ACHIEVING MESSAGE CONFIDENTIALITY USING

ADVANCED ENCRYPTION STANDARD

SUBMITTED BY:

JUNAID UR RAHMAN

SUPERVISED BY

MR.ASAD ALI

SESSION: 2017-2019

DEPARTMENT OF COMPUTER SCIENCE

ABDUL WALI KHAN UNIVERSITY, MARDAN
 Achieving Message Confidentiality Using Advanced Encryption
Standard

Submitted By

Junaid ur Rahman

Registration No: 14-AU-MIST-22

Supervisory Committee:

External Examiner:_______________________________

Internal Examiner: _______________________________

Supervisor: _____________________________________

Mr. Asad Ali

Lecturer, Mardan Institute of science And Technology

Project Coordinator: ______________________________

Mr. Moeen Ullah khan

Lecturer and Managing Director of MIST

Department of Computer Science

Abdul Wali Khan University Mardan

 Project submitted to Abdul Wali Khan University Mardan in the partial fulfillment
of the requirements for the degree of

MASTER IN COMPUTER SCIENCE

Department of Computer Science

Abdul Wali Khan University Mardan

 ABSTRACT

Achieving message security in communication between client and server or

between sender and receiver is a challenging task. Many security techniques are
proposed in the literature to achieve message confidentiality but due to the
advancement in the technology it cracks within few seconds. DES is one of them and
it remains for 21 years as a standard of US networking system but after 21 years of its
used it is hack by the hacker due to its limitation such as the small size of private key.
Advanced Encryption Standard is the most secure private encryption technique with
the key length of 128 bit, 192 bit, and 256 bit to achieve message confidentiality in
communication between client and server and mostly used now a days in many
application such as WhatsApp etc. It is the block cipher encryption algorithm which
means that it encrypts multiple bytes at a time. In this thesis Advance Encryption
Standard is used to achieve message security in communication between sender and
receiver. In this thesis I just encrypt the confidential message to a form which is not
understandable to hacker.

i
 Acknowledgements

First of all I thank the Almighty Allah who gave me strength to understand and
complete this thesis.

After that I would like to thank my supervisor Asad Ali for his patience, top notch
guidance and advice through all this time. I have been extremely lucky to have a
supervisor who cared so much about my work, and provided help whenever it was
desired.

I would also like to thank and express my gratitude to my mother for her
unlimited prayers for my success and I am thankful to my wife for her continued
support and encouragement.

Junaid ur Rahman
Mardan, Pakistan
Nov 2019

ii
 Table of Contents
1. CHAPTER 1: INTRODUCTION ............................................................... 1
1.1. Project Overview ....................................................................................... 2
1.2. Scope of the Thesis .................................................................................... 3
1.3. Problem Statement ..................................................................................... 3
1.4. Project Objective ........................................................................................ 4
1.5. Thesis Structure ......................................................................................... 4

2. CHAPTER 2: THEORETICAL BACKGROUND................................... 5

2.1. Network Security ....................................................................................... 6
2.2. Network Security Model ............................................................................ 6
2.3. Techniques for Network Security .............................................................. 7
2.3.1. Substitution Cipher (SC) .................................................................... 8
2.3.2. Transposition Technique .................................................................... 8
2.3.3. Product Cipher ................................................................................... 8
2.4. Network Access Security Model ............................................................... 9
2.5. Block Ciphers........................................................................................... 10
2.5.1. Feistel Cipher Structure ................................................................... 11
2.5.2. Data Encryption Standard (DES) ..................................................... 11
2.5.2.1. Single Round of DES ................................................................... 12
2.5.3. Triple Data Encryption Standard (3DES) ........................................ 13
2.5.4. International Data Encryption Algorithm (IDEA) ........................... 14
2.5.4.1. Working Principal of IDEA ......................................................... 14
2.5.5. Blowfish Encryption Algorithm (BFEA)......................................... 16
2.5.6. Twofish Encryption Algorithm (TFEA) .......................................... 17
2.5.7. RC5 Encryption Algorithm .............................................................. 18

3. CHAPTER 3: ATTACKS ON BLOCK CIPHERS ................................ 19

3.1. Introduction .............................................................................................. 20
3.2. Cipher text Only Attack (COA) ............................................................... 20
3.3. Known Plaintext Attack (KPA) ............................................................... 21
3.4. Chosen Plain text Attack (CPA) .............................................................. 21
3.5. Dictionary Attack (DA) ........................................................................... 21
3.6. Brute Force Attack (BFA) ....................................................................... 21

iii
 3.7. Birthday Attack (BA) ............................................................................... 21
3.8. Man in the Middle Attack ........................................................................ 22
3.9. Side Channel Attack (SCA) ..................................................................... 22

4. CHAPTER 4: THE ADVANCE ENCRYPTION STANDARD (AES) . 23

4.1. Introduction .............................................................................................. 24
4.2. Symmetric Key Cryptography/ Private Key Cryptography (PrKC/) ....... 25
4.2.1. Limitation of PrKC .......................................................................... 26
4.3. AES Variants ........................................................................................... 28
4.4. How AES Works? .................................................................................... 28
4.5. AES Encryption ....................................................................................... 30
4.5.1. Initial Round .................................................................................... 30
4.5.2. Main Phase ....................................................................................... 31
4.5.2.1. Bytes Substitute. .......................................................................... 31
4.5.2.2. Shift Rows.................................................................................... 31
4.5.2.3. Mix Column ................................................................................. 32
4.5.2.4. AES Key Expansion .................................................................... 34
4.6. AES Decryption Process: ......................................................................... 34
4.7. Attacks on AES Encryption algorithm .................................................... 37
4.7.1. Side Channel Attacks. ...................................................................... 37
4.7.1.1. Timing Attacks............................................................................. 37
4.7.1.2. Power Monitoring Attacks ........................................................... 38
4.7.1.3. Electromagnetic Attack ................................................................ 38
4.7.1.4. Power Monitoring Attacks ........................................................... 38

5. CHAPTER 5: APPLICATIONS OF AES ............................................... 40

5.1. Application of AES Encryption Algorithm. ............................................ 40
5.1.1. Archive and Compression Tool ....................................................... 40
5.1.2. Disk or Partition Encryption ............................................................ 41
5.1.3. VPN.................................................................................................. 41
5.1.4. WhatsApp Messenger ...................................................................... 41
5.2. Advantage of AES Encryption Algorithm ............................................... 42
5.9. Disadvantages of AES Encryption Algorithm ......................................... 42

