Cryptography Question Bank Solution 2076

Among monoalphabetic and polyalphabetic cipher, which one is more vulnerable? Justify your statement. Which types of keys are considered weak keys in DES? Explain the round operation in IDEA.

Among monoalphabetic and polyalphabetic ciphers, the monoalphabetic cipher is more vulnerable because of its fixed key substitution which opens it to many attacks. This type of encryption can be easily broken down using the “Brute Force Algorithm” and frequency analysis attacks. This BFA tries to decrypt the message by trying all the possible combinations. Thus, to prevent this type of attack, the words should be long enough, which is impossible for every word in a sentence.

DES with a cipher key of 56 bits is not safe enough to be used comfortably. Four out of 2⁵⁶ possible keys are called weak keys. A weak key is one that, after parity drop operation, consists either of all 0s, all 1s, or half 0s and half 1s. These keys are shown in the figure below:

The round keys created from any of these weak keys are the same and have the same pattern as the cipher key. If we encrypt a block with a weak key and subsequently encrypt the result with the same weak key, we get the original block. The process creates the same original block if we decrypt the block twice. In other words, each weak key is the inverse of itself E_k(E_k(P)) = P.

IDEA is a block cipher and it operates on 64-bit plaintext and a 128-bit key. IDEA is reversible like DES that is, the equivalent algorithm can be used for encryption and decryption. IDEA needs both diffusion and confusion for encryption.

The 64-bit plaintext is divided into four portions of 16-bit plaintext (P₁ to P₄). These are inputs to the first round. There are eight such rounds. The key includes 128 bits. In each round, six sub-keys are produced from the original key, each of these sub-keys includes 16 bits.

For the first round it can have keys K₁ to K₆, for the second round it can have keys K₇ to K₁₂ and finally the last round. The final step includes an output transformer, which needs four subkeys (K₄₉ to K₅₂).

The final output is the output created by the output transformation step. The blocks C₁ to C₄ are linked to form the final output.

Encryption in IDEA:

By using a 128-bit key, IDEA encrypts a 64-bit block of plaintext into a 64-bit block of cipher text. One process partitions the plain text block into four 16-bit sub-blocks for each of the eight complete rounds, namely X1, X2, X3 an X4.

Another process produces six 16-bit key subblocks for each of the encryption rounds, namely Z1, Z2, Z3, Z4, Z5 and Z6. For subsequent output transformation, a further four 16-bit key subblocks are required. Thus, from a 128-bit key, a total of 52 16-bit subblocks are generated.

In each complete round, three algebraic operations are performed: bitwise XOR, addition modulo 2¹⁶ and multiplication modulo 2¹⁶+1.

The 14 steps for a complete round are the following:

1. Multiply X1 with Z1.
2. Add X2 to Z2.
3. Add X3 to Z3.
4. Multiply X4 with Z4.
5. Bitwise XOR the results of steps 1 and 3.
6. Bitwise XOR the results of steps 2 and 4.
7. Multiply the result of step 5 with Z5.
8. Add the results of steps 6 and 7.
9. Multiply the result of step 8 with Z6.
10. Add the results of steps 7 and 9.
11. Bitwise XOR the results of steps 1 and 9.
12. Bitwise XOR the results of steps 3 and 9.
13. Bitwise XOR the results of steps 2 and 10.
14. Bitwise XOR the results of steps 4 and 10.

Six subkeys are used in each of the eight rounds, and the final 4 subkeys are used in the ninth half-round final transformation.

Swapping occurs for every round until the final complete round (round 8). After eight complete rounds, the final half-round transformation occurs. The steps involved are the following:

1. Multiply X1 with the first subkey.
2. Add X2 with the second subkey.
3. Add X3 with the third subkey.
4. Multiply X4 with the fourth subkey.

The concatenation of the four blocks is the encrypted output.

 

State Fermat’s theorem with an example. Given the prime number p=29 and its primitive root g=8, private key sender with X=9 and random integer K=11, encrypt the message m=13 using ElGamal cryptosystem.

Fermat’s theorem states that if p is a prime number, then for any integer a, the number a^p – a is an integer multiple of p.

