1

CHAPTER 1

INTRODUCTION
ITwin was invented by an Indian named Lux Anantharaman. He has
completed a Bachelors degree in Electrical and Electronic Engineering. He
studied in IIT in Chennai and he completed a Masters degree from IISc in
Bangalore. Lux was completing a part-time MBA at NUS Business School
in Singapore, but he put studies on hold because of the potential of iTwin.

ITwin is like two ends of an rod, without rod. It is simple to use as a

flash drive. It is exactly like plug and play. ITwin enables you to have
access to your desktop’s files while you are travelling. Similarly, you can
also use iTwin to access your office desktop’s files while on the go. The
only drawback is the speed of your internet connection. The faster it is
better is your experience. You can edit files on your desktop remotely when
you have access to the desktop. You can also backup files to your desktop
or office desktop.

It looks similar as USB device and it is designed by joining two halves.

One half is connected to your house or office PC and you have to carry
other half always with you. The part that you bring with you is used as a
key for obtaining the connection to your PC when you are far away from
your PC. When you connect another part of the iTwin device to your laptop
when you are on the road, the device makes a Virtual Private Network
(VPN) to your house or to the PC that you use in your office.

ITwin is completely new file sharing and remote access device developed
by a company named as iTwin. It is very similar like two ends of a cable,
but is does not need the cable. It is simpler to use than a flash drive. It is
just a plug and play device. With iTwin, it is possible to connect any two
online computers located anywhere in the world.
 2

Figure 1(a) : ITWIN

1.1 ITWIN USAGE :

When you plug-in iTwin, you will see a pop-up window, just as you
would if you connect USB device. Drag and drop files into this window to
share as many as you want. Leave one of the iTwin connected to the
computer. Plug-in the other halves of the iTwin to the computer, to which
you want to view, edit or remove those files. Eventhough, if you remotely
edit or remove files on the second computer, files on the first computer will
not be lost this is the another advantage of iTwin Be sure that the two
computers are online.
 3

Figure 1(b) : ITWIN Working

1.2 SPECIFICATIONS :

 Requires minimum of 512 MB RAM, but 1GB RAM is recommended.

 Requires 15 MB hard disk space.
 USB 2.0 port.
 Compatible with windows/OS X.
 AES 256-bit encryption
 Additional password support
 Supports Win XP, Vista and 7 and Mac OS X 10.6 and above
 Requires broad-band Internet access, 1Mbps upload speed
recommended
 All the automatic updates to the file-access product are free
 No storage capacity limitations
 No local storage on the iTwin units
 No "Temp Files" storage on the iTwin units
 Bi-Directional File Access
 Dimensions - 3.54 inches (90 mm) x 0.82 inch (21 mm) x 0.314 inch
(8.0 mm)
 4

 Weight : 0.11 pound (50g)

 Operating temperature: 32° to 158° F (0° to 70° C)
 Relative humidity: 5% to 95% non-condensing
 Maximum operating altitude: 10,000 feet (3000 m)
 Requires broadband internet access.
 5

CHAPTER 2
CHARACTERISTICS

2.1 Remote Desktop

This feature enables you to observe the desktop of the main computer
an allows you to manage the device. This is very useful medium for
managing your computer from a remote position and it can also be used
to offer tech support to somebody who experiencing computer problems
without actually being seated in front of the PC.

By making use of isolated Desktop you can also start Windows

Remote Desktop. This can be done with a single click which provides you
the access to multiple different applications as well as the data enclosed
in them on the remote PC.

2.2 Teleport Me :

The Teleport Me feature is the secret browsing tool that enables you to
surf the Internet lacking any limitations. Any websites that you open or
any information that you transmit passes through the protected Virtual
Private Network channel and uses the similar Internet connection that
your house or workplace PC uses.

If the main workstation cannot be left operating for some reason,

Teleport Me is intended to connect to the iTwin dedicated network services
to provide you a private connection. The company maintains dedicated
servers all over the Europe, Asia Pacific and the United States.

The Teleport Me feature is a helpful tool, mainly if you are browsing the
Internet on hotel or other types of public wireless networks where security
is an important issue. Teleport Me takes care that your private information
is protected from snooping eyes. It also ensures that no one is tracking
your browsing movement. There are no browsing limits which denote that
 6

you can browse your social media accounts, can watch programs, and
connect in any other activity you usually do online.

2.3 Office and Home Network Access :

You can access approximately everything that is connected to your

office or home network using the iTwin connect device. This includes
devices such as drives or network applications on an office network, or
devices like media servers, cameras, and televisions on your home server.
For accessing the network it does not require any set of connections and
arrangement. It automatically makes a secure VPN to your network.