6. CHAPTER 6: EXPERIMENTAL PROGRAMMING........................... 43

6.1. AES Encryption .......................................................................................... 43

iv
 6.2. AES Decryption ....................................................................................... 44
6.3. Results Snapshots..................................................................................... 46

7. CHAPTER 7: CONCLUSION.................................................................. 48
7.1. Conclusion .................................................................................................. 48
7.2. References ................................................................................................ 50

v
 List of Figures
Figure 1.1: Network Configuration................................................................................ 2
Figure 2.1: Network Security Model ............................................................................. 7
Figure 2.2: NASM ......................................................................................................... 9
Figure 2.3: Feistel Structure ......................................................................................... 11
Figure 2.4: Round of DES ........................................................................................... 13
Figure.2.5: Operation ................................................................................................... 14
Figure 2.6: BFEN Encryption Algorithm .................................................................... 17
Figure 4.1: Simple Symmetric Cryptographic system ................................................. 25
Figure 4.2: Public Key Cryptography .......................................................................... 27
Figure 4.3: Structure of AES Encryption ..................................................................... 29
Figure 4.4: Key Expansion .......................................................................................... 34
Figure 6.1: Results Snapshot-1 .................................................................................... 46
Figure 6.2: Results Snapshot-2 .................................................................................... 46
Figure 6.3: Results Snapshot-3 .................................................................................... 46

vi
 List of Tables

Table 2.1: Key Generation: Encryption ....................................................................... 15

Table 2.2: Key Generation: Decryption: ...................................................................... 16
Table 2.3: Rounds and Possible values ........................................................................ 18
Table 4.1 Difference between DES and AES .............................................................. 24
Table 4.2: Add Round Key .......................................................................................... 30
Table 4.3: S Box for Bytes Substitute: Encryption ...................................................... 31
Table 4.4: Procedure for Shift Rows: Encryption ........................................................ 32
Table 4.5: Matrix Multiplication: Encryption .............................................................. 33
Table 4.6: Shift Row for Decryption ........................................................................... 35
Table 4.7: S Box for Decryption .................................................................................. 36
Table 4.8: Matrix Multiplication for Decryption ......................................................... 36

vii
viii
1. CHAPTER 1: INTRODUCTION

1
1.1. Project Overview
Data security in communication between client and server is a very challenging
task to achieve. It is because of the technologies and computation power of computers
are increasing at a very high rate. In such case personal information between sender
and receiver are not secret due to the very high computation power. In order to keep
the information secret from the hacker, it is very necessary to transform such
information into another form which is a coded form of original information. In
network security such coded information is known as encryption at the sender side. At
the other side the receiver must be able to generate the secret information from the
coded form of information such procedure is known as decryption at the receiver side.
In the literature there are various network security techniques are proposed to achieve
data security between sender and receiver. Broadly it is categorized into symmetric
encryption and asymmetric encryption techniques. Both encryption techniques are
based on key which is used to encrypt and decrypt the data. In symmetric encryption,
single key is used to encrypt and decrypt the secret information by the sender and
receiver such single key is called private key. In the asymmetric encryption technique,
two keys are used to encrypt and decrypt the information. One key is called public
key used by the sender to encrypt and the other key is known as private which is used
by the receiver to decrypt the information.

Figure 1.1: Network Configuration

2
 In this thesis symmetric encryption algorithm such Advance Encryption
Algorithm is used to achieve the confidentiality of message between client and server
or between sender and receiver by encrypting the secret information using Advance
Encryption Standard. Advance Encryption Standard is block cipher algorithm which
encrypt the secret information as a block by block. A block contain multiple bytes
instead of single byte. The size of the private key are 128bit long for 10 rounds,
192bit long for 12 rounds and 256bit long key for 14 rounds. Such variability of
advanced encryption standard in the rounds as well as in the private key achieve
message confidentiality in an efficient manner. It uses single private key to achieve
the confidentiality of message between sender and receiver.

The long and variable size of private key makes Advance encryption algorithm
harder to crack than any other symmetric encryption-algorithm like Digital
Encryption standard. Advance Encryption Standard uses three different size of
private key each for different round but the block size on which the Advance
Encryption Standard works is same for all the rounds. The size of the private key are
128bit long for 10 rounds, 192bit long for 12 rounds and 256bit long key for 14
rounds. Such variability of advanced encryption standard in the rounds as well as in
the private key achieve message confidentiality in an efficient manner.

1.2. Scope of the Thesis

As aforementioned old encryption methods are insecure in message
confidentiality due to the increasing computation power of the computing devices.
With the help of secure and strong encryption technique such as Advance Encryption
Standard, achieving message confidentiality is a main concern of this thesis. This is a
very interesting domain in networking especially in network security to secure a
message over a network between sender and receiver using the strong encryption
algorithm.

1.3. Problem Statement

Due to the increasing computation power of the computing devices, it

becomes a very challenging task for the old encryption techniques to achieve message
security in an efficient manner. As the whole encryption methods are works on the
secret key which becomes insecure from the high computation devices and with the

3
help of such computation power one can obtain the secret key with the help of
exhaustive search. So there is a need of strong encryption technique that must be able
to achieve message confidentiality in an efficient manner.

1.4. Project Objective

 As aforementioned one of the fundamental objective of this thesis is to achieve

the message confidentiality/security between client and server or sender and
receiver.

1.5. Thesis Structure

The rest of the thesis is organized as follows
Chapter 2 presents the details about the theoretical background of network security
especially symmetric encryption algorithms
Chapter 3 explains the limitation of existing symmetric encryption algorithm and
Attack on Block Ciphers
Chapter 4 Explain the Advance Encryption Standard, variation of Advance
Encryption Standard.
Chapter 5 Explain the different attacks on AES encryption algorithm, Application of
AES encryption and merits and demerits of AES encryption algorithm are also
included in this chapter
Chapter 6 presents the results and interface of AES for achieving message
confidentiality.

4
2. CHAPTER 2: THEORETICAL BACKGROUND

5
 2.1. Network Security
In this chapter I have discuss the theoretical background of network security
especially symmetric encryption algorithm such as Digital Encryption Standard
(DES), Triple DES and other encryption algorithm.

Network Security is a term that elaborates the security of the network. The
network is created with the connection of multiple nodes. Each node in the network
has its own secrecy and privacy which they want to kept secret. The way of protecting
the data from being spoofed is known as network security techniques. There are
different security techniques proposed in the literature to secure a confidential
information/message over an internet. Among other techniques one remedy is
Encryption which is process of transforming a message into some other form with the
help of some secret key/private key. Multiple encryption technique are proposed in
the literature by the researcher to achieve message security between sender and
receiver over an internet. Broadly it is categorized into symmetric encryption and
asymmetric encryption techniques.Before going into the details first there is a need to
explain some security related terms such as the message that need to be kept secret is
called the plain text while the coded form or encrypted form of message is known as
cipher text. Both encryption techniques are based on key which is used to encrypt and
decrypt the message.

In symmetric encryption, single key is used to encrypt and decrypt the secret
information by the sender and receiver such single key is called private key. In the
asymmetric encryption technique, two keys are used to encrypt and decrypt the
information. In symmetric encryption, single key is used to encrypt and decrypt the
secret information by the sender and receiver such single key is called private key. In
the asymmetric encryption technique, two keys are used to encrypt and decrypt the
information. One key is called public key used by the sender to encrypt and the other
key is known as private key which is used by the receiver to decrypt the information.
In this thesis we only discuss the fallouts of the symmetric encryption algorithm.

2.2. Network Security Model

Basically Model describe the behavior and working of every technology and
technique. It describe how different parts in the technology will interact with each
6
other and how they together produce an optimal and exact output. Network security
model is also describe by the researcher which describe the security of data means
how a network securely transfer a file from source to the destination over a logical
channel. To achieve the security of data message two necessary components are
discussed below

1) The data message should not be transmitted over a logical channel in a plain text
i-e the plaintext should be converted to cipher text using any encryption
algorithm. After the creation of cipher text, it is transmitted to the receiver over a
logical channel.
2) Sender and receiver should be agreed on a particular secret key which can be used
for converting plain text to cipher text and vice versa. The secret key must be
securely transfer to the receiver with the help of some trusted party. There are
multiple methods which could be used for the distributed of the secret key. The
secret key should not be revealed to anyone else, if someone get the secret key by
any means he/she can obtain a plain text from the cipher text.

Figure 2.1: Network Security Model

2.3. Techniques for Network Security

Different security techniques are proposed in the literature to achieve data security
over an internet, intranet and extranet. A technique is a method or procedure which
explain how to convert or transform a plain text into cipher text. Broadly it can be
divided into categories listed below

7
 2.3.1.Substitution Cipher (SC)

When the letters of the plain text is replaced with other characters we call to it as
substitution cipher. In such cipher we substitute the characters with other characters.
Ceaser Cipher, mono alphabetic cipher, Rail Fence Cipher are the most popular
example of SC. The key is very important in substitution cipher because with the help
of the key, the plain text letters is substitute with the characters define in the Key and
it must be kept secret.

Example.

Key = hz, o(, w}

ad, ri, e”, yo,u:

Space = !@

Plain text = How are you

Cipher text = z(}!@di”!@o(:

2.3.2. Transposition Technique

Transposition cipher change the location of the plain text characters to make it
unreadable and difficult to understand for the opponent. Rail Fence cipher and Rotor
Machine are the most popular example of transposition cipher

Example:

Plain text = how are you

Cipher text = owh rea ouy

2.3.3. Product Cipher

8
Product cipher is a combination of both substitution cipher and transposition cipher. It
is considered more secure than the substitution and transposition cipher because it
involves two cipher due to which it is difficult to crack. We can perform two
substitution on a plain text followed by two transposition on a plain text. The cipher
text become complex but it time complexity becomes very high.

2.4. Network Access Security Model

Figure 2.2: NASM

There should be mechanism available to cope with unwanted access to the

network. As we can in the diagram, the access channel is same for all the parties. It is
same for the sender and receiver as well as for the opponent (it can be a software as
well as human). If an opponent want to access to the information system, the
opponent must be controlled with Gatekeeper Function which include the login based
system.When the letters of the plain text is replaced with other characters we call to it
as substitution cipher. In such cipher we substitute the characters with other
characters. Ceaser Cipher, mono alphabetic cipher, Rail Fence Cipher are the most
popular example of SC. The key is very important in substitution cipher because with
the help of the key, the plain text letters is substitute with the characters define in the
Key and it must be kept secret.

9
 This function allow the authorized user to enter into the system. If someone gain
access to the system by any means, the second type of defense include the internal
control which monitor the internal activities such memory usage, processor usage etc
and detect the presence of intruders

2.5. Block Ciphers

Block ciphers are those ciphers whose encrypts plain text as block means it
encrypts multiple bytes/bits at a time. Using Symmetric both sender and receiver use
the same private key which is use to encrypt and decrypt the confidential information.
The generation of private key must not be complex at both end and must be securely
distributed between the sender and receiver. In Symmetric Encryption Algorithms
(SEA) the private key must be kept secret from the hacker because if someone get the
key by any means he/she can decrypt all the confidential information between the
sender and receiver. There are multiple SEA proposed in the literature to secure the
confidential information transmitted between sender and receiver. Some of them are
listed below

 Data Encryption Standard (DES)

 Triple Data Encryption Standard (3DES)
 International Data Encryption Algorithm (IDEA)
 Blowfish Algorithm
 Twofish Algorithm
 RC2-RC5

10
 2.5.1. Feistel Cipher Structure

Figure 2.3: Feistel Structure

2.5.2. Data Encryption Standard (DES)

DES was the first symmetric encryption algorithm design by IBM. It is based
on the Feistel structure shown in Fig design by the Horst Feistel. DES is a block
cipher encryption algorithm and its works on a block 64 bit that means that it encrypts
64 bit of input at a time. It was remains the standard of US networking system for
almost 21 years but after 21 years of their use in the network system it is hacked by
the hackers. The vulnerable area or we can say that the main loop hole in the DES
algorithm was in the size of secret or private key which is very small and with the
help of powerful commuters the key can be easily discovered. The second in the DES
algorithm that the algorithm was found vulnerable against exhaustive key search.
DES uses a 56bit key to encrypt 64 bit input.

It was remains the standard of US networking system for almost 21 years but after
21 years of their use in the network system it is hacked by the hackers. The vulnerable

11
area or we can say that the main loop hole in the DES algorithm was in the size of
secret or private key which is very small and with the help of powerful commuters the
key can be easily discovered. The second in the DES algorithm that the algorithm was
found vulnerable against exhaustive key search. DES uses a 56bit key to encrypt 64
bit input.

The entire working of DES is based on the Feistel Structure which consist of a
number of 16 rounds. Each round has special operation which is perform on the
information to generate cipher text. Initially the 64bit of input is go through the initial
permutation phase and produces a 64 bit output and then the output from the initial
permutation phase is go through the several rounds. After the final round the output
will go through the final permutation to produce the cipher text. At each round a
secret key of 64bit from the expansion of 56bit key is applied to produce the desired
output. The secret key for round 1 will be different than the secret key for round 2 and
so on. After the final round the output will go through the final permutation to
produce the cipher text. At each round a secret key of 64bit from the expansion of
56bit key is applied to produce the desired output. One of the beauty of using DES
algorithm is that the decryption procedure is same as the encryption procedure, in
order to get plain text from the cipher text we need to do the reverse process of
encryption.

