Security Concept

Mr.Gopal Sakarkar

Mr. Gopal Sakarkar

 Today’s Agenda
• Introduction of Security Concept.

• Principal of Security.

• Classification of Security Attacks

Mr. Gopal Sakarkar

 Digital
Security

Computer Network
Security Security

Mr. Gopal Sakarkar

 Need of Network Security
• According to FBI statistics result (2007) , up
to five billion dollars is lost each year due to
black holes .
• Loss of important data. e.g. Credit Card, ATM Card
• Confidential information of business have
been stolen by competitors. e.g. ICICI vs HDFC
• Last but not least : Important data stolen from
military .
Mr. Gopal Sakarkar
 So, what do you mean by NS?
• It is vital component in information security
for securing all information passed through
computers network.
• It provide management policy for access
controls protection for H/W, S/W &
information in networking.

Mr. Gopal Sakarkar

 Principal of Security
• Confidentiality

• Authentication

• Integrity

• Non-repudiation

Mr. Gopal Sakarkar

 Confidentiality

• It specifies that only sender and intended

recipient(s) should be able to access the
contents of message.
e.g.: e-mail send by person A to person B.

Mr. Gopal Sakarkar

 Principal of Security
• Confidentiality

• Authentication

• Integrity

• Non-repudiation

Mr. Gopal Sakarkar

 Authentication

• It help to establish proof of identities.

e.g. : Login using Userid and Password.

Mr. Gopal Sakarkar

 Principal of Security
• Confidentiality

• Authentication

• Integrity

• Non-repudiation

Mr. Gopal Sakarkar

 Integrity

• Integrity means that changes need to be done

only by authorized entities and through
authorized mechanisms.

e.g. Updating bank account information

Mr. Gopal Sakarkar

 Principal of Security
• Confidentiality

• Authentication

• Integrity

• Non-repudiation

Mr. Gopal Sakarkar

 Non-repudiation

• Non- repudiation does not allow the sender or

receiver of a message to refuse the claim of not
sending or receiving that message.

Mr. Gopal Sakarkar

Classification of Security Attacks

Mr. Gopal Sakarkar

 Passive Attack
• A passive attack make use of information from
the system but does not affect system resource.
Passive
Attack

Release of
Traffic Analysis
Message Contents

Mr. Gopal Sakarkar

 Release of Message Contents
Hi, I am Bob

Hi, I am Bob
Hi, I am Bob

Mr. Gopal Sakarkar

 Passive
Attack

Release of
Traffic Analysis
Message Contents

Mr. Gopal Sakarkar

 Traffic Analysis

Meet me at Meet me
Cinemax at
Cinemax

Phhw ph dw
flqhpda

Mr. Gopal Sakarkar

 Active Attack
• It involve some modification of data stream or creation of a
false stream.

Active
Attack

Denial of
Replay Modification Service Masquerade

Mr. Gopal Sakarkar

 Replay
It involves passive capture of data unit and its
subsequent retransmission to produce an unauthorized
effect.
Transfer
Rs.1000 to
Darth.

Transfer Rs.1000
to Alice.

Mr. Gopal Sakarkar

 Active
Attack

Denial of
Replay Modification Service Masquerade

Mr. Gopal Sakarkar

 Modification
In which some portion of message is altered or that message
are delayed or reordered to produce an unauthorized affect.
Transfer
Rs.10,000
to Darth.
Transfer Rs.1,000
to Darth. Transfer Rs.10,000
to Darth

Mr. Gopal Sakarkar

 Active
Attack

Denial of
Replay Modification Service Masquerade

Mr. Gopal Sakarkar

 Denial of service
It have a specific target (Server), in which prevents or
inhabits the normal use or management of communication
facilities.

Mr. Gopal Sakarkar

 Active
Attack

Denial of
Replay Modification Service Masquerade

Mr. Gopal Sakarkar

 Masquerade
A masquerade is a type of attack where the attacker act as an authorized user
system in order to gain access to it or to gain greater privileges than they
are authorized for.

