SlideShare a Scribd company logo

Cybersecurity Research Paper

Download as DOCX, PDF
S
Shubham Gupta
1 of 14
Cybersecurity Research paper on Encryption Algorithms By- Shubam Gupta Rohit Dumbre Sapna Bhat Ming Zhou Alexander Progacki
International Data Encryption Algorithm (IDEA) By-Rohit Dumbre Introduction: In cryptography, the International Data Encryption Algorithm (IDEA), originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher, Proposed Encryption Standard (PES). The cipher was designed under a research contract with the Hasler Foundation, which became part of Ascom-Tech AG. The cipher was patented in a number of countries but was freely available for non-commercial use. The name "IDEA" is also atrademark. The last patents expired in 2012, and IDEA is now patent-free and thus completely free for all uses. IDEA was used in Pretty Good Privacy (PGP) v2.0, and was incorporated after the original cipher used in v1.0, BassOmatic, was found to be insecure.[4] IDEA is an optional algorithm in the OpenPGP standard. Operation: Thought works on 64-bit squares utilizing a 128-piece key, and comprises of a progression of eight indistinguishable changes (a round, see the delineation) and a yield change (the half-round). The procedures for encryption and unscrambling are comparative. Thought infers a lot of its security by interleaving operations from various gatherings — particular expansion and duplication, and bitwise eXclusive OR(XOR) — which are mathematically "contradictory" in some sense. In more detail, these administrators, which all arrangement with 16-bit amounts, are:  Bitwise eXclusive OR (signified with a blue hovered in addition to ⊕).  Expansion modulo 216 (signified with a green boxed in addition to ⊞).  Increase modulo 216+1, where the every one of the zero word (0x0000) in inputs is translated as 216 and 216 in yield is deciphered as the each of the zero word (0x0000) (indicated by a red circumnavigated dab ⊙).
After the eight rounds comes a final “half round”, the output transformation illustrated below (the swap of the middle two values cancels out the swap at the end of the last round, so that there is no net swap): Let the four quarters of the plaintext be called A, B, C, and D, and the 52 subkeys called K(1) through K(52). Before round 1, or as the first part of it, the following is done: Multiply A by K(1). Add K(2) to B. Add K(3) to C. Multiply D by K(4). Round 1 proper consists of the following: Calculate A xor C (call it E) and B xor D (call it F). Multiply E by K(5). Add the new value of E to F. Multiply the new value of F by K(6). Add the result, which is also the new value of F, to E. Change both A and C by XORing the current value of F with each of them; change both B and D by XORing the current value of E with each of them. Swap B and C. Repeat all of this eight times, or seven more times, using K(7) through K(12) the second time, up to K(43) through K(48) the eighth time. Note that the swap of B and C is not performed after round 8. Then multiply A by K(49). Add K(50) to B. Add K(51) to C. Multiply D by K(52). Decryption: How can the round in IDEA be reversed,since all four quarters of the block are changed at the same time, based on a function of all four of their old values? Well, the trick to that is that A xor C isn't changed when both A and C are XORed by the same value, that value cancels out, no matter what that value might be. And the same applies to B xor D. And since the values used are functions of (A xor C) and (B xor D), they are still available. This cross-footed round, rather than a Feistel round, is the most striking distinguishing factor of IDEA, although its use of multiplication, addition, and XOR to avoid the use of S-boxes is also important.
Those that are added are replaced by their two's complement. Those that are multiplied in are replaced by their multiplicative inverse, modulo 65,537, in IDEAnotation when usedto change blocks directly, but those used to calculate the cross-footed F-functions are not changed. Keys XORed in would not need to be changed, but there aren't any such keys in IDEA. Due to the placement of the swap,the first four keys for decryption are moved somewhat differently than the other keys used for the same operation between rounds. The decryption key schedule is: The first four subkeys for decryption are: KD(1) = 1/K(49) KD(2) = -K(50) KD(3) = -K(51) KD(4) = 1/K(52) and they do not quite follow the same pattern as the remaining subkeys which follow. The following is repeated eight times, adding 6 to every decryption key's index and subtracting 6 from every encryption key's index: KD(5) = K(47) KD(6) = K(48) KD(7) = 1/K(43) KD(8) = -K(45) KD(9) = -K(44) KD(10) = 1/K(46) Security: The designers analysed IDEA to measure its strength against differential cryptanalysis and concluded that it is immune under certain assumptions. No successful linear or algebraic weaknesses have been reported. Asof 2007,the best attack which applied to all keys could break IDEA reduced to 6 rounds (the full IDEA cipher uses 8.5 rounds). Note that a "break" is any attack which requires less than 2128 operations; the 6-round attack requires 264 known plaintexts and 2126.8 operations. Bruce Schneier thought highly of IDEA in 1996, writing, "In my opinion, it is the best and most secure block algorithm available to the public at this time." (Applied Cryptography,2nded.)However,by 1999 he wasno longer recommending IDEA due to the availability of faster algorithms, some progress in its cryptanalysis, and the issue of patents. In 2011 full 8.5-round IDEAwasbroken using a meet-in-the-middle attack. Independently in 2012, full 8.5 round IDEA was broken using a narrow-bicliques attack,with a reduction of cryptographic strength of about two bits, similar to the effect of the previous bicliques attack on AES. Weak keys: The very simple key schedule makes IDEA subject to a class of weak keys; some keys containing a large number of 0 bits produce weak encryption. These are of little concern in practice, being sufficiently rare that they are unnecessary to avoid explicitly when generating keys randomly. A simple fix was proposed: exclusive-ORing each subkey with a 16-bit constant, such as 0x0DAE. Larger classes of weak keys were found in 2002.
This is still of negligible probability to be a concern to a randomly chosen key, and some of the problems are fixed by the constant XOR proposed earlier, but the paper is not certain if all of them are. A more comprehensive redesign of the IDEA key schedule may be desirable.
RSA Algorithm Ming Zhou CS 573 My final projectisabout RSA algorithm. RSA is an algorithmforsecuringdata transmission,itisshort forthe letters of the initial of the surname of the guys who published it. ” The concept is proposed in Diffie and Hellman (1976) “New Directions in Cryptography and Public-key encryptionwas proposed in 1970 by James Ellis. It is an asymmetric algorithm (different key to encryption and decryption) based on the difficulty of factoring the product of two large prime numbers. RSA derivesitssecurityfromthe difficultyof factoringlarge integersthatare the productof two large prime numbers.Multiplyingthese twonumbersiseasy,butdeterminingthe original prime numbersfromthe total -- factoring -- is considered infeasible due to the time it would take even using today’s super computers. The publicandthe private key-generationalgorithmisthe mostcomplexpartof RSA cryptography.Twolarge prime numbers, p and q, are generated using the Rabin-Miller primality test algorithm. A modulus n is calculated by multiplying p and q. This number is used by both the public and private keys and provides the linkbetweenthem.Itslength,usuallyexpressedinbits,iscalledthe keylength.The publickeyconsistsof the modulus n, and a public exponent, e, which is normallyset at 65537, as it's a prime number that is not too large. The e figure doesn’t have to be a secretly selected prime number as the public key is shared with everyone.The privatekeyconsistsof