HILL CIPHER

ALL THE NOTES ARE FROM   CLICK_ME

OSI Security Architecture:-

1)SECURITY ATTACK:
Any action that compromises the security of information owned by an organisation.

-Passive Attack:
   -Release of message contents
   -Traffic control
-Active attack:
   -Masquerade
   -Replay
   -Modification of message
   -Denial of service

2)SECURITY MECHANISM:
A process that is design to detect,prevent or recover from a security attack.

3)SECURITY SERVICES:
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organisation.

-Authentication
-Access control
-Data confidentiality
-Data Integrity
-Non repudiation

AES - Advanced Encryption standard

Rounds

1. SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table.
2. ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
3. MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column.
4. AddRoundKey.

AES has 10 rounds in which state the following transformations (called `layers’):

                        Byte substitution (1 S-box used on every byte)

                        Shift rows (permute bytes between groups/columns)

                        Mix columns (uses matrix multiplication in GF(256))

                                    Add round key (XOR state with round key)

 

[1]ByteSub:

 

Each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits)

Example:  byte {95} is replaced by byte in row 9  column 5 which has value {2A}

[2] ShiftRows

 

 Circular byte shift in each each

1st row is unchanged

2nd row does 1 byte circular shift to left

3rd row does 2 byte circular shift to left

4th row does 3 byte circular shift to left

Decrypt inverts using shifts to right.

Since state is processed by columns, this step permutes bytes between the columns. 

[3]MixColumn

 

 

The MixColumns stage is a substitution that makes use of arithmetic over GF(2^8). Each byte of a column is mapped into a new value that is a function of all four bytes in that column. It is designed as a matrix multiplication where each byte is treated as a polynomial in GF(28). The inverse used for decryption involves a different set of constants.

[4]AddRoundKey 

Add Round Key stage which is a simple bitwise XOR of the current block with a portion of the expanded key. 


AES Key Scheduling:

Takes 128-bit (16-byte) key and expands into array of 44 32-bit words.

AES Key Expansion:

 

AES Decryption:

AES decryption is not identical to encryption since steps done in reverse.

AES can be implemented very efficiently on an 8-bit processor.

AddRoundKey is a bytewise XOR operation.

ShiftRows is a simple byte shifting operation.

SubBytes operates at the byte level and only requires a lookup of a 256 byte table S.

MixColumns (matrix multiply) can be implemented as byte XOR’s.

 

Diffie-Hellman cipher by Prof G.Samid (http://wesecure.net/)

Diffie-Hellman cipher is a response to the challenge of 'strangers' cryptography. Traditionally Alice and Bob would exchange a cryptographic key over a secure channel, and then use that key to communicate over insecure channels. Alas, the Internet creates a vast need for stragners to exchange secret messages. Such is the case when a customer wishes to purchase an item from an online store. Seller and buyer and strangers to each others; they have not had an opportunity to exchange a secret key and use it later. 

This challenge which was first (a bit awkwardly) addressed by Ralph Merkle has been satisfactorily addressed by his pals: Diffie and Hellman, extending the Merkle principle. The Merkle principle was as follows: Alice prepares a set of mathematical challenges which involve choice. Bob makes his choice and communicates it to Alice who can respond to Bob with the advantage of being the one who prepared these challenges. Hackey the hacker does not have that edge, and is left in the cold.

The Merkle solution to this challenge was not very practical, and prompted Diffie and Hellman to come up with their concept.

Their idea was that a computational result, R, can sometimes be computed in two different ways: one using information available to Alice, and the other using information available to Bob -- so that Hackey will remain out of the loop.

As an example: given a set of 1000 different integers, one wishes to find the identity of the integer that ranks 401 in the set (bottom up). One way to find it is to build the ranking from the bottom (lowest number) upward until the 401st number is spotted. Another way is to identify the number from the top down, and thereby identify th 599th number from the top. The result should be the same, but the computational pathway is different. That is the principle of the Diffie Hellman cipher.

Alice sends Bob a psuedo-key, and both Alice and Bob use that psuedo key to generate a pair of keys: one they keep private, the other they make public so Bob now knows Alice's public key and Alice now knows Bob's public key. Of course, Hackey now knows these public keys too, but he does not know either private key by contrast to Alice and Bob who each knows their own private key -- that's the point!

Now the scheme works by having a mathematical result, R, computed two ways: each with his or her private key and the other's public key.

