ABOUT Random Algorithm number

Multiplicative Congruential Method:
Basic Relationship
Xi+1 = a Xi (mod m), where a >= 0  and  m >= 0
Most natural choice for m is one that equals to the capacity of a computer word.
m = 2b (binary machine), where b is the number of bits in the computer word.
m = 10d (decimal machine), where d is the number of digits in the computer word.

The max period(P) is:
For m a power of 2, say m = 2b, and c /= 0, the longest possible period is P = m = 2b , which is achieved provided that c is relatively prime to m (that is, the greatest common factor of c and m is 1), and a = 1 + 4k, where k is an integer.
For m a power of 2, say m = 2b, and c = 0, the longest possible period is P = m / 4 = 2b-2 , which is achieved provided that the seed X0 is odd and the multiplier, a, is given by a = 3 + 8k or a = 5 + 8k, for some k = 0, 1

For m a prime number and c = 0, the longest possible period is P = m - 1, which is achieved provided that the multiplier, a, has the property that the smallest integer k such that ak - 1 is divisible by m is k = m - 1,

(Example)
Using the multiplicative congruential method, find the period of the generator for a = 13, m = 26, and X0 = 1, 2, 3, and 4. The solution is given in next slide. When the seed is 1 and 3, the sequence has period 16. However, a period of length eight is achieved when the seed is 2 and a period of length four occurs when the seed is 4.

Period Determination Using Various seeds

    i    Xi     Xi     Xi     Xi


    0      1      2      3      4
    1    13    26    39    52  
    2    41    18    59    36  
    3    21    42    63    20  
    4    17    34    51      4  
    5    29    58    23      
    6    57    50    43      
    7    37    10    47      
    8    33      2    35      
    9    45      7      
   10      9     27      
   11    53     31  
   12    49     19  
   13    61     55  
   14    25     11  
   15      5     15  
   16      1      3  

ABOUT encryption with DES

As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed 

Figu 2.1

To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa.

One of the main problems with secret key cryptography is key distribution. For this form of cryptography to work, both parties must have a copy of the secret key. This would have to be communicated over some secure channel which, unfortunately, is not That easy to achieve. As will be seen later, puplic key cryptography provides a solution to this.

2.1 Brief history of DES
Up until recently, the main standard for encrypting data was a symmetric algorithm known as the Data Encryption Standard (DES). However, this has now been replaced by a new standard known as the Advanced Encryption Standard (AES) which we will look at later. DES is a 64 bit block cipher which means that it encrypts data 64 bits at a time. This is contrasted to a stream cipher in which only one bit at a time (or sometimes small groups of bits such as a byte) is encrypted. DES was the result of a research project set up by International Business Machines (IBM) corporation in the late 1960’s which resulted in a cipher known as LUCIFER. In the early 1970’s it was decided to commercialise LUCIFER and a number of significant
 

changes were introduced. IBM was not the only one involved in these changes as they sought technical advice from the National Security Agency (NSA) (other outside consultants were involved but it is likely that the NSA were the major contributors from a technical point of view). The altered version of LUCIFER was put forward as a proposal for the new national encryption standard requested by the National Bureau of Standards (NBS)3. It was finally adopted in 1977 as the Data Encryption Standard - DES (FIPS PUB 46). Some of the changes made to LUCIFER have been the subject of much controversy even to the present day. The most notable of these was the key size. LUCIFER used a key size of 128 bits however this was reduced to 56 bits for DES. Even though DES actually accepts a 64 bit key as input, the remaining eight bits are used for parity checking and have no effect on DES’s security. Outsiders were convinced that the 56 bit key was an easy target for a brute force attack4 due to its extremely small size. The need for the parity checking scheme was also questioned without satisfying answers.