the modulusnandthe private exponentd,whichiscalculatedusingthe Extended Euclidean algorithm to find the multiplicative inverse with respect to the totient of n. What is the steps for doing RSA algorithm for encryption and decryption? First, we need to do the key generation.We select2 large prime numbersof about the same size,p and q, typically,the range of q and p is between 512 and 2048 bits and reason for that is about the security. In that range the security can be guaranteed. Afterthatwe needtocompute n=p*q,and  (n) =(q-1)(p-1).Afterthatwe selecte, 1<e<(n), s.t.gcd(e, (n)) =1. The final stepisto compute d, 1< d<  (n) s.t. ed=1 mod  (n).publickeyisthe pairof e andn and the private keyisabout d.Basedon the publickeyandprivate keywe can do the encryptionand decryption for our thing. Here is a simple example for how the algorithm is working. Alice generates her RSA keys by selecting two primes: p=11 and q=13. The modulus n=p*q=143. The totient of n ϕ(n)=(p−1)x(q−1)=120. She chooses 7 for her RSA publickeye and calculatesher RSA private keyusingthe ExtendedEuclideanAlgorithmwhichgives her 103. Bob wants to send Alice an encrypted message Mso he obtains her RSA public key(n, e) which in this example is (143, 7). His plaintext message is just the number 9 and is encrypted into cipher text C as follows: Me mod n = 97 mod 143 = 48 = C. When Alice receivesBob’s message she decrypts it by using her RSA private key (d, n) as follows C^d mod n = 48103 mod 143 = 9 = M. To use RSA keys to digitally sign a message,Alicewouldcreate ahashormessage digestof hermessagetoBob,encryptthe hashvalue withher RSA private keyand add it to the message.Bob can then verifythatthe message hasbeensentby Alice and has not been altered by decrypting the hash value with her public key. If thisvalue matches the hash of the original message,thenonlyAlice couldhave sentit(authenticationandnon-repudiation) andthe message is exactly as she wrote it (integrity). Alice could, of course, encrypt her message with Bob’s RSA public key (confidentiality) before sending it to Bob. A digital certificate contains information that identifies the certificate'sownerandalsocontainsthe owner'spublickey.Certificatesare signedbythe certificateauthority that issues them, and can simplify the process of obtaining public keys and verifying the owner.
Here is an real world example. Let us encrypt a message “attack at dawn”. First, we needtotransferthismessage toa language computercanread and compute,itisa stringwe need to transferthemto an integertocompute.We can everyalphabetrepresentanumberisASCIcharacter.It is easytotransferanditis 1976620216402300889624482718775150. Afterthatwe needtopickourp andq, as I said, the size of q and p shouldbe the same but not that close . for here I use Robin-Millerprimalitytestto pick them. What is Robin- Miller primality test ? Let n>1 be odd with n-1=2^k m with an odd m. Choose a randomintegera,1<a<n-1.Compute b0≡am(modn),if b0≡±1(modn), thenstopandnisprobablyprime, otherwise letb1≡(b0)2(modn).If b1≡1 (modn), thenn is composite andgcd(b0-1,n) is a nontrivial factor of n else if b1≡-1 (modn),stop and n is probablyprime,otherwise letb2≡(b1)2(modn).If b2≡1 (modn), thenn iscomposite,elseif b2≡-1(modn),stopand n is probablyprime.Continue inthiswayuntil stopping or reaching bk-1. If bk-1 !≡-1, then n is composite. These number represent q and p.Q is 121310724392112718973236715316124404284724276337014109256345493123019643730420856193241 97365322416866541017057361365214171711713797974299334871062829803541 and p is 120275242554787488859562207937345121287333878036820754336538999839551798509887978998691 46900809131611153346817050832096022160146366346391812470987105415233. Andthenwe compute n= pq,and (n) =(q-1)(p-1) andpicke(publickey) as65537, whichhasa gcd of 1 with (n),and compute d (private key). Based on the keys we can do the encryption. Encryption: 350521113386730266902124239370533285118807608115799816206428023466858106231098502359430 490809733862411137840407947041939782153784997654130836464387847409523069325349451950801 838615742252262188798272324539128205968864403775360824656817500744174591514854074458625 11023472235560823053497791518928820272257787786 Decryption:35052111338673026690212423937053328511880760811579981620642802346685810623109 850235943049080973386241113784040794704193978215378499765413083646438784740952306932534 945195080183861574225226218879827232453912820596886440377536082465681750074417459151485 407445862511023472235560823053497791518928820272257787786 mod n A more concerned side is about the security. As discussed, the security of RSA relies on the computational difficulty of factoring large integers. As computing power increases and more efficient factoring algorithms are discovered, the ability to factor larger and larger numbers also increases. Encryptionstrength is directly tiedto keysize,anddoublingkeylengthdeliversanexponential increase instrength,althoughitdoesimpair performance.RSA keysare typically1024- or 2048-bits long,but expertsbelieve that1024-bit keyscouldbe broken in the near future, which is why government and industry are moving to a minimum key length of 2048-bits. Barringan unforeseenbreakthroughinquantumcomputing,itshouldbe manyyearsbeforelonger keysare required,butellipticcurve cryptographyisgainingfavorwithmanysecurityexpertsasanalternative to RSA for implementing public-key cryptography. It can create faster, smaller and more efficient cryptographic keys. Much of today’s hardware and software is ECC-readyand its popularity is likely to grow as it can deliverequivalentsecuritywithlowercomputingpowerandbatteryresource usage,makingitmore suitable formobile appsthanRSA.Finally,ateamof researcherswhichincludedAdi Shamir,aco-inventorof
RSA, has successfully determined a 4096-bit RSA key using acoustic cryptanalysis, however any encryption algorithm is vulnerable to this type of attack.( http://searchsecurity.techtarget.com/definition/RSA) FinallyIwant to what I have learntfromthis class.Before I took thiscourse I barelyknow any cybersecurity applicationinmylife.Whatreallyimpressme isthatwhenItookthe lecture andheardRSA securityID.After I learntthe knowledge of that,the firstthingcame to my mindis a real applicationIuse everyday.Itiscalled QQ securityloginin.everytime whenyoutrytologinthe QQ applicationfromthe PC,youneeda temporary passcode,soyouneedtocheckoutthe digitsonthe application,andgetthemtoputthem.Iwanttosay that the knowledge is very practical and I already can apply them in my life.
CS 573 A– Cybersecurity (Spring 2016) Hash Based Message Authentication Code Compiled by: SAPNA BHAT – 10404894 (Group 4) Introduction In cryptography, a keyed-hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function (hence the 'H') in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key. An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired. The definition and analysis of the HMAC construction was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, who also wrote RFC 2104. This paper also defined a variant called NMAC that is rarely, if ever, used. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA1 and HMAC-MD5 are used within the IPsec and TLS protocols. Definition This definition is taken from RFC 2104: where H is a cryptographic hash function, K is the secret key, m is the message to be authenticated, K' is another secret key, derived from the original key K (by padding K to the right with extra zeroes to the input block size of the hash function, or by hashing K if it is longer than that block size),
