HOMEWORK -1

CSE403T: Network Security & Cryptography Name: rajesh Mishra Re no. 10806077

Autumn Term 2012

Q1(a) What is the difference between an unconditionally secure cipher & computationally secure cipher? Ans: A cipher is unconditionally secure if no matter how much ciphertext is intercepted, there is
not enough information in the ciphertext to determine the plaintext uniquely A computationally secure scheme is such that the cost of breaking the cipher exceeds the value of the encrypted information and the time required to break the cipher exceeds the useful lifetime of the information.

(b) Show a Playfair cipher in use using a 6X4 matrix, ignoring Q & Z and filling other 24 alphabets, keyword is your First Name and plaintext is I am loving it. Ans: Name:RAJESH R S D K O V Plantext: A H F L P W I B G M T X E C H N U Y 6X4 matrix:

i am loving it Ia ml ov in gi tx

Iaei 1

mlnm ovvr imem gimb txxi ei nm vr em mb xi cipher text : einmvremmbxi (c) Take a plaintext - The slow green fox jumped over the fast lion, use- Keyword mr_______ is my father, mrs________ is my mother, fill your parents name in the blanks and then use this keyword to Encrypt the plain text, the Algorithm to be used in one-time pad. [Remember to do a XOR], then use the result to demonstrate 2 problems of 1 time pad.
PLAIN TEXT: The slow green fox jumped over the fast lion T:10011 M:01100 H:00111 R:10001 E:00100 S:10010 S:10010 U:10100 L:01011 D:00011 O:01110 H:00111 W:10110I:01000 G:00110 R:10001 R:10001 B:00001 E:00100 A:00000 E:00100 T:10011 N:01101 R:10001 F:00101 A:00000 O:01110 I:01000 X:10111 S:10010 J:01001 M:01100 U:10100 Y:11000 M:01100F:00101 P:01111 A:00000 T XOR M: 11111 H XOR R: 10110 E XOR S: 10110 S XOR U: 00110 L XOR D: 01000 O XOR H: 01001 W XOR I: 11110 G XOR R: 10111 R XOR B: 10000 E XOR A: 00100 E XOR T: 10111 N XOR R: 11100 F XOR A: 00101 O XOR I: 00110 X XOR S: 00101 J XOR M: 00101 U XOR Y:01100 M XOR F: 01001 09J P XOR A:01111 15P 31MOD26=5F 22W 22W 06G 08I 09J 30MOD26=4E 23X 16Q 04E 23X 28MOD26=2C 05F 06G 05F 05F 12M

E:00100 T:10011 D:00011 H:00111 O:01110 E:00100 V:10101 R:10001 E:00100 M:01100 R:10001 R:10001 T:10011 S:10010 H:00111 V:10101 E:00100 A:00000 F:00101 N:01101 A:00000 D:00011 S:10010 A:00000 T:10011 N:01101 L:01011 A:00000 I:01000 B:00001 O:01110 A:00000 N:01101 T:10011

E XOR T:10111 23X D XOR H:00100 04E O XOR E:01010 10K V XOR R:00100 04E E XOR M:01000 08I R XOR R:00000 00A T XOR S:00001 01B H XOR V:10010 18S E XOR A:00100 04E F XOR N:01000 08I A XOR D:00011 03D S XOR A:10010 18S T XOR N:11110 30MOD26=4E L XOR A:01011 11L I XOR B:01001 09J O XOR A:01110 14O N XOR T:11110 30MOD26=4E

CIPHER TEXT: FWWGIJEXQEXCFGFFMJPXEKEIABSEIDSELJOE

(d) My Birth Place is __________, _____________ ( put city and state), then use the double transposition technique to encrypt the information.
Sol. Double Transposition: Two stage of transposition is done here. The cipher of first stage of transposition is again

put under same algorithm to make it more secure. KEY: 4 3 1 2 5 6 7 PLAIN TEXT: MY BIRTH PLACE IS KHATIMA UTTARAKHAND FIRST STAGE: 4 M P K U H 3 Y L H T A 1 B A A T N 2 I C T A D 5 R E I R X 6 T I M A X 7 H S A K X

CIPHER TEXT:BAATNICTADYLHTAMPKUHREIRXTIMAXHSAKX

SECOND STAGE:

4 B T A E A

3 A A M I X

1 A D P R H

2 T Y K X S

5 N L U T A

6 I H H I K

7 C T R M X

CIPHER TEXT: ADPRHTYKXSAAMIXBTAEANLUTSIHHIKCTRMX THERE ARE 21 LETTERS IN THE MESSAGE, ORIGINAL SEQUENCE OF LETTERS IN PLAINTEXT IS: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

29 30 31 32 33 34 35 AFTER FIRST TRANSPOSITION THE SEQUENCE IS: 03 10 17 24 31 04 11 18 25 32 02 09 16 23 30 01 08 15 22 29 05 12 19 26 33 06 13 20 27 34 07 14 21 28 35 AFTER SECOND TRANSPOSITION THE SEQUENCE IS: 17 32 08 26 07 24 02 15 33 14 10 25 01 19 34 03 18 30 12 27 31 09 22 06 21 04 16 29 13 28 11 23 05 20 35

(e) Show difference between the block and stream cipher using the same plaintext as example. Ans:
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cyphertext stream. An alternative name is a state cipher, as the encryption of each digit is dependent on the current state a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext. The exact transformation is controlled using a second input the secret key.

Q2) For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. a. An organization managing public information on its Web server.

An organization managing public information on its web server determines that there is no potential impact from a loss of confidentiality (i.e., confidentiality requirements are not applicable), a moderate potential impact from a loss of integrity, and a moderate potential impact from a loss of availability. The resulting security category, SC, of this information type is expressed as:
SC public information = {(confidentiality, NA), (integrity, MODERATE), (availability, MODERATE)}

b. A law enforcement organization managing extremely sensitive investigative information.

A law enforcement organization managing extremely sensitive investigative information determines that the potential impact from a loss of confidentiality is high, the potential impact from a loss of integrity is moderate, and the potential impact from a loss of availability is moderate. The resulting security category, SC, of this information type is expressed as:
SC investigative information = {(confidentiality, HIGH), (integrity, MODERATE), (availability, MODERATE)}.

c. A financial organization managing routine administrative information (not privacy related information).
A financial organization managing routine administrative information (not privacy-related information) determines that the potential impact from a loss of confidentiality is low, the potential impact from a loss of integrity is low, and the potential impact from a loss of availability is low. The resulting security category, SC, of this information type is expressed as:
SC administrative information = {(confidentiality, LOW), (integrity, LOW), (availability, LOW)}.

The generalized format for expressing the security category, SC, of an information system is:
SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)},

where the acceptable values for potential impact are LOW, MODERATE, or HIGH. Note that the value of not applicable cannot be assigned to any security objective in the context of establishing a security category for an information system. This is in recognition that there is a low minimum potential impact (i.e., low water mark) on the loss of confidentiality, integrity, and availability for an information system due to the fundamental requirement to protect the system-level processing functions and information critical to the operation of the information system.

d. An information system used for large acquisitions in a contracting organization contains both sensitive, pre-solicitation phase contract information and routine administrative inform5

ation. Assess the impact for the two data sets separately and the information system as a whole.
A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. The management at the power plant determines that: (i) for the sensor data being acquired by the SCADA system, there is no potential impact from a loss of confidentiality, a high potential impact from a loss of integrity, and a high potential impact from a loss of availability; and (ii) for the administrative information being processed by the system, there is a low potential impact from a loss of confidentiality, a low potential impact from a loss of integrity, and a low potential impact from a loss of availability. The resulting security categories, SC, of these information types are expressed as:

SC sensor data = {(confidentiality, NA), (integrity, HIGH), (availability, HIGH)},

and

SC administrative information = {(confidentiality, LOW), (integrity, LOW), (availability, LOW)}.