Here p is a prime number
a^p ≡ a (mod p)

Example:

P = an integer Prime number
a = an integer that is not a multiple of P
Let a = 2 and P = 17

According to Fermat’s little theorem
2 17 – 1 ≡ 1 mod(17)
we got 65536 % 17 ≡ 1
that mean (65536-1) is a multiple of 17

Numerical Part:

Given,

p = 29

g = 8

the private key (X) = 9

random integer (K) = 11

messages (m) = 13

Now,

Public key = (p, g, y = g^x mode p)

= (29, 8, 8⁹ mode 29)

= (8¹¹ mode 29, 13, 15¹¹ mode 29)

= (29, 8, 15)

Again, encryption the message (m)

E(m) = (g^x mode p, m, y^k mode p)

= (8¹¹ mode 29, 13, 15¹¹ mode 29)

= (3, 12)

Compare the SHA parameters between SHA-1 and SHA-2 families. Decrypt the cipher text DRJI with the key \(\begin{pmatrix}7 & 8\\ 11 & 11\end{pmatrix}\) using the Hill cipher.

The major differences between SHA-1 and SHA-2 families are

SHA1	SHA2
It is a cryptographic hash function designed by U.S. National Security Agency to replace SH0.	It is a cryptographic hash function designed by U.S. National Security Agency to replace SH1.
It was published in 1995.	While it was published in 2001.
It produces 160 bits hash value.	It produces 224, 256, 384, or 512 bits hash values.
It is the successor to SH0 and the predecessor to SH2.	It is the successor to SH1 and the predecessor to SH3.
It is less secure.	While it is more secure.
Its structure is based on Merkle–Damgard construction.	Its structure is based on Merkle–Damgard structure with Davies–Meyer compression function.
SHA1 certificates are not reliable.	SHA2 has more improved certificates.
It generates a smaller hash.	While it generates a larger hash.
The hash generated by SHA1 is weak.	While the hash generated by SHA2 is strong.
It is not widely used nowadays.	While it is used widely.

Solution:

Given,

k = \(\begin{pmatrix}7 & 8\\ 11 & 11\end{pmatrix}\)

Step 1: Find the multiplicative inverse of determinant of key matrix \(\begin{pmatrix}7 & 8\\ 11 & 11\end{pmatrix}\).

= 7 x 11 – 8 x 11 = 15 mode 26

Now, the multiplicative inverse of 15 mode 26 is

or, 15 x a = 1 mode 26

or, a = 7

Step 2: Find the adjoint of the matrix of key matrix \(\begin{pmatrix}7 & 8\\ 11 & 11\end{pmatrix}\)

= \(\begin{pmatrix}11 & -8\\ -11 & 7\end{pmatrix}\) mode 26

= \(\begin{pmatrix}11 & 8\\ 15 & 7\end{pmatrix}\)

Step 3: Multiply multiplicative inverse of determinant by adjoint of matrix

= 7 x \(\begin{pmatrix}11 & 18\\ 15 & 7\end{pmatrix}\)

= \(\begin{pmatrix}25 & 22\\ 1 & 23\end{pmatrix}\) mode 26

Now, cipher text = “DRJI”

\(\begin{pmatrix}D\\ R\end{pmatrix}\) = \(\begin{pmatrix}3\\ 17\end{pmatrix}\)

\(\begin{pmatrix}J\\ I\end{pmatrix}\) = \(\begin{pmatrix}9\\ 8\end{pmatrix}\)

Step 4: Multiply cipher text (c) by inverse key matrix

= \(\begin{pmatrix}25 & 22\\ 1 & 23\end{pmatrix} \begin{pmatrix}3\\ 17\end{pmatrix}\) mode 26

= \(\begin{pmatrix}75 + 374\\ 3 + 391\end{pmatrix}\) mode 26

= \(\begin{pmatrix}449\\ 394\end{pmatrix}\) mode 26

= \(\begin{pmatrix}7\\ 4\end{pmatrix}\)

= \(\begin{pmatrix}H\\ E\end{pmatrix}\)

Similarly,

= \(\begin{pmatrix}25 & 22\\ 1 & 23\end{pmatrix} \begin{pmatrix}9\\ 8\end{pmatrix}\) mode 26

= \(\begin{pmatrix}225 + 176\\ 9 + 184\end{pmatrix}\) mode 26

= \(\begin{pmatrix}401\\ 193\end{pmatrix}\) mode 26

= \(\begin{pmatrix}11\\ 11\end{pmatrix}\)

= \(\begin{pmatrix}L\\ L\end{pmatrix}\)

Therefore, Plain text (P) = HELL

Define discrete logarithm. Explain the procedure of sharing the secret key in Diffie Hellman.