2.2 Inner workings of DES
DES (and most of the other major symmetric ciphers) is based on a cipher known as the Feistel block cipher. This was a block cipher developed by the IBM cryptography researcher Horst Feistel in the early 70’s. It consists of a number of rounds where each round contains bit-shuffling, non-linear substitutions (S-boxes) and exclusive OR operations. Most symmetric encryption schemes today are based on this structure (known as a feistel network). As with most encryption schemes, DES expects two inputs - the plaintext to be encrypted and the secret key. The manner in which the plaintext is accepted, and the key arrangement used for encryption and decryption, both determine the type of cipher it is. DES is therefore a symmetric, 64 bit block cipher as it uses the same key for both encryption and decryption and only operates on 64 bit blocks of data at a time5 (be they plaintext or ciphertext). The key size used is 56 bits, however a 64 bit (or eight-byte) key is actually input. The least significant bit of each byte is either used for parity (odd for DES) or set arbitrarily and does not increase the security in any way. All blocks are numbered from left to right which makes the eight bit of each byte the parity bit. Once a plain-text message is received to be encrypted, it is arranged into 64 bit blocks required for input. If the number of bits in the message is not evenly divisible by 64 then the last block will be padded. Multiple permutations and substitutions are incorporated throughout in order to increase the difficulty of performing a cryptanalysis on the cipher. However, it is generally accepted that the initial and final permutations offer little or no contribution to the security of DES and in fact some software implementations omit them (although strictly speaking these are not DES as they do not adhere to the standart).

2.2.1 Overall structure
Figure 2.2 shows the sequence of events that occur during an encryption operation. DES performs an initial permutation on the entire 64 bit block of data. It is then split into 2, 32 bit sub-blocks, Li and Ri which are then passed into what is known as a round (see figure 2.3), of which there are 16 (the subscript i in Li and Ri indicates the current round). Each of the rounds are identical and the effects of increasing their number is twofold - the algorithms security is increased and its temporal efficiency decreased. Clearly these are two conflicting outcomes and a compromise must be made. For DES the number chosen was 16, probably to guarantee the elimination of any correlation between the ciphertext and either the plaintext or key6. At the end of the 16th round, the 32 bit Li and Ri output quantities are swapped to create what is known as the pre-output. This [R16, L16] concatenation is permuted using a function which is the exact inverse of the initial permutation. The output of this final permutation is the 64 bit ciphertext.

Figure 2.2 Flow Diagram of DES algorithm for encrypting data.

the left hand side of figure 2.2:
1. Initial permutation (IP - defined in table 2.1) rearranging the bits to form the “permuted    input”.
2. Followed by 16 iterations of the same function (substitution and permutation). The output  of the last iteration consists of 64 bits which is a function of the plaintext and key. The left and right halves are swapped to produce the preoutput.
3. Finally, the preoutput is passed through a permutation (IP−1 - defined in table 2.1) which is simply the inverse of the initial permutation (IP). The output of IP−1 is the 64-bit ciphertext.

Table 2.1: Permutation tables used in DES.

ABOUT CONVENTION CRYPTOSYSTEM

Illustrates the convention a encryption process. The original “plaintext” is converted into apparently random nonsense, called “ciphertext”. The encryption process consists of an algorithm and a key. The key is a value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time.Changing the key changes the output of the algorithm, i.e., the ciphertext. Once the ciphertext is produced, it may be transmitted. Upon reception, the ciphertext can be transformed back to the original plaintext by using a decryption algorithm and the same key that was used for encryption.

In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption.

Caesar's Cipher

A substitution cipher is an extremely simple example of conventional cryptography. A substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet. In Julius Caesar's cipher, the algorithm is to offset the alphabet and the key is the number of characters to offset it.

For example, if we encode the word "SECRET" using Caesar's key value of 3, we offset the alphabet so that the 3rd letter down (D) begins the alphabet.

Plaintext         ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext       DEFGHIJKLMNOPQRSTUVWXYZABC

where A=D (A encrypts as D) , B=E, C=F, and so on.

Using this scheme, the plaintext, "SECRET" encrypts as "VHFUHW." To allow someone else to read the ciphertext, you tell them that the key is 3.

Obviously, it had two weaknesses. The first was that the algorithm was not particularly strong. If trial and error couldn't crack the algorithm, then some simple analysis would. If English text was being encrypted, then it would be relatively simple to compare the frequency of letters in the cipher text against the frequency of letters in standard English. Statistics would soon reveal patterns that pointed out the probable plain text letter associated with each cipher text letter. Once a single association was found the entire algorithm could be cracked. No message would be secure.