2.5.2.1. Single Round of DES

The same working principal is followed by all the rounds. In each round of
DES, first of all the 64bit input is divided into 2 half of 32 bits. The right 32bits are go
through the Expansion table and expend the 32bit to 48bit. At the same time the 56bit
key is also divided into 2 half of 28bit. The left 28 bit is left shifted and the right 28bit
is right shifted. The output of left and right shift will go through the permutation and
produce the 48bit key. The 48bit secret key and the 48bit from the expansion phase is
XORed and the 48bit output is produce. The 48bit will go through the S-box and 32
bit output is produced which is again go through the permutation and XORed with the
left 32bit. At the end the left and right 32bit are replaced with each other. The overall
working procedure is shown in Fig

12
 Left-1 Right-1 32 bit 28 bit Xi-1 28bit 28 bitYi-1

32 bit
Exp L-shift R-shift
48 bit
-Table

Ꚛ 48 bit key
P/C Table

S-
box
32 bit
Permuta
tion
Ꚛ32 bit
Left-1 Right-1 Xi-1 Yi-1

Figure2.4: Round of DES

2.5.3. Triple Data Encryption Standard (3DES)

DES is no more secure due to its vulnerabilities. One of the main weak point
in the DES algorithm is the size of secret key which is very small as compared to
today’s powerful computing device. With such high computing devices brute force
attacks becomes very easy. 3DES is same as DES but as the name appears that in
3DES, the DES algorithm is applied three times to get the cipher text and we need to
do reverse process three times to get the plain text back from the cipher text. In 3DES
the length of the secret key is 192 bit. 3DES is three times more secure than DES but
it is three times slower than DES. 3DES is used in most network application such as
Privacy Enhance Mail (PEM) and Pretty Good Privacy (PGP)

13
 Figure.2.5: Operation

2.5.4. International Data Encryption Algorithm (IDEA)

IDEA encryption algorithm is also a block cipher. It is design by Xuejia Lai

and James L. Massey of ETH-Zürich in 1976. IDEA was a replacement of Proposed
Encryption Standard (PES). IDEA provide resistant against all types of attacks. One
of the interesting point in the IDEA was that it does not use any S-box for encryption
and decryption. The following characteristics of IDEA encryption algorithm make it
great choice for using in many application.

 Easy to understand
 Compatible to use with any network application
 Available to everyone to use
 In order to avoid fraud it is patent protected

2.5.4.1. Working Principal of IDEA

IDEA works on a 64 bit block with the private key of 128 bit long. The
operation of this algorithm is based on three algebraic operations. The use of S-box
and lookup table is completely avoided in this algorithm. The encryption and
decryption procedure of DES algorithm are identical to each other. Initially plain text
is divided into quarters each of 16 bit it is because of the overall procedure is
operating on 16 bits. The entire procedure of key generation is shown in Table. The
52 key sub block are generated form the 128 bit as follows
 The key is divided into sixteen bit sub blocks. These sub block are used as the
8 key.
 The next step is that the key is left shifted by 25 position.
 The next step is to divide the resultant 128 bit from the left shift operation gain
into 8 sixteen bit blocks
 The encryption and decryption procedure of DES algorithm are identical to
each other.
 The use of S-box and lookup table is completely avoided in this algorithm
 Initially plain text is divided into quarters each of 16 bit it is because of the
overall procedure is operating on 16 bits

14
 R1 V1{1} V2{1} V3{1} V4{1} V5{1} V6{1}

R2 V1{2} V2{2} V3{2} V4{2} V5{2} V6{2}

R3 V1{3} V2{3} V3{3} V4{3} V5{3} V6{3}

R4 V1{4} V2{4} V3{4} V4{4} V5{4} V6{4}

R5 V1{5} V2{5} V3{5} V4{5} V5{5} V6{5}

R6 V1{6} V2{6} V3{6} V4{6} V5{6} V6{6}

R7 V1{7} V2{7} V3{7} V4{7} V5{7} V6{7}

R8 V1{8} V2{8} V3{8} V4{8} V5{8} V6{8}

Output V1{9} V2{9} V3{9} V4{9}

Table 2.1: Key Generation: Encryption

In order to encrypt the plain text it is divided into quarters sixteen bit. The
encryption procedure of IDEA consist of 8 round. Each round have same operation to
be followed. In the principal encryption round, the initial four sixteen-bit key are
joined with two of the sixteen-bit plaintext squares utilizing expansion modulo 216,
and with the other two plaintext squares utilizing duplication modulo 216 + 1. The
outcomes are then prepared further as appeared in Figure 1, whereby two more 16-bit
key sub-squares enter the count and the third arithmetical gathering administrator, the
a little bit at a time selective OR, is utilized. Toward the finish of the principal
encryption cycle four 16-bit qualities are created which are utilized as contribution to
the second encryption round in a mostly changed request.

15
 The procedure depicted above for cycle one is rehashed in every one of the
consequent 7 encryption rounds utilizing distinctive 16-bit key sub-obstructs for every
blend. Amid the ensuing yield change, the four 16-bit qualities delivered toward the
finish of the eighth encryption round are joined with the last four of the 52 key sub-
squares utilizing expansion modulo 216 and increase modulo 216 + 1 to frame the
subsequent four 16-bit figure content squares.The outcomes are then prepared further
as appeared in Figure 1, whereby two more 16-bit key sub-squares enter the count and
the third arithmetical gathering administrator, the a little bit at a time selective OR, is
utilized. Toward the finish of the principal encryption cycle four 16-bit qualities are
created which are utilized as contribution to the second encryption round in a mostly
changed request.

