Professional Documents
Culture Documents
AES Projects
AES Projects
AES Projects
SUBMITTED BY:
JUNAID UR RAHMAN
SUPERVISED BY
MR.ASAD ALI
SESSION: 2017-2019
Submitted By
Junaid ur Rahman
Supervisory Committee:
External Examiner:_______________________________
Supervisor: _____________________________________
i
Acknowledgements
First of all I thank the Almighty Allah who gave me strength to understand and
complete this thesis.
After that I would like to thank my supervisor Asad Ali for his patience, top notch
guidance and advice through all this time. I have been extremely lucky to have a
supervisor who cared so much about my work, and provided help whenever it was
desired.
I would also like to thank and express my gratitude to my mother for her
unlimited prayers for my success and I am thankful to my wife for her continued
support and encouragement.
Junaid ur Rahman
Mardan, Pakistan
Nov 2019
ii
Table of Contents
1. CHAPTER 1: INTRODUCTION ............................................................... 1
1.1. Project Overview ....................................................................................... 2
1.2. Scope of the Thesis .................................................................................... 3
1.3. Problem Statement ..................................................................................... 3
1.4. Project Objective ........................................................................................ 4
1.5. Thesis Structure ......................................................................................... 4
iii
3.7. Birthday Attack (BA) ............................................................................... 21
3.8. Man in the Middle Attack ........................................................................ 22
3.9. Side Channel Attack (SCA) ..................................................................... 22
iv
6.2. AES Decryption ....................................................................................... 44
6.3. Results Snapshots..................................................................................... 46
7. CHAPTER 7: CONCLUSION.................................................................. 48
7.1. Conclusion .................................................................................................. 48
7.2. References ................................................................................................ 50
v
List of Figures
Figure 1.1: Network Configuration................................................................................ 2
Figure 2.1: Network Security Model ............................................................................. 7
Figure 2.2: NASM ......................................................................................................... 9
Figure 2.3: Feistel Structure ......................................................................................... 11
Figure 2.4: Round of DES ........................................................................................... 13
Figure.2.5: Operation ................................................................................................... 14
Figure 2.6: BFEN Encryption Algorithm .................................................................... 17
Figure 4.1: Simple Symmetric Cryptographic system ................................................. 25
Figure 4.2: Public Key Cryptography .......................................................................... 27
Figure 4.3: Structure of AES Encryption ..................................................................... 29
Figure 4.4: Key Expansion .......................................................................................... 34
Figure 6.1: Results Snapshot-1 .................................................................................... 46
Figure 6.2: Results Snapshot-2 .................................................................................... 46
Figure 6.3: Results Snapshot-3 .................................................................................... 46
vi
List of Tables
vii
viii
1. CHAPTER 1: INTRODUCTION
1
1.1. Project Overview
Data security in communication between client and server is a very challenging
task to achieve. It is because of the technologies and computation power of computers
are increasing at a very high rate. In such case personal information between sender
and receiver are not secret due to the very high computation power. In order to keep
the information secret from the hacker, it is very necessary to transform such
information into another form which is a coded form of original information. In
network security such coded information is known as encryption at the sender side. At
the other side the receiver must be able to generate the secret information from the
coded form of information such procedure is known as decryption at the receiver side.
In the literature there are various network security techniques are proposed to achieve
data security between sender and receiver. Broadly it is categorized into symmetric
encryption and asymmetric encryption techniques. Both encryption techniques are
based on key which is used to encrypt and decrypt the data. In symmetric encryption,
single key is used to encrypt and decrypt the secret information by the sender and
receiver such single key is called private key. In the asymmetric encryption technique,
two keys are used to encrypt and decrypt the information. One key is called public
key used by the sender to encrypt and the other key is known as private which is used
by the receiver to decrypt the information.
2
In this thesis symmetric encryption algorithm such Advance Encryption
Algorithm is used to achieve the confidentiality of message between client and server
or between sender and receiver by encrypting the secret information using Advance
Encryption Standard. Advance Encryption Standard is block cipher algorithm which
encrypt the secret information as a block by block. A block contain multiple bytes
instead of single byte. The size of the private key are 128bit long for 10 rounds,
192bit long for 12 rounds and 256bit long key for 14 rounds. Such variability of
advanced encryption standard in the rounds as well as in the private key achieve
message confidentiality in an efficient manner. It uses single private key to achieve
the confidentiality of message between sender and receiver.
The long and variable size of private key makes Advance encryption algorithm
harder to crack than any other symmetric encryption-algorithm like Digital
Encryption standard. Advance Encryption Standard uses three different size of
private key each for different round but the block size on which the Advance
Encryption Standard works is same for all the rounds. The size of the private key are
128bit long for 10 rounds, 192bit long for 12 rounds and 256bit long key for 14
rounds. Such variability of advanced encryption standard in the rounds as well as in
the private key achieve message confidentiality in an efficient manner.