|| denotes concatenation, ⊕ denotes exclusive or (XOR), opad is the outer padding (0x5c5c5c…5c5c, one-block-long hexadecimal constant), and ipad is the inner padding (0x363636…3636, one-block-long hexadecimal constant). Design principles The design of the HMAC specification was motivated by the existence of attacks on more trivial mechanisms for combining a key with a hash function. For example, one might assume the same security that HMAC provides could be achieved with MAC = H (key ∥ message). However, this method suffers from a serious flaw: with most hash functions, it is easy to append data to the message without knowing the key and obtain another valid MAC ("length-extension attack"). The alternative, appending the key using MAC =H (message ∥ key), suffers from the problem that an attacker who can find a collision in the (unkeyed) hash function has a collision in the MAC (as two messages m1 and m2 yielding the same hash will provide the same start condition to the hash function before the appended key is hashed, hence the final hash will be the same). Using MAC = H (key ∥message ∥ key) is better, but various security papers have suggested vulnerabilities with this approach, even when two different keys are used. No known extensions attacks have been found against the current HMAC specification which is defined as H (key ∥ H(key ∥ message)) because the outer application of the hash function masks the intermediate result of the internal hash. The values of ipad and opad are not critical to the security of the algorithm, but were defined in such a way to have a large Hamming distance from each other and so the inner and outer keys will have fewer bits in common. The security reduction of HMAC does require them to be different in at least one bit.
The Keccak hash function, that was selected by NIST as the SHA-3 competition winner, doesn't need this nested approach and can be used to generate a MAC by simply prepending the key to the message, as it is not susceptible to length-extension-attacks. Security The cryptographic strength of the HMAC depends upon the size of the secret key that is used. The most common attack against HMACs is brute force to uncover the secret key. HMACs are substantially less affected by collisions than their underlying hashing algorithms alone. Therefore,HMAC-MD5 does not suffer from the same weaknesses that have been found in MD5. In 2006, Jongsung Kim, Alex Biryukov, Bart Preneel, and Seokhie Hong showed how to distinguish HMAC with reduced versions of MD5 and SHA-1 or full versions of HAVAL, MD4, and SHA-0 from a random function or HMAC with a random function. Differential distinguishers allow an attacker to devise a forgery attack on HMAC. Furthermore, differential and rectangle distinguishers can lead to second-preimage attacks. HMAC with the full version of MD4 can be forged with this knowledge. These attacks do not contradict the security proof of HMAC, but provide insight into HMAC based on existing cryptographic hash functions. In 2009, Xiaoyun Wang et al. presented a distinguishing attack on HMAC-MD5 without using related keys. It can distinguish an instantiation of HMAC with MD5 from an instantiation with a random function with 2^97 queries with probability 0.87. In 2011 an informational RFC 6151 was approved to update the security considerations in MD5 and HMAC- MD5. For HMAC-MD5 the RFC summarizes that - although the security of the MD5 hash function itself is severely compromised - the currently known "attacks on HMAC-MD5 do not seem to indicate a practical vulnerability when used as a message authentication code." In improperly-secured systems a timing attack can be performed to find out a HMAC digit by digit. References https://en.wikipedia.org/wiki/Hash-based_message_authentication_code https://www.ietf.org/rfc/rfc2104.txt
BLOWFISH by Alex Rogacki Blowfish was a cipher designed in 1993 by Bruce Schneier as a replacement for the aging DES encryption algorithm. Like DES, Blowfish is a symmetric-key block cipher, meaning it used the same key to encrypt and decrypt, and it cuts up the plaintext it intends to encrypt into blocks and encrypts them individually. Unlike other algorithms at the time, which were patented by companies or governments, Blowfish was released into the public domain, in hopes that it would allow people to use encryption without having to deal with the legal battles that would ensue from the patents on other algorithms. The algorithm has yet to be broken. The cipher itself is fairy fast, but there is some overhead from processing the key. Blowfish generates the functions it uses for encryption based on the key it is given. The tables it generates from the key requires the same amount of time as processing four kilobytes of text, which is slow compared to other similar algorithms. While not an incredibly large problem, this prevents the use of the algorithm on embedded systems, and some models of smartcards. The algorithm also has a known weakness when utilizing a specific set of weak keys, and it is not recommended for use on large files, such as ones larger than 4 gigabytes, due to the small block size compared to more modern algorithms. However, its weaknesses can be eliminated by using longer keys, as the algorithm has a maximum key size of 448 bits. Twofish is the successor to Blowfish. Similarly, it is a symmetric-key block cipher, this time using a block size of 128 bits, and allowing up to a 256 block key. Twofish was designed by the same man as its predecessor, Bruce Schneier, and was one of the five finalists to be selected for standardization as the
Advanced Encryption Standard. Much like Blowfish, the algorithm generated its S-boxes based on the key it was given. More specifically, Twofish would split the key in half, using the first half to generate the S-box functions and the second half to encrypt the plain text. It has been suggested that splitting the key in this manner could lead to exploits or methods of breaking the cipher, but no such method has surfaced. Most conversations about Twofish result in comparisons with the other AES finalists. While Twofish proved to be a very secure algorithm, it lost to the AES winner, Rijndael, in two categories. Following in the footsteps of Blowfish, Twofish had a complicated key-preparation algorithm. This led to the cipher running slower than some others when using key sizes smaller than 256 bits. The relative complexity of the algorithm also, like Blowfish, made the algorithm run slowly when implemented into hardware, and when put on smartcards. While Twofish was considered more secure than Rijndael, these speed issues are what led to Rijandael being selected over it. The other AES finalist that was ranked higher than Twofish was an algorithm called Serpent. Serpent was slower than both Rijandael and Twofish by far, even though the designers built the systemto maximize parallelismas much as possible. It was ranked highly because it employed 32 rounds of encryption, meaning the data was encrypted 32 times, which, while making it the slowest algorithm, gave it the highest margin of safety with Twofish coming in just behind it. It was not selected to be the Advanced Encryption Standard for the same reason as Twofish, however, as it was a slow algorithm, and could not efficiently be implemented on low end systems, smartcards, or be easily given hardware acceleration. Like Blowfish, Twofish was not patented, and one of its implementations was placed into public domain, so it could be used by anyone who needed it. Twofish has also had two possible attacks proposed against it. In 1999, an impossible differential attack was put forth, which broke six of the cipher’s sixteen
rounds of encryption. In 2000, a truncated differential analysis was proposed that could substantially reduce the effort required to break the full sixteen encryption rounds of the cipher. While the first proposed attack does present a weakness, it is not enough to break the algorithm as a whole. The second, however, was merely presented as a theoretical attack and, as of yet, no successful attempt has been made to break the cipher using this method. Despite the fact that Twofish remains unbroken and is a perfectly good algorithm for use on modern-day computers, it has seen substantially less use that Rijandael due to the latter’s status as the Advanced Encryption Standard, and its predecessor Blowfish, likely because of how long Blowfish has been available.