2.4 Secure AES 256-bit Encryption :

Hardware grade security is provided in iTwin. AES (Advanced

Encryption Standard) 256-bit encryption is a security technology adopted
by the US government to defend top secret classified information. When
every part of the iTwin Connect device is paired with one another, a unique
encryption key is generated for each session to make sure all information
is protected prior to being transmitted over the Internet.

You can also configure the two-factor authentication integrated with

the iTwin Connect device. This enables you to setup an optional second
password on the one half of the USB device which you bring with you. If
you come about to lose this half of iTwin device, without using the second
password it cannot be accessed.

2.5 No subscription or Contract promise :

While using iTwin Connect, there is no subscription necessity or

contract commitment, you just have to pay a one-time cost of $130 for
lifetime access to the iTwin device. You can also own the device and be
able to use it in several ways you like. You do not have to be a mobile
expert. You can also use iTwin Connect for personal use as well as to help
family members that frequently call you for help with a computer problem.
 7

If they have one part of the iTwin device, you can access and managed the
Desktop and repair the problem.

2.6 FEATURES :

 iTwin is like a limitless secure USB flash drive.

 You can remotely edit shared files on your computer without

replacing files on main computer.

 Back-up data is safe and secure and it is very easy.

 There are no subscription fees for file access. But you need to pay
for one-time for drop box account with unlimited storage, which is
included in device cost. So, no additional fees ever.

 iTwin doesn’t store any data, it just enables a secure connection

between two computers. You can access files on remote computer,
only when you have physical half of the iTwin with you.

 Additionally, you can setup password for your iTwin for more
security. It has also a feature to remotely disable connection to
computer with other half of iTwin. It even uses AES encryption in
order to transfer data securely.

 Two iTwins together randomly generate a 256-bit AES key, every

time when they are paired physically and plugged into a computer.

 Smart crypto key resides on both halves of paired iTwin. Smart

crypto key is used for encrypting data congestion between two
iTwins.

 Unplug iTwin and all temp files are cleared automatically. This is
very much useful when using a computer that doesn’t belong to you.

 iTwin supports passwords of any length. Unlike other web and cloud
services, iTwin password is stored on itself, not on any server.
 8

 If you forget your password, simply pair both halves of your iTwin
and plug them into a computer and set a new password. There is no
need for any technical support.

 When using iTwin, connection between any two computers is

symmetrical. Access, copy, backup and remotely edit files on 1st
computer from 2nd computer, and on 2nd computer from 1st
computer. You will have access to files on both computers.

 In short, iTwin is just like a wireless device connecting two systems

online and securely transferring data between them.
 9

CHAPTER 3

AES ENCRYPTION
AES(Advanced Encryption Standard) is a identification for the
encryption of electronic data established by the U.S National Institute Of
Standards And Technology(NIST) in 2001.

AES has been adopted by U.S government and it replaces the Data
Encryption Standard(DES), which was published in 1977.The algorithm
reported by AES is a symmetric-key algorithm, meaning the same key is
used for encrypting and decrypting the data.

3.1 Advanced Encryption Standard :

The Advanced Encryption Standard (AES), also known by its

original name Rijndael is a specification for the encryption of electronic
data established by the U.S. National Institute of Standards and
Technology (NIST) in 2001.

AES is a subset of the Rijndael block cipher developed by

two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who
submitted a proposal to NIST during the AES selection process.] Rijndael
is a family of ciphers with different key and block sizes.

For AES, NIST selected three members of the Rijndael family, each
with a block size of 128 bits, but three different key lengths: 128, 192 and
256 bits.

AES has been adopted by the U.S. government and is now used
worldwide. It supersedes the Data Encryption Standard (DES), which was
published in 1977. The algorithm described by AES is a symmetric-key
 10

algorithm, meaning the same key is used for both encrypting and
decrypting the data.

In the United States, AES was announced by the NIST as

U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001. This announcement
followed a five-year standardization process in which fifteen competing
designs were presented and evaluated, before the Rijndael cipher was
selected as the most suitable (see Advanced Encryption Standard
process for more details).

AES became effective as a federal government standard on May 26,

2002, after approval by the Secretary of Commerce. AES is included in the
ISO/IEC 18033-3 standard. AES is available in many different encryption
packages, and is the first (and only) publicly accessible cipher approved
by the National Security Agency (NSA) for top secret information when
used in an NSA approved cryptographic module.

Figure 3.1 : Advance Encryption Standards

3.2 Definitive Sandards

The Advanced Encryption Standard (AES) is defined in each of:

 FIPS PUB 197: Advanced Encryption Standard (AES)

 ISO/IEC 18033-3:: Block ciphers

 11

3.3 Description of ciphers :

AES is based on a design principle known as a substitution–

permutation network, and is efficient in both software and
hardware. Unlike its predecessor DES, AES does not use a Feistel
network. AES is a variant of Rijndael which has a fixed block size of
128 bits, and a key size of 128, 192, or 256 bits. By contrast, Rijndael per
se is specified with block and key sizes that may be any multiple of 32 bits,
with a minimum of 128 and a maximum of 256 bits.