3
help of such computation power one can obtain the secret key with the help of
exhaustive search. So there is a need of strong encryption technique that must be able
to achieve message confidentiality in an efficient manner.
4
2. CHAPTER 2: THEORETICAL BACKGROUND
5
2.1. Network Security
In this chapter I have discuss the theoretical background of network security
especially symmetric encryption algorithm such as Digital Encryption Standard
(DES), Triple DES and other encryption algorithm.
Network Security is a term that elaborates the security of the network. The
network is created with the connection of multiple nodes. Each node in the network
has its own secrecy and privacy which they want to kept secret. The way of protecting
the data from being spoofed is known as network security techniques. There are
different security techniques proposed in the literature to secure a confidential
information/message over an internet. Among other techniques one remedy is
Encryption which is process of transforming a message into some other form with the
help of some secret key/private key. Multiple encryption technique are proposed in
the literature by the researcher to achieve message security between sender and
receiver over an internet. Broadly it is categorized into symmetric encryption and
asymmetric encryption techniques.Before going into the details first there is a need to
explain some security related terms such as the message that need to be kept secret is
called the plain text while the coded form or encrypted form of message is known as
cipher text. Both encryption techniques are based on key which is used to encrypt and
decrypt the message.
In symmetric encryption, single key is used to encrypt and decrypt the secret
information by the sender and receiver such single key is called private key. In the
asymmetric encryption technique, two keys are used to encrypt and decrypt the
information. In symmetric encryption, single key is used to encrypt and decrypt the
secret information by the sender and receiver such single key is called private key. In
the asymmetric encryption technique, two keys are used to encrypt and decrypt the
information. One key is called public key used by the sender to encrypt and the other
key is known as private key which is used by the receiver to decrypt the information.
In this thesis we only discuss the fallouts of the symmetric encryption algorithm.
Basically Model describe the behavior and working of every technology and
technique. It describe how different parts in the technology will interact with each
6
other and how they together produce an optimal and exact output. Network security
model is also describe by the researcher which describe the security of data means
how a network securely transfer a file from source to the destination over a logical
channel. To achieve the security of data message two necessary components are
discussed below
1) The data message should not be transmitted over a logical channel in a plain text
i-e the plaintext should be converted to cipher text using any encryption
algorithm. After the creation of cipher text, it is transmitted to the receiver over a
logical channel.
2) Sender and receiver should be agreed on a particular secret key which can be used
for converting plain text to cipher text and vice versa. The secret key must be
securely transfer to the receiver with the help of some trusted party. There are
multiple methods which could be used for the distributed of the secret key. The
secret key should not be revealed to anyone else, if someone get the secret key by
any means he/she can obtain a plain text from the cipher text.
Different security techniques are proposed in the literature to achieve data security
over an internet, intranet and extranet. A technique is a method or procedure which
explain how to convert or transform a plain text into cipher text. Broadly it can be
divided into categories listed below
7
2.3.1.Substitution Cipher (SC)
When the letters of the plain text is replaced with other characters we call to it as
substitution cipher. In such cipher we substitute the characters with other characters.
Ceaser Cipher, mono alphabetic cipher, Rail Fence Cipher are the most popular
example of SC. The key is very important in substitution cipher because with the help
of the key, the plain text letters is substitute with the characters define in the Key and
it must be kept secret.
Example.
Space = !@
Transposition cipher change the location of the plain text characters to make it
unreadable and difficult to understand for the opponent. Rail Fence cipher and Rotor
Machine are the most popular example of transposition cipher
Example:
8
Product cipher is a combination of both substitution cipher and transposition cipher. It
is considered more secure than the substitution and transposition cipher because it
involves two cipher due to which it is difficult to crack. We can perform two
substitution on a plain text followed by two transposition on a plain text. The cipher
text become complex but it time complexity becomes very high.
9
This function allow the authorized user to enter into the system. If someone gain
access to the system by any means, the second type of defense include the internal
control which monitor the internal activities such memory usage, processor usage etc
and detect the presence of intruders
10
2.5.1. Feistel Cipher Structure
DES was the first symmetric encryption algorithm design by IBM. It is based
on the Feistel structure shown in Fig design by the Horst Feistel. DES is a block
cipher encryption algorithm and its works on a block 64 bit that means that it encrypts
64 bit of input at a time. It was remains the standard of US networking system for
almost 21 years but after 21 years of their use in the network system it is hacked by
the hackers. The vulnerable area or we can say that the main loop hole in the DES
algorithm was in the size of secret or private key which is very small and with the
help of powerful commuters the key can be easily discovered. The second in the DES
algorithm that the algorithm was found vulnerable against exhaustive key search.
DES uses a 56bit key to encrypt 64 bit input.
