Data Security B. R. Chandavarkar Asst. Prof., CSE Dept., NITK, Surathkal. brcnitk@gmail.com brc.nitk.ac.in
1 Contents Data Security Introduction 2 4 3 Substitution Transposition Classification Techniques Techniques 9 12 Asymmetric Crypto SSL/TLS System 5 10 13 Symmetric Crypto RSA OpenSSL System 6 14 7 Data Encryption LINUX Advanced DES Standard (DES) Implementation 8 11 Advanced Encryption MATLAB Standard (AES) Implementation
Introduction Data is the raw form of information stored as columns and rows in • our databases, network servers and personal computers. This may be a wide range of information from personal files and intellectual property to market analytics and details intended to top secret. Data could be anything of interest that can be read or otherwise interpreted in human form. Data security is the practice of keeping data protected from • corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data. - www.spamlaws.com Data security refers to protective digital privacy measures that • are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption. Data security is the main priority for organizations of every size and genre. Data security is also known as information security (IS) or computer security. – www.techopedia.com
Terminologies • Plaintext - An original message. • Ciphertext - Coded message. • Enciphering (Encryption) - The process of converting from plaintext to ciphertext. • Deciphering (Decryption) - Restoring the plaintext from the ciphertext. • Cryptography - The many schemes used for encryption constitute the area of study known as cryptography. • Cryptographic system (Cipher) - Such a scheme is known as a cryptographic system or a cipher. • Cryptanalysis (Breaking the Code) - Techniques used for deciphering a message without any knowledge of the enciphering details. • Cryptology - The areas of cryptography and cryptanalysis together are called cryptology. Back
Characteristic of Cryptographic Systems 1. The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution , in which each element in the plaintext is mapped into another element, and transposition , in which elements in the plaintext are rearranged. Most systems, referred to as product systems , involve multiple stages of substitutions and transpositions. 2. The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric (single-key, secret-key, or conventional encryption). If the sender and receiver use different keys, the system is referred to as asymmetric (two-key, or public-key encryption). 3. The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along. Back
Substitution Techniques 1. Caesar Cipher Encryption: C = E(k, p) = (p + k) mod 26 Decryption: p = D(k, C) = (C - k) mod 26 2. Monoalphabetic Cipher Uses permutation of plain text characters 3. Playfair Cipher Uses 5 X 5 matrix of keys 4. Hill Cipher Uses linear equations 5. Polyalphabetic Ciphers Vigenère Cipher Encryption: C i = (P i + K i mod m ) mod 26, Decryption: P i = (C i - K i mod m ) mod 26 Vernam Cipher Encryption / Decryption: X-OR of P i and K i 6. One-Time Pad
1. Caesar Cipher Plaintext h (7) e (4) l (11) l (11) o (14) g (6) o (14) o (14) d (3) Key 3 3 3 3 3 3 3 3 3 Ciphertext k h o o p m r r j 2. Monoalphabetic Cipher (a) Key A B C D E F G H I J K L M N O P R T W X A D E G L O S Y B N (b) Example Plaintext H E L L O G O O D Ciphertext E X S S N D N N W
M O N A R (a) Key 3. Playfair Cipher C H Y B D E F G I/J K L P Q S T (b) Example U V W X Z Plaintext S E C U R I T Y D C Ciphertext L I / J E M A K Q D C H 4. Hill Cipher 4 9 15 (a) Key 17 17 5 (b) Inverse Key 15 17 6 21 18 21 24 0 17 2 2 19 (c) Example Plaintext p (15) a (0) y (24) m (12) o (14) r (17) e (4) m (12) o (14) Ciphertext r r l m w b k a s
5. Polyalphabetic Cipher – Vigenere Cipher Plaintext h (7) e (4) l (11) l (11) o (14) g (6) o (14) o (14) d (3) Key d (3) a (0) t (19) a (0) d (3) a (0) t (19) a (0) d (3) Ciphertext k e e l r g h o g 5. Polyalphabetic Cipher – Vernam Cipher Plaintext 1 1 0 0 1 1 1 0 0 Key Stream 1 0 0 1 0 1 0 1 1 Ciphertext 0 1 0 1 1 0 1 1 1 6. One-Time Pad Plaintext H E L L O G O O D Key S E C U R I T Y D Ciphertext ? ? ? ? ? ? ? ? ? Back
Symmetric (Private) Key Encryption User B (Receiver) User A (Sender) Secrete Secrete Key Key Plain Cipher Cipher Plain Encryption Decryption Text Text Text Text Back
Data Encryption Standard (DES)
History In the late 1960s, IBM set up a research project in computer • cryptography led by Horst Feistel. The project concluded in 1971 with the development of an algorithm with the designation LUCIFER, which was sold to Lloyd's of London for use in a cash-dispensing system, also developed by IBM. LUCIFER is a Feistel block cipher that operates on blocks of 64 bits, • using a key size of 128 bits. Because of the promising results produced by the LUCIFER project, IBM • embarked on an effort to develop a marketable commercial encryption product that ideally could be implemented on a single chip. The effort was headed by Walter Tuchman and Carl Meyer, and it involved not only IBM researchers but also outside consultants and technical advice from NSA.
