Information Security

Dr. Irfan Yousuf

Department of Computer Science (New Campus)
UET, Lahore
(Week 7: October 14 - 18, 2024 )
Outline

•Block Cipher Modes of Operations

•Asymmetric Cryptography
•RSA Algorithm
Block Cipher Modes of Operations
•A block cipher takes a fixed-length block of text of
length b bits and a key as input and produces a b-bit
block of ciphertext.

•Block ciphers process blocks of fixed sizes (say 64

bits), but the length of plaintexts is mostly not a
multiple of the block size.
Block Cipher Modes of Operations
•If the amount of plaintext to be encrypted is greater
than b bits, then the block cipher can still be used by
breaking the plaintext up into b-bit blocks.

•Usually, the last block of bits needs to be padded up

with redundant information so that the length of the
final block equal to block size of the scheme.

•The process of adding bits to the last block is

referred to as padding.
Block Cipher Modes of Operations
•A mode of operation is a technique for enhancing
the effect of a cryptographic algorithm or adapting
the algorithm for an application, such as applying a
block cipher to a sequence of data blocks or a data
stream.
•Modes of operations also avoid mapping the same
plaintext to the same ciphertext.

•There are 5 modes of operation.

1. Electronic Code Block Mode (ECB)
• It is one of the simplest modes of operation.
•In this mode, the plain text is divided into a block
where each block is 64 bits.
•Then each block is encrypted separately.
•The same key is used for the encryption of all blocks.
Each block is encrypted using the key and makes the
block of ciphertext.
•The term codebook is used because, for a given key,
there is a unique ciphertext for every b-bit block of
plaintext. The ECB method is ideal for a short
amount of data
Electronic Code Block Mode (ECB)
Electronic Code Block Mode (ECB)
2. Cipher Block Chaining Mode (CBC)
• In this scheme, the input to the encryption
algorithm is the XOR of the current plaintext block
and the preceding ciphertext block; the same key is
used for each block.
•Therefore, if the same plaintext block is repeated,
different ciphertext blocks are produced.
•For decryption, each cipher block is passed through
the decryption algorithm. The result is XORed with
the preceding ciphertext block to produce the
plaintext block.
Cipher Block Chaining Mode (CBC)
• The IV is an initialization block, which is produced
using random number generator and it should be the
same size as the cipher block.
•This must be known to both the sender and receiver
but it should be unpredictable by a third party.
Cipher Block Chaining Mode (CBC)
Cipher Block Chaining Mode (CBC)
3. Cipher Feedback Mode (CFB)
• The cipher feedback (CFB) mode in its simplest form
uses the entire output of the block cipher.
•In this variation, it is very similar to CBC, makes a
block cipher into a self-synchronizing stream cipher.
Cipher Feedback Mode (CFB)
4. Output Feedback Mode (OFB)
•This scheme operates on full blocks of plaintext and
ciphertext where the output of the encryption
function is fed back to become the input for
encrypting the next block of plaintext.
•In the case of OFB, the IV must be a nonce; that is,
the IV must be unique to each execution of the
encryption operation.
Output Feedback Mode (OFB)
Output Feedback Mode (OFB)
5. Counter Mode (CTR)
In this mode, each block of plaintext is XORed with an
encrypted counter. Typically, the counter is initialized to some
value and then incremented by 1 for each subsequent block
being encrypted using the same key. Given a sequence of
counters T1, T2, …, TN, we can define CTR mode as follows:
Counter Mode (CTR)
Counter Mode (CTR)
Block Cipher Modes of Operations
Stream Cipher
•A stream cipher is a method of encrypting text (to
produce ciphertext) in which a cryptographic key and
algorithm are applied to each binary digit in a data
stream, one bit at a time.

•The main alternative method to stream cipher is the

block cipher, where a key and algorithm are applied
to blocks of data rather than individual bits in a
stream.
Stream Cipher
RC4 Algorithm
•RC4 (also known as Rivest Cipher 4) is a form of
stream cipher. It encrypts messages one byte at a
time via an algorithm.
•Plenty of stream ciphers exist, but RC4 is among the
most popular.
•It's simple to apply, and it works quickly, even on
very large pieces of data.
•If you've ever used an application like TSL (transport
layer security) or SSL (secure socket layer), you've
probably encountered RC4 encryption.
RC4 Algorithm
•It is a variable key size stream cipher with byte-
oriented operations.
•The algorithm is based on the use of a random
permutation.
•Eight to sixteen machine operations are required per
output byte, and the cipher can be expected to run
very quickly in software
RC4 Algorithm
•RC4 encryption algorithm comprises two
components—KSA (Key scheduling algorithm) and
PRGA (Pseudo random generation algorithm).
•These two algorithms together help the RC4
algorithm to produce the stream cipher.
RC4 Algorithm
RC4 Algorithm
RC4 Algorithm
• A variable-length key from 1 to 256 bytes (8 to 2048 bits)
is used to initialize a 256-byte state vector S, with elements
S[0],S[1], . . . ,S[255].

• At all times, S contains a permutation of all 8-bit numbers

from 0 through 255.