It was remains the standard of US networking system for almost 21 years but after
21 years of their use in the network system it is hacked by the hackers. The vulnerable
11
area or we can say that the main loop hole in the DES algorithm was in the size of
secret or private key which is very small and with the help of powerful commuters the
key can be easily discovered. The second in the DES algorithm that the algorithm was
found vulnerable against exhaustive key search. DES uses a 56bit key to encrypt 64
bit input.
The entire working of DES is based on the Feistel Structure which consist of a
number of 16 rounds. Each round has special operation which is perform on the
information to generate cipher text. Initially the 64bit of input is go through the initial
permutation phase and produces a 64 bit output and then the output from the initial
permutation phase is go through the several rounds. After the final round the output
will go through the final permutation to produce the cipher text. At each round a
secret key of 64bit from the expansion of 56bit key is applied to produce the desired
output. The secret key for round 1 will be different than the secret key for round 2 and
so on. After the final round the output will go through the final permutation to
produce the cipher text. At each round a secret key of 64bit from the expansion of
56bit key is applied to produce the desired output. One of the beauty of using DES
algorithm is that the decryption procedure is same as the encryption procedure, in
order to get plain text from the cipher text we need to do the reverse process of
encryption.
The same working principal is followed by all the rounds. In each round of
DES, first of all the 64bit input is divided into 2 half of 32 bits. The right 32bits are go
through the Expansion table and expend the 32bit to 48bit. At the same time the 56bit
key is also divided into 2 half of 28bit. The left 28 bit is left shifted and the right 28bit
is right shifted. The output of left and right shift will go through the permutation and
produce the 48bit key. The 48bit secret key and the 48bit from the expansion phase is
XORed and the 48bit output is produce. The 48bit will go through the S-box and 32
bit output is produced which is again go through the permutation and XORed with the
left 32bit. At the end the left and right 32bit are replaced with each other. The overall
working procedure is shown in Fig
12
Left-1 Right-1 32 bit 28 bit Xi-1 28bit 28 bitYi-1
32 bit
Exp L-shift R-shift
48 bit
-Table
Ꚛ 48 bit key
P/C Table
S-
box
32 bit
Permuta
tion
Ꚛ32 bit
Left-1 Right-1 Xi-1 Yi-1
DES is no more secure due to its vulnerabilities. One of the main weak point
in the DES algorithm is the size of secret key which is very small as compared to
today’s powerful computing device. With such high computing devices brute force
attacks becomes very easy. 3DES is same as DES but as the name appears that in
3DES, the DES algorithm is applied three times to get the cipher text and we need to
do reverse process three times to get the plain text back from the cipher text. In 3DES
the length of the secret key is 192 bit. 3DES is three times more secure than DES but
it is three times slower than DES. 3DES is used in most network application such as
Privacy Enhance Mail (PEM) and Pretty Good Privacy (PGP)
13
Figure.2.5: Operation
Easy to understand
Compatible to use with any network application
Available to everyone to use
In order to avoid fraud it is patent protected
IDEA works on a 64 bit block with the private key of 128 bit long. The
operation of this algorithm is based on three algebraic operations. The use of S-box
and lookup table is completely avoided in this algorithm. The encryption and
decryption procedure of DES algorithm are identical to each other. Initially plain text
is divided into quarters each of 16 bit it is because of the overall procedure is
operating on 16 bits. The entire procedure of key generation is shown in Table. The
52 key sub block are generated form the 128 bit as follows
The key is divided into sixteen bit sub blocks. These sub block are used as the
8 key.
The next step is that the key is left shifted by 25 position.
The next step is to divide the resultant 128 bit from the left shift operation gain
into 8 sixteen bit blocks
The encryption and decryption procedure of DES algorithm are identical to
each other.
The use of S-box and lookup table is completely avoided in this algorithm
Initially plain text is divided into quarters each of 16 bit it is because of the
overall procedure is operating on 16 bits
14
R1 V1{1} V2{1} V3{1} V4{1} V5{1} V6{1}
In order to encrypt the plain text it is divided into quarters sixteen bit. The
encryption procedure of IDEA consist of 8 round. Each round have same operation to
be followed. In the principal encryption round, the initial four sixteen-bit key are
joined with two of the sixteen-bit plaintext squares utilizing expansion modulo 216,
and with the other two plaintext squares utilizing duplication modulo 216 + 1. The
outcomes are then prepared further as appeared in Figure 1, whereby two more 16-bit
key sub-squares enter the count and the third arithmetical gathering administrator, the
a little bit at a time selective OR, is utilized. Toward the finish of the principal
encryption cycle four 16-bit qualities are created which are utilized as contribution to
the second encryption round in a mostly changed request.
