  Is the transformation non-linear?
• To verify that the transformation is non-
  linear, perform the following operations:
• C=T(a)+T(b)
• C’=T(a+b)
• If C=C’, the transformation is linear,
  otherwise it is non-linear
    Permutation Box or P-box
• In permutation (transposition), the
  positions of the plaintext letters in the
  message are simply rearranged, rather
  than being substituted with other letters of
  the alphabet as in classic ciphers
• For example, THINK might appear, after
  permutation, as the ciphertext HKTNI.
P-box example (binary data
            P-box example
• In the example, input data are simply
  rearranged or permuted
• This technique has one major drawback –
  it is vulnerable to trick messages
• A trick message is illustrated in the Figure.
• A single 1 at the input and all the rest 0
  quickly reveals one of the internal
      Product Cipher System
• Shannon suggested using product cipher
  or combinations of S-box and P-box
  transformations, which together yield a
  cipher system more powerful than either
  one alone
• This approach has been used by IBM in
  the LUCIFER system
• This approach is also the basis for Data
  Encryption Standard (DES)
Product Cipher System
      Product Cipher System
• Uses combination of P-boxes and S-boxes
• Decryption is accomplished by running the
  data backward, using the inverse of each
• The system is difficult to implement since
  each S-box is different, a randomly
  generated key is not usable and the
  system does not lend itself to repeated
  use of the same circuitry
            Lucifer System
• Used two different types of S-boxes which
  could be publicly revealed
• The input data are transformed by the
  sequence of S- and P- boxes under the
  dictates of a key
• The 25-bit key in this example designates,
  the choice of S1 and S0 of each of the 25
  S-boxes in the block. The details of the
  encryption devices can be revealed since
  security of the system is provided by the
        Present-day Ciphers
• The iterated structure of the product cipher
  system is typical of present-day ciphers
• The messages are partitioned into
  successive blocks of n bits, each of which
  is encrypted with the same key.
• The n-bit block represents one of the 2^n
  different characters, allowing (2^n)!
  different substitution patterns

Shared By: