Embed Size (px)
Citation preview
CHAPTER ONE
INTRODUCTION
Project Overview
As a result of the rapidly growing use of networks and their
interactions with all types of other networks (often on a worldwide basis), the problem of
protection the confidentiality and integrity of the information transmitted on these networks
started to attract widespread attention in the late 1970’s and early 1980’s. Local area networks
provided many user access points. Since a feature of LANs is that additional accesses points can
be easily added without having any effect on other network users, an authorized person to gain
access to proprietary of classified information could use these connections. To protect both
equipment and information, network security must consider a wide range of administrative,
physical, and technical issues. To select an appropriate set of network security measures, one
first needs to evaluate the threat environment and assess the security techniques can be selected
and applied
Client Information.
Galaxy Software solution is an ISO 9001: 2000 certified Offshore outsourcing Company
Headquartered in Hyderabad - India providing IT services for SMEs (Small and Medium
Enterprise) for the past Seven years.
Galaxy Software solution empowers global innovators with sophisticated
outsourcing solutions. From product development, to application outsourcing, through
globalization and cutting-edge business process solutions, we enable our clients to decrease
costs, improve operations, and dominate their global markets. Our clients utilize Galaxy
Software solution's world-class processes and best practices for uncompromised quality and
efficiency. They leverage Galaxy Software solution's vast network of relationships to propel their
business operations globally and accelerate innovation
Aims and Objectives
To keep information out of unauthorized users we have to maintain Secrecy.
Confirmation pact with decisive we must have to know with whom you are
talking to previous to illuminating sensitive information.
Non refutation deals amid signatures
INTEGRITY CONTROL
To design a secure system for the clients to transfer their valuable information
to their destinations.
To research existing literature relating to different approaches to network
security.
Writing dissertation with full detailed of developing process.
Evolution of the project.
Research methodology
1. For booming achievement of this project to meet my client’s necessities, a thorough
investigate on encryption technology and several encryption methodologies will be
carried out Network design approach will be researched. The research will be perform
utilizing research journals, textbooks, technology white papers, and talk with program
lecturers. Most of the resources utilized were taken from online research sites like
sciencedirect.com, techrepublic.com, findwhitepapers.com and ACM.com. The
obtainable system comprises of files with literally no file security standards like
encryption techniques are to be put into practice due to the factors such as Reading or
tapping data, Manipulating and modifying data, Unlawful use of files, Corrosion of data
files, Distortion of data transmission, Disturbance of the operation of equipment or
systems, adjacent to which numerous security actions had to be taken up, The core
concern of (1) is secrecy and confidentiality. Confidentiality has always played an vital
role I diplomatic and military matters. Often Information ought to stored or transferred
from one place to another devoid of being exposed to an rival or enemy. Key
management is also associated to confidentiality. This deals with generating, distributing
and storing keys.Items (2-4) are mainly concerned with reliability. Often the expression
integrity is utilized as a gauge of genuineness of data. Also Computer files and networks
must be secluded against intruders and Unauthorized. Items (5-6) are a diverse aspect of
the security of the information, its continuity. Here the information must be secluded
against deliberate disruption at the time of its transmission and storage.
Content Information
This research write up contains a total of five chapters with references and appendices that support the entire dissertation. The following are a list of chapters with its corresponding contents
Chapter Two: This chapter specifies the difficulty that occurs during transfer of data into
different types of networks and the need to utilization of encryption.
Chapter three:This study covers the detail description of encryption and its
functionalities.
Chapter four: The entire description about the how the text is converted into a coding
format which cannot be understand by the individual.
Chapter five: It describes then properties of the algorithms’ and best conditions for their
enhanced performance.
Chapter seven: Data encryption standard and it deals with how the data is encrypted from
step to step.
Chapter eight: It describes the blow fish algorithm and it is a symmetric block cipher that
can be effectively used for encryption and safeguarding of data.
Appendices
References
CHAPTER-2
NETWORK SECURITY
As a result of the rapidly growing use of networks and their interactions with all types
of other networks (often on a world wide basis), the problem of protection the confidentiality and
integrity of the information transmitted on these networks started to attract widespread attention
in the late 1970’s and early 1980’s. Local area networks provided many user access points.
Since a feature of LANs is that additional access points can be easily added without having any
effect on other network users, an authorized person to gain access to proprietary of classified
information could use these connections. To protect both equipment and information, network
security must consider a wide range of administrative, physical, and technical issues. To select
an appropriate set of network security measures, one first needs to evaluate the threat
environment and assess the security techniques can be selected and applied.
Problems of Network security can be diverged into area:
1. Secrecy
2. Authentication
3. Non-repudiation
4. Integrity control
SECRECY
The main aim of Secrecy is to keep away information from hands of unofficial
users. It usually comes to mind when people imagine basing on network security.
AUTHENTICATION
Confirmation pact with decisive we must have to know with whom you
are talking to previous to illuminating sensitive information.
NON REPUDIATION
Non repudiation agreement with signatures.
4. INTEGRITY CONTROL
It compact to be confident that a message you received was actually the one sent
and not any other thing that a wicked adversary altered in transit or concocted
2.2 APPROACHES TO NETWORK SECURITY
Secure communication in physically vulnerable networks depends on the
disciplines of cryptography to guard the privacy and integrity of material passing between
machines. Cryptography is a tactic for altering the depiction or look of a message through a
location – scrambling process or throughout a few method of transformation of letters or
characters devoid of changing its in order content. To see where security fits into a
communication network consider a seven-layer OSI Reference Model, it is usually only
implemented in several of them . The two fundamental approaches to communication security
are link –oriented and end –to- end encryption measures. As its name implies, link-oriented
security measures protect message traffic transient over an individual transmission link among
two nodes, regardless of the original source and the ultimate target of that information. The
general scheme is shown in a 1.2 where encryption is performed independently on each
communication link between successive modems. The encryption is done by means of a function
called a Key. Each link corresponds to a data-link layer association in the OSI Reference Model.
An advantage of link-oriented security is that, depending on the
encryption method used , it can mask origin-to-destination information flow patterns and can
Totally avoid all forms of traffic analysis by hiding message frequency and length patterns, but
the weakness is that as information is encrypted merely on the links, the network nodes must be
both physically secured and capable of isolation information from each of various independent
data streams the could pass through the node. In contrast to this protection of individual links,
end-to-end security uniformly protects each message along its entire route from source to
destination as is shown in A1.3
Thus messages pass through the entire network of transmission links, local computers,
intermediate nodes switches in an encrypted form as provided by encryption device at the
message originator.
As the network layer, for keeping packets in or keep packets out Firewalls
can be installed. Coming to transport layer, whole relatives can be encrypted end-to-end, such as
process to process. Even though these solutions aid with secrecy concern and several people are
running hard to perk up them, no one of them crack the authentication or non-repudiation trouble
in satisfactorily general way. To undertake these problems, the solutions must be in the
application layer, which is why it led to later chapters.
CHAPTER-3
ENCRYPTION AND DECRYPTION
Encryption
Encryption is the procedure of renovating information from an unsecured form into coded
information, where the information cannot be understand by the outside person. An algorithm
and a key control the transformation process is controlled by algorithm and a key. The process
must be reversible so that the intended recipient can return the information to its original,
readable form, but reversing the process without the appropriate encryption information should
be impossible. This means that details of the key must also be kept secret. Encryption is
generally regarded as the safest method of guarding against accidental or purposeful security
breaches. The potentiality of the functionality is calculated in terms of work-factor-the strength
of that is necessitate to ’break’ encryption. A strengthened system will with stand for a long time,
even though by giving great force can reduce this.
The main characteristics of private key cryptosystem is as follows:
1) For both encryption and decryption the same private key is used In encryption. The
key is been in secrecy so that no other intruder can does not have a chance to know
about the knowledge of the algorithm. absolute the decryption process.
2) After the encryption takes palce, the next main division is the decryption, In this
process the code is again converted back to the original code, And in this way the
whole at the entire process of file transfer is carried out. And destination client will
be in favor of receiving the original text, So the decryption acting a crucial role in
this project.
2.2 Problem Definition
The primary troubles that are discussed in APTS, that commonly work on projects projects
that deal with communication, are given below in detail.The necessitate of the hour was to
perform algorithms like Rijndeal and the refuge over the data transmitted could be secure. And
the next factor was the performance efficiency that this algorithm supported.
Ways and Sources of File Threats
1) Unauthorized Access
“Unauthorized access” it is the way that an intruder can get permit to enter into the
machine and access the unauthorized files. The goal of these type of attack is to admission
some resource that your machine should not facilitate the attacker.
2) Executing Commands Illicitly
It’s perceptibly adverse for an not known and untrusted person to be capable to execute
commands on your server machines. The sternness of the problem is of two types problem:
first one is user access, and the next one is administrator access.A general user can perform so
many things on the system such as read files edit them.and these things that an cannot
perform.
Subsequently that an attacker can might perform configuration alterations to the host like
changing the port number of the host system an d make the system shutdown so that the
system can shut down every time as it is started.To perform this type of actions first the
intruder has to get access of the administrator previliges.
3) Confidentiality Breaches
There suppose we assume that there is data that which is very confidential if that data is fell in
the hands of intruder there may be a chance of modifying the data or he can change the entire
data or he can replace the old data with new dataIn such type of situations the general user
accounts on the system is enough to make damage against the company.
As several intruders of these types of break-ins are merely thrill-seekers and they do not
have interest in nothing to see a shell prompt for your computer on their screen, these are
highly malicious.
4) Destructive Behavior
Among the destructive sorts of break-ins and attacks, one of the two major categories is.
Data Destruction.
Some of the intruders are those who want to delete the things which there aim is to data
destruction. In this situation, the bang on the computing competence—and accordingly the
business – cannot be less than if a fire or any other natural calamity takes place so that other
disaster caused your computing equipment to be completely destroyed.
2.3 Solution to the problem
File Security
The primary thing that we think about the file is it’s security and we make the file to rid out
of the problems that are discussed as above for that we have to perform file security.problems
given above like execution of commands illicitly, unauthorized access, confidentiality
breaches and destructive behavior. The subsequently chief area is cryptography.
Cryptography
Cryptography is a division of Cryptology. The word Cryptology is derived from greek word
‘cruptos’ which resemblances hidden and logos study and the combination of this two words
gives cryptology. And this word fairly represents the science of concealing. It consists of
techniques for ,in the same way to decrypt the messages and signals. And the Cryptology can be
classified into two areas: Cryptography and Cryptanalysis.
Assume a user wants to encrypt a file just aaa.txt and given a password as “srinvas”. Since
the file as achieved to get the features so that it can store by itself, the password that which we
are given will also be stored somewhere in the encrypted file in the encrypted form. Suppose
the intruder may try to open the file eh don’t understand nothing as the file is already
encrypted form. This is one type of hiding password in a file . In this way the password can be
hidden into a file devoid of a necessitate of any database. In the same way as the user wants to
decrypt the file, he should facilitate the identical password as that of encryption.
Private-Key-Encryption
Coming to private key encryption the identical key is utilized for encryption and decryption.And
the key must be kept secrecy so that even the intruder with about the algorithm can complete the
decryption process.A person trying to share encrypted information with another person has to
solve the problem of communicating the encryption key without compromising it. This is
normally achieved by programming keys into all encrypt prior to deployment, and the keys
should be stored securely within the devices. In a relatively small network of encrypts, the task
of key management (including key changes) is easily handled for a private key system. Private
key encryption is a commonly used method of key management, and is used for standard
algorithms such as DES and Triple DES.
Key Management
There are three basic elements in any encryption system:
-- a means of changing information into code (the algorithm);
-- a secret starting point for the algorithm (the key); and
-- a system to control the key (key management).
The key determines how the algorithm - the encryption process - will be applied to a
particular message, and matching keys must be used to encrypt and decrypt messages.
The algorithm used in an encryption system normally remains the same for the life of the
equipment, so it is necessary to change keys frequently in order that identical encryption is not
applied to messages for a long period. It is generally desirable to change the keys on an irregular
but managed basis. Key management pact with the generation, storage, distribution, selection,
destruction and archiving of the key variables. Two basic types of encryption in use today are
known as private key (also called single or symmetrical key) encryption and public (or
asymmetrical) key encryption.
CHAPTER-4
ENCRYPTION BASICS
“It may well be doubled whether human ingenuity can construct an enigma of the kind which
human ingenuity may not, by proper application, resolve”.
-Edgar Allen Poe, The Gold Bug
4.1 INTRODUCTION
This chapter presents basic concepts and terminology for constructing encryption systems. The
following topics are described:
1. Types of Ciphers, algorithms and modes.
2. How encryption system fails.
3. How to recognize adequate Crypto: algorithms and modes.
4.2 ENCRYPTION BUILDING BLOCKS
A modern devices of crypto has many essential elements that agree on how it
works. Firstly in crypto algorithm, Which mainly consider mathematical transformation that
worked out on data to encrypt or to decrypt it. To encrypt a digital data stream a bit at a time
stream cipher are used. The well-known algorithms, however, are for Block ciphers, which
transform data in fixed-sized blocks, one block at a time. When block ciphers are applied block
by block to the data stream. The fundamental encryption and decryption processes are depicted
in A1.1. The functionality of encryption consists of two inputs, and one of them is known as
plain text and second one is key. The key consist of a finite number of bits, which are usually
expressed as decimal, hexadecimal, or alphanumeric character strings.
4.2.1 TRANSPOSITION CIPHERS
Transposition ciphers are based on the rearrangement of each character in
the plain text message to produce a cipher text. The encryption techniques include reserving the
entire message, reforming the message into a geometrical shape, rearranging the plain text by
scrambling a sequence of columns, and periodically permuting the characters of the plain text.
Let us now look at simple examples to illustrate this.
1. Message Reversal:
In this method the plain text is written backwards to produce a cipher text.
If the plain text message is:
LOCAL AREA NETWORKS SECURITY
Then the encrypted message reads
YTIRUCES KROWTEN AERA LACOL.
This is one of the simplest encryption methods. Obviously, it is not very secure, since to do
decipher it one merely reads the cipher text in reverse.
2. Geometrical Pattern Encoding:
In this method the message is rearrange with the aid of some type of
geometric figure, a typical example being a two-dimensional array or matrix. First the plain text
is written into the figure according to particular pattern. Taking the letters off the figure
according to a different path then creates the cipher text.
Example:
The plain text word is written into a
3 X 5 matrix by rows as follows
Column number 1 2 3 4 5
Cipher text V A R C H
E K N S K
H L Y D T
If columns in the order 24155 take off the letters, the resulting cipher is
HLRESCVANKVDKH.
3. Columnar Transposition
In this method, one first transpose the plain text message into a rectangular
form by columns. The columns are next rearranged and the letters are taken off in a horizontal
fashion.
Example:The plain text message “The product Brochure is Ready”, which we write into
5 X 5 matrix by columns as follows
Column number 1 2 3 4 5
Cipher text T O B U R
H D R R E
E U O E A
P C C I D
R T H S Y
Since there are five columns, that can be rearranged in 5! = 120 different ways. To enhance the
security of the plain text message, we can thus choose one of these rearrangements
A drawback in using columnar transposition ciphers for computer applications is that entire
matrices of characters must be generated to encryption and decryption.
4.2.2 SUBSTITUTION CIPHERS
Substitution enciphering involves the replacement of each character in the
plain text by some other character. This can be a letter , a number, or a symbol. The four basic
classes of substitution ciphers are as follows:
1. Simple Substitution
A corresponding character of cipher text replaces each character of plain text; a single one-to-one
mapping from plain text to cipher text is used to encrypt and entire message.
2. Homophonic Substitution
Each plain text character is encrypted with a variety of cipher
text characters. The mapping from plain text to cipher text is thus one-to-many.
3. Polyalphabetic Substitution
Multiple Cipher alphabets are used to change plain text to cipher text; the mappings are usually
one-to-one as in simple substitution, but can change within a single message.
4. PolyGram Substitution
These are the most general ciphers; they permit arbitrary substitutions for groups of plain
text characters. For illustrative purposes, we only discuss simple substitution ciphers here.
Suppose A is a plaint text n-character alphabet ordered us look as {a0,a1,…….an-1}. A
simple substitution cipher then replaces each character of A by a corresponding character from
an ordered cipher alphabet C denoted by {f(a0),f(a1),f(a2),……….f(an-1)}. Here the function ‘f’
represents a one-to-one mapping of each character of A to the corresponding character of C.
A plain text message
M=m1m2m3 …….
is then written as Ek(M) = f(m1)f(m2) …….
Where mi is a character of A. Typically C is simply a rearrangement of the characters in A.
4.2.2 PRODUCT CIPHERS
A product cipher involves a combination of transposition ( permutation) and substitution
to produce a cipher text. The products are of the form B1MB2M…….Bn where M is an un-
keyed mixing transformation or permutation and the B1 are simple cryptographic transformation.
Thus , a product cipher is the application of sequence of ‘n’ enciphering functions f1,f2,…….fn
where each f1 can be a permutation cipher P or a substitution cipher S . A1.2 illustrated the
application of the basic principle to a 12-bit message block .