15
The procedure depicted above for cycle one is rehashed in every one of the
consequent 7 encryption rounds utilizing distinctive 16-bit key sub-obstructs for every
blend. Amid the ensuing yield change, the four 16-bit qualities delivered toward the
finish of the eighth encryption round are joined with the last four of the 52 key sub-
squares utilizing expansion modulo 216 and increase modulo 216 + 1 to frame the
subsequent four 16-bit figure content squares.The outcomes are then prepared further
as appeared in Figure 1, whereby two more 16-bit key sub-squares enter the count and
the third arithmetical gathering administrator, the a little bit at a time selective OR, is
utilized. Toward the finish of the principal encryption cycle four 16-bit qualities are
created which are utilized as contribution to the second encryption round in a mostly
changed request.
BFEA is also one of the symmetric encryption algorithm. it also lies in the
category of block cipher and it encrypts multiple bytes at a time. BF has a block size
of 64bit but it has variable size of secret or private key i-e one can use BFEA to
achieve confidentiality of message between sender and receiver with a block size of
64 bit input with any size of secret key i-e in between 32 bit to 448 bit. It is similar to
DES algorithm in a sense that it also based on Feistel Structure with the 16 round. In
order to encrypt the plain text using BFEA, first of all the plain text of 32 bit are
16
divided into four 8 bits. Each block of 8 bit is input to S-box table. BF has a block
size of 64bit but it has variable size of secret or private key i-e one can use BFEA to
achieve confidentiality of message between sender and receiver with a block size of
64 bit input with any size of secret key i-e in between 32 bit to 448 bit. It is similar to
DES algorithm in a sense that it also based on Feistel Structure with the 16 round.
Each S box produce a 32 bit output. The result of two s-box is modulo 232 and the
result of such modulo is XORed with the output of 3rd s-box. The final 32 bit is
produce which is a cipher text by modulo 232 between the result XORed and the result
of 4th s-box. The entire working principal of BFEA is shown in fig. Blowfish is
consider as one of the fastest encryption technique due to its simplest operation 4 th s-
box. The entire working principal of BFEA is shown in fig. Blowfish is consider as
one of the fastest encryption technique due to its simplest operation.
8 bit
S
-B 1
S
S 8 bit
um
-B 2 x
or
S 8 bit
-B 3
8 bit s
S
um
-B 4
TFEA is same as BFEA but the difference is in the way to encrypt and decrypt
the confidential information between sender and receiver. Unlike Blowfish
Encryption Algorithm TFEA uses 128 bit block of input with the private key up to
256 bit long. It is also consider the fastest encryption algorithm among other block
ciphers due to its simplest operation. Although it have some theoretical vulnerabilities
but no one yet broken this encryption algorithm. The successor of Twofish algorithm
is Threefish after some know attacks happened on Twofish. It is also consider the
17
fastest encryption algorithm among other block ciphers due to its simplest operation.
Although it have some theoretical vulnerabilities but no one yet broken this
encryption algorithm.
Round 0-255
18
3. CHAPTER 3: ATTACKS ON BLOCK CIPHERS
19
3.1. Introduction
One of the main intention of the hacker is to get the plain text from the cipher
text by breaking the cryptosystem. In order to break the cryptosystem, the only
necessary thing need to do by the hacker is to get the cipher key on which the plain
text is converted to cipher text. As we know that once the information is encrypted it
is transmitted over an unsecure network where there could be an attacker who might
be able to capture all the transmitted information. The only thing he need to do is find
out the secret key in order to understand the captured information. So that is why the
attacker spend most of his time towards getting the cipher key. Once the private key is
determine by the attacker, then he may be able to get all the information encrypted
using this key.
There are different methods used by the attacker to attacks on the Block ciphers to
break the cryptosystem. Some of them are listed below
22
4. CHAPTER 4: THE ADVANCE ENCRYPTION
STANDARD (AES)
23
4.1. Introduction
The founder of the AES algorithm was Joan Daemen and Vincent Rijmen.One of
the most popular PrKC is Advance Encryption Standard (AES) which is mostly used
nowadays. It is one of the strongest PrKC and considered almost 5 times faster than 3
DES. It is the block cipher encryption algorithm which means that it encrypts multiple
bytes at a time. One of the first PrKC is DES encryption algorithm and it was standard
of US networking system for almost 21 years but after 21 years of their use in the
network system it is hacked by the hackers. The vulnerable area or we can say that the
main loop hole in the DES algorithm was in the size of secret or private key which is
very small and with the help of powerful commuters the key can be easily discovered.
The second in the DES algorithm that the algorithm was found vulnerable against
exhaustive key search. In the diagram below I want to show the basic differences
between the DES and AES.
DES AES
24
4.2. Symmetric Key Cryptography/ Private Key Cryptography (PrKC/)
In PrKC both sender and receiver uses the same private key for encryption and
decryption. Generation of private key at both ends must not be complex and must be
securely distributed securely over a logical channel between the sender and receiver.