The decryption procedure of IDEA is same as encryption only we need to reverse

the process of key generation as shown in table

R1 V1{9}-1 -V2{9} -V3{9} V4{9}-1 V5{8} V6{8}

R2 V1{8}-1 -V2{8} -V3{8} V4{8}-1 V5{7} V6{7}
R3 V1{7}-1 -V2{7} -V3{7} V4{7}-1 V5{6} V6{6}
R4 V1{6}-1 -V2{6} -V3{6} V4{6}-1 V5{5} V6{5}
R5 V1{5}-1 -V2{5} -V3{5} V4{5}-1 V5{4} V6{4}
R6 V1{4}-1 -V2{4} -V3{4} V4{4}-1 V5{3} V6{3}
R7 V1{3}-1 -V2{3} -V3{3} V4{3}-1 V5{2} V6{2}
R8 V1{2}-1 -V2{2} -V3{2} V4{2}-1 V5{1} V6{1}
Output V1{1}-1 -V2{1} -V3{1} V4{1}-1}

Table2.2: Key Generation: Decryption:

2.5.5. Blowfish Encryption Algorithm (BFEA)

BFEA is also one of the symmetric encryption algorithm. it also lies in the
category of block cipher and it encrypts multiple bytes at a time. BF has a block size
of 64bit but it has variable size of secret or private key i-e one can use BFEA to
achieve confidentiality of message between sender and receiver with a block size of
64 bit input with any size of secret key i-e in between 32 bit to 448 bit. It is similar to
DES algorithm in a sense that it also based on Feistel Structure with the 16 round. In
order to encrypt the plain text using BFEA, first of all the plain text of 32 bit are

16
divided into four 8 bits. Each block of 8 bit is input to S-box table. BF has a block
size of 64bit but it has variable size of secret or private key i-e one can use BFEA to
achieve confidentiality of message between sender and receiver with a block size of
64 bit input with any size of secret key i-e in between 32 bit to 448 bit. It is similar to
DES algorithm in a sense that it also based on Feistel Structure with the 16 round.

Each S box produce a 32 bit output. The result of two s-box is modulo 232 and the
result of such modulo is XORed with the output of 3rd s-box. The final 32 bit is
produce which is a cipher text by modulo 232 between the result XORed and the result
of 4th s-box. The entire working principal of BFEA is shown in fig. Blowfish is
consider as one of the fastest encryption technique due to its simplest operation 4 th s-
box. The entire working principal of BFEA is shown in fig. Blowfish is consider as
one of the fastest encryption technique due to its simplest operation.

8 bit
S
-B 1
S
S 8 bit
um
-B 2 x
or
S 8 bit
-B 3

8 bit s
S
um
-B 4

Figure 2.6: BFEN Encryption Algorithm

2.5.6. Twofish Encryption Algorithm (TFEA)

TFEA is same as BFEA but the difference is in the way to encrypt and decrypt
the confidential information between sender and receiver. Unlike Blowfish
Encryption Algorithm TFEA uses 128 bit block of input with the private key up to
256 bit long. It is also consider the fastest encryption algorithm among other block
ciphers due to its simplest operation. Although it have some theoretical vulnerabilities
but no one yet broken this encryption algorithm. The successor of Twofish algorithm
is Threefish after some know attacks happened on Twofish. It is also consider the
17
fastest encryption algorithm among other block ciphers due to its simplest operation.
Although it have some theoretical vulnerabilities but no one yet broken this
encryption algorithm.

2.5.7. RC5 Encryption Algorithm

RC5 is another block cipher and symmetric encryption algorithm. it is

developed by Ron Rivets in 1994. It is consider as the fastest encryption algorithm,
simple, and it requires less memory. It encrypts two word at a time. RC5 have
different variation based on the number of inputs such as it can take number of
possible value for the plain text blocks, number of rounds, and the size of the secret
key. Like the possible values are shown in fig

Parameters Corresponding Values

Block Size 16 bit, 32 bit, 64 bit

Round 0-255

Private key Size 0-255 (bytes)

Table 2.3: Rounds and Possible values

18
3. CHAPTER 3: ATTACKS ON BLOCK CIPHERS

19
 3.1. Introduction
One of the main intention of the hacker is to get the plain text from the cipher
text by breaking the cryptosystem. In order to break the cryptosystem, the only
necessary thing need to do by the hacker is to get the cipher key on which the plain
text is converted to cipher text. As we know that once the information is encrypted it
is transmitted over an unsecure network where there could be an attacker who might
be able to capture all the transmitted information. The only thing he need to do is find
out the secret key in order to understand the captured information. So that is why the
attacker spend most of his time towards getting the cipher key. Once the private key is
determine by the attacker, then he may be able to get all the information encrypted
using this key.

There are different methods used by the attacker to attacks on the Block ciphers to
break the cryptosystem. Some of them are listed below

 Cipher text Only Attacks (COA)

 Known Plain Text Attack (KPA)
 Chosen Plaintext Attack (CPA)
 Dictionary Attack (DA)
 Brute Force Attack (BFA)
 Birthday Attack (BA)
 Man in the Middle Attack (MIM)
 Side Channel Attack (SCA)

3.2. Cipher text Only Attack (COA)

As we know that once the information is encrypted it is transmitted over an
unsecure network where there could be an attacker who might be able to capture all
the transmitted information. In this attack, the hacker collected some set of cipher text
and try to guess the corresponding plain text from the gathered cipher text. This type
of attack are also used to find out the secret key by following the pattern of cipher
text. It is successful once the attacker get the corresponding plain text the cipher text.
All the modern Block Cipher are protected from this kind of attack.
20
 \

3.3. Known Plaintext Attack (KPA)

In this type of attack, the hacker knows plain text about some part of the
cipher text and with the help of this information, the attacker attack on a system to
find out the remaining plain text from the given cipher text. It is only possible once
the attacker determine the secret key or private key by any means. Linear
Cryptanalysis is the best example of this type of attack.

3.4. Chosen Plain text Attack (CPA)

In this type of attack, the attacker has it text of his choice and the text is
encrypted. This information yields towards determining the secret key. Once the
secret key is determine, the attacker has able to decrypt all the messages/cipher text
encrypted with such secret key. Differential cryptanalysis is the best example of this
type of attack. Such cryptanalysis is also applied to hash function. Asymmetric
Encryption algorithm such as RSA encryption algorithm is also vulnerable to this type
of attack.

3.5. Dictionary Attack (DA)

In this type of attack, the hacker build a dictionary or kind of table that
includes cipher text and a corresponding plain text. So whenever a hacker capture a
cipher text, the attacker inspect the dictionary or table and find out the corresponding
plain text again the captured cipher text.

3.6. Brute Force Attack (BFA)

This type of attack is very simple but it takes to decrypt the cipher text. In this
attack, the try possible combination of secret key and apply to cipher text one by one
to get the plain text. The computation time of this attack depends on the size of the
secret key. As the algorithm is known to everyone and the attacker has the captured
cipher text. If the size of the secret key is 8 bit a total of 28 = 256 keys need to apply
on the cipher text to get the plain text. The size of the key is directly proportional to
time required to crack the cipher text.