M= ( m1m2........m12) .we should note that this example is for concept illustration purpose
only , since in practice longer locks should be used .The enciphering scheme alternately applies
‘k’ substitution Si and ‘k-1’ permutations Pi yielding
C= Ek (M) =SkPkSk-1………..S2P1S1 (M)
The plain text of 12 bit is make parts into 3-bit sub block each performs as a diverse invertible
substitution cipher kij which results in 12 bit are scramble by the permutation box Pi and it acts
as the input to coming round of enciphering. This blend bits diverse dij boxes for the reason
devoicing overall transformation from degeneration and making them to place in 3-bit block.
.2.3 BLOCK CIPHERS
Block ciphers involve encrypting and decrypting messages in blocks of information bits.
Given that M is a plain text message, a block cipher breaks M into successive blocks M1, M2 …
and enciphers each Mi with the same key K, i.e. Ek (M) = Ek(M1)Ek(M2) .. . The basic
concept of block ciphering with partitioning and iteration is shown in A3.1. A block of message
to be transformed iteratively I=1,2,….r times is divided equally into halves denoted as Li and
Ri. If the block is n bits long , then Li and Ri each have n/2 bits. Encryption and Decryption is
carried out by means of the set of iteration- dependent keys Ki+1 and a transformation function
f. This transformation function depends on Ri and Ki+1 for encryption and on Li+1 and Ki+1
for decryption.
As shown figure A2.5 for the (i+1)th iteration the encryption yields
Li+1=Ri
Ri+1=Li(mod-2)f(ki+1,Ri)
For decryption the of Ki+1 is reversed,
i.e. Li=Ri+1 (mod-2)f(Ki+1,Li+1)
Ri=Li+1
When block ciphers are applied to data stream, the cipher mode defines how the algorithm is
applied block by block to the data stream.
4.3 How Cryptosystems fail
Networking systems fail to protect messages because people are motivated to attack
them. Typical data communication protocols are designed to deal with random errors:TCP/IP
delivers data reliably even when a broad range of accidents and failures occur. But these
protocols aren’t designed to stand up against conscious attempts to fool them
Unlike generic communication protocols, cryptosystems are designed to stand up against
attack. When cryptosystems do fail, we can identify weakness as failing into either of two
categories: in the cipher itself or in the operating environment. The cipher itself is the mechanism
by which a given message is transformed from plain text into cipher text. The environment in
which the code is used includes the rules for handling plain text, the distribution of keys, the
roles of people involved, and the physical protections given to the various elements.
A very trivial example illustrates the basic concepts of a “weak” code consider the codes
used for cryptograms published as puzzles in news papers. Typically, cryptograms use very
simple encryption techniques that can be cracked by applying some basic rules.
Here is a classic:
SEND
+MORE
=MONEY
We can tell that the solution requires a substitution of letters for digits by the way the problem is
presented. We can immediately identify the letter standing for one digit based on the rules of
arithmetic: M must stand for 1. Systematic trail and error quickly yields the rest of the code. This
is perhaps the easiest example there is of cryptanalysis-the systematic breaking of the encrypted
messaged and coding systems.
Cracking a code involves either an attack on the code itself or on the way the code is
used. Given the strength of modern codes, the real risk today is in how they are actually used.
However, it is still important to select an appropriately strong alternative from the number
available in today’s market place.
The essential objective is choosing a strong code, or a strong cryptosystem for that matter
is to look at the work factor it presents an attacker. The work factor is an estimate of how hard
the attacker must work in order to by pass the protection and achieves valuable goal. Stronger
systems present a larger work factor while weaker systems are easier to overcome. Ideally the
work factor should be large enough to make the cost of an attack greater than the potential
benefits to the attacker.
4.4 CHOOSING BETWEEN STRONG AND WEAK CRYPTO
The advice any one would desire at this point is an ordered list of the technologies known
to be the strongest. Unfortunately, it is difficult to choose reliably that way. Not all crypto
products support all strong algorithms or modes, or provide comfortably long key lengths. and
what those problems are then when faced with a product containing a particular problem, we can
decide if the risk is acceptable for out application In any case, prudent planners will anticipate
hoe their system can migrate to a different crypto mechanism and key length in the future. No
security technology remains effective forever.
CHAPTER-5
CRYPTO ALGORITHM PROPERTIES
5.1PROPERTIES OF GOOD CRYPTO ALGORITHM
Preferred algorithms generally have the following properties to some degree.
5.1.1 NO RELIANCE ON ALGORITHM SECRECY
While it may, in some cases, increase the attacker’s work factor to keep as much secret as
possible, keeping a crypto algorithm secret can be a double-edged sword. If we don’t know how
the algorithm works- we can’t tell if it has some easy-to-exploit flaw.
Good crypto algorithms rely exclusively on keys to protect the data. Revealing the
algorithms should not significantly improve an attackers likelihood of success.
5.1.2 NO RELIANCE ON ALGORITHM
The algorithm should have been designed in the first place to resist crypt analysis. This is
not always true of algorithms used for encryption. For example, some products use simple
random number generators to produce a venom cipher key stream. Simple notations of statistical
randomness do not guarantee strength against crypt analysis.
5.1.3 AVAILABLE FOR ANALYSIS
Ideally, the algorithm had been published and subjected to scrutiny by the public
cryptographic community. The longer mathematicians and crypt analysts have to look at the
algorithm, the more likely they will find its weaknesses. DES has stood the rest of time and is
likely to be used for many years to come in some form or other.
5.1.4 SUBJECT TO ANALYSIS
Have recognized cryptanalysis published results regarding the algorithm strength?
Ideally, recognized experts should be openly discussing the algorithms and other experts review
publishing analysis in referred professional journals that ensure the work. This almost never
occurs except in cases when the algorithm itself has been published. It is always important to
judge the experts rendering the opinion: are they within their scope of expertise?
5.1.5 NO PRACTICAL WEAKNESSES
The analysis performed should show that there are no serious weaknesses in the
algorithm that an attacker can easily exploit. Custom-built algorithms embedded in commercial
software tend to have serious weaknesses if a commercial package claims to encrypt data and
does not use a recognize algorithm, do not presume that it protect against any motivated attacker.
Implementing Rijndeal
Notation and Conventions
Rijndael Inputs and Outputs
First the plain text is written into the figure according to particular pattern. Taking the letters
off the figure according to a different path then creates the cipher text.columnar TranspositionIn
this method, one first transpose the plain text message into a rectangular form by columns. The
columns are next rearranged and the letters are taken off in a horizontal fashion. Since there are
five columns, that can be rearranged in 5! = 120 different ways. To enhance the security of the
plain text message, we can thus choose one of these rearrangements. A drawback in using
columnar transposition ciphers for computer applications is that entire matrices of characters
must be generated to encryption and decryption Substitution cipher. Substitution enciphering
involves the replacement of each character in the plain text by some other character.
Bytes
A byte in Rijndael consists of a set of 8 bits and this is the general source for all cipher
operations. And this type of bytes are construe as restricted field elements utilizing polynomial
representation, like as a byte b with b0 b1 … b7:
The values of bytes will be presented in binary as a concatenation of their its (0 or 1) between
braces. Hence {011000011} identifies a exact limited field element. If not particularly indicated,
bit patterns will be obtainable with higher numbered bits to the left. It is also suitable to denote
byte values utilizing hexadecimal notation, with each of two groups of four bits being signify by
a character as Follows.
Hence the value {011000011} can also be written as {63}, where the character signify the 4-
bit group containing the higher numbered bits is again to the left.
Few finite field operations utilize a single additional bit (b8) to the left of an 8-bit byte. Where
this bit is there it will come out immediately to the left of the left brace, for example, as in 1{1b}.
Arrays of Bytes
Entire input and out put are taken as single dimentional arrays of bytes at which x consists of
bits 8x to 8x+7 from the sequence with bit 8x+j in the succession map to bit 7-j in the byte for 0
<= j < 8. And the sequence is represented by symbol b and x is represented for two notations as
well as two representations bx or b[x], with x in one of the ranges 0 <=x < 16, 0 <=x < 24 or
0 <=x < 32.