The private key must be kept secret from the opponent (Human or software). If the
opponent get the private key by any means he/she will be able to decrypt all the
cipher text.
1. Plain Text: A clear message that the receiver needs to receive securely without
any modification over a logical channel.
2. Encryption Algorithm: A Transformation technique apply on the plain text to get
a cipher text
3. Secret Key: The secret key needs to distribute to the receiver in a secure fashion
and must be kept secret because if someone discover a private key by any means,
he/she will be able to read all the communication using this private key.
4. Cipher text: It is a text which must be transmitted to the receiver over a logical
channel. The cipher text is not understandable by the opponent as it is converted
into some other form by means substitution and transposition
5. Decryption Algorithm: The algorithm which is mostly used by the receiver to
plain text from the cipher with the help of provided secret key. Both the
encryption and decryption algorithm is same for converting plain text to cipher
text and for obtaining plain text from the cipher text.
25
4.2.1. Limitation of PrKC
Public key (PuK) and private key (PrK) are used by the PuKC to achieve data
security in the network. PuK and PrK should be generated in such a way that
thesekeys are related to each other. Encryption is perform using the PuKof the
receiver and decryption is perform using the PrK. PuK must be available to use in the
open directory for all the client or nodes in the network. While the PrK of every node
in the network must be kept secret.Suppose two friends Ali and Babar wants to
communicate with other and they agreed on a certain parameters. Ali is the sender and
Babar is the receiver. Ali compose a plain text and ready to transmit to the Babar. Ali
obtain a PuK of the Babar from the open directory and encrypt a plain text with this
key and send it to the Babar. Babar receive the cipher text and decrypt it with its own
PrK as it is only decrypted with the PrK of the receiver. RSA is the most popular
example of PuKC.
In PuKC the problem of sharing of key is solved with the help of PuK and PrK as
we do not need share any key with anyone.
1. Plain Text: A clear message that the receiver needs to receive securely without
any modification over a logical channel.
2. Encryption Algorithm: A Transformation technique apply on the plain text to get
a cipher text PuK and PrK
3. Cipher text: It is a text which must be transmitted to the receiver over a logical
channel. The cipher text is not understandable by the opponent as it is converted
into some other form by means substitution and transposition
26
4. Decryption Algorithm: The algorithm which is mostly used by the receiver to
discover plain text from the cipher with the help of provided secret key. Both the
encryption and decryption algorithm is same for converting plain text to cipher
text and for obtaining plain text from the cipher text.
One that comes in mind that can a node change it PrK, the answer is yes at any time
a node can change its PrK but they need to replace the old PuK with the new
one.For communication with any node only two keys need to know for the node that
is the PuK of both the parties.Confidentiality, Authentication as well as a
27
combination of both i-e confidentiality and authentication services are provided by
the PuKC
As AES does not depends on Fiestel Cipher rather it follows an iterative structure
which is mostly based on substitution and permutation. All the steps in AES
algorithm are linked with each other as some operation substitute the input with the
other characters and the output of this substitution is cascaded to the next step where
permutation is preform. In permutation the input bits or bytes the shifted around. The
number of rounds of AES depends on the size of the secret key. As aforementioned
AES will have 9, 11, 13 rounds if the size of the secret key is 128 bit, 192 bit and 256
bit respectively. Each round of AES follow the same steps to produce the output.
Each round has a separate key which is derived from the main AES secret key with
the help of Key Expansion operation. The plain text is divided into blocks of 128 bits
as AES is a block cipher. For example if the plain text is “ how are you” then the AES
will process the plain text into blocks as shows below. It process the plain text in 4x4
column of 16 bytes
H A Y space
28
O R O space
W E U space
Space space space space
AddRKe
AddRKe
y
l y
InSubByt
SubBytes
es
InShiftRo
ShiftRow
w
MixColu
mn
s
AddRKe s
Inmixcol
y
umn
AddRKe
y
SubBytes inSubByt
K-Exp K-Exp
es
ShiftRow InShiftRo
s
SubBytes ws
MixColu
s
mn
AddRKe
ShiftRow
ys InMixCol
umn
AddRKe
SubBytes y
InSubByt
es
ShiftRow InShiftRo
MixColu ws
s
mn
AddRKe AddRKe
y y
Cipher Text
29
4.6. AES Encryption
The encryption process of AES consist of three phases. All the phase has the same
set of operation but with different composition, substitution and permutation. The
phases are listed below.
1. Primary or initial Phase
i. Add Round Key
2. Main Phase
i. Sub Bytes
ii. Shift Rows
iii. Mix Column
iv. Add Round Key
3. Final Phase
i. Sub Bytes
ii. Shift Rows
iii. Add Round key
AES main phase is repeated number of times which depends on the size of the key as
aforementioned.