The resulting security category of the information system is initially expressed as:

SC SCADA system = {(confidentiality, LOW), (integrity, HIGH), (availability, HIGH)},

representing the high water mark or maximum potential impact values for each security objective from the information types resident on the SCADA system. The management at the power plant chooses to increase the potential impact from a loss of confidentiality from low to moderate reflecting a more realistic view of the potential impact on the information system should there be a security breach due to the unauthorized disclosure of system-level information or processing functions. The final security category of the information system is expressed as:

SC SCADA system = {(confidentiality, MODERATE), (integrity, HIGH), (availability, HIGH)}. e. A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.
A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. The management at the power plant determines that: (i) for the sensor data being acquired by the SCADA system, there is no potential impact from a loss of confidentiality, a high potential impact from a loss of integrity, and a high potential impact from a loss of availability; and (ii) for the administrative information being processed by the system, there is a low potential impact from a loss of confidentiality, a low potential impact from a loss of integrity, and a low potential impact from a loss of availability. The resulting security categories, SC, of these information types are expressed as:

SC sensor data = {(confidentiality, NA), (integrity, HIGH), (availability, HIGH)},

and

SC administrative information = {(confidentiality, LOW), (integrity, LOW), (availability, LOW)}.

The resulting security category of the information system is initially expressed as:

SC SCADA system = {(confidentiality, LOW), (integrity, HIGH), (availability, HIGH)},

representing the high water mark or maximum potential impact values for each security objective from the information types resident on the SCADA system. The management at the power plant chooses to increase the potential impact from a loss of confidentiality from low to moderate reflecting a more realistic view of the potential impact on the information system should there be a security breach due to the unauthorized disclosure of system-level information or processing functions. The final security category of the information system is expressed as:

SC SCADA system = {(confidentiality, MODERATE), (integrity, HIGH), (availability, HIGH)}. Q3)

Given character and there occurrence:

(Here we change some character notation because I am not able to draw it in word file)

8 33 ; 26 4 19 + 16 * 13 5 12 6 11 ! 8 1 8 0 6 9 5 2 5 : 34 ? 3 ` 2
7

- .1

Key: 012345689+!()*;?-`:

Its given in point 1) the most frequently occurring letter in English is e. And in this ciphertext most frequently word is 8

So that 8 e

And second most frequently wort in English is t and in ciphertext second most frequently word is ; So that ;t

After changing these two word we find :

;48 are come together and most time and according to the second point in English the is frequently come so that 4h Replace all the word :

53++!305))6*the26)h+.)h+)te06*the!e`60))e5t]e*t:+*e!e3(ee)5*!th6(tee*96*?te)*+(the5)t5*!2:*+ (th956*2(5*-h)e`e*th0692e5)t)6!e)h++t1(+9the0e1te:e+1the!e5th)he5!52ee06*e1(+9thet(eeth(+? 3hthe)h+t161t:1eet+?t

Now we can see 6* many time come together so it may me is or in in both 6 i

53++!305))i*the2i)h+.)h+)te0i*the!e`i0))e5t]e*t:+*e!e3(ee)5*!thi(tee*9i*?te)*+(the5)t5*!2:*+ (th95i*2(5*-h)e`e*th0i92e5)t)i!e)h++t1(+9the0e1te:e+1the!e5th)he5!52ee0i*e1(+9thet(eeth(+? 3hthe)h+t1i1t:1eet+?t

Again we check the occurrence and find ) s and when i replace all the key then we find the right word so that ) s And many time check the occurrence frequency of cipher text and English and putting it, we find some replacement. + o; * n; 5 a And after replacing it we find:

a3oo!30ass in the 2isho.s hoste0 in the !e`i0sseat]ent: one !e3(eesan!thi(teen 9in?tes no(theast an! 2:no(th9ain2(an-h se`enth 0i92 east si!e shoot 1(o9 the 0e1te:eo1the!eathshea! a2ee0ine1(o9thet(eeth(o?3htheshot1i1t:1eeto?t

hoste0hostel thi(teenthirteen no(theastnortheast Seenthseventh

So that 0l (r v

A 3oo! 30ass in the 2isho.s hostel in the !evils sea t]ent: one !e3rees an! Thirteen 9in?tes northeast an! 2: north 9ain 2ran-h seventh li92 east si!e shoot 1rl9 the 0e1te:el1 the !eathshea!a2ee line 1ro9 the tree thrl?3h the shot 1i1t: 1eet o?t 3oo! !evils t]ent: !e3rees an! 9intes 9ain 1-1t: 1eeto?t Gooddevilstwentydegreesandmintesmainfiftt feetout So that we find ; 3g !-->d ]w 9m 1f ?u