If a is an arbitrary integer relatively prime to a and g is a primitive root of n, then there exists among the numbers 0, 1, 2, …, Φ(n) – 1 where Φ(n) is the totient function, exactly one number µ such that

a = g^µ (mode n)

The number µ is then called the discrete logarithm of a with respect to the base g modulo n and is denoted

µ = ind_ga (mod n)

Figure below shows the procedure of sharing the secret key in Diffie Hellman

The steps are as follows:

1. Alice chooses a large random number x such that 0 ≤ x ≤ p – 1 and calculatesR₁ = g^x mode p
2. Bob chooses a large random number y such that 0 ≤ y ≤ p – 1 and calculatesR₂ = g^y mode p
3. Alice sends R1 to Bob. Note that Alice doesn’t send the value of x; she send only R₁
4. Bob sends R2 to Alice. Again, note that Bob does not send the value of y, he sends only R₂
5. Alice calculate K = (R2 )^x mod p
6. Bob calculate K = (R1 )^y mod p

K is a symmetric key for the session.

 

Distinguish between stream cipher and block cipher. Encrypt the message WE ARE IN SAME RACE UNTILL OVER LIVE END using Rail fence cipher using 4 as a number of rails.

The differences between stream cipher and block cipher are:

Key	Block Cipher	Stream Cipher
Definition	Block Cipher is a type of encryption where the conversion of plaintext is performed by taking its block at a time.	Stream Cipher is a type of encryption where the conversion of plaintext is performed by taking one byte of the plaintext at a time.
Conversion of Bits	Since Block Cipher converts blocks at a time, it converts a more significant number of bits than Stream Cipher, which can convert 64 bits or more.	In the case of Stream Cipher, however, only 8 bits can be transformed at a time.
Principle	Block Cipher uses both the “confusion” and “diffusion” principles for the conversion required for encryption.	Stream Cipher uses only the confusion principle for the conversion.
Algorithm	For encryption of plain text Block Cipher uses Electronic Code Book (ECB) and Cipher Block Chaining (CBC) algorithm.	Stream Cipher uses CFB (Cipher Feedback) and OFB (Output Feedback) algorithms.
Decryption	As a combination of more bits gets encrypted in the case of Block Cipher, so the reverse encryption or decryption is comparatively complex as compared to that of Stream Cipher.	Stream Cipher uses XOR for the encryption which can be easily reversed to the plain text.
Implementation	Feistel Cipher is the most common Block Cipher implementation.	The main implementation of Stream Cipher is Vernam Cipher.

Solution:

Number of rails = 4

Plain text = WE ARE IN SAME RACE UNTILL OVER LIVE END

W						N						A						I						L						D
	E				I		S				R		C				T		L				R		I				N
		A		E				A		E				E		N				L		U				V		E
			R						M						U						O						E

Now,

Take characters row-wise

Ciphertext = WNAILDEISRCTLRINAEAEENLUVERMUO

Define digital signature. Describe the approaches of DSS.

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. It’s the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications.

Types of Digital Signature:

• Electronic signature – This digital signature is usually defined as “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication”.
• Advanced electronic signature – means an electronic signature that satisfies a number of additional requirements, including a unique link that is capable of identifying the signatory. An advanced electronic signature guarantees the integrity and authentication of the text.
• Qualified digital signature – means an advanced electronic signature based on a qualified certificate and is created by a secure signature-creation device. All technical elements used to apply such a digital signature must be of the latest technology.

DSS Approach:

The DSS approach also makes use of a hash function. The hash code is pro- vided as input to a signature function along with a random number k generated for this particular signature. The signature function also depends on the sender’s private key (PRa) and a set of parameters known to a group of communicating principals.

We can consider this set to constitute a global public key (PUG).1 The result is a signature consisting of two components, labeled s, and r.

At the receiving end, the hash code of the incoming message is generated. This plus the signature is input to a verification function. The verification function also depends on the global public key as well as the sender’s public key (PUa), which is paired with the sender’s private key. The output of the verification function is a value that is equal to the signature component r if the signature is valid. The signature function is such that only the sender, with knowledge of the private key, could have produced a valid signature.