The Rijndael State
The performance of Rijndael operates on a two dimensional array of bytes known as state
which comprises of Xc-columns and 4-rows and Xc is primary supply which is of length 32.And
array is denoted by symbol k, and each and every byte is split into 2 indexes:its row number p
with on the , in the range 0 <=p < 4, and its column number c, in the range 0 <=l < Nc, hence
allowing it to be referred to either as l p k , or s[r, c]. For AES the range for c is 0 <=l < 4
where since kc as static value of 8.Comming to the encryption and decryption functions the
entire descryption as shown in the figure 1
Basing on the scheme at the initial of encryption or decryption the input array in is copied to the
state array according to the scheme:
s[r, c] = in[r + 4c] for 0 £ r < 4 and 0 £ c < Nc
Arrays of 32-bit Words
The four bytes in each column of the state can be thought of as an array of four bytes indexed
by the row number r or as a single 32-bit word (bytes within all 32-bit words will always be
enumerated using the index r). The state can hence be considered as a one dimensional array of
words for which the column number c provides the array index. The key schedule for Rijndael,
described below, is an array of 32-bit words, denoted by the symbol k, with the lower elements
initialized from the cipher key input so that byte 4i+r of the key is copied into byte r of key
schedule word k[i]. The cipher iterates throughout a numeral of cycles, called rounds, each of
which utilizes Nc words from this key schedule. Hence the key schedule can also be viewed as
an array of round keys, each of which consists of an Nc word sub-array. Hence word c of round
key n, which is k[Nc * n + c], will also be referred to using two dimensional array notation as
either k[n,c] or kn,c . Here the round key for round n as a whole, an Nc word sub-array, will
sometimes be referred to by replacing the second index with ‘-’ as in k[n,-] and - , n k .
Finite Field Operations
Finite Field Addition
The addition of two finite field elements is achieved by adding the coefficients for
corresponding powers in their polynomial representations, this addition being performed in
GF(2), that is, modulo 2, so that 1 + 1 = 0. As a result, addition and subtraction are equally
equivalent to an exclusive-and operation on the bytes that symbolize field elements. Addition
operations for limited field elements will be denote by the symbol Å. For instance, the
subsequent expressions are equivalent:
(polynomial notation)
{01010111} Å {10000011} _ {11010100}
(binary notation)
{57} Å {83} _ {d4}
(Hex Notation)
Finite Field Multiplication
A simple substitution cipher then replaces each character of A by a corresponding
character from an ordered cipher alphabet C denoted by {f(b0),f(b1),f(b2),……….f(bn-
1)}. Here the function ‘f’ represents a one-to-one mapping of each character of B to the
corresponding character of C. A plain text message N=n1n2n3 ……. is then written as
Ek(n) = f(n1)f(n2) ……. Where mi is a character of B. Typically C is simply a
rearrangement of the characters in B.Product cipherA product cipher involves a
combination of transposition ( permutation) and substitution to produce a cipher text.
The products are of the form C1MC2N…….Cn where N is an un-keyed mixing
transformation or permutation and the C1 are simple cryptographic transformation. Thus ,
a product cipher is the application of sequence of ‘n’ enciphering functions f1,f2,
…….fn where each f1 can be a permutation cipher P or a substitution cipher S . A1.2
illustrated the application of the basic principle to a 12-bit message block . M=
( m1m2........m12) .we should note that this example is for concept illustration purpose
only , since in practice longer locks should be used
Since this polynomial has powers of x up to 8 it cannot be represented by a single byte and
will be written as either 1{00011011} or 1{1b} as indicated earlier. This process is illustrated in
the following example of the product {57} · {83} _ {c1} (where · is used to represent finite field
multiplication):
This intermediate result is now divided by m(x) above:
Multiplication is associative, and there is a neutral element {01}; for any binary polynomial b(x)
of degree less than 8, the extended Euclidean algorithm can be used to compute polynomials a(x)
and c(x), such that:
Which shows that the polynomials a(x) and b(x) are mutual inverses. Furthermore:
It hence follows that the set of 256 byte values, with the XOR as addition and multiplication as
clear above has the structure of the limited field GF(256).
Multiplication by Repeated Shifts
The unlimited field facet 00000010 is the polynomial y, which represents with the next
element by the value augment all its power y by 1. It move byte by position 1 to the position
i+1. In case where the highest bit as given top most preference and it will flow over y8 term,and
for cancelling additional bit modular polynomial is added, where the outcome that suits within a
single byte. For instance, multiplying 10001000 by x, that is 00000010, the preliminary result is
1{10010000}.The bit that is extra is removed by supplementary one, the modular polynomial,
using an exclusive-or operation is used in modular polynomial to get the final outcome .
Due to replicate this process, a finite field element can be multiplied by all powers of x from
0 to 7. Multiplication of this element by any other field element can then be achieve by addition
the outcome for the appropriate powers of x. For instance, Table 1 carries out this calculation for
the product of the field elements {57} and {83} to give {c1}.
Finite Field Multiplication Using Tables
While it may, in some cases, increase the attacker's work factor to keep as much secret as possible,
keeping a crypto algorithm secret can be a double-edged sword. If we don't know how the algorithm
works- we can't tell if it has some easy-to-exploit flaw. While it may, in some cases, increase the
attacker's work factor to keep as much secret as possible, keeping a crypto algorithm secret can be
a double-edged sword. If we don't know how the algorithm works- we can't tell if it has some easy-to-
exploit flaw. Good crypto algorithms rely exclusively on keys to protect the data. Revealing the
algorithms should not significantly improve an attackers likelihood of success. While it may, in some
cases, increase the attacker's work factor to keep as much secret as possible, keeping a crypto
algorithm secret can be a double-edged sword. If we don't know how the algorithm works- we can't
tell if it has some easy-to-exploit flaw. Good crypto algorithms rely exclusively on keys to protect the
data. Revealing the algorithms should not significantly improve an attacker likelihood of success.
Good crypto algorithms rely exclusively on keys to protect the data. Revealing the algorithms should
not significantly improve an attackers likelihood of success. . The longer mathematicians and crypt
analysts have to look at the algorithm, the more likely they will find its weaknesses. DES has stood
the rest of time and is likely to be used for many years to come in some form or other.
By using Rijindeal we get the following tables in this table using the previous instance shows
For the Rijndael field [4] is a generator[57] equals [05][54] and [76] = [69][20]where the braces
The unlimited field facet (62) + (50) = (b2) is the polynomial y, which represents with the next
element by the value augment all its power y by 1. It move byte by position 1 to the position
i+1. In case where the highest bit as given top most preference and it will flow over y8 term,and
for cancelling additional bit modular polynomial is added, where the outcome that suits within a
single byte. For instance, multiplying by x, that is the preliminary result is {57} · {83} = {03}
(62) + (50) The bit that is extra is removed by supplementary one, the modular polynomial, using
an exclusive-or operation is used in modular polynomial to get the final outcome .
Polynomials with Coefficients in GF(256)
Four term polynomial is represented as follows:
Four term polynomial is represented as fields with fine number of elements where as the four
term polynomial generally consists of four coefficients which each coefficient represented by a
byte and consists the bytes in the form of 32-bytes word.
We have to perform so many application for the permutations and combinations like to perform
addition and multiplication which these operations can be performed by some mechanizes that to
perform some operations such as like addition can be performed for this we have to perform by
accumulation the finite field coefficients such as identical powers which relates to xor function
which corresponds to their appropriate bytes and sis of 32-bit of x,and the same way the other
operation can be multiplication this can be attained by algebraically growing the polynomial
product and amass like powers of x to give:
where:
. In Rijndael the polynomial used is x4 + 1. For instance, multiplying by x, that is the
preliminary result is A for a.b. The bit that is extra is removed by supplementary one, We have to
perform so many application for the permutations and combinations like to perform a addition
(XOR and multiplication which these operations can be performed by some mechanizes that to
perform some operations such as polynomial coefficients:
:
If one of the polynomials is fixed, this can conveniently be written in matrix form as:
For the reason that x4+1 which is not educable and each and every polynomial
multiplications are invertible. For Rijndael, though, a polynomial that has an inverse has
been chosen:
For Rijndael, polynomial has to inverse has been chosen basic classes of substitution ciphers are
as follows Simple Substitution A corresponding character of cipher text replaces each character
of plain text; a single one-to-one mapping from plain text to cipher text is used to encrypt and
entire message. Homophonic Substitution Each plain text character is encrypted with a variety of
cipher text characters. The mapping from plain text to cipher text is thus one-to-many
Polyalphabetic Substitution Multiple Cipher alphabets are used to change plain text to cipher
text; the mappings are usually one-to-one as in simple substitution, but can change within a
single message.These are the most general ciphers; they permit arbitrary substitutions for groups
of plain text characters. For illustrative purposes, we only discuss simple substitution ciphers
here.Suppose B is a plaint text n-character alphabet ordered us look as {b0,b1,…….bn-1}. A
simple substitution cipher then replaces each character of A by a corresponding character from
an ordered cipher alphabet C denoted by {f(b0),f(b1),f(b2),……….f(bn-1)}. Here the function
‘f’ represents a one-to-one mapping of each character of B to the corresponding character of C.