Mr. Gopal Sakarkar

 Summary

• Four goals have been defined for security

i.e. Confidentiality , Authentication, Integrity,
Non-repudiation.
• Security Attacks are classified in two parts
Active and Passive.
Mr. Gopal Sakarkar
 For Further Reading
• http://www.smartchip.com/flash/presentationV2.swf

• http://buchananweb.co.uk/asmn/unit03.swf

• http://www.computing.co.uk/computing/video/2246841/network-security

• http://en.kioskea.net/contents/courrier-electronique/fonctionnement-mta-mua.php3
• http://www.thepcmanwebsite.com/cgi-bin/web_tools/ascii.pl (converter)

• http://bytes.com/topic/c/answers/769137-how-convert-alphabet-numbers

• http://www.kerryr.net/pioneers/binary.htm

• http://services.exeter.ac.uk/cmit/modules/the_internet/slides/ch01s01s04.html (packet working)

Mr. Gopal Sakarkar

Conventional Encryption

31
 Caesar Cipher

It is a substitution cipher invented by Julius Caesar.

It replace each letter of the alphabet with the letter standing thired
Place further down the alphabet.
Let numerical equivalency of letter

A B C D E F G H …… z
0 1 2 3 4 5 6 7 25

32
 Caesar Cipher

Let , for each plaintext letter p, substitute the cipher letter :

C=E(3,p)=(p+3) mod 26
For generalize equation for encryption :
C=E(k,p)= (p+k) mod 26
For generalize equation for decryption :
P=D(k,C)=(C-K)mod 26

33
 Caesar Cipher
plain: abcdefghijklmnopqrstuvwxyz

key: defghijklmnopqrstuvwxyzabc

cipher: PHHW PH DIWHU WKH WRJD SDUWB

plain: MEET ME AFTER THE toga PARTY

Video
34
 “Rail-Fence” Cipher
It is use substitution method , in which plaintext is written down
As a sequence of diagonals and then read off as a sequence of
row.

35
“Rail-Fence” Cipher
DISGRUNTLED EMPLOYEE

D R L E O
I G U T E M L Y E
S N D P E

DRLEOIGUTE MLYESNDPE

36
Steganography
 What is Steganography?
Greek Words:
STEGANOS – “Covered”
GRAPHIE – “Writing”

• Steganography is the art and science of writing Stegosaurus: a covered lizard

hidden messages in such a way that no one apart (but not a type of cryptography)

from the intended recipient knows of the existence

of the message.

• This can be achieve by concealing the existence of

information within seemingly harmless carriers
or cover

• Carrier: text, image, video, audio, etc.

 Modern Steganography Techniques

Masking and Filtering: Is where information is hidden inside of a image using

digital watermarks that include information such as copyright, ownership, or
licenses. The purpose is different from traditional steganography since it is
adding an attribute to the cover image thus extending the amount of
information presented.

Algorithms and Transformations: This technique hides data in mathematical

functions that are often used in compression algorithms. The idea of this
method is to hide the secret message in the data bits in the least significant
coefficients.

Least Significant Bit Insertion: The most common and popular method of
modern day steganography is to make use of the LSB of a picture’s pixel
information. Thus the overall image distortion is kept to a minimum while
the message is spaced out over the pixels in the images. This technique
works best when the image file is larger then the message file and if the
image is grayscale.
 Basics of Modern Steganography

fE: steganographic function "embedding"

fE-1: steganographic function "extracting"
cover: cover data in which emb will be hidden
emb: message to be hidden
key: parameter of fE
stego: cover data with the hidden message
 Important Requirement for
Steganographic System
• Security of the hidden communication

• size of the payload

• Robustness against malicious and

unintentional attacks
Steganography Tools
 Basic Types of Ciphers

• Transposition ciphers – rearrange bits

or characters in the data
• Substitution ciphers – replace bits,
characters, or blocks of characters with
substitutes

45
 Encryption Methods
• The essential technology underlying virtually
all automated network and computer security
applications is cryptography
• Two fundamental approaches are in use:
– Conventional Encryption, also known as
symmetric encryption
– Public-key Encryption, also known as
asymmetric encryption