A good g0ass in the 2isho.s hostel in the devils sea twent: one degrees and Thirteen minutes northeast and 2: north main 2ran-h seventh lim2 east side shoot frlm the 0eft e:elf the deathshead a 2ee line from the tree thrlugh the shot fift: feet out And we analyze the 0L 2b .p :y

And after that we are able to find the plan text that is:

A good glass in the bishops hostel in the devils sea twenty one degrees and Thirteen minutes northeast and by north main branch seventh limb east side shoot from the left eye lf the death shead a bee line from the tree through the shot fifty feet out

Q4) a. Derive K1, the first-round subkey. 10

0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 --64 bit key
0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

Eliminate last bit of each pair like 8bit,16bit,24bit,32bit ,40bit,48bit ,56bit and 64bit after deleting these bit we have 56 bit key And By using permuted choice -1 , find the key that is

1011000 0110011 0010101 0100000 1010101 0110011 0011110 0000000

L = 1011 0000 1100 1100 1010 1010 0000 R = 1010 1010 1100 1100 1111 0000 0000 In first round each bit shift 1 left

11

C1(L) = 0110 0001 1001 1001 0101 0100 0001 D1(R) = 0101 0101 1001 1001 1110 0000 0001

By using PC-2 we find the K1:

K1 00000011 00000010 01100111 10010011 00000001 10010101

b. Derive L0, R0. (Initial permutation) By using PC 1 derived L0 and R0:

L0 = 11001100 00000000 11001100 11111111 R0 = 10110000 10101010 11110000 10101010

c. Expand R0 to get E[R0]. By using expansion/ Permutation (E-table ) we are find E[R0]

E[R0] = 010110100001 010101010101 011110100001 010101010101

d. Calculate A = E[R0] 1. K Using the k1 value ,which is find earlier from C0 and D0 ,and the value E[R0] performing x-or operation and get the value of
E[R0]=010110100001 010101010101 011110100001 010101010101 K1= 000000110000 001001100111 100100110000 000110010101

In xor 1+1=0 1+0=1

12

0+1=1 0+0=0
E[R0] K 1 =010110010001 011100110010 111010010001 010011000000

e. Group the 48-bit result of (d) into sets of 6 bits and evaluate the corresponding S-box substitutions. By using s box table we convert 64 ratio

S1(010110) =(00row 1011col)=0row,11col= 12 S2(010001)= (01row 1000col)=1row,8col= 12 S3(011100)=( 00row 1110col)=0row,14col= 4 S4(110010)= (10row 1001col)=2row,9col= 1 S5(111010)= (10row 1101col)=2row,13col= 3 S6(010001) = (01row 1001col)=1row,9col= 6 S7(010011) = (01row 1001col)=1row,9col= 3 S8(000000) = (00row 0000col)=0row,0col= 13 Then we have 32 bit 11001100010000010011011000111101

1100 1100 0100 0001 0011 0110 0011 1101

f. Concatenate the results of (e) to get a 32-bit result, B.

B = 1100 1100 0100 0001 0011 0110 0011 1101

g. Apply the permutation to get P(B). till we are able to find the value of B and now using permutation table we find the value of P(B)
13

P(B) = 10101010 10101001 10001100 10111000

h. Calculate R1 = P(B) 0 L

In xor 1+1=0 1+0=1 0+1=1 0+0=0

P(B)= 1010 1010 1010 1001 1000 1100 1011 1000 L0 = 1100 1100 0000 0000 1100 1100 1111 1111 Xor 0110 0110 1010 1001 0100 0000 0100 0111 R1 =0110 0110 1010 1001 0100 0000 0100 0111 Now we are find the value of R1,

i. Write down the ciphertext.

We know that l1=R0 and we already find the value of R0 so L1 = R0 = 10110000 10101010 11110000 10101010 And R1 =0110 0110 1010 1001 0100 0000 0100 0111

R1L1 because bit are swap then

R1L1=01100110 10101001 01000000 01000111 10110000 10101010 11110000 10101010

14

Now apply inverse initial permutation table and find the cipher text after the first round.
Cipher text = IP-1(R1L1) = 0001 0001 0110 0011 0100 0001 0011 0010 1000 1000 1111 1010 0100 1101 1011 1010

This cipher text is in hexa decimal form convert it into decimal no so 1163413288FA4DBA

15