3.7. Birthday Attack (BA)

This type of attack is another variant of brute force attack. It is used to crack
the hash function.
21
 Let’s take the example of student in the class to explain the concept of BA. The
birthday of any student must be within a 365 days. Suppose that the birthday of one
student is 4th May, then in order to to find the next student whose birthday is same as
the first one we need to check 31 students. At the same way if the values of the hash
function is 64 bit, then the possible hash values are 1.7999x1020. if the attacker
evaluate the function again and again for multiple combination of inputs, the same
output is expected. Once the hacker gets the two different input that leads to the same
output, the cryptosystem is consider as broken.

3.8. Man in the Middle Attack

This type of attack is normally for the asymmetric encryption algorithm as it
involves key sharing before communication is take place. But it can also be used for
symmetric encryption algorithm as it also involved distribution of private key. Let’s
assume asymmetric encryption algorithm to explain the concept of Man in Middle
Attack. Whenever a station A wants to communication with station B. A request the
Public key of B. B send his Public key to A. Man in the Middle modify the public key
with its own public key. So whenever the A send the information to B, it is read by
the Man in the Middle. The attacker read the communication using his private key and
re-encrypt the message and send it to B.

3.9. Side Channel Attack (SCA)

Side channel attack is a kind of attack which attack to obtain information of a
physical implementation of system which is encrypted using AES encryption
algorithm. Such information can still be used to make the vulnerable. This attacks is
possible if there is a week points in the implementation of physical structure of a
system. Below is the few example of the side channel attacks. Timing attacks, Power
Monitoring attacks, Electromagnetic attacks.

22
4. CHAPTER 4: THE ADVANCE ENCRYPTION
STANDARD (AES)

23
 4.1. Introduction
The founder of the AES algorithm was Joan Daemen and Vincent Rijmen.One of
the most popular PrKC is Advance Encryption Standard (AES) which is mostly used
nowadays. It is one of the strongest PrKC and considered almost 5 times faster than 3
DES. It is the block cipher encryption algorithm which means that it encrypts multiple
bytes at a time. One of the first PrKC is DES encryption algorithm and it was standard
of US networking system for almost 21 years but after 21 years of their use in the
network system it is hacked by the hackers. The vulnerable area or we can say that the
main loop hole in the DES algorithm was in the size of secret or private key which is
very small and with the help of powerful commuters the key can be easily discovered.
The second in the DES algorithm that the algorithm was found vulnerable against
exhaustive key search. In the diagram below I want to show the basic differences
between the DES and AES.

DES AES

Date of Proposed 1976 1999

Block Size 64 128

Private Key size 56 128 bit, 192bit , 256 bit

Type of Encryption Permutation, Substitution substitution

Type of Cryptographic Confusion, diffusion Confusion, diffusion

Design Open open

Process of Selection Private Private,

Number of Rounds 16 9, 11, 13

Source IBS Independent

Design Rationale Closed Open

Table 4.1 Difference between DES and AES

24
4.2. Symmetric Key Cryptography/ Private Key Cryptography (PrKC/)
In PrKC both sender and receiver uses the same private key for encryption and
decryption. Generation of private key at both ends must not be complex and must be
securely distributed securely over a logical channel between the sender and receiver.
The private key must be kept secret from the opponent (Human or software). If the
opponent get the private key by any means he/she will be able to decrypt all the
cipher text.

The five dimensions of PrKC are listed below

1. Plain Text: A clear message that the receiver needs to receive securely without
any modification over a logical channel.
2. Encryption Algorithm: A Transformation technique apply on the plain text to get
a cipher text
3. Secret Key: The secret key needs to distribute to the receiver in a secure fashion
and must be kept secret because if someone discover a private key by any means,
he/she will be able to read all the communication using this private key.
4. Cipher text: It is a text which must be transmitted to the receiver over a logical
channel. The cipher text is not understandable by the opponent as it is converted
into some other form by means substitution and transposition
5. Decryption Algorithm: The algorithm which is mostly used by the receiver to
plain text from the cipher with the help of provided secret key. Both the
encryption and decryption algorithm is same for converting plain text to cipher
text and for obtaining plain text from the cipher text.

Figure 4.1: Simple Symmetric Cryptographic system

25
 4.2.1. Limitation of PrKC

There limitation of PKC are

1) One of the main problem in PrKC is the sharing of private key

2) Another limitation in PrKC is when sender and receiver do not trust on each
other such concept is called Digital Signature. In PrKC how the receiver proof
that the message come from particular sender?

4.3. Asymmetric cryptography / Public Key Cryptography (PuKC)

Public key (PuK) and private key (PrK) are used by the PuKC to achieve data
security in the network. PuK and PrK should be generated in such a way that
thesekeys are related to each other. Encryption is perform using the PuKof the
receiver and decryption is perform using the PrK. PuK must be available to use in the
open directory for all the client or nodes in the network. While the PrK of every node
in the network must be kept secret.Suppose two friends Ali and Babar wants to
communicate with other and they agreed on a certain parameters. Ali is the sender and
Babar is the receiver. Ali compose a plain text and ready to transmit to the Babar. Ali
obtain a PuK of the Babar from the open directory and encrypt a plain text with this
key and send it to the Babar. Babar receive the cipher text and decrypt it with its own
PrK as it is only decrypted with the PrK of the receiver. RSA is the most popular
example of PuKC.

In PuKC the problem of sharing of key is solved with the help of PuK and PrK as
we do not need share any key with anyone.

There are six ingredients of public key cryptography. These are

1. Plain Text: A clear message that the receiver needs to receive securely without
any modification over a logical channel.
2. Encryption Algorithm: A Transformation technique apply on the plain text to get
a cipher text PuK and PrK
3. Cipher text: It is a text which must be transmitted to the receiver over a logical
channel. The cipher text is not understandable by the opponent as it is converted
into some other form by means substitution and transposition

26
4. Decryption Algorithm: The algorithm which is mostly used by the receiver to
discover plain text from the cipher with the help of provided secret key. Both the
encryption and decryption algorithm is same for converting plain text to cipher
text and for obtaining plain text from the cipher text.

Figure 4.2: Public Key Cryptography

The below steps shows how a PuKC achieve data security.

1) Every node in the network generate a pair of mathematically linked key.

2) Every node in the network stores its PuK to the common directory.
3) If node wants to communicate with another nodes, he/she get the PuK of a
destination from the common directory.
4) Source node encrypt the data with the PuK and transmit to the destination
node.
5) The destination nodes receive the cipher text and decrypt it with its own PrK.