30
This process is repeated until the last round. But in the decryption process the process
will be inverse for each round key i-e the input is XORed against the last 16 bytes of
the expended key.
In this phase the input is substituted with the help of S box which is available to
everyone. The S Box of AES is different from the S box used by the DES or 3DES
encryption algorithm. AES use the same S Box for all the bytes as shown in the figure
below
In a shift row, we arrange a input into matrix of 4x4 consist of 16 bytes and then
each row is circular shifted. This is a byte wise shift where bytes move one space
31
over. According to the byte wise shift each row is shifted to the left but the first row is
not shifted, it is remain as it is. As shown in the figure. In the figure below each row
is shifted with the account numbers i-e the first row is not shifted, the second row is
shifted to the left by one, the third row is shifted to the left by 2 and so on.
a 2,0 a 2,1 a 2,2 a 2,3 a 2,2 a 2,3 a 2,0 a 2,1
It is one of the hardest section of the AES algorithm. Mix column can be divided
into two sub parts. I) Matrix Multiplication ii) Galois Field
i) Matrix Multiplication
This matrix multiplication is not same as we did in the calculus or linear algebra
infect each value in the matrix is multiplied against the input state. Here again the
input state are arranged into 4x4 column consist of 16 bytes. The value of matrix is
multiplied with the value of the input state and it is XORed with 2nd column 1st value
multiply with 2 row first value and produces an output of 16 bytes. The value of
matrix is multiplied with the value of the input state and it is XORed with 2nd column
1st value multiply with 2 row first value and produces an output of 16 bytes.
Let’s explain the concept with the help of example. As we can see in the diagram
the first byte is calculated by multiplication of all the matrix value against all the
values of the input state and then the result of each multiplication is XORed with
another result.
32
This matrix multiplication is not same as we did in the calculus or linear algebra
infect each value in the matrix is multiplied against the input state. Here again the
input state are arranged into 4x4 column consist of 16 bytes. As we can see in the
diagram the first byte is calculated by multiplication of all the matrix value against all
the values of the input state and then the result of each multiplication is XORed with
another result.
Multiplication Matrix
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2
16 bytes states
X1 b5 b9 X13
X2 b6 X10 X14
X3 b7 X11 X15
X4 b8 X12 X16
In order to get the result of 2nd byte, we must have to multiply the same 4 values of
the state column against 4 values of the 2nd row of the matrix. .
In order to get the result of 3rd byte we must have to multiply the same 4 values of the
state column against 4 values of the third row of the matrix.
In order to get the result of 4th byte we must have to multiply the same 4 values of the
state column against 4 values of the fourth row of the matrix.
33
4.6.2.4. AES Key Expansion
Basically it is a function that can be used for getting rounds key from the main AES
secret key. The main AES key is used as an input to the add round key operation.
With the help of key expansion function all the rounds key are generated which can
be used as an input to the other round key. The round key can be obtained by XORing
with the input state as shown in the figure below.
34
In the decryption process of AES, the key that are used in the final round of
encryption process, that key will be used in the first round of decryption process in
order to obtain the plain text from the cipher text.
Shift Rows in the decryption process is same as in the encryption process but the only
difference is that the rows are sifted to the right instead of to the left as shown in the
figure below
The Sub Bytes operation are also inverted in the decryption process as shown in the
figure below.
35
Table 4.7: S Box for Decryption
The mix column operation is also inverted in the decryption process of AES but the
only difference is that the multiplication matrix is change to another matrix as shown
in the figure below. Shift Rows in the decryption process is same as in the encryption
process but the only difference is that the rows are sifted to the right instead of to the
left as shown in the figure below
36
4.8. Attacks on AES Encryption algorithm
Although AES is a very strong encryption algorithm and still in use for many
application such as VPN, compression tool etc. The AES algorithm is still
unbreakable, it is because of the strong variable encryption key. Many attacker try to
attacks on AES encryption algorithm in order to make it vulnerable to use but today
security experts agree that even with today hardware technologies the AES encryption
algorithm required a billion of years to break with 128 bit which is almost impossible.
Different attacks are listed below.
The cryptographer does not say that AES is completely secure, despite the
evidence that with current hardware it is impossible to break the AES. Side channel
attack is a kind of attack which attack to obtain information of a physical
implementation of system which is encrypted using AES encryption algorithm. Many
attacker try to attacks on AES encryption algorithm in order to make it vulnerable to
use but today security experts agree that even with today hardware technologies the
AES encryption algorithm required a billion of years to break with 128 bit which is
almost impossible. Such information can still be used to make the vulnerable. This
attacks is possible if there is a week points in the implementation of physical structure
of a system. Below is the few example of the side channel attacks.