Example:
Since the pair of private-public keys chosen by the parties is mathematically linked, it is necessary to insure that Hacky cannot derive the private key from the public key. Since it is impossible to impose such a condition, Diffie and Hellman retreated to impose intractability -- to find a mathematical arrangement where it would be exceedingly difficult to derive the private key from the public key (not impossible, but difficult!). They came to realize that modular log computation is generally considered difficult:

Y = a^Xmod n is easy to compute, while:

X = log_aY mod n is intractable. Hence, if Y will be a privae key and X its corresponding public key, then Hackey will be over his head with trying to compute X from Y.
Example: compute:

Y = 3⁷mod 5 3⁷= 2187 = 437*5 + 2, hence Y=2
Now: to compute:

X = log₃2 mod 5
one tries: for
X = 0 =log₃1 mod 5,
X = 1 =log₃3 mod 5,
X = 2 =log₃4 mod 5,
X = 3 =log₃2 mod 5,
X = 4 =log₃1 mod 5
X = 5 =log₃4 mod 5
X = 6 =log₃4 mod 5
X = 7 =log₃2 mod 5
X = 8 =log₃1 mod 5

Since the possible results for Y are only five options, there are many X values the solve this equation. Which immediately suggests that the mod basis should be a large number! This should work because there is no major compuational shortcut to what we tried here, checking the values of X=0,1,2,3,..
Based on the this assumed intractability Diffie and Hellman made a clever and creative use of a known mathematical relationship:

Z = a^XYmod n= (a^X)^Ymod n= (a^Y)^Xmod n which allowed them to set:

U = a^X, and V = a^Y and write:

Z = U^Y= V^X which means that the result Z can be computed by one who knows U and Y, as well as by one who knows V and X!
To implement this great idea it is necessary to find good values for n and a. n we have already reasoned must be a large number. What about a?
Upon examination we see that if a=0, we have Y = 0^X= 0 so Y would be limited to 0,n,2n,3n,....kn. Not good. Remember -- we need intractability, Hackey must find it difficult to compute. Similarly for a=1 we have: Y = 1^X= 1, and hence Y=1,n+1, 2n+1,....kn+1. Same problem. So Diffie and Hellman reasoned that a must be a 'root' of n, defined as a number such that for any residue 0 <=r < n, there will be some number t such that:

a^t= r mod n Such an a will pose the required intractability on Hacky. So now we are ready to implement Diffie and Hellman cipher. Alice will choose n and a (the psuedo key), and pass them along to Bob. Both Alice and Bob will choose a random private key: Alice will choose X and Bob will choose Y. Alice will now compute her public key U=a^X, and Bob will compute his public key V=a^Y, and send them to each other. Based on our reasoning above, Hacky, aware of U and V will find it difficult to reverse compute them to either X or Y (intractability!), but Alice and Bob, on the other hand will compute the same result Z:

Z = U^Y= V^X which will serve as their shared cryptographic key.
Example:
Let n=7, then a=5
Alice selects Ra=3 and computes: Ua = 5³mod 7 = 125 mod 7 = 6
Bob selects Rb = 2 and computes Ub = 5²mod 7 = 4 mod 7
Alice computes K = 4³mod 7 = 1
Bob computes K = 6²mod 7 = 1
"1" is the shared result. Remember n must be large (not n=7) for intractability kick in.

RSA by Prof G.Samid (http://wesecure.net/)

The RSA team was quite impressed with Diffie and Hellman, and the clever idea:

Z = a^XYmod n= (a^X)^Ymod n= (a^Y)^Xmod n They then wondered what will happen if Z=a, namely:

Z = Z^XYmod n= (Z^X)^Ymod n Then one could use Z as a plaintext and designate Z^Xas ciphertext. By so doing X will serve as the encryption key, and Y as the decryption key -- and Diffie and Hellman have already shown that X and Y are not easily mutually derviable!
So now the RSA team needed find a proper n (which we have seen with Diffie and Hellman, should be a large number to insure intractability), and then they need to find two numbers X and Y that will insure that for every possible Z (every possible plaintext) it will hold that: 

Z = Z^XYmod n= (Z^X)^Ymod n.
So how can we find a pair (X,Y) to fit these requirement? Here comes the RSA ingenuity:
They said: let's pick two primes, p and q, and compute n=pq and n'=(p-1)(q-1). Let's pick X such that gcd(X,n')=1, and look for Y such that XY=1 mod n'. This will work because:

Z^XY= Z^kn'+1 because XY=1 mod n implies that for some k we have XY - 1 = kn' and hence:

Z^XY= Z^kn'+1= Z^kn'Z¹ But Z^kn'= 1 because of Euler's theorem since fi(n)=n', and hence:

Z^XY= Z and fi(n)=n' hence: where fi(n) is Euler's function.

Example:
Let us pick two primes: p=5, q=7. We now compute n=pq=35, and compute n`=(p-1)(q-1)=4*6=24. We now pick the encryption key e such that gcd(e,n`)=1. Let`s pick e=7 since gcd(7,24)=1

Next we need to find the decryption key, d. We look for a d such that 7d = 1 mod 24. While this is not very straight forward, there are computational short cuts available. At any rate, this computation has to be carried out once per a pair of keys. We can simply try d=1,2,3,.... and thereby find that for d=31 we have 7*31=217 = 24*9 + 1 = 1 mod 24.