What is the task of a firewall? List the elements of X.509.

A “firewall”, is a tool that provides a filter of both incoming and outgoing packets. Thus, the main task of the firewall itself is to monitor and control all incoming or outgoing access to network connections based on predetermined security rules. Most firewalls perform two basic security functions.

• Packet filtering is based on accept or deny policy that is itself based on the rules of the security policy.
• Application proxy gateways provide services to the inside users and at the same time protect each individual host from the “bad” outside users.

The list of the elements of X.509 is as follows:

• Version. Which X.509 version applies to the certificate, indicating what data the certificate must include?
• Serial number. The CA creates the certificate and must assign it a serial number that distinguishes the CA certificate from other certificates.
• Algorithm information. The signature algorithm the issuer uses to sign the certificate.
• Issuer distinguished name. The name of the entity issuing the certificate — usually, the CA.
• Validity period of the certificate. The start and end date, as well as the time the certificate is valid and can be trusted.
• Subject distinguished name. The name to which the certificate is issued.
• Subject public key information. The public key is associated with the identity.
• Extensions (optional). Extensions have their own unique IDs, expressed as a set of values called an object identifier. An extension can be rejected if it is not recognized or if the extension has information that can’t be processed.

 

How does the nature of worms differ from viruses? Define PKI with its architecture model.

The primary difference between a virus and a worm is that viruses must be triggered by the activation of their host; whereas worms are stand-alone malicious programs that can self-replicate and propagate independently as soon as they have breached the system.

Public-key infrastructure (PKI) is defined as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. The principal objective for developing a PKI is to enable the secure, convenient, and efficient acquisition of public keys.

The Internet Engineering Task Force (IETF) Public Key Infrastructure X.509 (PKIX) working group has been the driving force behind setting up a formal (and generic) model based on X.509 that is suitable for deploying a certificate-based architecture on the Internet. The figure below shows the interrelationship amount of the key elements of the PKIX model. These elements are

• End entity: A generic term used to denote end users, devices (e.g., servers, routers), or any other entity that can be identified in the subject field of a public key certificate. End entities typically consume and/or support PKI-related services.
• Certification authority (CA): The issuer of certificates and (usually) certificate revocation lists (CRLs). It may also support a variety of administrative functions, although these are often delegated to one or more Registration Authorities.
• Registration authority (RA): An optional component that can assume a number of administrative functions from the CA. The RA is often associated with the end entity registration process but can assist in a number of other areas as well.
• CRL issuer: An optional component that a CA can delegate to publish CRLs.
• Repository: A generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.

Explain the procedure of mix column transformation in AES with an example.

This method messes with columns instead of rows. MixColumns transformation takes each column in the state and performs the linear transformation on it. Since each column has 4 rows, the matrix transformation has to be 4 x 4 and is defined as follows

\(M = \begin{bmatrix}2 & 3 & 1 & 1\\ 1 & 2 & 3 & 1\\ 1 & 1 & 2 & 3\\ 3 & 1 & 1 & 2\end{bmatrix}\)

And since linear transformation has an inverse, this operation is invertible. In fact, the matrix used to revert the state back to its original standing is given by

\(M^{-1} = \begin{bmatrix}14 & 11 & 13 & 9\\ 9 & 14 & 11 & 13\\ 13 & 9 & 14 & 11\\ 11 & 13 & 9 & 14\end{bmatrix}\)

Figure: MixColumns transformation

The figure below shows how a state is transformed using the MixColumns transformation. The figure also shows that the InvMixColumns transformation creates the original one.

 

 

What is the role of the prime number in the Euler totient Function? Find the GCD of 12 and 16 using the Euclidean algorithm.

Euler’s Totient function Φ (n) for an input n is the count of numbers in {1, 2, 3, …, n-1} that are relatively prime to n, i.e., the numbers whose GCD (Greatest Common Divisor) with n is 1. It is also called an arithmetic function.