• For encryption and decryption, a byte k is generated from S

by selecting one of the 255 entries in a systematic fashion.

• As each value of k is generated, the entries in S are once

again permuted.
RC4 Algorithm
RC4 Algorithm: KSA
RC4 Algorithm: KSA
RC4 Algorithm: PRGA
RC4 Algorithm
RC4 Encryption Example
RC4 Encryption Example
RC4 Encryption Example
Decryption in RC4 Algorithm
 Use the same secret key as during the encryption phase.
 Generate keystream by running the KSA and PRGA.
 XOR keystream with the encrypted text to generate the plain text.
 Logic is simple :

(A xor B) xor B = A

A = Plain Text or Data

B = KeyStream
Time to Crack?
Time to Crack?
Time to Crack?
•AES successor to DES selected in 2001.
•128-bit keys, encrypt 128-bit blocks
•Brute force attack
•Try 1 Trillion keys per second
•Would take 10790283070806000000 years to try
all keys!
•A machine that can crack a DES key in one
second would take 149 trillion years to crack a
128-bit AES key.
Symmetric-key cryptography
Symmetric-key cryptography

• In symmetric-key cryptography, the same key is used by

the sender(for encryption) and the receiver (for
decryption). The key is shared.
• Algorithm: DES,AES
• Advantages:
• Simple
• Faster
• Disadvantages:
• Key must be exchanged in a secure way.
• Easy for hacker to get a key as it is passed in unsecure
way.
Asymmetric-key cryptography
Asymmetric-key cryptography
• An asymmetric-key (or public-key) cipher uses two keys:
one private (To encrypt data) and one public(To decrypt
data).

• Advantages
• More Secured
• Authentication
• Disadvantages
• Relatively Complex
• Time consuming process for Encryption and
Decryption.
Asymmetric-key cryptography

• Two parties don't need to have their private keys already

shared in order to communicate using encryption.

• Authentication and Non-Repudiation are possible.

(Authentication means that you can encrypt the message
with my public key and only I can decrypt it with my
private key. Non-repudiation means that you can "sign" the
message with your private key and I can verify that it came
from you with your public key.)
Asymmetric-key cryptography
• Asymmetric encryption use two keys, one to
encrypt the data, and another key to decrypt the data.
•These keys are generated together.
•. One is named as Public key and is distributed
freely.
•The other is named as Private Key and it is kept
hidden.
•Both Sender & Recipient has to share their Public
Keys for Encryption and has to use their Private
Keys for Decryption.
RSA Cryptosystem
• The RSA algorithm (Rivest-Shamir-Adleman), was first
publicly described in 1977 by Ron Rivest, Adi Shamir
and Leonard Adleman of the Massachusetts Institute of
Technology.

• The RSA algorithm is the basis of a cryptosystem -- a

suite of cryptographic algorithms that are used for
specific security services or purposes -- which enables
public key encryption and is widely used to secure
sensitive data, particularly when it is being sent over an
insecure network such as the internet.
RSA Cryptosystem

• In RSA cryptography, both the public and the

private keys can encrypt a message.
• The opposite key from the one used to encrypt a
message is used to decrypt it.
• This attribute is one reason why RSA has become
the most widely used asymmetric algorithm.
• It provides a method to assure the confidentiality,
integrity, authenticity, and non-repudiation of
electronic communications and data storage.
RSA Cryptosystem

• Many protocols, including Secure Shell (SSH),

OpenPGP, S/MIME, and SSL/TLS, rely on RSA for
encryption and digital signature functions.
• It is also used in software programs -- browsers are
an obvious example, as they need to establish a
secure connection over an insecure network, like
the internet, or validate a digital signature.
• RSA signature verification is one of the most
commonly performed operations in network-
connected systems.
RSA Cryptosystem

• A client (for example browser) sends its public key

to the server and requests some data.

• The server encrypts the data using the client’s

public key and sends the encrypted data.

• The client receives this data and decrypts it.

Why is RSA used?

• RSA derives its security from the difficulty of

factoring large integers that are the product of two
large prime numbers.

• Multiplying these two numbers is easy, but

determining the original prime numbers from the
total -- or factoring -- is considered infeasible due to
the time it would take using even today's
supercomputers.
Why is RSA used?

• The public and private key generation algorithm is

the most complex part of RSA cryptography.

• Two large prime numbers, x and y, are generated

using the Rabin-Miller primality test algorithm.

• A modulus, n, is calculated by multiplying x and y.

• This number is used by both the public and private

keys and provides the link between them. Its length,
usually expressed in bits is called the key length.
How RSA works?
How RSA works?
How RSA works? Example

1. Select x=11, y=13

2. Calculate n = x*y = 11x13 = 143
3. Calculate totient = (x-1)(y-1) = 10x12=120
4. Let e=7 such that public key is (143,7)
5. Calculate d = 103 such that private key is
(143,103)
How RSA works? Example

1. Encryption:
Let P = 9
97 mod 143 = 48
2. Decryption:
C = 48
48103 mod 143 = 9
How RSA works? Example
Summary
• Asymmetric Cryptography
• RSA