Recommended

Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
 
RSA
RSARSA
RSAbansidhar11
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMSathish Kumar
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeDharmalingam Ganesan
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysDharmalingam Ganesan
 

Recommended

Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
 
RSA
RSARSA
RSAbansidhar11
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMSathish Kumar
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeDharmalingam Ganesan
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysDharmalingam Ganesan
 
Crack Wep Wifi Under100seconds
Crack Wep Wifi Under100secondsCrack Wep Wifi Under100seconds
Crack Wep Wifi Under100secondsmvde3000
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public keyDharmalingam Ganesan
 
The RSA Algorithm
The RSA AlgorithmThe RSA Algorithm
The RSA AlgorithmANTONY P SAIJI
 
The rsa algorithm JooSeok Song
The rsa algorithm JooSeok SongThe rsa algorithm JooSeok Song
The rsa algorithm JooSeok SongInformation Security Awareness Group
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
Survey on asymmetric key cryptography algorithms
Survey on asymmetric key cryptography algorithmsSurvey on asymmetric key cryptography algorithms
Survey on asymmetric key cryptography algorithmsEditor Jacotech
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key AlgorithmsBit Hacker
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithmPrateek Pandey
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithmArpana shree
 
Cryptography Workbook
Cryptography WorkbookCryptography Workbook
Cryptography WorkbookArthyR3
 
Factorization Hack of RSA Secret Numbers
Factorization Hack of RSA Secret NumbersFactorization Hack of RSA Secret Numbers
Factorization Hack of RSA Secret NumbersUniversitas Pembangunan Panca Budi
 
Implementation of RSA Algorithm for Speech Data Encryption and Decryption
Implementation of RSA Algorithm for Speech Data Encryption and DecryptionImplementation of RSA Algorithm for Speech Data Encryption and Decryption
Implementation of RSA Algorithm for Speech Data Encryption and DecryptionMd. Ariful Hoque
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystemSamdish Arora
 
Rsa Algorithm
Rsa AlgorithmRsa Algorithm
Rsa AlgorithmAshik Iqbal
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzleDharmalingam Ganesan
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer FactorizationDharmalingam Ganesan
 
Youth conceptions on elections and mediated democracy: What patterns reveals...
Youth conceptions on elections and mediated democracy: What patterns reveals...Youth conceptions on elections and mediated democracy: What patterns reveals...
Youth conceptions on elections and mediated democracy: What patterns reveals...Maria José Brites
 
George lucas simple present text worksheet ppt.
George lucas simple present text worksheet ppt.George lucas simple present text worksheet ppt.
George lucas simple present text worksheet ppt.doritos2013
 

More Related Content

What's hot

Crack Wep Wifi Under100seconds
Crack Wep Wifi Under100secondsCrack Wep Wifi Under100seconds
Crack Wep Wifi Under100secondsmvde3000
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public keyDharmalingam Ganesan
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
Survey on asymmetric key cryptography algorithms
Survey on asymmetric key cryptography algorithmsSurvey on asymmetric key cryptography algorithms
Survey on asymmetric key cryptography algorithmsEditor Jacotech
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key AlgorithmsBit Hacker
 
Cryptography Workbook
Cryptography WorkbookCryptography Workbook
Cryptography WorkbookArthyR3
 
Implementation of RSA Algorithm for Speech Data Encryption and Decryption
Implementation of RSA Algorithm for Speech Data Encryption and DecryptionImplementation of RSA Algorithm for Speech Data Encryption and Decryption
Implementation of RSA Algorithm for Speech Data Encryption and DecryptionMd. Ariful Hoque
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystemSamdish Arora
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer FactorizationDharmalingam Ganesan
 

What's hot (20)

Crack Wep Wifi Under100seconds
Crack Wep Wifi Under100secondsCrack Wep Wifi Under100seconds
Crack Wep Wifi Under100seconds
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
 
The RSA Algorithm
The RSA AlgorithmThe RSA Algorithm
The RSA Algorithm
 
The rsa algorithm JooSeok Song
The rsa algorithm JooSeok SongThe rsa algorithm JooSeok Song
The rsa algorithm JooSeok Song
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Survey on asymmetric key cryptography algorithms
Survey on asymmetric key cryptography algorithmsSurvey on asymmetric key cryptography algorithms
Survey on asymmetric key cryptography algorithms
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key Algorithms
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
 
Cryptography Workbook
Cryptography WorkbookCryptography Workbook
Cryptography Workbook
 
Factorization Hack of RSA Secret Numbers
Factorization Hack of RSA Secret NumbersFactorization Hack of RSA Secret Numbers
Factorization Hack of RSA Secret Numbers
 
Implementation of RSA Algorithm for Speech Data Encryption and Decryption
Implementation of RSA Algorithm for Speech Data Encryption and DecryptionImplementation of RSA Algorithm for Speech Data Encryption and Decryption
Implementation of RSA Algorithm for Speech Data Encryption and Decryption
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystem
 
Rsa Algorithm
Rsa AlgorithmRsa Algorithm
Rsa Algorithm
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_Paper
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer Factorization
 

Viewers also liked

Youth conceptions on elections and mediated democracy: What patterns reveals...
Youth conceptions on elections and mediated democracy: What patterns reveals...Youth conceptions on elections and mediated democracy: What patterns reveals...
Youth conceptions on elections and mediated democracy: What patterns reveals...Maria José Brites
 