A plain text message N=n1n2n3 ……. is then written as Ek(n) = f(n1)f(n2) ……. Where mi is a
character of B. Typically C is simply a rearrangement of the characters in B.Product cipherA
product cipher involves a combination of transposition ( permutation) and substitution to
produce a cipher text. The products are of the form C1MC2N…….Cn where N is an un-keyed
mixing transformation or permutation and the C1 are simple cryptographic transformation. Thus
, a product cipher is the application of sequence of ‘n’ enciphering functions f1,f2,…….fn
where each f1 can be a permutation cipher P or a substitution cipher S . A1.2 illustrated the
application of the basic principle to a 12-bit message block .M= ( m1m2........m12) .we should
note that this example is for concept illustration purpose only , since in practice longer locks
should be used .The enciphering scheme alternately applies ‘k’ substitution Si and ‘k-1’
permutations Pi yielding C= Ek (M) =SkPkSk-1………..S2P1S1 (M) Where each Si is a
function of the key K. The 12-bit plaintext block is divided into four 3-bit sub-blocks each of
which is acted on by a different invertible 3-bit to 3-bit mapping or substitution cipher Sij. The
resulting 12 bits are scrambled by the permutation box Pi and input to the next round of
enciphering.The numeral of rounds for the cipher (Nn) varies with the block length and the key
length as shown in the below table.
The SubBytes Transformation
The SubBytes transformation is a non-linear byte substitution that acts on every byte of the
state in isolation to produce a new byte value using an S-box substitution table. The act of this
transformation is demonstrate in Figure 2 for a block size of 6.
This replacement, which is invertible, is build by composing two transformations:
1. Primarily the multiplicative inverse in the finite field explain prior (with element {00} mapped
to itself).
2. Second the affine transformation over GF(2) defined by:
For 0 £ i < 8 where bi is bit i of the byte and ci is bit i of a byte c with the value {63} or
{01100011}. Here and somewhere else a prime on a variable on the left of an equation specify
that its value is to be efficient with the value on the right.
In matrix form the latter component of the S-box transformation can be expressed as:
The final result of this two stage transformation is given in the following table.
The ShiftRows Transformation
The ShiftRows transformation operates individually on each of the last Three rows of the
state by cyclically shifting the bytes in the row such that:
Where the shift amount h(r, Nc) depends on row number r and block length as follows:
This By interchanging the rows lowest bytes wrap has the effect of moving bytes to the top most
priority bytes which the utilization is demonstrated in the lower positions in the row except that
the around into the top of the row where the needs are described below 6.
The MixColumns Transformation
The mixed column transformation is by changing elements in the matrix and treated as each and
every column as four-term polynomial. In the preceding matrix all the values are finite elements
as argued in
The mechanism of transformation is shown in the Figure 4 for a cipher block size of 6.
The Xor RoundKey Transformation
In the Xor RoundKey transformation Nc words from the key schedule (the round key described
later) are each added (XOR’ d) into the columns of the state so that:
where the round key words are added to the k rounds which then the range as to be from the o
with the value o is being utilized and is represented by the initial key round as shown in the
diagram and the primary key is to applied prior to the round function K round, c (shortened to k r
The byte that consists of each word as a key address that is shown aboveThe act of this alteration
is demonstrate in Figure 5 for a cipher block size of 6.
The Key Schedule
The output of the cipher key is the round key by taking the responsibility of the key schedule
with each and every round require a supplementary initial set with round essential nc word, build
which establish a whole sum of Nc (Nn + 1) words here nc represents number of cipher
rounds .And the key scheduled is deliberate as solitary dimensional array with I an index of
range k 0 £ i < Nc (Nn + 1) each or which individually comprises of a sub-array of Nc words.
The expansion of the input key into the key schedule proceeds according to the subsequent
pseudo code. The output of the cipher key is the round key by taking the responsibility of the
key schedule with each and every round require a supplementary initial set with round essential
nc word, build which establish a whole sum [b3,b2,b1,b0 ] to an output [b0,b3,b2,b1 ] . The
rounds which then the range as to be from the o with the value o is being utilized and is
represented by the initial
Remember the key which is described in the fig6 where nk=4 and nc=6 and can be produced
depending on the necessary utilizing a buffer of max(nc,nk)and this mechanism figured out in
6 and can also be diverse into some what easier, key schedules for Nk _ 6 and Nk > 6
respectively.
The Inverse Cipher
The above represented cipher code is a inverse cipher which is straight forward.
The Inverse ShiftRows Transformation
The InvShiftRows transformation mainly deals individually with the last three the state
cyclically altering the bytes the row in a way
where the cyclic shift values h(r, Nc) are given in Table 6.
The Inverse SubBytes Transformation
The needed for the inverse InvSubBytes transformation is given above. The below table is
called inverse S-box table which is required for transformations as above discussed.
The Inverse MixColumns Transformation
The InvMixColumns transformation acts independently on every This By interchanging the
rows lowest bytes wrap has the effect of moving bytes to the top most priority bytes which the
utilization is demonstrated in the lower positions in the row except that the around into the top of
the row discussed above.
The Equivalent Inverse Cipher
This type of cipher utilizes the identical type of keys for the forward cipher but the way of
execution is different though a continuous group of actions of transformations are to be are to be
transformed the inverse transform to convert into forward cipher this the reason that some of the
alterations and the type of execution is entirely different from others the order of sub bytes and
jumping of row transformations does not taken into consideration subBytes moves are changes
the value and the locations and in the same way the shift rows does the the thing that is exactly
opposite which is done by the subbyte subsequently XorRoundKey and InvMixColumns are
made to come into action to make the forward and inverse to be identical form to perform round
key addition column mixing the execution must be linear to the column input so that:
InvMixColumns(state xor h)=InvMixColumns(state) xor InvMixColumns(h)
where as h is the representation of a round key which is in the form of a state array. Therefore,
provide that an This type of cipher utilizes the identical type of keys for the forward cipher but
the way of execution is different though a continuous group of actions of transformations are to
be are to be transformed the inverse transform to convert since these do not operate in
association with the column-mixing step. The performance of the forward only have the structure
where it functions only round function to outcome in an proficient type of execution .By
transforming the inverse cipher into the identical sequence of operations as the cipher itself, it
can be carried out in the identical way, thereby achieving this efficiency.
CHAPTER-6
THE DES AND TRIPLE DES ALGORITHMS
6.1 DATA ENCRYPTION STANDARD
The most widely used encryption scheme is based on (DES) adapted in 1977 by the
National Bureau of Standards has tailored Data Encryption Standard which is most widely used
encryption in data encryption algorithm for 56-bit are utilized by 64 bit block and algoritham
converts 64 bit input into as 64 bit output, are utilized to reverse the encryption.
Before its adoption as a standard, the proposed DES was subjected to intense criticism, which
has not subsided to this day. Two areas drew the critics’ fire. First, the key length in IBM’s
original LUCIFER algorithm was 128 bits, but that of the proposed system was only 56 bits, an
enormous reduction in key size of 72 bits. Critics feared that this key length was too short to
withstand Brute Force attacks. The second area of concern was that the design criteria for the
internal structure of DES, the S-boxes, were classified. Thus users could not be sure that the
internal structure of DES was free of any hidden weak points that would enable NSA decipher
messages without benefit of the key.
6.1.2 DES ENCRYPTION
The overall scheme for DES encryption is illustrated in Figure below. As with any encryption
scheme, there are two inputs to the encryption function: the plain text to be encrypted and the
key. In this case, the plain text must be 64 bits in length and the key is 56 bits in length.
Fig 6.1.2(a) Encryption using DES
Looking at the left hand side of the figure, we can see the processing of the plain text
proceeds in three phases. First, the 64-bit plain text passes through an initial permutation (IP)
that rearranges the bits to produce the permuted input. This is go behind by a phase comprising
of 16 rounds of the identical function, which involve together permutation and exchange
functions. The output of the last (sixteen) round consists of 64 bits that are a function of the input
plain text and the key. The left and right bisect of the output are swop to fabricate the pre-
output. Finally, the pre-output is passed through a permutation (IP -1) that is the inverse of the
initial permutation function, to produce the 64-bit cipher text. Considering the exception of the
primary and final permutations, DES has the exact organization of Feistel cipher, as dipected in
the figure.
The right-hand portion of fig above shows the way in which the 56-bit key is used. At
first, the key is accepted through a permutation function. Then, for each of the 16 rounds, a sub
key (Ki) is produced by the combination of a left circular shift and a permutation. The
permutation function is the same for each round, but a different sub key is produced because of
the repeated iteration of the key bit.