Now we can check if this works. Let`s pick a plaintext M=17, and encrypt it to ciphertext C = 17⁷= 410,338,673 = 11,723,962*35+3 = 3 mod 35.

The recipient will decrypt the ciphertext 3 as follows M=3³¹= 3*(3⁵)⁶. We compute 3⁵= 243 = 33 mod 35 and continue: (33²)³= (1089)³. But 1089 = 4 mod 35, so M = 3*4²= 17 mod 35. So we have encrypted M=17 with encryption key 7 to ciphertext 3, and decrypted 3 back to 17 using decryption key d=31.

We can exchange between the two keys.

AES by Prof G.Samid (http://wesecure.net/)

AES is the official replacement of DES, highly-regarded, widely used symmetric cipher -- efficient in both hardware and software. 

AES is a block cipher with 128 bits blocks. It takes in several size keys: 128, 192, and 256 bits long. 128 bits is the common standard so far.

AES inherited a lot from DES. The block configuration, the encryption-decryption algorithmic reversibility, the concept of successive rounds, and extended round keys, and of course, the rich use of transposition and substitution. Yet, AES introduces new complexity schemes which are designed to increase its security compared to DES.

bird`s view: The 128 bits of the plaintext block are organized in a 4x4 matrix of 16 bytes (each byte has 8 bits). This matrix is called the `state matrix`. The fitting is column wise: the 128 bits of the plaintext first fill the first column in the state matrix, then the second, etc. AES operation is a succession of modifications to the contents of the state matrix from its input state to its output state.

AES features between 10 ro 14 rounds of state matrix modification. Each round is comprised of:

box substitution

shift row permutation

column substitution

key XORing 

The input state matrix is first XORed with 128bits key material, following by the 10 to 14 rounds. Each round also uses 128bits (16 bytes, 4 words) key material. The key material for each round is generated from the input 128bits key. This is done four words at a time in a complex XOR scheme.

The per-round elements operate as follows:

box substitution : each of the 16 bytes of the state matrix is substituted with another value according to a pre-written substitution box (S-box). The S-box is a particular arrangement of all possible 256 bytes in a 16x16 matrix. Each byte in the state matrix is interpreted as follows: the leftmost 4 bits define a row in the S-box, and the four rightmost bits define a column there. This way the contents of a state byte points to some other byte value. That value now substitutes for the value that pointed to it.
 
shift row permutation: The four rows of the state matrix are now shifted as follows: the first row stays in tact, the second is shifted one byte to the left, where the leftmost byte is recycled to the rightmost position. The third row undergoes the same -- twice, and the 4th row shift byte-wise to the left 3 times.
 
column substitution: In this operation the value of each byte is substituted by a byte that is a function of all the other bytes in the column. The substitution is based on Gallois 2⁸polynomial operation. Accordingly each byte is interprete as an x8polynomial. The state matrix is being multiplied by a fixed matrix:
2 3 1 1
1 2 3 2
1 1 2 3
3 1 1 2
This way the value of each byte in the output matrix depends on the values of all the other bytes in the column. The byte-wise multiplication (byte from the fixed matrix times byte from the state matrix) is conducted modulu:

x⁸+ x⁴+ x³+ x + 1 

Key XORing: The state matrix is XORed with 128 bits of key material..

Kerberos

-->Dog in Greek mythology guarding gates of hell Software used in a network to establish user’s identity.

-->Uses symmetric key encryption
-->Users/systems are given tickets that can be used to identify themselves to other systems and secret crypto keys are provisioned for secure communications.

-->Three components: Key Distribution Center (KDC), Authentication Service (AS) exchange, and Ticket granting Service (TGS) exchange.

-->Four basic steps:
a. KDC knows secret keys of all clients and servers on network;
b. KDC initially exchanges information with the client and server by using
the secret keys;
c. Kerberos authenticates a client to a requested service on a server
through the TGS, and by issuing temporary symmetric session keys for
communications between the client and KDC, the server and the KDC,
and the client and server; and
d. Communication then takes place between client and server using those
temporary session keys.

Viruses:

1. Program virus — attacks files that contain computer code
2. Boot virus — attacks boot sector on hard or floppy disk
3. System virus — attacks BIOS command and other system files
4. Polymorphic virus — changes as it replicates
5. Multipartite virus — infects in more than one place
6. Macro virus — contained in data files (word documents)

Hacker,Expert Hacker,Ethical hacker,Cracker,Phreaker

Hacker: The people who use and create computer software to gain access to information illegally are termed as hackers.

Expert  Hacker: The hacker who develops software scripts and codes to exploit the organisation's information asset is termed as ethical hacker.

Ethical Hacker: A person who hacks into a computer network in order to test or evaluate its security, rather than with malicious or criminal intent.

Cracker: An individual who "cracks" or removes the protective mechanism that is designed to prevent unauthorized  duplication.

Phreaker: An individual who hacks the public telephone network and gains information from the communication.