Two things are important for an application or use of Euler’s totient function. One is that the gcd formed from the given integer ‘n’ should be multiplicative. The other is that the numbers of gcd should be the prime numbers only. The integer ‘n’ in this case should be more than 1. Calculating the Euler’s totient function from a negative integer is impossible. The principle, in this case, is that for Φ(n), the multiplicators called m and n should be greater than 1. Hence, denoted by 1 < m < n and gcd (m, n) = 1. Sign Φ is the sign used to denote the totient function.

Euclidean algorithm for GCD:

a = q₀ x b + r₀

or, b = q₁ x r₀ + r₁ and so on

Here, a = 16 and b = 12

or, 16 = 1 x 12 + 4

or, 12 = 3 x 4 + 0

Hence, the GCD of 12 and 16 using the Euclidean algorithm is 4.

Write down any two limitations of MAC. What do policy and mechanism mean in cryptography? Describe with a scenario.

There are two major limitations of MAC, both due to its symmetric nature of the operation −

• Establishment of Shared Secret.
  • It can provide message authentication among pre-decided legitimate users who have shared keys.
  • This requires the establishment of shared secrets prior to the use of MAC.
• Inability to Provide Non-Repudiation
  • Non-repudiation is the assurance that a message originator cannot deny any previously sent messages and commitments or actions.
  • MAC technique does not provide a non-repudiation service. If the sender and receiver get involved in a dispute over message origination, MACs cannot provide proof that a message was indeed sent by the sender.
  • Though no third party can compute the MAC, still sender could deny having sent the message and claim that the receiver forged it, as it is impossible to determine which of the two parties computed the MAC.

Security Policies and Mechanisms:

Simply stating that a system should be able to protect itself against all possible security threats is not the way to actually build a secure system. What is first needed is a description of security requirements, that is, a security policy. A security policy describes precisely which actions the entities in a system are allowed to take and which ones are prohibited. Entities include users, services, data, machines, and so on. Once a security policy has been laid down, it becomes possible to concentrate on the security mechanism by which a policy can be enforced i.e, security mechanism implement security policies. Important security mechanisms are:

1. Encryption: It provides a means to implement data confidentially. In addition, it allows the user to verify data modification so, it also provides support for integrity checks.
2. Authentication: It is used to verify the claimed identity of a user, or client, authenticated by password, but there are many other ways to authenticate clients.
3. Authorization: After a client has been authenticated, authorization is to check whether the client is authorized o perform a specific task.
4. Auditing: Auditing tools are used to trace which client accessed what information, when and in which way they did so. Although auditing does not provide any protection against security threats. Audit logs can be useful for the analysis of a security breach, and subsequently taking measures against intruders.

Write short notes on

1. Classes of Intruder
2. SSL
3. DoS Attack

a) Classes of Intruder:

Intruders are often referred to as hackers and are the most harmful factors contributing to the vulnerability of security. They have immense knowledge and an in-depth understanding of technology and security. Intruders breach the privacy of users and aim at stealing the confidential information of users. The stolen information is then sold to third-party, which aim at misusing the information for their own personal or professional gains.

Intruders are divided into three categories:

• Masquerader: The category of individuals that are not authorized to use the system but still exploit user privacy and confidential information by possessing techniques that give them control over the system, such category of intruders is referred to as Masqueraders. Masqueraders are outsiders and hence they don’t have direct access to the system, their aim is to attack unethically to steal data/ information.
• Misfeasor: The category of individuals that are authorized to use the system, but misuse the granted access and privilege. These are individuals that take undue advantage of the permissions and access given to them, such category of intruders is referred to as Misfeasor. Misfeasors are insiders and they have direct access to the system, which they aim to attack unethically for stealing data/ information.
• Clandestine User: The category of individuals who have supervision/administrative control over the system and misuse the authoritative power given to them. The misconduct of power is often done by superlative authorities for financial gains, such a category of intruders is referred to as Clandestine Users. A Clandestine User can be any of the two, insiders or outsiders, and accordingly, they can have direct/ indirect access to the system, which they aim to attack unethically by stealing data/ information.

b) SSL:

A secure Socket Layer (SSL) provides security to the data that is transferred between the web browser and the server. SSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack.

Secure Socket Layer Protocols: 

• SSL record protocol
• Handshake protocol
• Change-cipher spec protocol
• Alert protocol

c) DoS Attack:

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected.

There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

• Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle. It includes the attacks listed below, in addition to others that are designed to exploit bugs specific to certain applications or networks
• ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.
• SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.