6.1.2.1Initial Permutation:
The input to a table comprises of 64 bits A product cipher involves a combination of transposition
( permutation) and substitution to produce a cipher text. The products are of the form
B1MB2M…….Bn where M is an un- keyed mixing transformation or permutation and the B1 are
simple cryptographic transformation. Thus , a product cipher is the application of sequence of 'n'
enciphering functions f1,f2,…….fn where each f1 can be a permutation cipher P or a substitution
cipher S . A1.2 illustrated the application of the basic principle to a 12-bit message block . M=
( m1m2........m12) .we should note that this example is for concept illustration purpose only , since in
practice longer locks should be used .The enciphering scheme alternately applies 'k' substitution Si
and 'k-1' permutations Pi yielding C= Ek (M) =SkPkSk-1………..S2P1S1 (M) reversed, i.e. Li=Ri+1
(mod-2)f(Ki+1,Li+1) Ri=Li+1 When block ciphers are applied to data stream, the cipher mode defines
how the algorithm is applied block by block to the data stream.
Details of Single Round:
Fig 6.1.2 (b) Process involved in Single round
Figure: show the internal structure of a single round. . However, it is still important to select an
appropriately strong alternative from the number available in today's market place. The essential
objective is choosing a strong code, or a strong cryptosystem for that matter is to look at the work
factor it presents an attacker. The work factor is an estimate of how hard the attacker must work in
order to by pass the protection and achieves valuable goal. While it may, in some cases, increase
the attacker's work factor to keep as much secret as possible, keeping a crypto algorithm secret can
be a double-edged sword. If we don't know how the algorithm works- we can't tell if it has some
easy-to-exploit flaw. Good crypto algorithms rely exclusively on keys to protect the data. Revealing
the algorithms should not significantly improve an attackers like lihood of success.
To protect both equipment and information, network security must consider a wide range of
administrative, physical, and technical issues. To select an appropriate set of network security
measures, one first needs to evaluate the threat environment and assess the security techniques
can be selected and appliedmust be both physically secured and capable of isolation information
from each of various independent data streams the could pass through the node. In contrast to
this protection of individual links, end-to-end security uniformly protects each message along its
entire route from source to destination as is shown in A1.3 Thus messages pass through the
entire network of transmission links, local computers, intermediate nodes switches in an
encrypted form as provided by encryption device at the message originator. reserving the entire
message, reforming the message into a geometrical shape, rearranging the plain text by
scrambling a sequence of columns, and periodically permuting the characters of the plain text.
Let us now look at simple examples to illustrate this. 1. Message Reversal: In this method the
plain text is written backwards to produce a cipher textcan be rearranged in 5! = 120 different
ways. To enhance the security of the plain text message, we can thus choose one of these
rearrangements A drawback in using columnar transposition ciphers for computer applications is
that entire matrices of characters must be generated to encryption and decryption.
.1.2.2KEY GENERATION:
The subkeys are calculated using the Blowfish algorithm: Initially the q-array and the four p-
boxes in array with a fixed string and this string consists of hexadecimal digits of pi and next
xor q1 with 32 bits of key labeled C0 and D0.and kkep on continue for the process for each and
every bit of key and keep on repeating till the entire q-array has become xored with key bits.By
DES algorithm Encrypt the all-zero string, utilizing the 64-bit key. Replace the output of q1 and
q2 and encrypt this with the subkey. And carry this process till the q-array and all the four p-
boxes in array and the output varying constantly an at last there is a necessitate of 521
alterations for the outcome of all requisite keys and this perform this process number of times.A
48-bit that serves as input to the function F(R1-1,ki); every bit of key and keep on repeating till
the entire q-array has become xored with key bits.By DES algorithm Encrypt the all-zero
string, utilizing the 64-bit key. Replace the output of q1 and q2 and encrypt this with the subkey.
And carry this process till the q-array and all the four p-boxes in array and the output varying
constantly an at last there is a necessitate of 521 alterations for the outcome of all requisite keys
and this perform this process number of times.A 48-bit that serves as input to the function F(R1-
1,ki);
6.2 TRIPLE DATA ENCRYPTION ALGORITHM
Every TDEA operation is a compound technique of des encryption and the below operations are
utilized where let us Let CK (I) and VK(I) symbolize the DES encryption and decryption of I
utilizing DES key K correspondingly. Every TDEA encryption/decryption procedure (as
specified in ANSI X9.52) is a compound procedure of DES encryption and decryption operation.
The subsequent operations are utilized: In TDE A technique the alteration of 64 block I into a
64-bit block that defines as below O = CK3(VK2(CK1(I))) the same technique is followed by: O
= VK1(CK2(VK3(I))) specifies the following keying options for bundle as below.
The standard (h1, h2, h3)
Keying Option 1: independent keys are h1, h2 and h3 Keying Option 2: h3 = h1 where h1 and
h2 are autonomous keys and, Keying Option 3: h1 equal sh2 = h3.
A TDEA mode of operation is backward compatible with its single DES counterpart if, with
compatible keying options for TDEA operation,
1. An encrypted plaintext work out utilizing a single DES mode of operation can be decrypted
appropriately by a corresponding TDEA mode of operation; The best proficient method 65to
break TDEA is through thorough search of the key space. Even though a number of excellent
algorithms have been urbanized TDEA is utilized regularly for the reason that: It has been
frequently tested and found to be much protected. Use by criminals with malicious intent ●
Encryption keys can become lost rendering the associated data unrecoverable .Encryption that is
managed by the user can cause problems in a managed network by rendering necessary files
inaccessible to the network managers .In this document we talk about TDA simple substitution
cipher then replaces each character of A by a corresponding character from an ordered cipher
alphabet C denoted by {f(b0),f(b1),f(b2),……….f(bn-1)}. Here the function ‘f’ represents a one-
to-one mapping of each character of B to the corresponding character of C. A plain text message
N=n1n2n3 ……. is then written as Ek(n) = f(n1)f(n2) ……. Where mi is a character of B.
Typically C is simply a rearrangement of the characters in B.Product cipherA product cipher
involves a combination of transposition ( permutation) and substitution to produce a cipher
text. The products are of the form C1MC2N…….Cn where N is an un-keyed mixing
transformation or permutation and the C1 are simple cryptographic transformation. Thus , a
product cipher is the application of sequence of ‘n’ enciphering functions f1,f2,…….fn where
each f1 can be a permutation cipher P or a substitution cipher S . A1.2 illustrated the application
of the basic principle to a 12-bit message block .M= ( m1m2........m12) .we should note that this
example is for concept illustration purpose only , since in practice longer locks should be
used .The enciphering scheme alternately applies ‘k’ substitution Si and ‘k-1’ permutations Pi
yielding C= Ek (M) =SkPkSk-1………..S2P1S1 (M) Where each Si is a function of the key K.
The 12-bit plaintext block is divided into four 3-bit sub-blocks each of which is acted on by a
different invertible 3-bit to 3-bit mapping or substitution cipher Sij.action can be decrypted
accurately by a consequent single DES mode of operation. When utilizing Keying Option 3 (K1
= K2 = K3), TECB, TCBC, TCFB and TOFB modes are backward attuned with single DES
modes of process ECB, CBC, CFB, OFB correspondingly.
I DE O
Fig 6.2 (a) TDEA encryption and decryption process
DES Ek1 DES Dk2 DES Ek3
DES Dk1 DES Ek2 DES Dk3I O
CHAPTER-7
THE BLOWFIHS ALGORITHM
Blow fish is the fastest block cipher in the rife use,devoid of altering of keys.Each and every
new key has to pre –process identical to encrypt four kilobytes of text and is really slothful
estimate to other block ciphers.This keep away this its utilization in secure applications ,and this
is not a trouble in others. In one application, it is an advantage: the password-hashing technique
utilized in Open BSD utilized an algorithm derivative from Blowfish that carries utilization of
the unhurried key schedule;the motive is the supplementary computational effort obligatory
gives fortification footprint of merely over 4 kilobytes of RAM. This system is a not a mess yet
for older desktop and laptop computers, even though it does avert utilization in the minimum
embedded systems like early on smartcards. Blowfish is does not patent and is accordingly
generously reachable for someone to utilize. This recompense has throws in to its fame in
cryptographic software.