46
Conventional Encryption
Model

47
 Conventional Encryption
Five components to the algorithm
– Plaintext: The original message or data
– Encryption algorithm: Performs various substitutions
and transformations on the plaintext
– Secret key: Input to the encryption algorithm.
Substitutions and transformations performed depend
on this key
– Ciphertext: Scrambled message produced as output.
depends on the plaintext and the secret key
– Decryption algorithm: Encryption algorithm run in
reverse. Uses ciphertext and the secret key to produce
the original plaintext

48
 Conventional Encryption
M EK C DK M

EK defined by an encrypting algorithm E

DK defined by an decrypting algorithm D

For given K, DK is the inverse of EK, i.e.,

DK(EK(M))=M
for every plain text message M

50
 Today’s Agenda
• Cryptography and Encryption

• Encryption Principles

• Feistel Cipher Structure

• Data Encryption Standard (DES)

Mr. Gopal Sakarkar

 Cryptography
• It is a Greek word , means that “Secret
Writing”.

• Cryptography is an art and science for

achieving security by encoding the readable
format data in to a non-readable form.

Mr. Gopal Sakarkar

 Encryption
Encryption is a process of converting the plain text data in to ciphertext data.

Mr. Gopal Sakarkar

 Encryption Principles
• An encryption scheme has five ingredients:
– Plaintext
– Encryption algorithm
– Secret Key
– Ciphertext
– Decryption algorithm
• Security depends on the secrecy of the key, not the
secrecy of the algorithm.

Mr. Gopal Sakarkar

 Average time required for exhaustive key
search
Key Size Number of Time required at
(bits) Alternative Keys 106 Decryption/µs

32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours

128 2128 = 3.4 x 1038 5.4 x 1018 years

168 2168 = 3.7 x 1050 5.9 x 1030 years

Mr. Gopal Sakarkar

Conventional Encryption Model

Mr. Gopal Sakarkar

 Cryptography Process Depend on….

1. The type of operations used for transforming plaintext to

ciphertext.
1.1 Substitution
1.2 Transpose
2. The number of keys used
2.1 Symmetric (single key)
2.2Asymmetric(two-keys,orpublic-key encryption)
3. The way in which the plaintext is processed

Block Cipher Stream Cipher

Mr. Gopal Sakarkar

Substitution Process

Mr. Gopal Sakarkar

 Transposition Techniques

• Consider plain text message as a number

A=0 , B=1, C=2……..Z=25.
2
0
• Take plain text CAT = 19

Take N x N matrix of randomly chosen keys.

Mr. Gopal Sakarkar

 6 24 1
= 13 16 10
20 17 15

Multiply two matrix

2 31
6 24 1 0 216
X
13 16 10
19
= 325

20 17 15

Mr. Gopal Sakarkar

• Now compute a mod 26 value of the above
matrix.
31 5
216 mod 26 8
325 = 13

Now translate number to alphabet

5=F, 8=I and 13= N i.e. cipher text is FIN

Mr. Gopal Sakarkar

 Exercise - II
• Define a symmetric-key cryptography.
• Distinguish between a block cipher and a stream
cipher with an example.
• Decrypt a above example by taking a inverse of
original matrix i.e.
8 5 10
21 8
21
21 12 8
• Draw an algorithm , flowchart and write a C++
program for implementing Transposition
Techniques.

Mr. Gopal Sakarkar

 Summary

• Definition of Cryptography .
• Working of encryption principal.
• Substitution and transportation techniques .

Mr. Gopal Sakarkar

 For Further Reading
• http://buchananweb.co.uk/asmn/unit04.swf

• http://www.youtube.com/watch?v=IzVCrSrZIX8

• http://www.youtube.com/watch?v=ZdC7cnpYOwI&feature=related

Mr. Gopal Sakarkar

 Confusion and Diffusion

• Introduced by Claude Shannon to capture the two basic building blocks for any
cryptographic system.

• Confusion - Confusion seeks to make the relationship between the statistics of the
ciphertext and the value of the encryption key as complex as possible, again to
stop attempts to discover the key.