But, it worked for Caesar, and it illustrates how conventional cryptography works.

Key Management and Conventional Encryption

Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution. The expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks (or small children with secret decoder rings).
 

Recall a character from your favorite spy movie: the person with a locked briefcase handcuffed to his or her wrist. What is in the briefcase, anyway? It's probably not the missile launch code/ biotoxin formula/ invasion plan itself. It's the key that will decrypt the secret data.
 

For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves. If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key. The persistent problem with conventional encryption is key distribution: how do you get the key to the recipient without someone intercepting it?
 

And the minor problem with it is the storage of keys: when you want to communicate with a lot of people and you have one key for each partner, how do you manage so many keys?
 
 

Did you know x-800 & RFC 2828 ?

X-800

History

Recommendation X.800 was prepared by Study Group VII and was approved under the Resolution No. 2

procedure on the 22nd of March 1991. For connection-mode data transfer, protecting the integrity of a sequence of data units (i.e. protecting against

misordering, losing, replaying and inserting or modifying data) requires additionally some form of explicit ordering such

as sequence numbering, time stamping, or cryptographic chaining. Security audit trails provide a valuable security mechanism as potentially they permit detection and

investigation of breaches of security by permitting a subsequent security audit. A security audit is an independent review

and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance

General description of security services and mechanisms

1. Overview

Security services that are included in the OSI security architecture and mechanisms which implement those

services are discussed in this section. The security services described below are basic security services. In practice they

will be invoked at appropriate layers and in appropriate combinations, usually with non-OSI services and mechanisms,

to satisfy security policy and/or user requirements. Particular security mechanisms can be used to implement

combinations of the basic security services.

2. Security services

The following are considered to be the security services which can be provided optionally within the

framework of the OSI Reference Model. The authentication services require authentication information comprising

locally stored information and data that is transferred (credentials) to facilitate the authentication.

3. Authentication

These services provide for the authentication of a communicating peer entity and the source of data as

described below.

4. Peer entity authentication

This service, when provided by the (N)-layer, provides corroboration to the (N + 1)-entity that the peer entity

is the claimed (N + 1)-entity.

This service is provided for use at the establishment of, or at times during, the data transfer phase of a

connection to confirm the identities of one or more of the entities connected to one or more of the other entities. This

service provides confidence, at the time of usage only, that an entity is not attempting a masquerade or an unauthorized

replay of a previous connection.

5. Data origin authentication

This service, when provided by the (N)-layer, provides corroboration to an (N + 1)-entity that the source of the

data is the claimed peer (N + 1)-entity.

The data origin authentication service provides the corroboration of the source of a data unit. The service does

not provide protection against duplication or modification of data units.

6. Access control

This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI

or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a

resource (e.g., the use of a communications resource; the reading, the writing, or the deletion of an information resource;

the execution of a processing resource) or to all accesses to a resource.

The control of access will be in accordance with various security policies (see § 6.2.1.1).

7. Data confidentiality

These services provide for the protection of data from unauthorized disclosure as described below.

Recommendation X.800 9

8. Connection confidentiality

This service provides for the confidentiality of all (N)-user-data on an (N)-connection.

Note – Depending on use and layer, it may not be appropriate to protect all data, e.g. expedited data or data in

a connection request.

9. Connectionless confidentiality

This service provides for the confidentiality of all (N)-user-data in a single connectionless (N)-SDU.

10. Selective field confidentiality

This service provides for the confidentiality of selected fields within the (N)-user-data on an (N)-connection or

in a single connectionless (N)-SDU.

11. Traffic flow confidentiality

This service provides for the protection of the information which might be derived from observation of traffic flows.

12. Data integrity

These services counter active threats and may take one of the forms described below.

Note – On a connection, the use of the peer entity authentication service at the start of the connection and the

data integrity service during the life of the connection can jointly provide for the corroboration of the source of all data

units transfered on the connection, the integrity of those data units, and may additionally provide for the detection of

duplication of data units, e.g. by the use of sequence numbers.