George lucas simple present text worksheet ppt.
George lucas simple present text worksheet ppt.George lucas simple present text worksheet ppt.
George lucas simple present text worksheet ppt.doritos2013
 
Audiencia de Presentación del aprehendido en fraglancia
Audiencia de Presentación del aprehendido en fraglancia Audiencia de Presentación del aprehendido en fraglancia
Audiencia de Presentación del aprehendido en fraglanciacarlafh
 
The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...
The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...
The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...Raleigh Latham
 
The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...
The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...
The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...Maria José Brites
 
Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...
Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...
Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...Kathryn Cicerchi
 
Can Adaptation Studies Survive?
Can Adaptation Studies Survive?Can Adaptation Studies Survive?
Can Adaptation Studies Survive?laurence raw
 

Viewers also liked (11)

Youth conceptions on elections and mediated democracy: What patterns reveals...
Youth conceptions on elections and mediated democracy: What patterns reveals...Youth conceptions on elections and mediated democracy: What patterns reveals...
Youth conceptions on elections and mediated democracy: What patterns reveals...
 
George lucas simple present text worksheet ppt.
George lucas simple present text worksheet ppt.George lucas simple present text worksheet ppt.
George lucas simple present text worksheet ppt.
 
Audiencia de Presentación del aprehendido en fraglancia
Audiencia de Presentación del aprehendido en fraglancia Audiencia de Presentación del aprehendido en fraglancia
Audiencia de Presentación del aprehendido en fraglancia
 
атабек чимпулатов+буря+все люди
атабек чимпулатов+буря+все людиатабек чимпулатов+буря+все люди
атабек чимпулатов+буря+все люди
 
The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...
The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...
The Epic Travel Planning Course Part 1: How to Pick the Best Country to Trave...
 
Blogger
BloggerBlogger
Blogger
 
The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...
The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...
The Reciprocal Role of Media and Civic Literacies: A Case Study of News and Y...
 
Ensayo
EnsayoEnsayo
Ensayo
 
Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...
Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...
Transplantation Science: Teaching the Science Behind Organ, Eye and Tissue Do...
 
Can Adaptation Studies Survive?
Can Adaptation Studies Survive?Can Adaptation Studies Survive?
Can Adaptation Studies Survive?
 
Dimensionless number
Dimensionless numberDimensionless number
Dimensionless number
 

Similar to Cybersecurity Research Paper

Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithmsijsrd.com
 
Narrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullideaNarrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullideaRifad Mohamed
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Idea (international data encryption algorithm)
Idea (international data encryption algorithm)AmanMishra208
 
Module 1-Block Ciphers and the Data Encryption Standard.pptx
Module 1-Block Ciphers and the Data Encryption Standard.pptxModule 1-Block Ciphers and the Data Encryption Standard.pptx
Module 1-Block Ciphers and the Data Encryption Standard.pptxSridharCS7
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
Improving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA AlgorithmImproving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA Algorithmpaperpublications3
 
Hardware implementation of the serpent block cipher using fpga technology
Hardware implementation of the serpent block cipher using fpga technologyHardware implementation of the serpent block cipher using fpga technology
Hardware implementation of the serpent block cipher using fpga technologyIAEME Publication
 
cryptography and network security chap 3
cryptography and network security chap 3cryptography and network security chap 3
cryptography and network security chap 3Debanjan Bhattacharya
 

Similar to Cybersecurity Research Paper (20)

Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithms
 
Narrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullideaNarrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullidea
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
 
CNS2 unit 2.pdf
CNS2 unit 2.pdfCNS2 unit 2.pdf
CNS2 unit 2.pdf
 
icwet1097
icwet1097icwet1097
icwet1097
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Idea (international data encryption algorithm)
Idea (international data encryption algorithm)
 
Module 1-Block Ciphers and the Data Encryption Standard.pptx
Module 1-Block Ciphers and the Data Encryption Standard.pptxModule 1-Block Ciphers and the Data Encryption Standard.pptx
Module 1-Block Ciphers and the Data Encryption Standard.pptx
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 
50620130101002
5062013010100250620130101002
50620130101002
 
Analysis of a Modified RC4
Analysis of a Modified RC4 Analysis of a Modified RC4
Analysis of a Modified RC4
 
Final report
Final reportFinal report
Final report
 
DES
DESDES
DES
 
Hybrid encryption
Hybrid encryption Hybrid encryption
Hybrid encryption
 
section-8.ppt
section-8.pptsection-8.ppt
section-8.ppt
 
Improving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA AlgorithmImproving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA Algorithm
 
Hardware implementation of the serpent block cipher using fpga technology
Hardware implementation of the serpent block cipher using fpga technologyHardware implementation of the serpent block cipher using fpga technology
Hardware implementation of the serpent block cipher using fpga technology
 
How to share a secret
How to share a secretHow to share a secret
How to share a secret
 
Kleptography
KleptographyKleptography
Kleptography
 
cryptography and network security chap 3
cryptography and network security chap 3cryptography and network security chap 3
cryptography and network security chap 3
 