• Diffusion - The mechanism of diffusion seeks to make the statistical relationship

between the plaintext and ciphertext as complex as possible in order to prevent
attempts to assume the key.

Mr. Gopal Sakarkar

Approximate Alphabet Frequency

Mr. Gopal Sakarkar

 Feistel Cipher Structure

• It is block cipher symmetric encryption algorithms, first described by

Horst Feistel of IBM in 1973.

• It is depends on the choice of the following parameters

• Block size: larger block sizes mean greater security
• Key Size: larger key size means greater security
• Number of rounds: multiple rounds offer increasing security
• Subkey generation algorithm: greater complexcity will lead to greater
difficulty of cryptanalysis.
• Fast software encryption/decryption: the speed of execution of the
algorithm becomes a concern.

Mr. Gopal Sakarkar

Steps:
1. Input of plaintext with length 2w bits and key K.
2. Plaintext is divided into two halves L0 and R0.
3. These two halves pass through N round of processing to
produce CipherText block.
4. The key K is derived from subkey generation algo.
5. These two halves combine by applying a round function
‘F’ on right half of data and then taking
X-OR operation of the output of F with left half of data.

Mr. Gopal Sakarkar

Mr. Gopal Sakarkar
 Exercise
• List out the various Feistel ciphers Algorithm and explain each
in brief.

Mr. Gopal Sakarkar

 For Further Reading
• http://www.quadibloc.com/crypto/co040906.htm

• http://www.encryptionanddecryption.com/encrypt_decrypt_encyclopedia.ht
ml

Mr. Gopal Sakarkar

Data Encryption Standard (DES)
I. It is a Block Cipher Symmetric algorithm.
II. It takes 64 bits plaintext and 56 (64) bits as a key.
III. It produce a 64 bits cipher text.
IV. It consist of 16 steps , called round.
Steps:
1. It take 64 bit plain text as given i/p to Initial Permutation Function (IPF).
2. IPF produce two halves, i.e. Left Plain Text (LPT) and Right Plain Text
(RPT)
3.Now, each LPT and RPT goes through 16 rounds of encryption process
with key K(56 bits).
4.At the end , LPT and RPT are rejoined and a final permutation (FP) is
performed which is being the inverse of IP on the combined block.
5. Finally the result produced 64 bits cipher
Mr. Gopal Sakarkartext.
 Plain Text (64 bits)

Initial Permutation

LPT RPT

Key ( K) 16 Rounds 16 Rounds

56 bits

Final Permutation

Cipher Text(64 bits)

DES Algorithm
Mr. Gopal Sakarkar
DES Encryption Overview

Mr. Gopal Sakarkar

 An Example
• Let M be the plain text message M = 0123456789ABCDEF,
where M is in hexadecimal (base 16) format.

Rewriting M in binary format, we get the 64-bit block of text:

• M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101
1110 1111
• L = 0000 0001 0010 0011 0100 0101 0110 0111
• R= 1000 1001 1010 1011 1100 1101 1110 1111
The first bit of M is "0". The last bit is "1". We read from left to right.

Let K be the hexadecimal key K = 133457799BBCDFF1

K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111
11110001
Cipher Text: 85E813540F0AB405.
Online Example
Mr. Gopal Sakarkar
The EFF's US $ 250,000 DES cracking machine contained 1,856 custom chips
and could brute force a DES key in a matter of days — the photo shows a
DES Cracker circuit board fitted with several Deep Crack chips.

Mr. Gopal Sakarkar

 Triple-DES with Two-Keys
• hence must use 3 encryptions
– would seem to need 3 distinct keys
• but can use 2 keys with E-D-E sequence
– C = EK1[DK2[EK1[P]]]
– no encrypt & decrypt equivalent in security
– if K1=K2 then can work with single DES
• standardized in ANSI X9.17 & ISO8732
• no current known practical attacks
Triple DES
 Summary

• Security of data is depend on secrecy of key not on the

encryption algorithm.

• Feistel Cipher Structure is basic structure for any symmentric

encryption algo.

• DES algorithm also called as DEA has been a cryptographic

alog. used from over four decades.