AES encryption algorithm. Many attacker try to attacks on AES encryption
algorithm in order to make it vulnerable to use but today security experts agree that
even with today hardware technologies the AES encryption algorithm required a
billion of years to break with 128 bit which is almost impossible. Such information
can still be used to make the vulnerable.
i. Timing attacks,
ii. Power Monitoring attacks,
iii. Electromagnetic attacks.
Basically it is kind of attack which based on attacker measuring to show that how
must time is required for the computation. Timing Attacks are a type of side channel
attacks. In timing attacks, leaking cache timing information is used as the side
37
channel. If the information about cache timing of a software implementation of AES
is collected and analyzed by an attacker, the secret key of a crypto system can be
deduced. Hence AES is fallible to timing attack.
4.8.1.2. Power Monitoring Attacks
In order to attacks using power monitoring, the attacker try to gained information
about the hardware, that how must power consumption is required in order to attack
on a system.
In order to attack using the Electromagnetic radiation, the attacker try to get the
radiation of the power system, as it provide sufficient information about the plain
text.The AES algorithm is still unbreakable, it is because of the strong variable
encryption key. Many attacker try to attacks on AES encryption algorithm in order to
make it vulnerable to use but today security experts agree that even with today
hardware technologies the AES encryption algorithm required a billion of years to
break with 128 bit which is almost impossible
In order to attacks using power monitoring, the attacker try to gained information
about the hardware, that how must power consumption is required in order to attack
on a system.
39
5. CHAPTER 5: APPLICATIONS OF AES
40
5.1.2. Disk or Partition Encryption
Everyone in the world has some personal information, which they want to keep
secret from the attackers like bank account information, credit card information, and
personal documents. Many of us store all the personal information in one common
directory or disk and encrypt it with some security software. Such security software is
implemented on AES encryption algorithm. Some of the example of encryption
software that use AES encryption algorithm are BitLocker, FileVault and CipherShed
etc.
5.1.3. VPN
Virtual Private Network or VPN is also protected using AES encryption
algorithm. VPN is a tool that provide a security over a public internet. VPNs may
allow employees to securely access a corporate intranet while located outside the
office. They are used to securely connect geographically separated offices of an
organization, creating one cohesive network. VPN setup allow you to access a
websites from outside the country where all your favorite website are protected and
restricted so you can use the VPN setup to access the restricted websites. With simple
VPN setup you can connect to your private network over a less secure internet by
using a tunneling protocol. All such security of VPN is provided using AES
encryption algorithm. As VPN is like an internet application which is not created
almost the same and equally. Some of the best VPN like Express VPN and Nord VPN
use the AES encryption algorithm with 256 bit private key. With simple VPN setup
you can connect to your private network over a less secure internet by using a
tunneling protocol. All such security of VPN is provided using AES encryption
algorithm. VPN setup allow you to access a websites from outside the country where
all your favorite website are protected and restricted so you can use the VPN setup to
access the restricted websites. With simple VPN setup you can connect to your
private network over a less secure internet by using a tunneling protocol.
41
5.2. Advantage of AES Encryption Algorithm
1. It is considered as one of the robust protocol because of its implementation both in
software and hardware.
2. It is more secure against hacking because of its large private key such as 128 bit,
192 bit and 256 bit encryption.
3. It is most widely used protocol in most application like wireless communication,
bank financial transaction and e business etc.
4. No one can hack your personal information, if you encrypt your personal
information using AES encryption standard.
5. With 128 bit 2128 attempts are needed to break the encryption algorithm.
42
6. CHAPTER 6: EXPERIMENTAL PROGRAMMING
In order to achieve message confidentiality between sender and receiver, the AES
encryption algorithm is implemented.
function [Result] = encryption(s, in)
{
Message = printf(“ please enter the private message to encrypt using AES:”)
LengthOfmessage=len(Message)
Message1 = printf(“ please enter the private key used to encrypt using AES:”)
LengthOfmessage1=len(Message1)
if (Parameters ~= 2)
{
error('invalid .');
end
}
43
for i = 1:(s.rounds - 1)
{
bytes = SubstituteBox(bytes + 1);
bytes = RowsShifting(bytes, 0);
bytes = MixColumn(bytes, s);
bytes = bitxor(bytes, (s.keyexp((1:4) + 4*i, :))');
end
}
bytes = SubstituteBox(bytes + 1);
bytes = RowsShifting(bytes, 0);
bytes = bitxor(bytes, (s.keyexp(4*s.rounds + (1:4), :))');
Result = ChnageShape(bytes, 1, 16);
function Result = MixColumn(in, s)
{
Result = ChnageShape(in([1 6 11 16 5 10 15 4 9 14 3 8 13 2 7 12]),4,4); }
End }
}
In this code the AES encryption algorithm achieve the message confidentiality by
encrypting the plain text into cipher text. In order to encrypt the plain text, the
algorithm asked for the plain text from the user. The characters of the plain text must
be multiple of 16 because AES is a Block cipher and it only works on blocks of 16
bytes. The characters are converted to ASCII code.