Cybersecurity Research Paper

  • 1. Cybersecurity Research paper on Encryption Algorithms By- Shubam Gupta Rohit Dumbre Sapna Bhat Ming Zhou Alexander Progacki
  • 2. International Data Encryption Algorithm (IDEA) By-Rohit Dumbre Introduction: In cryptography, the International Data Encryption Algorithm (IDEA), originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher, Proposed Encryption Standard (PES). The cipher was designed under a research contract with the Hasler Foundation, which became part of Ascom-Tech AG. The cipher was patented in a number of countries but was freely available for non-commercial use. The name "IDEA" is also atrademark. The last patents expired in 2012, and IDEA is now patent-free and thus completely free for all uses. IDEA was used in Pretty Good Privacy (PGP) v2.0, and was incorporated after the original cipher used in v1.0, BassOmatic, was found to be insecure.[4] IDEA is an optional algorithm in the OpenPGP standard. Operation: Thought works on 64-bit squares utilizing a 128-piece key, and comprises of a progression of eight indistinguishable changes (a round, see the delineation) and a yield change (the half-round). The procedures for encryption and unscrambling are comparative. Thought infers a lot of its security by interleaving operations from various gatherings — particular expansion and duplication, and bitwise eXclusive OR(XOR) — which are mathematically "contradictory" in some sense. In more detail, these administrators, which all arrangement with 16-bit amounts, are:  Bitwise eXclusive OR (signified with a blue hovered in addition to ⊕).  Expansion modulo 216 (signified with a green boxed in addition to ⊞).  Increase modulo 216+1, where the every one of the zero word (0x0000) in inputs is translated as 216 and 216 in yield is deciphered as the each of the zero word (0x0000) (indicated by a red circumnavigated dab ⊙).
  • 3. After the eight rounds comes a final “half round”, the output transformation illustrated below (the swap of the middle two values cancels out the swap at the end of the last round, so that there is no net swap): Let the four quarters of the plaintext be called A, B, C, and D, and the 52 subkeys called K(1) through K(52). Before round 1, or as the first part of it, the following is done: Multiply A by K(1). Add K(2) to B. Add K(3) to C. Multiply D by K(4). Round 1 proper consists of the following: Calculate A xor C (call it E) and B xor D (call it F). Multiply E by K(5). Add the new value of E to F. Multiply the new value of F by K(6). Add the result, which is also the new value of F, to E. Change both A and C by XORing the current value of F with each of them; change both B and D by XORing the current value of E with each of them. Swap B and C. Repeat all of this eight times, or seven more times, using K(7) through K(12) the second time, up to K(43) through K(48) the eighth time. Note that the swap of B and C is not performed after round 8. Then multiply A by K(49). Add K(50) to B. Add K(51) to C. Multiply D by K(52). Decryption: How can the round in IDEA be reversed,since all four quarters of the block are changed at the same time, based on a function of all four of their old values? Well, the trick to that is that A xor C isn't changed when both A and C are XORed by the same value, that value cancels out, no matter what that value might be. And the same applies to B xor D. And since the values used are functions of (A xor C) and (B xor D), they are still available. This cross-footed round, rather than a Feistel round, is the most striking distinguishing factor of IDEA, although its use of multiplication, addition, and XOR to avoid the use of S-boxes is also important.
  • 4. Those that are added are replaced by their two's complement. Those that are multiplied in are replaced by their multiplicative inverse, modulo 65,537, in IDEAnotation when usedto change blocks directly, but those used to calculate the cross-footed F-functions are not changed. Keys XORed in would not need to be changed, but there aren't any such keys in IDEA. Due to the placement of the swap,the first four keys for decryption are moved somewhat differently than the other keys used for the same operation between rounds. The decryption key schedule is: The first four subkeys for decryption are: KD(1) = 1/K(49) KD(2) = -K(50) KD(3) = -K(51) KD(4) = 1/K(52) and they do not quite follow the same pattern as the remaining subkeys which follow. The following is repeated eight times, adding 6 to every decryption key's index and subtracting 6 from every encryption key's index: KD(5) = K(47) KD(6) = K(48) KD(7) = 1/K(43) KD(8) = -K(45) KD(9) = -K(44) KD(10) = 1/K(46) Security: The designers analysed IDEA to measure its strength against differential cryptanalysis and concluded that it is immune under certain assumptions. No successful linear or algebraic weaknesses have been reported. Asof 2007,the best attack which applied to all keys could break IDEA reduced to 6 rounds (the full IDEA cipher uses 8.5 rounds). Note that a "break" is any attack which requires less than 2128 operations; the 6-round attack requires 264 known plaintexts and 2126.8 operations. Bruce Schneier thought highly of IDEA in 1996, writing, "In my opinion, it is the best and most secure block algorithm available to the public at this time." (Applied Cryptography,2nded.)However,by 1999 he wasno longer recommending IDEA due to the availability of faster algorithms, some progress in its cryptanalysis, and the issue of patents. In 2011 full 8.5-round IDEAwasbroken using a meet-in-the-middle attack. Independently in 2012, full 8.5 round IDEA was broken using a narrow-bicliques attack,with a reduction of cryptographic strength of about two bits, similar to the effect of the previous bicliques attack on AES. Weak keys: The very simple key schedule makes IDEA subject to a class of weak keys; some keys containing a large number of 0 bits produce weak encryption. These are of little concern in practice, being sufficiently rare that they are unnecessary to avoid explicitly when generating keys randomly. A simple fix was proposed: exclusive-ORing each subkey with a 16-bit constant, such as 0x0DAE. Larger classes of weak keys were found in 2002.
  • 5. This is still of negligible probability to be a concern to a randomly chosen key, and some of the problems are fixed by the constant XOR proposed earlier, but the paper is not certain if all of them are. A more comprehensive redesign of the IDEA key schedule may be desirable.
  • 6. RSA Algorithm Ming Zhou CS 573 My final projectisabout RSA algorithm. RSA is an algorithmforsecuringdata transmission,itisshort forthe letters of the initial of the surname of the guys who published it. ” The concept is proposed in Diffie and Hellman (1976) “New Directions in Cryptography and Public-key encryptionwas proposed in 1970 by James Ellis. It is an asymmetric algorithm (different key to encryption and decryption) based on the difficulty of factoring the product of two large prime numbers. RSA derivesitssecurityfromthe difficultyof factoringlarge integersthatare the productof two large prime numbers.Multiplyingthese twonumbersiseasy,butdeterminingthe original prime numbersfromthe total -- factoring -- is considered infeasible due to the time it would take even using today’s super computers. The publicandthe private key-generationalgorithmisthe mostcomplexpartof RSA cryptography.Twolarge prime numbers, p and q, are generated using the Rabin-Miller primality test algorithm. A modulus n is calculated by multiplying p and q. This number is used by both the public and private keys and provides the linkbetweenthem.Itslength,usuallyexpressedinbits,iscalledthe keylength.The publickeyconsistsof the modulus n, and a public exponent, e, which is normallyset at 65537, as it's a prime number that is not too large. The e figure doesn’t have to be a secretly selected prime number as the public key is shared with everyone.The privatekeyconsistsof the modulusnandthe private