AES operates on a 4 × 4 column-major order array of bytes, termed

the state. Most AES calculations are done in a particular finite field.

For instance, if there are 16 bytes, these bytes are represented as this two-
dimensional array:

The key size used for an AES cipher specifies the number of
transformation rounds that convert the input, called the plaintext, into the
final output, called the ciphertext. The number of rounds are as follows:

 10 rounds for 128-bit keys.

 12 rounds for 192-bit keys.

 14 rounds for 256-bit keys.

Each round consists of several processing steps, including one that

depends on the encryption key itself. A set of reverse rounds are applied to
transform ciphertext back into the original plaintext using the same
encryption key.

3.4 High-level description of the algorithm

 Key Expansion—round keys are derived from the cipher key

using Rijndael's key schedule.
 12

 AES requires a separate 128-bit round key block for each round plus
one more.

 Initial round key addition:

o AddRoundKey—each byte of the state is combined with a

block of the round key using bitwise xor.

 9, 11 or 13 rounds:

o SubBytes—a non-linear substitution step where each byte is

replaced with another according to a lookup table.

o ShiftRows—a transposition step where the last three rows of

the state are shifted cyclically a certain number of steps.

o MixColumns—a linear mixing operation which operates on the

columns of the state, combining the four bytes in each
column.

o AddRoundKey

 Final round (making 10, 12 or 14 rounds in total):

o SubBytes

o ShiftRows

o AddRoundKey
 13

3.5 The SubBytes step :

Figure 3.5 : Rijndael S-box

In the SubBytes step, each byte in the state is replaced with its entry in
a fixed 8-bit lookup table, S; bij = S(aij).

In the SubBytes step, each byte in the state array is replaced with
a SubByte using an 8-bit substitution box. This operation provides the
non-linearity in the cipher. The S-box used is derived from
the multiplicative inverse over GF(28), known to have good non-linearity
properties.

To avoid attacks based on simple algebraic properties, the S-box is

constructed by combining the inverse function with an invertible affine
transformation.

The S-box is also chosen to avoid any fixed points (and so is

a derangement), i.e., While and also any opposite fixed points, i.e., .While
performing the decryption, the InvSubBytes step (the inverse of SubBytes)
is used, which requires first taking the inverse of the affine transformation
and then finding the multiplicative inverse.

3.6 The Shift Rows step :

In Shifted Rows step, bytes in each row of the state are shifted cyclically
to the left. The number of places the bytes are shifted differs from each
row.
 14

The Shift Rows step operates on the rows of the state; it cyclically shifts
the bytes in each row by a certain offset. For AES, the first row is left
unchanged. Each byte of the second row is shifted one to the left.

Similarly, the third and fourth rows are shifted by offsets of two and
three respectively. In this way, each column of the output state of
the ShiftRows step is composed of bytes from each column of the input
state.

The importance of this step is to avoid the columns being encrypted

independently, in which case AES degenerates into four independent block
ciphers.

Figure 3.6 : Shifted Rows step

3.7 The Mix Columns step :

In the Mix Columns step, the four bytes of each column of the state are
combined using an invertible linear transformation. The Mix
Columns function takes four bytes as input and outputs four bytes, where
each input byte affects all four output bytes.

Together with ShiftRows, MixColumns provides diffusion in the

cipher. During this operation, each column is transformed using a fixed
 15

matrix (matrix left-multiplied by column gives new value of column in the

state).

Matrix multiplication is composed of multiplication and addition of

the entries. Entries are 8-bit bytes treated as coefficients of polynomial of
order . Addition is simply XOR. Multiplication is modulo irreducible
polynomial . If processed bit by bit, then, after shifting, a
conditional XOR with 1B16 should be performed if the shifted value is
larger than FF16 (overflow must be corrected by subtraction of generating
polynomial). These are special cases of the usual multiplication in .

In more general sense, each column is treated as a polynomial

over and is then multiplied modulo with a fixed polynomial . The
coefficients are displayed in their hexadecimal equivalent of the binary
representation of bit polynomials from . The MixColumns step can also be
viewed as a multiplication by the shown particular MDS matrix in
the finite field . This process is described further in the article Rijndael Mix
Columns.

3.8 The AddRoundKey step :

In the AddRoundKey step, the subkey is combined with the state. For
each round, a subkey is derived from the main key using Rijndael's key
schedule; each subkey is the same size as the state.