The outcome of this effort was a refined version of LUCIFER that was • more resistant to cryptanalysis but that had a reduced key size of 56 bits, to fit on a single chip. The most widely used encryption scheme is based on the Data • Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards (NBS), now the National Institute of Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm (DEA). DES Characteristics: • Plaintext and Ciphertext – 64-bit block Key – 56-bit Product cipher with 16 rounds Follows Feistel cipher structure
Feistel Cipher
64-bit Plain Text 64-bit Key DES- Encryption Initial Permuted Permutation Choice 1 64-bit 56-bit K1 Permuted Left Circular Key Generation Round 1 Choice 2 Shift 48-bit 64-bit 56-bit 56-bit K2 Permuted Left Circular Encryption Round 2 Choice 2 Shift 48-bit 56-bit 64-bit 56-bit K16 Permuted Left Circular Round 16 Choice 2 Shift 48-bit 56-bit 64-bit 32-bit Swap 64-bit Inverse Initial Permutation Back 64-bit Cipher Text
Initial Permutation Inverse of Initial Permutation Back
32-bit Input 32-bit Input Expansion / Permutation (E-Table) 48-bit 48-bit 48-bit Key 48-bit Round Substitution / Choice (S-Box) 32-bit Permutation 32-bit 32-bit 32-bit 32-bit Input 32-bit Input Back
Expansion / Permutation (E-Table) Back
32-bit Data Sub Key Round 32-bit Expansion 48-bit 48-bit Substitution (S-Box) 48-bit 6-bit 6-bit 6-bit 6-bit 6-bit 6-bit 6-bit 6-bit S5 S6 S7 S8 S1 S2 S3 S4 4-bit 4-bit 4-bit 4-bit 4-bit 4-bit 4-bit 4-bit 32-bit Permutation 32-bit Back
S-Box Back
Permutation Back
Key Generation 64-bit Key 56-bit Permuted Choice 1 56-bit 28-bit 28-bit K1 Permuted Left Circular Choice 2 Shift 48-bit 56-bit 56-bit 28-bit 28-bit K2 Permuted Left Circular Choice 2 Shift 48-bit 56-bit 56-bit 28-bit 28-bit K16 Permuted Left Circular Choice 2 Shift 48-bit 56-bit Back
Before Permutation Choice - 1 Permutation Choice - 1 Permutation Choice - 2 Schedule of Left Shifts Back
Double DES (a) Encryption K1 K2 P Encryption Encryption C (b) Decryption K1 K2 Decryption Decryption C P
Triple DES with Two Keys (a) Encryption K1 K2 K1 P Encryption Decryption Encryption C (b) Decryption K2 K1 K1 C Decryption Encryption Decryption P
Triple DES with Three Keys (a) Encryption K1 K2 K3 P Encryption Decryption Encryption C (b) Decryption K2 K3 K1 C Decryption Encryption Decryption P Back
Advanced Encryption Standard (AES)
Recommend
More recommend