exponentd,whichiscalculatedusingthe Extended Euclidean algorithm to find the multiplicative inverse with respect to the totient of n. What is the steps for doing RSA algorithm for encryption and decryption? First, we need to do the key generation.We select2 large prime numbersof about the same size,p and q, typically,the range of q and p is between 512 and 2048 bits and reason for that is about the security. In that range the security can be guaranteed. Afterthatwe needtocompute n=p*q,and  (n) =(q-1)(p-1).Afterthatwe selecte, 1<e<(n), s.t.gcd(e, (n)) =1. The final stepisto compute d, 1< d<  (n) s.t. ed=1 mod  (n).publickeyisthe pairof e andn and the private keyisabout d.Basedon the publickeyandprivate keywe can do the encryptionand decryption for our thing. Here is a simple example for how the algorithm is working. Alice generates her RSA keys by selecting two primes: p=11 and q=13. The modulus n=p*q=143. The totient of n ϕ(n)=(p−1)x(q−1)=120. She chooses 7 for her RSA publickeye and calculatesher RSA private keyusingthe ExtendedEuclideanAlgorithmwhichgives her 103. Bob wants to send Alice an encrypted message Mso he obtains her RSA public key(n, e) which in this example is (143, 7). His plaintext message is just the number 9 and is encrypted into cipher text C as follows: Me mod n = 97 mod 143 = 48 = C. When Alice receivesBob’s message she decrypts it by using her RSA private key (d, n) as follows C^d mod n = 48103 mod 143 = 9 = M. To use RSA keys to digitally sign a message,Alicewouldcreate ahashormessage digestof hermessagetoBob,encryptthe hashvalue withher RSA private keyand add it to the message.Bob can then verifythatthe message hasbeensentby Alice and has not been altered by decrypting the hash value with her public key. If thisvalue matches the hash of the original message,thenonlyAlice couldhave sentit(authenticationandnon-repudiation) andthe message is exactly as she wrote it (integrity). Alice could, of course, encrypt her message with Bob’s RSA public key (confidentiality) before sending it to Bob. A digital certificate contains information that identifies the certificate'sownerandalsocontainsthe owner'spublickey.Certificatesare signedbythe certificateauthority that issues them, and can simplify the process of obtaining public keys and verifying the owner.
  • 7. Here is an real world example. Let us encrypt a message “attack at dawn”. First, we needtotransferthismessage toa language computercanread and compute,itisa stringwe need to transferthemto an integertocompute.We can everyalphabetrepresentanumberisASCIcharacter.It is easytotransferanditis 1976620216402300889624482718775150. Afterthatwe needtopickourp andq, as I said, the size of q and p shouldbe the same but not that close . for here I use Robin-Millerprimalitytestto pick them. What is Robin- Miller primality test ? Let n>1 be odd with n-1=2^k m with an odd m. Choose a randomintegera,1<a<n-1.Compute b0≡am(modn),if b0≡±1(modn), thenstopandnisprobablyprime, otherwise letb1≡(b0)2(modn).If b1≡1 (modn), thenn is composite andgcd(b0-1,n) is a nontrivial factor of n else if b1≡-1 (modn),stop and n is probablyprime,otherwise letb2≡(b1)2(modn).If b2≡1 (modn), thenn iscomposite,elseif b2≡-1(modn),stopand n is probablyprime.Continue inthiswayuntil stopping or reaching bk-1. If bk-1 !≡-1, then n is composite. These number represent q and p.Q is 121310724392112718973236715316124404284724276337014109256345493123019643730420856193241 97365322416866541017057361365214171711713797974299334871062829803541 and p is 120275242554787488859562207937345121287333878036820754336538999839551798509887978998691 46900809131611153346817050832096022160146366346391812470987105415233. Andthenwe compute n= pq,and (n) =(q-1)(p-1) andpicke(publickey) as65537, whichhasa gcd of 1 with (n),and compute d (private key). Based on the keys we can do the encryption. Encryption: 350521113386730266902124239370533285118807608115799816206428023466858106231098502359430 490809733862411137840407947041939782153784997654130836464387847409523069325349451950801 838615742252262188798272324539128205968864403775360824656817500744174591514854074458625 11023472235560823053497791518928820272257787786 Decryption:35052111338673026690212423937053328511880760811579981620642802346685810623109 850235943049080973386241113784040794704193978215378499765413083646438784740952306932534 945195080183861574225226218879827232453912820596886440377536082465681750074417459151485 407445862511023472235560823053497791518928820272257787786 mod n A more concerned side is about the security. As discussed, the security of RSA relies on the computational difficulty of factoring large integers. As computing power increases and more efficient factoring algorithms are discovered, the ability to factor larger and larger numbers also increases. Encryptionstrength is directly tiedto keysize,anddoublingkeylengthdeliversanexponential increase instrength,althoughitdoesimpair performance.RSA keysare typically1024- or 2048-bits long,but expertsbelieve that1024-bit keyscouldbe broken in the near future, which is why government and industry are moving to a minimum key length of 2048-bits. Barringan unforeseenbreakthroughinquantumcomputing,itshouldbe manyyearsbeforelonger keysare required,butellipticcurve cryptographyisgainingfavorwithmanysecurityexpertsasanalternative to RSA for implementing public-key cryptography. It can create faster, smaller and more efficient cryptographic keys. Much of today’s hardware and software is ECC-readyand its popularity is likely to grow as it can deliverequivalentsecuritywithlowercomputingpowerandbatteryresource usage,makingitmore suitable formobile appsthanRSA.Finally,ateamof researcherswhichincludedAdi Shamir,aco-inventorof
  • 8. RSA, has successfully determined a 4096-bit RSA key using acoustic cryptanalysis, however any encryption algorithm is vulnerable to this type of attack.( http://searchsecurity.techtarget.com/definition/RSA) FinallyIwant to what I have learntfromthis class.Before I took thiscourse I barelyknow any cybersecurity applicationinmylife.Whatreallyimpressme isthatwhenItookthe lecture andheardRSA securityID.After I learntthe knowledge of that,the firstthingcame to my mindis a real applicationIuse everyday.Itiscalled QQ securityloginin.everytime whenyoutrytologinthe QQ applicationfromthe PC,youneeda temporary passcode,soyouneedtocheckoutthe digitsonthe application,andgetthemtoputthem.Iwanttosay that the knowledge is very practical and I already can apply them in my life.
  • 9. CS 573 A– Cybersecurity (Spring 2016) Hash Based Message Authentication Code Compiled by: SAPNA BHAT – 10404894 (Group 4) Introduction In cryptography, a keyed-hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function (hence the 'H') in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key. An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired. The definition and analysis of the HMAC construction was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, who also wrote RFC 2104. This paper also defined a variant called NMAC that is rarely, if ever, used. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA1 and HMAC-MD5 are used within the IPsec and TLS protocols. Definition This definition is taken from RFC 2104: where H is a cryptographic hash function, K is the secret key, m is the message to be authenticated, K' is another secret key, derived from the original key K (by padding K to the right with extra zeroes to the input block size of the hash function, or by hashing K if it is longer than that block size),
