Cryptography and Network Security

  Outline  : 1. PRNG Based on Hash Function 2. PRNG Based on MAC Function 1. PRNG Based on Hash Function   Note 1 : It is recommended for reader that if they want to know about the better clarity regarding this blog then please study well about PRNG or you can copy and paste the given link on your web browser. ( shorturl.at/cpEG8 ) Figure 1 shows the basic strategy for a Hash based PRNG. Fig. 1 : Basic Structure of Hash Based PRNGs  This algorithm uses the cryptographic hash Function 'H' with an hash value output of outlen bits. The basic operation of the algorithm is :  Symbol Specification : V = seed Seedlen = bit length of V>= k + 64, where k is a desired security level expressed in bits. n = desired number of output bits. m = ceil(n/outlen) data = v W = the null string For i = 1 to m     W i = H(data)      W = W || Wi  data = (data + 1) mod 2 seedlen Retur...

  Background    This uses AES or triple DES as the underlying encryption algorithm. The purpose of key wrapping is to securely exchange a symmetric key to be shared by two parties using a symmetric key already by those parties. The latter key is called a key encryption key (kek). The Key Wrapping Algorithm The key wrapping algorithm operates on blocks of 64 bits. The input to the algorithm consists a 64-bit constant, discussed subsequently, and a plaintext key that is divided into blocks of 64 bits. We use the following notation: MSB 64 (W) = most significant 64 bits of W. LSB 64 (W) = least significant 64 bits of W. W = temporary value; output of encryption function || = concatenation K = key encryption key n = number of 64-bit key data blocks. s = number of stages in the wrapping process; s = 6n P i = i th plaintext key data block; 1<=i<=n C i = i th ciphertext data block; 0<=i<=n A(t) = 64-bit integrity check register after encryption stage t; 1<=t...

Before Starting the main agenda of this blog lets us try to understand about Authenticated encryption. It is a term used to describe encryption system that simultaneously holds confidentiality as well as authenticity (or integrity). There are some  common approaches through with above criteria can be fulfilled.  A. Hashing followed by Encryption  B. Authentication followed by Encryption C. Encryption  followed by Authentication  D. Independently Encryption and Authenticate With Proper design, any of the above criteria can provide a high level of security.  Now move towards our main agenda of this blog i.e. CCM 😆 don't worry it's (Counter with Cipher Blog Chaining Message Authentication Code). CCM supports the security requirements of IEEE 802.11 wi-fi wireless local area network, but it can be used in any networking application requiring authenticated encryption.  CCM is a variation of the encrypt and MAC approach to authenticated encryption. CCM are ...

 In this section we will firstly study Data Authentication Algorithm (DAA) and then we will move towards Cipher Based Message Authentication (CBMA).  1. Data Authentication Algorithm (DAA)  :  One of the most widely used MAC is referred to as Data authentication algorithm.  The algorithm is designed using the cipher block chaining mode of operation of DES as shown in Figure 1.  Fig. 1: Data Authentication Algorithm .  If necessary, the final block is padded on the right with zeros to make a 64 bit block using the DES encryption algorithm and a secret key, a data authentication code (DAC) is calculated as follows. O 1  = E(k, D 1 )  O 2  = E(K,[D 2  XOR  O 1 ] O 3  = E(k, [ D 3  XOR  O 2 ] : O n  = E(K, [D n  XOR  O n-1 ] . The DAC consists of either entire block O n  or the leftmost M bits of the block with 16<=M<=64.   Note 1: DAA is applicable on 64 bit message when t...

 It is a technique that combines public key, Private Key, and a hash into  a mix hackers can't unpack.  HMAC Algorithm :  The keywords to remember :  H = Embedded hash function (e.g.; MD5, SHA-1, RIPEMO-160) IV = Initial value Input to hash function. M = Message Input to HMAC (including the padding specified in the embedded hash function) Yi = i th block if M, 0<=i<=(L-1) L = number of blocks in M b = Number of bits in a block. n = Length of hash code produced by embedded hash function. K = secret key; recommended length >=n; if key length is greater then b, then key is input to the       hash function to produce an n-bit key. K + = K padded with zeros on the left so that the result is b bit in length ipad = 00110110 (36 in Hexadecimal) repeated b/8 times. opad = 01011100 (5C in Hexadecimal) repeated b/8 times. The HMAC can be expressed as :  HMAC(K,M) = H[( K +  X...

One of the most attractive and complex area of cryptography is that of message authentication and the related area of digital signatures.  1. Message Authentication Requirements (MAC)  : Now why we need MAC? 😴. While communicating across a network, the following attacks are identifies so that we generally uses MAC. 1.1 Disclosure : Release of message contents to any person outside the network.  1.2 Traffic analysis : Discovery of the pattern of traffic between parties. In connection oriented system the frequency and duration of the connections can be determined. In case of connectionless the number and length of message between parties could be determined.  1.3 Masquerade : Insertion of message into the network from a fraudulent source.  1.4 Content Modification : It means any kind of change in the message such as inserting something, deleting something, transposition, and modifying message.  1.5 Sequence Modification : Any modification to a sequence of me...

 NIST announced in 2007 a competition to produce the next generation NIST hash function, to be called SHA-3.  1. The Sponge Construction :  The sponge function takes an input message and partitions it into fixed size blocks. Each block is processed in turn with output of each iteration fed into the next iteration, finally producing an output block.  The sponge function is defined by three parameters :  f = the internal function used to process each input block.  r = the size in bits of the input blocks, called the bitrate.  pad = the padding algorithm.  The sponge function always both variable length input and output, making it a flexible structure that can be used for a hash function (fixed length output), a pseudorandom number generator (fixed length input), and other cryptographic functions (as shown in Fig. 1).  An input message of n  bits is partitioned into k fixed size blocks of r bits each. If necessary, the message is padded to...