13. Connection integrity with recovery

This service provides for the integrity of all (N)-user-data on an (N)-connection and detects any modification,

insertion, deletion or replay of any data within an entire SDU sequence (with recovery attempted).

14. Connection integrity without recovery

As for Connection integrity with recovery but with no recovery attempted.

15 Selective field connection integrity

This service provides for the integrity of selected fields within the (N)-user data of an (N)-SDU transferred

over a connection and takes the form of determination of whether the selected fields have been modified, inserted,

deleted or replayed

RFC 2828
Introduction
This Glossary provides an internally consistent, complementary set of
abbreviations, definitions, explanations, and recommendations for use
of terminology related to information system security. The intent of
this Glossary is to improve the comprehensibility of Internet
Standards documents (ISDs)--i.e., RFCs, Internet-Drafts, and other
material produced as part of the Internet Standards Process [R2026]--
and of all other Internet material, too.

RFC 2828 Internet Security Glossary May 2000
This Glossary supports the goals of the Internet Standards Process:
o Clear, Concise, and Easily Understood Documentation
This Glossary seeks to improve comprehensibility of security-
related content of ISDs. That requires wording to be clear and
understandable, and requires the set of security-related terms and
definitions to be consistent and self-supporting. Also, the
terminology needs to be uniform across all ISDs; i.e., the same
term or definition needs to be used whenever and wherever the same
concept is mentioned.

Definitions
Note: Each acronym or other abbreviation (except items of common
English usage, such as "e.g.", "etc.", "i.e.", "vol.", "pp.", "U.S.")
that is used in this Glossary, either in a definition or as a subpart
of a defined term, is also defined in this Glossary.
$ 3DES
See: triple DES.
$ *-property
(N) (Pronounced "star property".) See: "confinement property"
under Bell-LaPadula Model.

o Paragraph Marking: Definitions and explanations are stated in
paragraphs that are marked as follows:
- "I" identifies a RECOMMENDED Internet definition.
- "N" identifies a RECOMMENDED non-Internet definition.
- "O" identifies a definition that is not recommended as the first
choice for Internet documents but is something that authors of
Internet documents need to know.
- "D" identifies a term or definition that SHOULD NOT be used in
Internet documents.
- "C" identifies commentary or additional usage guidance.
The rest of Section 2 further explains these five markings.
1. Recommended Terms with an Internet Basis ("I")
The paragraph marking "I" (as opposed to "O") indicates a definition
that SHOULD be the first choice for use in ISDs. Most terms and
definitions of this type MAY be used in ISDs; however, some "I"
definitions are accompanied by a "D" paragraph that recommends
against using the term.

An "I" (as opposed to an "N") also indicates that the definition has
an Internet basis. That is, either the Internet Standards Process is
authoritative for the term, or the term is sufficiently generic that
this Glossary can freely state a definition without contradicting a
non-Internet authority (e.g., see: attack).

An "I" (as opposed to an "N") also indicates that the definition has
an Internet basis. That is, either the Internet Standards Process is
authoritative for the term, or the term is sufficiently generic that
this Glossary can freely state a definition without contradicting a
non-Internet authority (e.g., see: attack).

2. Other Definitions ("O")
The paragraph marking "O" indicates a definition that has a non-
Internet basis, but indicates that the definition SHOULD NOT be used
in ISDs *except* in cases where the term is specifically identified
as non-Internet.

3. Deprecated Terms, Definitions, and Uses ("D")
If this Glossary recommends that a term or definition SHOULD NOT be
used in ISDs, then either the definition has the paragraph marking
"D", or the restriction is stated in a "D" paragraph that immediately
follows the term or definition.
4. Commentary and Additional Guidance ("C")
The paragraph marking "C" identifies text that is advisory or
tutorial. This text MAY be reused in other Internet documents. This
text is not intended to be authoritative, but is provided to clarify
the definitions and to enhance this Glossary so that Internet
security novices can use it as a tutorial.