  • 10. || denotes concatenation, ⊕ denotes exclusive or (XOR), opad is the outer padding (0x5c5c5c…5c5c, one-block-long hexadecimal constant), and ipad is the inner padding (0x363636…3636, one-block-long hexadecimal constant). Design principles The design of the HMAC specification was motivated by the existence of attacks on more trivial mechanisms for combining a key with a hash function. For example, one might assume the same security that HMAC provides could be achieved with MAC = H (key ∥ message). However, this method suffers from a serious flaw: with most hash functions, it is easy to append data to the message without knowing the key and obtain another valid MAC ("length-extension attack"). The alternative, appending the key using MAC =H (message ∥ key), suffers from the problem that an attacker who can find a collision in the (unkeyed) hash function has a collision in the MAC (as two messages m1 and m2 yielding the same hash will provide the same start condition to the hash function before the appended key is hashed, hence the final hash will be the same). Using MAC = H (key ∥message ∥ key) is better, but various security papers have suggested vulnerabilities with this approach, even when two different keys are used. No known extensions attacks have been found against the current HMAC specification which is defined as H (key ∥ H(key ∥ message)) because the outer application of the hash function masks the intermediate result of the internal hash. The values of ipad and opad are not critical to the security of the algorithm, but were defined in such a way to have a large Hamming distance from each other and so the inner and outer keys will have fewer bits in common. The security reduction of HMAC does require them to be different in at least one bit.
  • 11. The Keccak hash function, that was selected by NIST as the SHA-3 competition winner, doesn't need this nested approach and can be used to generate a MAC by simply prepending the key to the message, as it is not susceptible to length-extension-attacks. Security The cryptographic strength of the HMAC depends upon the size of the secret key that is used. The most common attack against HMACs is brute force to uncover the secret key. HMACs are substantially less affected by collisions than their underlying hashing algorithms alone. Therefore,HMAC-MD5 does not suffer from the same weaknesses that have been found in MD5. In 2006, Jongsung Kim, Alex Biryukov, Bart Preneel, and Seokhie Hong showed how to distinguish HMAC with reduced versions of MD5 and SHA-1 or full versions of HAVAL, MD4, and SHA-0 from a random function or HMAC with a random function. Differential distinguishers allow an attacker to devise a forgery attack on HMAC. Furthermore, differential and rectangle distinguishers can lead to second-preimage attacks. HMAC with the full version of MD4 can be forged with this knowledge. These attacks do not contradict the security proof of HMAC, but provide insight into HMAC based on existing cryptographic hash functions. In 2009, Xiaoyun Wang et al. presented a distinguishing attack on HMAC-MD5 without using related keys. It can distinguish an instantiation of HMAC with MD5 from an instantiation with a random function with 2^97 queries with probability 0.87. In 2011 an informational RFC 6151 was approved to update the security considerations in MD5 and HMAC- MD5. For HMAC-MD5 the RFC summarizes that - although the security of the MD5 hash function itself is severely compromised - the currently known "attacks on HMAC-MD5 do not seem to indicate a practical vulnerability when used as a message authentication code." In improperly-secured systems a timing attack can be performed to find out a HMAC digit by digit. References https://en.wikipedia.org/wiki/Hash-based_message_authentication_code https://www.ietf.org/rfc/rfc2104.txt
  • 12. BLOWFISH by Alex Rogacki Blowfish was a cipher designed in 1993 by Bruce Schneier as a replacement for the aging DES encryption algorithm. Like DES, Blowfish is a symmetric-key block cipher, meaning it used the same key to encrypt and decrypt, and it cuts up the plaintext it intends to encrypt into blocks and encrypts them individually. Unlike other algorithms at the time, which were patented by companies or governments, Blowfish was released into the public domain, in hopes that it would allow people to use encryption without having to deal with the legal battles that would ensue from the patents on other algorithms. The algorithm has yet to be broken. The cipher itself is fairy fast, but there is some overhead from processing the key. Blowfish generates the functions it uses for encryption based on the key it is given. The tables it generates from the key requires the same amount of time as processing four kilobytes of text, which is slow compared to other similar algorithms. While not an incredibly large problem, this prevents the use of the algorithm on embedded systems, and some models of smartcards. The algorithm also has a known weakness when utilizing a specific set of weak keys, and it is not recommended for use on large files, such as ones larger than 4 gigabytes, due to the small block size compared to more modern algorithms. However, its weaknesses can be eliminated by using longer keys, as the algorithm has a maximum key size of 448 bits. Twofish is the successor to Blowfish. Similarly, it is a symmetric-key block cipher, this time using a block size of 128 bits, and allowing up to a 256 block key. Twofish was designed by the same man as its predecessor, Bruce Schneier, and was one of the five finalists to be selected for standardization as the
  • 13. Advanced Encryption Standard. Much like Blowfish, the algorithm generated its S-boxes based on the key it was given. More specifically, Twofish would split the key in half, using the first half to generate the S-box functions and the second half to encrypt the plain text. It has been suggested that splitting the key in this manner could lead to exploits or methods of breaking the cipher, but no such method has surfaced. Most conversations about Twofish result in comparisons with the other AES finalists. While Twofish proved to be a very secure algorithm, it lost to the AES winner, Rijndael, in two categories. Following in the footsteps of Blowfish, Twofish had a complicated key-preparation algorithm. This led to the cipher running slower than some others when using key sizes smaller than 256 bits. The relative complexity of the algorithm also, like Blowfish, made the algorithm run slowly when implemented into hardware, and when put on smartcards. While Twofish was considered more secure than Rijndael, these speed issues are what led to Rijandael being selected over it. The other AES finalist that was ranked higher than Twofish was an algorithm called Serpent. Serpent was slower than both Rijandael and Twofish by far, even though the designers built the systemto maximize parallelismas much as possible. It was ranked highly because it employed 32 rounds of encryption, meaning the data was encrypted 32 times, which, while making it the slowest algorithm, gave it the highest margin of safety with Twofish coming in just behind it. It was not selected to be the Advanced Encryption Standard for the same reason as Twofish, however, as it was a slow algorithm, and could not efficiently be implemented on low end systems, smartcards, or be easily given hardware acceleration. Like Blowfish, Twofish was not patented, and one of its implementations was placed into public domain, so it could be used by anyone who needed it. Twofish has also had two possible attacks proposed against it. In 1999, an impossible differential attack was put forth, which broke six of the cipher’s sixteen
  • 14. rounds of encryption. In 2000, a truncated differential analysis was proposed that could substantially reduce the effort required to break the full sixteen encryption rounds of the cipher. While the first proposed attack does present a weakness, it is not enough to break the algorithm as a whole. The second, however, was merely presented as a theoretical attack and, as of yet, no successful attempt has been made to break the cipher using this method. Despite the fact that Twofish remains unbroken and is a perfectly good algorithm for use on modern-day computers, it has seen substantially less use that Rijandael due to the latter’s status as the Advanced Encryption Standard, and its predecessor Blowfish, likely because of how long Blowfish has been available.