One that comes in mind that can a node change it PrK, the answer is yes at any time
a node can change its PrK but they need to replace the old PuK with the new
one.For communication with any node only two keys need to know for the node that
is the PuK of both the parties.Confidentiality, Authentication as well as a

27
 combination of both i-e confidentiality and authentication services are provided by
the PuKC

4.4. AES Variants

As we know that the AES is PrKC which means that the same key will used for
encryption and decryption. There are three variants of AES we can work with. The
Block size, key length and number of rounded in AES are different from the DES.
The number of rounds depends on a length of the key as the AES operates on three
different size of the secret key. If the size of the key is 128 bit long, then the number
of rounds of AES will be 10. If the size of the secret key is 192 bit long, then the AES
algorithm will have only 12 rounds. If the size of the key is 256 bit long, then the
AES algorithm will have only 14 rounds. For all size of key 128 bit, 192 bit, 256 bit,
the block size or the length of the plain text is same which is 128 bit. It is obvious that
the long key i-e 256 bit will provide the strongest encryption but the encryption
process will take the time, while on the other hand the smallest key i-e 128 bit will not
provide strong encryption as provide by the longest key but the advantage of using
short key is that the encryption process will be very fast.

4.5. How AES Works?

As AES does not depends on Fiestel Cipher rather it follows an iterative structure
which is mostly based on substitution and permutation. All the steps in AES
algorithm are linked with each other as some operation substitute the input with the
other characters and the output of this substitution is cascaded to the next step where
permutation is preform. In permutation the input bits or bytes the shifted around. The
number of rounds of AES depends on the size of the secret key. As aforementioned
AES will have 9, 11, 13 rounds if the size of the secret key is 128 bit, 192 bit and 256
bit respectively. Each round of AES follow the same steps to produce the output.
Each round has a separate key which is derived from the main AES secret key with
the help of Key Expansion operation. The plain text is divided into blocks of 128 bits
as AES is a block cipher. For example if the plain text is “ how are you” then the AES
will process the plain text into blocks as shows below. It process the plain text in 4x4
column of 16 bytes
H A Y space

28
 O R O space
W E U space
Space space space space

AddRKe
AddRKe
y
l y
InSubByt
SubBytes
es
InShiftRo
ShiftRow
w
MixColu
mn
s
AddRKe s
Inmixcol
y
umn
AddRKe
y
SubBytes inSubByt
K-Exp K-Exp
es
ShiftRow InShiftRo
s

SubBytes ws
MixColu
s
mn
AddRKe
ShiftRow
ys InMixCol
umn
AddRKe

SubBytes y
InSubByt
es
ShiftRow InShiftRo

MixColu ws
s
mn
AddRKe AddRKe
y y

Cipher Text

Figure 4.3: Structure of AES Encryption

29
 4.6. AES Encryption

The encryption process of AES consist of three phases. All the phase has the same
set of operation but with different composition, substitution and permutation. The
phases are listed below.
1. Primary or initial Phase
i. Add Round Key
2. Main Phase
i. Sub Bytes
ii. Shift Rows
iii. Mix Column
iv. Add Round Key
3. Final Phase
i. Sub Bytes
ii. Shift Rows
iii. Add Round key

AES main phase is repeated number of times which depends on the size of the key as
aforementioned.

4.6.1. Initial Round

The initial round contain only add round key which directly operates on the input
key and it is calculated using XORed against the 16 bytes of the expended key. 16
bytes of expended key will be used for the first time and never be repeated. If the first
round key is calculated, then for the second round key bytes 17 to 32 will XORed
against the input state. As shown in the diagram

Table 4.2: Add Round Key

30
This process is repeated until the last round. But in the decryption process the process
will be inverse for each round key i-e the input is XORed against the last 16 bytes of
the expended key.

4.6.2. Main Phase

4.6.2.1. Bytes Substitute.

In this phase the input is substituted with the help of S box which is available to
everyone. The S Box of AES is different from the S box used by the DES or 3DES
encryption algorithm. AES use the same S Box for all the bytes as shown in the figure
below

Table 4.3: S Box for Bytes Substitute: Encryption

4.6.2.2. Shift Rows

In a shift row, we arrange a input into matrix of 4x4 consist of 16 bytes and then
each row is circular shifted. This is a byte wise shift where bytes move one space

31
over. According to the byte wise shift each row is shifted to the left but the first row is
not shifted, it is remain as it is. As shown in the figure. In the figure below each row
is shifted with the account numbers i-e the first row is not shifted, the second row is
shifted to the left by one, the third row is shifted to the left by 2 and so on.

a 0,0 a 0,1 a 0,2 a 0,3 a 0,0 a 0,1 a 0,2 a 0,3

a 1,0 a 1,1 a 1,2 a 1,3 a 1,1 a 1,2 a 1,3 a 1,0


a 2,0 a 2,1 a 2,2 a 2,3 a 2,2 a 2,3 a 2,0 a 2,1

a 3,0 a 3,1 a 3,2 a 3,3 a 3,3 a 3,0 a 3,1 a 3,2

Table 4.4: Procedure for Shift Rows: Encryption

4.6.2.3. Mix Column

It is one of the hardest section of the AES algorithm. Mix column can be divided
into two sub parts. I) Matrix Multiplication ii) Galois Field
i) Matrix Multiplication
This matrix multiplication is not same as we did in the calculus or linear algebra
infect each value in the matrix is multiplied against the input state. Here again the
input state are arranged into 4x4 column consist of 16 bytes. The value of matrix is
multiplied with the value of the input state and it is XORed with 2nd column 1st value
multiply with 2 row first value and produces an output of 16 bytes. The value of
matrix is multiplied with the value of the input state and it is XORed with 2nd column
1st value multiply with 2 row first value and produces an output of 16 bytes.
Let’s explain the concept with the help of example. As we can see in the diagram
the first byte is calculated by multiplication of all the matrix value against all the
values of the input state and then the result of each multiplication is XORed with
another result.

32
This matrix multiplication is not same as we did in the calculus or linear algebra
infect each value in the matrix is multiplied against the input state. Here again the
input state are arranged into 4x4 column consist of 16 bytes. As we can see in the
diagram the first byte is calculated by multiplication of all the matrix value against all
the values of the input state and then the result of each multiplication is XORed with
another result.

Multiplication Matrix
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2
16 bytes states
X1 b5 b9 X13
X2 b6 X10 X14
X3 b7 X11 X15
X4 b8 X12 X16

Table 4.5: Matrix Multiplication: Encryption

In order to get the result of 2nd byte, we must have to multiply the same 4 values of
the state column against 4 values of the 2nd row of the matrix. .

In order to get the result of 3rd byte we must have to multiply the same 4 values of the
state column against 4 values of the third row of the matrix.