The subkey is added by combining each byte of the state with the
corresponding byte of the subkey using bitwise XOR.
 16

Figure 3.8 The AddRoundKey

3.9 Optimization of the cipher :

On systems with 32-bit or larger words, it is possible to speed up

execution of this cipher by combining the SubBytes and ShiftRows steps
with the MixColumns step by transforming them into a sequence of table
lookups.

This requires four 256-entry 32-bit tables (together occupying 4096

bytes). A round can then be performed with 16 table lookup operations
and 12 32-bit exclusive-or operations, followed by four 32-bit exclusive-or
operations in the AddRoundKey step.

Alternatively, the table lookup operation can be performed with a

single 256-entry 32-bit table (occupying 1024 bytes) followed by circular
rotation operations.

Using a byte-oriented approach, it is possible to combine

the SubBytes, ShiftRows, and MixColumns steps into a single round
operation.

3.10 Known attacks :

 For cryptographers, a cryptographic "break" is anything faster than

a brute-force attack – i.e., performing one trial decryption for each
 17

possible key in sequence. A break can thus include results that are
infeasible with current technology.

 Despite being impractical, theoretical breaks can sometimes provide

insight into vulnerability patterns. The largest successful publicly
known brute-force attack against a widely implemented block-
cipher encryption algorithm was against a 64-bit RC5 key
by distributed.net in 2006.

 The key space increases by a factor of 2 for each additional bit of key
length, and if every possible value of the key is equiprobable, this
translates into a doubling of the average brute-force key search time.
This implies that the effort of a brute-force search increases
exponentially with key length. Key length in itself does not imply
security against attacks, since there are ciphers with very long keys
that have been found to be vulnerable.

 AES has a fairly simple algebraic framework. In 2002, a theoretical

attack, named the "XSL attack", was announced by Nicolas
Courtois and Josef Pieprzyk, purporting to show a weakness in the
AES algorithm, partially due to the low complexity of its nonlinear
components.

 Since then, other papers have shown that the attack, as originally
presented, is unworkable; see XSL attack on block ciphers.

 During the AES selection process, developers of competing

algorithms wrote of Rijndael's algorithm "...we are concerned about
[its] use ... in security-critical applications." In October 2000,
however, at the end of the AES selection process, Bruce Schneier, a
developer of the competing algorithm Two fish, wrote that while he
thought successful academic attacks on Rijndael would be
developed someday, he did not "believe that anyone will ever discover
an attack that will allow someone to read Rijndael traffic".
 18

 In 2009, a new related-key attack was discovered that exploits the

simplicity of AES's key schedule and has a complexity of 2119. In
December 2009 it was improved to 299.5. This is a follow-up to an
attack discovered earlier in 2009 by Alex Biryukov, Dmitry
Khovratovich, and Ivica Nikolić, with a complexity of 296 for one out
of every 235 keys.

 However, related-key attacks are not of concern in any properly

designed cryptographic protocol, as a properly designed protocol
(i.e., implementational software) will take care not to allow related
keys, essentially by constraining an attacker's means of selecting
keys for relatedness.

 Another attack was blogged by Bruce Schneier on July 30, 2009,

and released as a preprint on August 3, 2009. This new attack, by
Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry
Khovratovich, and Adi Shamir, is against AES-256 that uses only
two related keys and 239 time to recover the complete 256-bit key of
a 9-round version, or 245 time for a 10-round version with a stronger
type of related subkey attack, or 270 time for an 11-round version.
256-bit AES uses 14 rounds, so these attacks aren't effective against
full AES.

 The practicality of these attacks with stronger related keys has been
criticized, for instance, by the paper on "chosen-key-relations-in-
the-middle" attacks on AES-128 authored by Vincent Rijmen in
2010.

 In November 2009, the first known-key distinguishing

attack against a reduced 8-round version of AES-128 was released
as a preprint. This known-key distinguishing attack is an
improvement of the rebound, or the start-from-the-middle attack,
 19

against AES-like permutations, which view two consecutive rounds

of permutation as the application of a so-called Super-Sbox.

 It works on the 8-round version of AES-128, with a time complexity

of 248, and a memory complexity of 232. 128-bit AES uses 10 rounds,
so this attack isn't effective against full AES-128.

 The first key-recovery attacks on full AES were due to Andrey

Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and
were published in 2011. The attack is a biclique attack and is faster
than brute force by a factor of about four. It requires
2126.2 operations to recover an AES-128 key. For AES-192 and AES-
256, 2190.2 and 2254.6 operations are needed, respectively.

 This result has been further improved to 2126.0 for AES-128, 2189.9 for
AES-192 and 2254.3 for AES-256, which are the current best results
in key recovery attack against AES.

 This is a very small gain, as a 126-bit key (instead of 128-bits) would

still take billions of years to brute force on current and foreseeable
hardware. Also, the authors calculate the best attack using their
technique on AES with a 128 bit key requires storing 288 bits of data.