• It was adopted in 1977 by the National Bureau of Standards as

Federal Information Processing Standard 46 (FIPS PUB 46).

Mr. Gopal Sakarkar

 For Further Reading
• http://www.buchananweb.co.uk/asmn/unit03.swf
• http://williamstallings.com/Crypt-Tut/Crypto%20Tutorial%20-
%20JERIC.swf
• http://orlingrabbe.com/des.htm (IMP)
• http://www.tero.co.uk/des/explain.php

Mr. Gopal Sakarkar

 Exercise - III

• Explain a triple DES in detail.

• Find out the various application in which DES is implemented.

Mr. Gopal Sakarkar

Blowfish
Algorithm
 The Blowfish Encryption
Algorithm

• Developed by Bruce Schneier

• Keyed, symmetric block cipher
• Designed in 1993 .
• Can be used as a drop-in replacement for DES.
 The Blowfish Encryption
Algorithm (cont.)

• As a fast, free alternative to existing

encryption algorithms.
• Variable-length key.
• From 32 bits to 448 bits.
 The Blowfish Encryption
Algorithm (cont.)
• Fast: It used 32 bit microprocessors for 26
clock cycles per byte.
• Compact : It need less than 5 kb memory
for execution.
• Simple : It used primitive operations ,such
as addition , XOR ,etc.
• Secure : It has variable length key upto
448 bits long.
• Freely available source code
Mr. Gopal Sakarkar
 The Blowfish Encryption
Algorithm (cont.)
• Gained acceptance as a strong encryption
algorithm.
• Blowfish is unpatented and license-free, and is
available free for all uses.
• No effective cryptanalysis has been found to
date.
• More attention is now given to block ciphers with
a larger block size, such as AES or Twofish.
 7.07. Blowfish Key Schedule
• uses a 32 to 448 bit key
• used to generate
– 18 32-bit subkeys stored in K-array Kj
– four 8x32 S-boxes stored in Si,j
• key schedule consists of:
– initialize P-array and then 4 S-boxes using pi
– XOR P-array with key bits (reuse as needed)
– loop repeatedly encrypting data using current P & S and
replace successive pairs of P then S values
– requires 521 encryptions, hence slow in re-keying
 Blowfish Encryption
• uses two primitives: addition & XOR
• data is divided into two 32-bit halves L0 & R0
for i = 1 to 16 do
Ri = Li-1 XOR Pi;
Li = F[Ri] XOR Ri-1;
L17 = R16 XOR P18;
R17 = L16 XOR i17;
• where
F[a,b,c,d] = ((S1,a + S2,b) XOR S3,c) + S4,a
The Blowfish Algorithm
The Blowfish Algorithm: Encryption
(cont)

Diagram of Blowfish's F function

The Blowfish Algorithm: Encryption
(cont)
• Blowfish's F-function.
• Splits the 32-bit input into four eight-bit quarters, and
uses the quarters as input to the S-boxes.
• Outputs are added modulo 232 and XORed to produce
the final 32-bit output.
• Blowfish is a Feistel network, it can be inverted simply by
XORing P17 and P18 to the ciphertext block, then using
the P-entries in reverse order.
The Function F
 RC5
• It is symmetric key block encryption algorithm
developed by Ron Rivest.
• It is quite fast as it use only the primitive computer
operation i.e. XOR , addition, shift etc.
• It used variable number of round and variable bit-size
key.
• It required less memory for execution so that it not only
used for desktop computer but also for smart card and
other devices.

» 125

Mr. Gopal Sakarkar

 RC5 Working

• It used the plain text block size of 32,64, or 128 bits.

• The key length can be 0 to 2040 bits.
• Number of rounds can be from 0 to 255.

Mr. Gopal Sakarkar

 Divide plain text into two block
i.e. A ,B

Add A & S[0] to produce C

Add B & S[1] to produce D
Start with i=1

1. XOR C & D to 4.XOR D & F to

produce E produce G

2. Circular left shift E 5. Circular left shift

by D bits G by F bits

3. Add E & S[2] to 6. Add G & S[2i+1]

produce F to produce H
Increment i by 1

Call F as C (i.e. C=F) Check:

Call H as D (i.e. D=H) Is i>r ?
No
Yes
Mr. Gopal Sakarkar
Stop
 Lecture 3 Today’s Agenda
• IDEA Algorithm.