7.1 BLOWFISH ALGORITHM
It successfully utilized for encryption because it is a symmetric block cipher and it mainly
comprises of variable key length from 32 bit to 448 bits,and intention is to make data safe. It is
introduced in 1993 by Bruce Schneier as a free option to presented encryption algorithms.The
main advantage of blow fish is it is freeware which is and license-free, and is accessible free for
each and every one.Blowfish is simple iterating encryption function sixteen times.the range size
of the block is 64 bits,448 bits.It is more suitable for applications at where the key does not
change frequently and it has a very difficult initialization phase essential for any encryption can
occur, the real encryption of data is very capable on huge microprocessors.Variable-length key
block cipher is Blowfish.It is faster than any other algoritham with implementation on 32-bit
microprocessor with large data caches.
7.1.1 Feistel Networks
A Feistel network is a general method of transforming any function (usually called an Ffunction)
into a permutation is the normal method of feistal networks.It It is invented by Horst Feistel and
as well as utilized in several block cipher designs. The functioning of a Feistal Network is given
as Split each block into halves and next is Right half becomes new left halve and next is New
right half is the concluding result when the left half is XOR’d with the result of applying f to the
right half and the key.keep in mind preceding rounds can be consequent even if the function f is
not invertible.
Fig 7.1.1 (a) Fiestel network
7.1.2 The Blowfish Algorithm:
Li-1 K
f+
Li Ri
Ri-1
It successfully utilized for encryption because it is a symmetric block cipher and it mainly
comprises of variable key length from 32 bit to 448 bits and intention is to make data
safe. It is introduced in 1993 by Bruce Schneider as a free option to presented encryption
algorithms. The main advantage of blow fish is it is freeware which is and license-free,
and is accessible free for each and every one. Blowfish is simple iterating encryption
function sixteen times the range size of the block is 64 bits,448 bits. It is more suitable
for applications at where the key does not change frequently and it has a very difficult
initialization phase essential for any encryption can occur, the real encryption of data is
very capable on huge microprocessors. Variable-length key block cipher is Blowfish. It is
faster than any other algorithm with implementation on 32-bit microprocessor with large
data caches. A simple substitution cipher then replaces each character of A by a
corresponding character from an ordered cipher alphabet C denoted by {f(b0),f(b1),f(b2),
……….f(bn-1)}. Here the function ‘f’ represents a one-to-one mapping of each character
of B to the corresponding character of C. A plain text message N=n1n2n3 ……. is then
written as Ek(n) = f(n1)f(n2) ……. Where mi is a character of B. Typically C is simply a
rearrangement of the characters in Byproduct cipherA product cipher involves a
combination of transposition (permutation) and substitution to produce a cipher text. The
products are of the form C1MC2N…….Cn where N is an un-keyed mixing
transformation or permutation and the C1 are simple cryptographic transformation. Thus ,
a product cipher is the application of sequence of ‘n’ enciphering functions f1,f2,
…….fn where each f1 can be a permutation cipher P or a substitution cipher S . A1.2
illustrated the application of the basic principle to a 12-bit message block . M=
( m1m2........m12) .we should note that this example is for concept illustration purpose
only , since in practice longer locks should be used
7.2 DESCRIPTION OF THE ALGORITHM
Blowfish is a variable-length key, 64-bit block cipher.A key-expansion part and a data-
encryption part are the two parts that the algoritahm comprises. Key expansion change a key of
at most 448 bits into numerous sub key arrays totaling 4168 bytes. Data encryption carries
through 16-round Feistel network. Every round comprises of a key reliant permutation, and a
key- and data-dependent changeover. All process are XORs and additions on 32-bit words. The
only additional operations are four indexed array data lookups per round.
7.2.1.Subkeys
It utilizes a large number of subkeys. The keys must be processed earlier to any data encryption
or decryption. The q –array comprises of 18 32 –bit subkeys:q1,q2,q3……………q18.
2. There are four 32-bit p-boxes with 256 entries each:p1,0, p1,1,..., p1,255;p2,0, p2,1,..,, p2,255;
p3,0, p3,1,..., p3,255;p4,0, p4,1,..,, p4,255.
Encryption
It consists of 16 rounds where the input is of 64-bit data elements ie x and divided into
two halve of 32-bit xl,xr.for i = 1 to 16: xL = xL XOR Pi xR = F(xL) XOR xR interchange Swap
xl and xr.After the completion of the sixteenth round, interchange xl and ar again for previous
swap. Then, xR = xR XOR P17 and xL = xL XOR P18. Lastely again by combining x1 and xr
achieve the ciphertext. Decryption is accurately identical as encryption, apart from that P1, P2,...,
P18 are utilized in the undo order .To revel the loop and make certain or to arrange the all sub
keys in order it require greatest speed and make certain that all sub keys are stored in cache.
7.2.3 Generating the Subkeys
The subkeys are calculated using the Blowfish algorithm: Initially the q-array and the four p-
boxes in array with a fixed string and this string consists of hexadecimal digits of pi and next
xor q1 with 32 bits of key.and kkep on continue for the process for each and every bit of key and
keep on repeating till the entire q-array has become xored with key bits.By Blowfish algorithm
Encrypt the all-zero string, utilizing the subkeys. Replace the output of q1 and q2 and encrypt
this with the subkey. And carry this process till the q-array and all the four p-boxes in array and
the output varying constantly an at last there is a necessitate of 521 alterations for the outcome
of all requisite keys and this perform this process number of times.
7.2.4 DESIGN DECISIONS
A 64-bit block size yields a 32-bit word size, and .To maintains block-size compatibility with
existing algorithms a 32-bit word size is yield by 64-bit block size and it can scale up to128-block as well as down to slighter
The starting process are selected as are many options like as XOR, ADD, and MOV from
a cache are proficient on architectures that are provided by several companies and all the
sub keys.
To safeguard the complete entropy subkey generation is intended as well as it is planned
to share out set of allowed sub keys erratically all through the domain of achievable sub
keys. The letter pi is take for two reasons for the random sequence that are not linked to
the algorithm and the next is to store the piece of algorithm.
During sub key producing each key of sub key alter with each pair of sub keys produced
and this is to guard the the attacks on the sub key and it reduces the storage necessitate.
The subkey is dependent on each bit of the key and the limit of the key is certainThe
448 limit on the key size make certain that the each bit of each sub key depends on every
bit of the key. Split each block into halves and next is Right half becomes new left halve
and next is New right half is the concluding result when the left half is XOR’d with the
result of applying f to the right half and the key keep in mind preceding rounds can be
consequent even if the function f is not invertible manufacture process is fixed.
Generally in sub key generation highly linked key bits like an alphanumeric ASCII
string with the bit of each byte to 0 that will create random subkeys
It is the most time taking process for generating sub keys and difficult for brute-force and
the sub key are very long to be store on tape,
The mainly able way to break blowfish is through thorough hunt of the keyspace.
Evolution of project:Most of the resources utilized were taken from online research sites like sciencedirect.com, techrepublic.com, findwhitepapers.com and ACM.com. The obtainable system comprises of files
with literally no file security standards like encryption techniques are to be put into practice due to the factors such as Reading or tapping data, Manipulating and modifying data, Unlawful use of files, Corrosion of data files, Distortion of data transmission, Disturbance of the operation of equipment or systems, adjacent to which numerous security actions had to be taken up, The core concern of (1) is secrecy and confidentiality. Confidentiality has always played an vital role I diplomatic and military matters. Often Information ought to stored or transferred from one place to another devoid of being exposed to an rival or enemy. Key management is also associated to confidentiality. This deals with generating, distributing and storing keys.Items (2-4) are mainly concerned with reliability. Often the expression integrity is utilized as a gauge of genuineness of data. Also Computer files and networks must be secluded against intruders and Unauthorized. Items (5-6) are a diverse aspect of the security of the information, its continuity
Developing Process
The appraisal criteria were divided into three main categories: 1) Security, 2) Cost, and3) Algorithm and execution Characteristics. Defense was the mainly vital factor in the appraisal and encompasses features like conflict of the algorithm to cryptanalysis, soundness of its mathematical basis, randomness of the algorithm output, and relation refuge as compare to other candidates. Next cost was a second vital area of evaluation that encompassed licensing necessities, computational speed on different platforms, and memory necessities. As one of NIST’s aim was that the final AES algorithm be accessible worldwide on a royalty-free basis, public comments were particularly hunted on intellectual assets claims and any potential conflict. The tempo of the algorithm on a range of platforms required to be measured. All through Round 1, the spotlight was mainly on the speed related with 128-bit keys. During Round 2, hardware implementations and the speeds associated with the 192 and 256-bit key sizes were addressed. Memory necessities and software execution constraints for software implementations of the candidates were also vital considerations. The third area of evaluation was algorithm and execution characteristics like as flexibility, hardware and software suitability, and algorithm ease. Flexibility comprises the ability of an algorithm:To handle key and block sizes away from the minimum that must be supported,To be apply steadily and efficiently in many diverse types ofenvironments, andTo be implement as a stream cipher, hashing algorithm, and to facilitate additional cryptographic services. It must be realistic to execute an algorithm in equally hardware and software, and efficient firmware implementations were measured helpful. The virtual minimalism of an algorithm’s intends was also an appraisal factor. During Rounds 1 and 2, it become evident that the a variety of issues being analyzed and discuss often cross into extra than one of the three main criteria headings.