 That works out to about 38 trillion terabytes of data, which is more

than all the data stored on all the computers on the planet in 2016.
As such, this is a seriously impractical attack which has no practical
implication on AES security. The space complexity has later been
improved to 256 bits,] which is 9007 terabytes.

 According to the Snowden documents, the NSA is doing research on

whether a cryptographic attack based on tau statistic may help to
break AES.
 20

 At present, there is no known practical attack that would allow

someone without knowledge of the key to read data encrypted by
AES when correctly implemented.

3.11 Side-channel attacks :

 Side-channel attacks do not attack the cipher as a black box, and

thus are not related to cipher security as defined in the classical
context, but are important in practice. They attack implementations
of the cipher on hardware or software systems that inadvertently
leak data. There are several such known attacks on various
implementations of AES.

 In April 2005, D.J. Bernstein announced a cache-timing attack that

he used to break a custom server that used OpenSSL's AES
encryption. The attack required over 200 million chosen plaintexts.

 The custom server was designed to give out as much timing

information as possible (the server reports back the number of
machine cycles taken by the encryption operation); however, as
Bernstein pointed out, "reducing the precision of the server's
timestamps, or eliminating them from the server's responses, does
not stop the attack: the client simply uses round-trip timings based
on its local clock, and compensates for the increased noise by
averaging over a larger number of samples."

 In October 2005, Dag Arne Osvik, Adi Shamir and Eran Tromer
presented a paper demonstrating several cache-timing attacks
against the implementations in AES found in Open SSL and
Linux's dm-crypt partition encryption function. One attack was able
to obtain an entire AES key after only 800 operations triggering
encryptions, in a total of 65 milliseconds.
 21

 This attack requires the attacker to be able to run programs on the

same system or platform that is performing AES.

 In December 2009 an attack on some hardware implementations

was published that used differential fault analysis and allows
recovery of a key with a complexity of 232.

 In November 2010 Endre Bangerter, David Gullasch and Stephan

Krenn published a paper which described a practical approach to a
"near real time" recovery of secret keys from AES-128 without the
need for either cipher text or plaintext.

 The approach also works on AES-128 implementations that use

compression tables, such as Open SSL. Like some earlier attacks
this one requires the ability to run unprivileged code on the system
performing the AES encryption, which may be achieved by malware
infection far more easily than commandeering the root account.

 In March 2016, Ashok kumar C., Ravi Prakash Giri and Bernard
Menezes presented a very efficient side-channel attack on AES
implementations that can recover the complete 128-bit AES key in
just 6–7 blocks of plaintext/ciphertext which is a substantial
improvement over previous works that require between 100 and a
million encryptions.

 The proposed attack requires standard user privilege as previous

attacks and key-retrieval algorithms run under a minute.

 Many modern CPUs have built-in hardware instructions for AES,

which would protect against timing-related side-channel attacks.

3.12 : ENCRYPTION and DECRYPTION :

Encryption is the process of translating plain text data

(plaintext) into something that appears to be random and meaningless
 22

(ciphertext). Decryption is the process of converting ciphertext back to

plaintext.
To encrypt more than a small amount of data, symmetric
encryption is used. A symmetric key is used during both the encryption
and decryption processes. To decrypt a particular piece of ciphertext, the
key that was used to encrypt the data must be used.
The goal of every encryption algorithm is to make it as difficult as
possible to decrypt the generated ciphertext without using the key. If a
really good encryption algorithm is used, there is no technique
significantly better than methodically trying every possible key. For such
an algorithm, the longer the key, the more difficult it is to decrypt a piece
of ciphertext without possessing the key.
It is difficult to determine the quality of an encryption algorithm.
Algorithms that look promising sometimes turn out to be very easy to
break, given the proper attack. When selecting an encryption algorithm, it
is a good idea to choose one that has been in use for several years and has
successfully resisted all attacks
 23

CHAPTER 4
SYMMETRIC KEY ALOGORITHM
Symmetric-key algorithms are algorithms for cryptography that use
the same cryptographic keys for both encryption of plaintext and
decryption of ciphertext. The keys may be identical or there may be a
simple transformation to go between the two keys. The keys, in practice,
represent a shared secret between two or more parties that can be used to
maintain a private information link. This requirement that both parties
have access to the secret key is one of the main drawbacks of symmetric
key encryption, in comparison to public-key encryption (also known as
asymmetric key encryption).
4.1 TYPES :

 Symmetric-key encryption can use either stream

ciphers or block ciphers.

 Stream ciphers encrypt the digits (typically bytes), or letters (in

substitution ciphers) of a message one at a time. An example is
the Vigenere Cipher.