These lines of codes are part of the AES encryption
44
end
bytes = ChnageShape(in, 4, 4);
bytes = bitxor(bytes, (s.keyexp(s.rounds*4 + (1:4), :))');
for i = (s.rounds - 1):-1:1
{
bytes = RowsShifting(bytes, 1);
bytes = s.inv_s_box(bytes + 1);
bytes = bitxor(bytes, (s.keyexp((1:4) + 4*i, :))');
bytes = MixColumn(bytes, s);
end
}
bytes = RowsShifting(bytes, 1);
bytes = s.inv_s_box(bytes + 1);
bytes = bitxor(bytes, (s.keyexp(1:4, :))');
Result = ChnageShape(bytes, 1, 16);
}% end of file
45
6.3. Results Snapshots
46
47
7. CHAPTER 7: CONCLUSION
7.1. Conclusion
48
Encryption Standard. Advance Encryption Standard is block cipher algorithm which
encrypt the secret information as a block by block. A block contain multiple bytes
instead of single byte. It uses single private key to achieve the confidentiality of
message between sender and receiver. The long and variable size of private key
makes Advance encryption algorithm harder to crack than any other symmetric
encryption algorithm like Digital Encryption standard. Advance Encryption Standard
uses three different size of private key each for different round but the block size on
which the Advance Encryption Standard works is same for all the rounds. The size of
the private key are 128bit long for 10 rounds, 192bit long for 12 rounds and 256bit
long key for 14 rounds. Such variability of advanced encryption standard in the
rounds as well as in the private key achieve message confidentiality in an efficient
manner.
49
7.2. References
1. Cryptography and Network Security: Principles and Practice : A Book By
William Stalling
2. Digital Signature Algorithms. Cryptologia 37(4): 311-327 (2013)
3. E-Mail: Pretty Good Privacy. Encyclopedia of Information Assurance 2011
4. Network Security Essentials - Applications and Standards (4. ed., internat.
ed.). Pearson Education 2010, ISBN 978-0-13-610805-4, pp. 1-431
5. NIST Block Cipher Modes of Operation for Authentication and Combined
Confidentiality and Authentication. Cryptologia 34(3): 225-235(2010)
6. Cryptography and network security - principles and practice (3. ed.). Prentice
Hall 2003, ISBN 978-0-13-111502-6, pp. I-XIV, 1-681
7. Network security essentials - applications and standards (2. ed.). Prentice
Hall 2003, ISBN 978-0-13-120271-9, pp. I-XV, 1-409
8. Tutorial Point : Internet source.
9. ”What is Adanced Encryption Standards?”,
http://searchsecurity.techtarget.com/definition/Advanced- Encryption-Standard,
Dated: 11 July 2015
10. Daniel J. Bernstein, Cache-timing attacks on AES., Department of
Mathematics, Statistics, and Computer Science (M/C 249) The University of
Illinois at Chicago, IL 606077045
11. ”Encryption”, https://en.wikipedia.org/wiki/Encryption, Dated: 11 July 2015
12. https://en.wikipedia.org/wiki/Symmetric-key algorithm Dated: 11 July 2015
13. Bernstein, Daniel J. "Cache-timing attacks on AES." (2005).
14. Bogdanov, Andrey. "Improved side-channel collision attacks on AES."
In International Workshop on Selected Areas in Cryptography, pp. 84-95.
Springer, Berlin, Heidelberg, 2007.
15. Chang, Kuo-Huang, Yi-Cheng Chen, Chung-Cheng Hsieh, Chi-Wu Huang, and
Chi-Jeng Chang. "Embedded a low area 32-bit AES for image
encryption/decryption application." In 2009 IEEE International Symposium on
Circuits and Systems, pp. 1922-1925. IEEE, 2009.
16. Alabaichi, A., & Salih, A. I. (2015, October). Enhance security of advance
encryption standard algorithm based on key-dependent S-box. In 2015 Fifth
50
International Conference on Digital Information Processing and
Communications (ICDIPC) (pp. 44-53). IEEE.
17. Network Security Essentials - Applications and Standards (4. ed., internat.
ed.). Pearson Education 2010, ISBN 978-0-13-610805-4, pp. 1-431
18. NIST Block Cipher Modes of Operation for Authentication and Combined
Confidentiality and Authentication. Cryptologia 34(3): 225-235(2010)
19. Cryptography and network security - principles and practice (3. ed.). Prentice
Hall 2003, ISBN 978-0-13-111502-6, pp. I-XIV, 1-681
20. Network security essentials - applications and standards (2. ed.). Prentice
Hall 2003, ISBN 978-0-13-120271-9, pp. I-XV, 1-409
51