STRENGTHS
Encryption is the most effective way to achieve data security
Encrypting a file makes its contents unrecognizable to applications and to anyone
snooping around on your home or office computer
Confidentiality: Only genuine destination can access data.
Integrity: Data cannot be changed in the transmission process.
For financial transactions and payment processing industries.
WEAKNESS
Encryption takes computer processor time. The more complex the encryption the more
processing it will take
Use by criminals with malicious intent
Encryption keys can become lost rendering the associated data unrecoverable.
Encryption that is managed by the user can cause problems in a managed network by
rendering necessary files inaccessible to the network managers
CONCLUSION
In this document we talk about Blowfish, it is a variable-length key block cipher. It is only
appropriate for applications where the key has not change often, like a communications link or
an automatic file encryptor. It is appreciably earlier than DES when execute on 32-bit
microprocessors with huge data caches, like as the Pentium and the PowerPC. Even though there
is a compound initialization phase requisite before any encryption can take place, the actual
encryption of data is very resourceful on large microprocessors. Linux comprises Blowfish in the
mainline kernel, starting with v2.5.47. Blowfish is a 16 pass block encryption algorithm that has
never been broken. The best proficient method to break Blowfish is through thorough search of
the key space. Even though a number of excellent algorithms have been urbanized BLOWFISH
is utilized regularly for the reason that: It has been frequently tested and found to be much
protected. It is tremendously rapid due to its taking benefits of built-in instructions on the present
microprocessors for basic bit shuffling operations. The recital indices here are the security and
pace of the algorithm. This study is applied to diverse types of data; text, sound and image. For
each and every case the encryption/decryption key length has been altered and its outcome on the
performance was discerned. Furthermore, the file volume is altered and its affect on the recital of
the algorithm was noticed. This has revealed that changing the key length has no outcome on the
encryption or decryption time where altering the plaintext file size is straightly reflected on the
processing time. The results obtain here have been transformed into modules of equations of
high orders thus the future performance of the algorithm may be predict from these equations
REFERENCES:
[BCMO] NIST Special Publication 800-38A Recommendations for Block Cipher Modes
of Operation, Methods and Techniques, Morris Dworkin, December 2001.
[CMS] RFC 3852 Cryptographic Message Syntax (CMS), R. Housley, July 2004
(obsoletes RFC 3369 and RFC 2630).
[FERG] Niels Ferguson and Bruce Schneier, Practical Cryptography, John Wiley, 2003.
[FIPS46] Federal Information Processing Standard (FIPS) 46-3, Data Encryption
Standard (DES), U.S. Department Of Commerce/National Institute of Standards and
Technology, 25 October 1999.
[FIPS74] Federal Information Processing Standard 74 (FIPS PUB 74), Guidelines for
Implementing and Using the NBS Data Encryption Standard, U.S. Department Of
Commerce/National Institute of Standards and Technology, 1 April 1981.
[FIPS81] Federal Information Processing Standard (FIPS 81), DES Modes of Operation,
U.S. Department Of Commerce/National Institute of Standards and Technology, 2
December 1980.
[FIPS197] Federal Information Processing Standards Publication FIPS PUB 197
Advanced Encryption Standard (AES), U.S. Department Of Commerce/National Institute
of Standards and Technology, 26 November 2001.
[MENE] Menezes, van Oorschot and Vanstone, Handbook of Applied Cryptography,
CRC Press LLC, 1997.
[NZEDI] New Zealand Customs Service, EDI Message Implementation Guidelines for
Customs Declarations, 15 November 1999.
[PKCS5] PKCS #5, Password-Based Encryption Standard, RSA Laboratories, Version
2.0, March 1999.
[PKCS7] PKCS #5, Cryptographic Message Syntax Standard, RSA Laboratories,
Version 1.5, November 1993.
[RANK] Rankl, W and W. Effing, Smart Card Handbook, John Wiley, 1997.
[SCHN] Bruce Schneier, Applied Cryptography - Protocols, Algorithms and Source
Code in C, second edition, John Wiley, 1996.
[STAL] William Stallings, Cryptography and Network Security: Principles and Practice,
2nd edition, Prentice Hall 1998, ISBN 0138690170 (3rd edition 2002, ISBN
0130914290).
[TMOVS] NIST Special Publication 800-20 Modes of Operation Validation System for
the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures, April
2000.
Vincent Rijmen, "Cryptanalysis and design of iterated block ciphers", doctoral dissertation,
October 1997.
Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish).
Fast Software Encryption 1993: 191-204
Bruce Schneier, The Blowfish Encryption Algorithm -- One Year Later,Dr. Dobb's Journl
20(9), p. 137, September 1995
Serge Vaudenay, "On the weak keys of Blowfish," Fast Software Encryption (FSE'96),
LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 27--32.
* Biham, Eli and Adi Shamir (1991). "Differential Cryptanalysis of DES-like Cryptosystems".
Journal of Cryptology 4 (1): 3–72. doi:10.1007/BF00630563.
http://www.springerlink.com/content/k54h077np8714058/. (preprint)
* Biham, Eli and Adi Shamir, Differential Cryptanalysis of the Data Encryption Standard,
Springer Verlag, 1993. ISBN 0-387-97930-1, ISBN 3-540-97930-1.
* Biham, Eli and Alex Biryukov: An Improvement of Davies' Attack on DES. J. Cryptology
10(3): 195–206 (1997)
* Biham, Eli, Orr Dunkelman, Nathan Keller: Enhancing Differential-Linear Cryptanalysis.
ASIACRYPT 2002: pp254–266
* Biham, Eli. A Fast New DES Implementation in Software Cracking DES: Secrets of
Encryption Research, Wiretap Politics, and Chip Design, Electronic Frontier Foundation
* Biryukov, A, C. De Canniere and M. Quisquater (2004). "On Multiple Linear
Approximations". Lecture Notes in Computer Science 3152: 1–22. doi:10.1007/b99099.
http://www.springerlink.com/content/16udaqwwl9ffrtxt/. (preprint).
* Campbell, Keith W., Michael J. Wiener: DES is not a Group. CRYPTO 1992: pp512–520
* Coppersmith, Don. (1994). The data encryption standard (DES) and its strength against
attacks. IBM Journal of Research and Development, 38(3), 243–250.
* Diffie, Whitfield and Martin Hellman, "Exhaustive Cryptanalysis of the NBS Data
Encryption Standard" IEEE Computer 10(6), June 1977, pp74–84
* Ehrsam et al., Product Block Cipher System for Data Security, U.S. Patent 3,962,539, Filed
February 24, 1975
* Gilmore, John, "Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip
Design", 1998, O'Reilly, ISBN 1-56592-520-3.
* Junod, Pascal. "On the Complexity of Matsui's Attack." Selected Areas in Cryptography,
2001, pp199–211.
* Kaliski, Burton S., Matt Robshaw: Linear Cryptanalysis Using Multiple Approximations.
CRYPTO 1994: pp26–39
* Knudsen, Lars, John Erik Mathiassen: A Chosen-Plaintext Linear Attack on DES. Fast
Software Encryption - FSE 2000: pp262–272
* Langford, Susan K., Martin E. Hellman: Differential-Linear Cryptanalysis. CRYPTO 1994:
17–25
* Levy, Steven, Crypto: How the Code Rebels Beat the Government—Saving Privacy in the
Digital Age, 2001, ISBN 0-14-024432-8.
* Matsui, Mitsuru (1994). "Linear Cryptanalysis Method for DES Cipher". Lecture Notes in
Computer Science 765: 386–397. doi:10.1007/3-540-48285-7.
http://www.springerlink.com/content/92509p5l4ravyn62/. (preprint)
* Mitsuru Matsui (1994). "The First Experimental Cryptanalysis of the Data Encryption
Standard". Lecture Notes in Computer Science 839: 1–11. doi:10.1007/3-540-48658-5_1.
http://www.springerlink.com/content/vrteugmt7erqqbw1/.
* National Bureau of Standards, Data Encryption Standard, FIPS-Pub.46. National Bureau of
Standards, U.S. Department of Commerce, Washington D.C., January 1977.