 Block ciphers take a number of bits and encrypt them as a single

unit, padding the plaintext so that it is a multiple of the block size.
Blocks of 64 bits were commonly used.

The Advanced Encryption Standard (AES) algorithm approved by NIST in

December 2001, and the GCM block cipher mode of operation use 128-bit
Blocks.

4.2 IMPLEMENTATIONS :

Examples of popular symmetric-key algorithms

include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik,
RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.
 24

4.3 Cryptographic primitives based on symmetric ciphers :

Symmetric ciphers are commonly used to achieve

other cryptographic primitives than just encryption.

Encrypting a message does not guarantee that this message is not

changed while encrypted. Hence often a message authentication code is
added to a ciphertext to ensure that changes to the ciphertext will be
noted by the receiver. Message authentication codes can be constructed
from symmetric ciphers (e.g. CBC-MAC).

However, symmetric ciphers cannot be used for non-

repudiation purposes except by involving additional parties.[citation
needed] See the ISO/IEC 13888-2 standard.

Another application is to build hash functions from block ciphers.

See one-way compression function for descriptions of several such
methods.

4.4 Construction of symmetric ciphers :

Many modern block ciphers are based on a construction proposed

by Horst Feistel. Feistel's construction makes it possible to build invertible
functions from other functions that are themselves not invertible.

4.5 Security of symmetric ciphers :

Symmetric ciphers have historically been susceptible to known-

plain text attacks, chosen-plaintext attacks, differential
cryptanalysis and linear cryptanalysis. Careful construction of the
functions for each round can greatly reduce the chances of a successful
attack.

4.6 Key ESTABLISHMENT :

Symmetric-key algorithms require both the sender and the recipient

of a message to have the same secret key. All early cryptographic systems
 25

required one of those people to somehow receive a copy of that secret key
over a physically secure channel.

Nearly all modern cryptographic systems still use symmetric-key

algorithms internally to encrypt the bulk of the messages, but they
eliminate the need for a physically secure channel by using Diffie–Hellman
key exchange or some other public-key protocol to securely come to
agreement on a fresh new secret key for each message (forward secrecy).

4.7 Key generation :

When used with asymmetric ciphers for key

transfer, pseudorandom key generators are nearly always used to generate
the symmetric cipher session keys. However, lack of randomness in those
generators or in their initialization vectors is disastrous and has led to
cryptanalytic breaks in the past. Therefore, it is essential that an
implementation uses a source of high entropy for its initialization.

4.8 Reciprocal cipher :

A reciprocal cipher is a cipher where, just as one enters

the plaintext into the cryptography system to get the ciphertext, one could
enter the ciphertext into the same place in the system to get the plaintext.
A reciprocal cipher is also sometimes referred as self-reciprocal cipher.
Examples of reciprocal ciphers include:

 Beaufort cipher

 Enigma machine

 ROT13

 XOR cipher

 Vatsyayana cipher
 26

CHAPTER 5

CRYPTOGRAPH
Cryptography involves creating written or generated codes that allow
information to be kept secret. Cryptography converts data into a format
that is unreadable for an unauthorized user, allowing it to be transmitted
without unauthorized entities decoding it back into a readable format,
thus compromising the data.
Information security uses cryptography on several levels. The
information cannot be read without a key to decrypt it. The information
maintains its integrity during transit and while being stored. Cryptography
also aids in nonrepudiation. This means that the sender and the delivery
of a message can be verified.
Cryptography also allows senders and receivers to authenticate each
other through the use of key pairs. There are various types of algorithms
for encryption, some common algorithms include :

 Secret Key Cryptography (SKC): Here only one key is used for both
encryption and decryption. This type of encryption is also referred
to as symmetric encryption.
 Public Key Cryptography (PKC): Here two keys are used. This type
of encryption is also called asymmetric encryption. One key is the
public key that anyone can access. The other key is the private key,
and only the owner can access it. The sender encrypts the
information using the receiver’s public key. The receiver decrypts
the message using his/her private key. For nonrepudiation, the
sender encrypts plain text using a private key, while the receiver
uses the sender’s public key to decrypt it. Thus, the receiver knows
who sent it.
 27

 Hash Functions: These are different from SKC and PKC. They use
no key and are also called one-way encryption. Hash functions are
mainly used to ensure that a file has remained unchanged.

Figure 5 : Block Diagram of Cryptography

5.1 Description of the Cryptograph :

 AES is based on a design principle known as a substitution-

permutation network, combination of both substitution and
permutation, and is quick in both software and hardware.

 AES is a variant of encryption family which has fixed block size of

128,192, or 256-bits.

 AES operates on a 4*4 matrix of bytes, termed as ‘state’.

 28

 Key size used for an AES cryptograph specifies the number of

repetitions of transformation rounds that are required to convert
input in plain text into output in cryptograph text.