• Cipher Block Chaining.

• Location of encryption devices.

• Key Distribution

Mr. Gopal Sakarkar

International Data Encryption Algorithm

• It is one of the strongest cryptographic algorithm

invented in 1992.

• It is Block Cipher Symmetric cryptographic alog.

with 64 bits plain text and 128 bits length key.

• It is used both substitution and transposition

techniques for encryption

Mr. Gopal Sakarkar

 Working of IDEA
1.It take a 64 bits plaintext block as input and then
partition it into four part, say P1 to P4.
2. P1 to P4 are the inputs to the first round of the
algorithm.
3. It has eight round of encryption processing.
4. Each round use six-sub keys generated from original
key having 16 bits length.
5. Final step consist of an Output Transformation
Which use just four sub-keys , K49 to K52.

Mr. Gopal Sakarkar

 Working
Plain Text (64bits)
P1(16 bits) P2(16 bits) P3(16 bits) P4(16 bits)

K1
Round 1 K2
….
K6

Round 2 ….K 7
K 12
……………….
Round 6 …. K 43
K 48
…. K 49
Output Transformation ….
K 52
C1(16 bits) C2(16 bits) C3(16 bits) C4(16 bits)

Cipher Text (64bits)

Mr. Gopal Sakarkar
 Working of Rounds
• Each round has a series of operation on the data block
using six keys.
• Each round perform a lot of mathematical action such
as Multiplication, Addition and X-OR.
• Each round is divided into 14 steps.

Mr. Gopal Sakarkar

 Sub-key Generation Round
• First round
Original
Key (128 bits)

Unused
K1(1-16 bits) K2(17-32 bits) …K6(81-96 bits) (97-128 bits)

Mr. Gopal Sakarkar

• Second round
Unused
Key (97-128 bits)

K7 (97-112 bits) K8(113-128 bits)

What about key k9, k10…k12 for second round ?

Conti….
Mr. Gopal Sakarkar
 • The original key is exhausted . It is circular-left shifted by 25
bits.

Position 1 Position
128
Original Key(128 bits)

circular-left shifted by 25 bits

Now start allocating fresh sub-key from K7 to K12

New Key(128 bits)

K9(1-16 bits) K10(17-32 bits) … K12(49-64 bits)

Unused
(65-128 bits)

Mr. Gopal Sakarkar

 Exercise - IV
• Explain in detail all eight round of sub key generation process.

• Find out the strength of IDEA algorithm.

Mr. Gopal Sakarkar

• Note:
• A permutation is "a re-arrangement of
elements of a set".
Exp. We do 4 x 3 x 2 x 1 = 24.
• There are 24 different ways that the letters
can be arranged.
• We can write 4!, which is read as "four
factorial."

Mr. Gopal Sakarkar

• Taking the 4 letters, ABCD, write down all
the permutations of 3 of these letters:

ABC BAC CAB DAB

ACB BCA CBA DBA
ABD BAD CAD DAC
ADB BDA CDA DCA
ACD BCD CBD DBC
ADC BDC CDB DCB

Mr. Gopal Sakarkar

 Working of Substitution method
• S-Box= Substitution Box
• Example #1: Solve the following system using the substitution method

x + y = 20
x − y = 10

Step 1
You have two equations. Pick either the first or the second equation and solve for
either x or y.
Since I am the one solving it, I have decided to choose the equation at the bottom
(x − y = 10) and I will solve for x

x − y = 10

Add y to both sides

x − y + y = 10 + y

x = 10 + y

Mr. Gopal Sakarkar

• Step 2

Using x + y = 20, erase x and write 10 + y since x = 10 + y

We get 10 + y + y = 20

10 + 2y = 20

Minus 10 from both sides

10 − 10 + 2y = 20 − 10

2y = 10

Divide both sides by 2

y=5

Mr. Gopal Sakarkar

• Step 2
• Now you have y, you can replace its value into either equation to get
x.
Replacing y into x + y = 20 gives
x + 5 = 20

Minus 5 from both sides

x + 5 − 5 = 20 − 5
x = 15

The solution to the system is x = 15 and y = 5

Indeed 15 + 5 = 20 and 15 − 5 = 10
• H/W: Solve the following system using the substitution method

3x + y = 10
-4x − 2y = 2

Mr. Gopal Sakarkar

 Algorithm Modes
Algorithm
Modes

Electronic Code Cipher Block Cipher FeedBack Out FeedBack

Book (ECB) Chaining (CBC) (CFB) (OFB)

Work on block Work on stream

cipher cipher

Mr. Gopal Sakarkar

Electronic Code
Book (ECB)

Mr. Gopal Sakarkar

 Algorithm
Modes

Electronic Code Cipher Block Cipher FeedBack Out FeedBack

Book (ECB) Chaining (CBC) (CFB) (OFB)

Mr. Gopal Sakarkar

 Cipher Block
Chaining (CBC)
• Message is broken into blocks
• Linked together in encryption operation
• Each previous cipher blocks is chained with current plaintext
block, hence name
• Use Initial Vector (IV) to start process
-IV has no special meaning , used to make each message
unique only.
• Uses: bulk data encryption, authentication

Mr. Gopal Sakarkar

Cipher Block Chaining (CBC)
Mr. Gopal Sakarkar
Advantages and Limitations of CBC
• A ciphertext block depends on all blocks before it.
• Any change to a block affects all following ciphertext blocks
• Need Initialization Vector (IV)
– which must be known to sender & receiver
– if sent in clear, attacker can change bits of first block, and
change IV to compensate
– hence IV must either be a fixed value
– or must be sent encrypted in ECB mode before rest of
message

Mr. Gopal Sakarkar

 Algorithm
Modes

Electronic Code Cipher Block Cipher FeedBack Out FeedBack

Book (ECB) Chaining (CBC) (CFB) (OFB)

Mr. Gopal Sakarkar

 Cipher FeedBack
(CFB)
• Message is treated as a stream of bits
• Added to the output of the block cipher
• Result is feed back for next stage (hence name)
• Standard allows any number of bit (1,8, 64 or 128 etc) to be
feed back
– denoted CFB-1, CFB-8, CFB-64, CFB-128 etc
Uses: stream data encryption, authentication

Mr. Gopal Sakarkar

Cipher FeedBack (CFB)
Mr. Gopal Sakarkar
Advantages and Limitations of CFB
• Appropriate when data arrives in bits/bytes

• Most common stream mode

• limitation is need to install while do block encryption after

every n-bits

• Note that the block cipher is used in encryption mode at both

ends

• Errors propagate for several blocks after the error.

Mr. Gopal Sakarkar

 Algorithm
Modes

Electronic Code Cipher Block Cipher FeedBack Out FeedBack

Book (ECB) Chaining (CBC) (CFB) (OFB)

Mr. Gopal Sakarkar

 Output FeedBack (OFB)
• Message is treated as a stream of bits
• In CFB, the cipher text is fed into the next stage of
encryption process.
• But in the OFB, the output of the IV encryption
process is fed into the next stage of encryption
process
• Output of cipher is added to message
• Output is then feed back (hence name)
• Feedback is independent of message
• uses: stream encryption on noisy channels.

Mr. Gopal Sakarkar

Output FeedBack
Mr. Gopal Sakarkar (OFB)
 Key Distribution

Symmetric schemes require both parties to share a

common secret key
Issue is how to securely distribute this key
Often secure system failure due to a break in the key
distribution scheme.

Mr. Gopal Sakarkar

 Key Distribution

• Given parties A and B have various key distribution

alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous
key to encrypt a new key
4. if A & B have secure communications with a third party C,
C can relay key between A & B

Mr. Gopal Sakarkar

 Summary
• IDEA is a strongest encryption algorithm only because of its
key length.
• Algorithm Modes of Operation
– ECB, CBC, CFB, OFB

Key distribution is centralize storage of keys .

Mr. Gopal Sakarkar