 10 cycles of repetitions for 128-bit keys, 12 cycles of repetitions for

192-bit keys, 14 cycles of repetition for 256-bit keys.

5.2 Security:

 The design and strength of all key lengths of the AES algorithm (i.e,
128,192 and 256) are sufficient to protect categorized information
up to the confidential level.
 Highly confidential information requires use of either the 192 or 256
key lengths.
 The implementation of AES in commodity deliberates to safeguard
national security systems and/or information must be evaluated
and certified by NSA prior to their accession and use.

A. Hardware Grade Security

When two parts of iTwin connect are attached together and inserted
into a computer, a arbitrary 256-bit cryptographic key is generated on-
board the iTwin device. This cryptographic key is shared among the two
halves of the iTwin device using the particular iTwin connector.

The cryptographic key never leaves the device. All data and
information transferred by means of the two halves of iTwin is encrypted
using this cryptographic key.

The user can ‘join up’ the device to generate the keys anytime and any
number of times. The keys are saved only inside the device and not known
to any other entity.
 29

B. Two Factor Authentication

iTwin device provides 2-factor authentication for advanced security.

Access to your data is provided based on two different factors: Something
you have – your physical iTwin device.

Something you be familiar with –a password which you have to enter

before the iTwin device can be used.

Setting an iTwin device password is optional however we suggest

that you set the optional password throughout device initialization to
protect your data and network in the event that you lose the device.

The password set for your iTwin is stored only on the two halves of your
iTwin and nowhere else.

C. Remote Disable

In the one half of the iTwin is lost; connection between the two halves
of the device can be disconnected using the Remote Disable Feature.

This is done by entering a unique disable code in the iTwin Disable

Web Centre. The connection between the two halves of iTwin will be
disabled within 90 seconds and after that, it is impossible to gain access
to your data via the lost device even if somebody finds it.

D. End –to-End Encryption

The shared cryptographic key stored in the two parts of the iTwin
device are used to produce session keys which protect all information
transmitted over the Internet using industrial strength AES-256 bit
encryption.
 30

E. Twin Trust Authentication

Every iTwin half has given a unique device ID and an linked device
authentication key, adapted during manufacturing.

Every iTwin device also carries certified public certificates of Twin Trust
servers, inserted during manufacturing. Before allowing any data transfer,
every iTwin is authenticated by iTwin's Twin Trust servers.

After authenticating with Twin Trust, two halves of iTwin commonly

authenticate each other using their previously shared AES 256 bit crypto
key.

All communication between iTwin and Twin Trust server is secured

using HTTPS protocol.

Figure 5.2 : Cryptography Classification based on Security

 31

5.3 Performance:

 High speed and low RAM requirements were benchmark of the AES
election process.

 Thus AES executes well on a wide variety of hardware, from 8-bit

smart cards to high performance computer
 32

CHAPTER 6

COMPARISON OF ITWIN WITH USB AND CLOUD

STORAGE
 A USB flash drive is a data storage device that consists of flash
memory with an amalgamated universal serial bus interface.

 A Cloud storage is a model of data storage where digital data is

stored in logical pools, the physical storage spans multiple servers
and physical environment is typically owned and managed by a
hosting company and is accessed whenever needed.

 Drawback of USB is its size because of which it can be misplaced

easily.This is a problem if the data it contains is important and
secret.

 In Cloud storages, the data can be stolen or misused if the account

is hacked by someone. There are many more drawbacks like limited
storage, no security, backup, temp files, no remote disable.
 33

ITwin USB

$120 (approx.) for

Price $ 99. 64GB.

Access to computer's
Capacity entire 2GB to 256GB
hard drive & any
attached (depending on model).
storage.

Remote If you lose one If you lose the

Disable half, you can device, you lose

Remotely and expose your

disable it. data.

Data Standard USB

Encrypti devices don't

Support encryption.
on AES 256-bit. Need

additional

software.
 34

Creation of You can edit remote Yes. This leads to

2nd files confusion
directly, with no due to multiple
copy of file additional versions of the
copy created. same file.

Table 6 (a) : Comparison of ITWIN with USB

iTwin Clou storage

Ease of Plug'n'Play, install & configure it.

Need to create,
Installation remember &
use login.

Storage No storage limit and Has storage limits and

Limit & fee fee.
Monthly Fees Required

Security & Hardware based

Privacy security Password only.
plus optional
password &
Remote
Disable

Remote Directly edit your Remote editing requires

Editing home/ 2nd
 35

copy to be created on
office files remotely, other
computers.

Accidental
Delete present. Not present
Protection

Table 6 (b) : Comparison of ITWIN with Cloud Storage

 36

CHAPTER 7

ADVANTAGES AND APPLICATIONS

7.1 Advantages
 One-time straight payment gives you lifetime access of the device.

 The capability to disable the device remotely if it is lost or stolen.

 There are no restrictions in terms of file size or type.

 It has secure military grade AES encryption ensures secure file and
data transport.

 Personal VPN protects you on hotel as well as public Wi-Fi networks.

 Two-factor authentication provides additional security.

 Access to additional features such as your home or office network

as well as the devices connected to it.

 stretchy and safe browsing allows you to maintain your usual

browsing activities while you are travelling.

 iTwin Connect is well-suited with both Windows and Mac devices.

 iTwin works great in single user scenarios

 Small and easy to carry around just one device (single pairing)
 37

7.2 Applications :
 Most of the mobile professionals and individuals that want to access
their files and information in spite of where they are, select cloud
services for backing up and storing important documents.

 A cloud service is suitable and enables you to access your files from
some device with an Internet connection.

 Many cloud service providers deploy security technologies to

guarantee their customers that documents are securely transmitted
and stored.

 On the other hand, not anything is one hundred percent perfect that
means a device like iTwin Connect can help you cover up all of your
bases in the event of data break or loss.

 iTwin Connect device makes sure that your files reside private and
protected. as you own the device, it is just functional when attached
to the computer; it uses two-factor authentication and military grade
security, as well as performs functions that we have discussed in
this article.

 Even if you leave the main computer powered up so you can connect
to it from any place, your data and records stay protected.
 38

CHAPTER 8

CONCLUSION
ITwin is a extra-ordinary solution for users who wish to work from
home. They can remotely access, edit, and share files between home and
office computers. iTwin bypasses cloud services to turn your physical
storage into its own networking solution. Moreover, iTwin is simple plug
and play type device which solves drop box limitations extensively.

There's little doubt in our mind that the iTwin when used in single
form is pretty darn cool .The big update though is multiple user access,
which is where we feel the iTwin falls apart. For a very small group of two
or three people, it's not entirely onerous, but for groups any larger, the
pairing process and the requirement to have a full set of iTwins for every
user is a bit odd, so is the notion of keeping track of a dozen or more of
these iTwins in the host computer. For true multi-user access, iTwin is
going to need to figure out a way to pair additional iTwins with a single
iTwin host USB device, so users don't have to get a giant USB hub to
support a team of users or lug around another suitcase of parts if this is
a mobile platform.
 39

REFERENCES :

[1] "USB ‘A’ Plug Form Factor Revision 1.0" (PDF). USB Implementers
Forum. 23 March 2005. p. 1. Retrieved 4 April 2012.

[2]. USB deserves more support, "Business", Boston Globe Online

(Simson), 1995-12-31, retrieved 2011-12-12

[3]. USB connector guide". C2G. Retrieved 2 December 2013.

[4]. Michael F. Lewis (March 29, 2013). "Move over Al Gore, Kurt Vonnegut
invented the internet". Wordpress

[5]. Vernik, Gil, et al. "Data On-boarding in Federated Storage Clouds."

Proceedings of the 2013 IEEE Sixth International Conference on Cloud
Computing. IEEE Computer Society, 2013.

[6]. "Encryption Basics | EFF Surveillance Self- Defense Project."

Encryption Basics | EFF Surveillance Self-Defense Project. Surveillance
Self-Defense Project, n.d. Web. 06 Nov. 2013

[7]. "Public-Key Encryption - how GCHQ got there first!". gchq.gov.uk.

Archived from the original on May 19, 2010.

[8]. Ranger, Steve (24 March 2015). "The undercover war on your internet
secrets: How online surveillance cracked our trust in the web".
TechRepublic. Archived from the original on 2016-06-12. Retrieved 2016-
06-12.

[9]. Doctorow, Cory (2 May 2007). "Digg users revolt over AACS key". Boing
Boing. Retrieved 26 March 2015.

[10]. Sharbaf, M.S. (2011-11-01). Quantum cryptography: An emerging

technology in network security. 2011 IEEE International Conference on
Technologies for Homeland Security (HST).

[11]. Oded Goldreich, Foundations of Cryptography, Volume 1: Basic

Tools, Cambridge University Press, 2001, ISBN 0-521-79172-3
 40

[12]. "Cryptology (definition)". Merriam-Webster's Collegiate

Dictionary (11th ed.). Merriam-Webster. Retrieved 26 March 2015.

[13]. Gannon, James (2001). Stealing Secrets, Telling Lies: How Spies and
Codebreakers Helped Shape the Twentieth Century. Washington, D.C.:
Brassey's.

[14]. Liddell, Henry George; Scott, Robert; Jones, Henry Stuart;

McKenzie, Roderick (1984). A Greek-English Lexicon. Oxford University
Press.