In order to get the result of 4th byte we must have to multiply the same 4 values of the
state column against 4 values of the fourth row of the matrix.

33
4.6.2.4. AES Key Expansion

Basically it is a function that can be used for getting rounds key from the main AES
secret key. The main AES key is used as an input to the add round key operation.
With the help of key expansion function all the rounds key are generated which can
be used as an input to the other round key. The round key can be obtained by XORing
with the input state as shown in the figure below.

Figure 4.4: Key Expansion

4.7. AES Decryption Process:

One of the beauty of AES symmetric encryption algorithm is that the encryption and
decryption algorithm is same, you just need to reverse the process means that the
process you performed in encryption, follow the same process but in reverse order.
The steps of decryption process are listed below.

1. Reverse Final Phase

i. Add Round Key
ii. Shift Rows
iii. Substitute Bytes
2. Reverse Main Phase
i. Add Round Key
ii. Mix Column
iii. Shift Rows
iv. Substitute Bytes
3. Reverse Primary Phase
i. Add Round Key

34
In the decryption process of AES, the key that are used in the final round of
encryption process, that key will be used in the first round of decryption process in
order to obtain the plain text from the cipher text.

Shift Rows in the decryption process is same as in the encryption process but the only
difference is that the rows are sifted to the right instead of to the left as shown in the
figure below

a 0,0 a 0,1 a 0,2 a 0,3 a 0,0 a 0,1 a 0,2 a 0,3

a 1,1 a 1,2 a 1,3 a 1,0 a 1,0 a 1,1 a 1,2 a 1,3

a 2,2 a 2,3 a 2,0 a 2,1 a 2,0 a 2,1 a 2,2 a 2,3

a 3,3 a 3,0 a 3,1 a 3,2 a 3,0 a 3,1 a 3,2 a 3,3

Table 4.6: Shift Row for Decryption

The Sub Bytes operation are also inverted in the decryption process as shown in the
figure below.

35
 Table 4.7: S Box for Decryption

The mix column operation is also inverted in the decryption process of AES but the
only difference is that the multiplication matrix is change to another matrix as shown
in the figure below. Shift Rows in the decryption process is same as in the encryption
process but the only difference is that the rows are sifted to the right instead of to the
left as shown in the figure below

Table 4.8: Matrix Multiplication for Decryption

36
 4.8. Attacks on AES Encryption algorithm
Although AES is a very strong encryption algorithm and still in use for many
application such as VPN, compression tool etc. The AES algorithm is still
unbreakable, it is because of the strong variable encryption key. Many attacker try to
attacks on AES encryption algorithm in order to make it vulnerable to use but today
security experts agree that even with today hardware technologies the AES encryption
algorithm required a billion of years to break with 128 bit which is almost impossible.
Different attacks are listed below.

4.8.1. Side Channel Attacks.

The cryptographer does not say that AES is completely secure, despite the
evidence that with current hardware it is impossible to break the AES. Side channel
attack is a kind of attack which attack to obtain information of a physical
implementation of system which is encrypted using AES encryption algorithm. Many
attacker try to attacks on AES encryption algorithm in order to make it vulnerable to
use but today security experts agree that even with today hardware technologies the
AES encryption algorithm required a billion of years to break with 128 bit which is
almost impossible. Such information can still be used to make the vulnerable. This
attacks is possible if there is a week points in the implementation of physical structure
of a system. Below is the few example of the side channel attacks.
AES encryption algorithm. Many attacker try to attacks on AES encryption
algorithm in order to make it vulnerable to use but today security experts agree that
even with today hardware technologies the AES encryption algorithm required a
billion of years to break with 128 bit which is almost impossible. Such information
can still be used to make the vulnerable.
i. Timing attacks,
ii. Power Monitoring attacks,
iii. Electromagnetic attacks.

4.8.1.1. Timing Attacks

Basically it is kind of attack which based on attacker measuring to show that how
must time is required for the computation. Timing Attacks are a type of side channel
attacks. In timing attacks, leaking cache timing information is used as the side

37
channel. If the information about cache timing of a software implementation of AES
is collected and analyzed by an attacker, the secret key of a crypto system can be
deduced. Hence AES is fallible to timing attack.
4.8.1.2. Power Monitoring Attacks

In order to attacks using power monitoring, the attacker try to gained information
about the hardware, that how must power consumption is required in order to attack
on a system.

4.8.1.3. Electromagnetic Attack

In order to attack using the Electromagnetic radiation, the attacker try to get the
radiation of the power system, as it provide sufficient information about the plain
text.The AES algorithm is still unbreakable, it is because of the strong variable
encryption key. Many attacker try to attacks on AES encryption algorithm in order to
make it vulnerable to use but today security experts agree that even with today
hardware technologies the AES encryption algorithm required a billion of years to
break with 128 bit which is almost impossible

4.8.1.4. Device Monitoring Attacks

In order to attacks using power monitoring, the attacker try to gained information
about the hardware, that how must power consumption is required in order to attack
on a system.

4.8.2. Power Analysis Based Side Channel Attack

Although AES is a very strong encryption algorithm and still in use for many
application such as VPN, compression tool etc. The AES algorithm is still
unbreakable, it is because of the strong variable encryption key. Many attacker try to
attacks on AES encryption algorithm in order to make it vulnerable to use but today
security experts agree that even with today hardware technologies the AES encryption
algorithm required a billion of years to break with 128 bit which is almost impossible.
Power analysis is a branch of side channel attacks where power consumption data
is used as the side channel to attack the system. First using a device like an
oscilloscope power traces are collected when the cryptographic device is doing the
cryptographic operation. Then those traces are statistically analyzed using methods
such as Correlation Power Analysis (CPA) to derive the secret key of the system.
38
Being possible to break Advanced Encryption Standard (AES) in few minutes, power
analysis attacks have become a serious security issue for cryptographic devices such
as smart card.
As the first phase of our project, we build a testbed for doing research on power
analysis attacks. As power analysis is a practical type of attack in order to do any
research, a testbed is the first requirement.Many attacker try to attacks on AES
encryption algorithm in order to make it vulnerable to use but today security experts
agree that even with today hardware technologies the AES encryption algorithm
required a billion of years to break with 128 bit which is almost impossible. In spite it
has lot of differences to AES making impossible to directly use the power analysis
approach used for AES, we introduce novel approaches to break Speck in less than an
hour.
In the third phase of the project, we select few already introduced
countermeasures and practically attack them on our testbed to do a comparative
analysis. We show that software countermeasures such as random instruction
injection and randomly shuffling S-boxes are good enough for their simplicity and
cost. But we identify the possible threat due to the problem of generating a good seed
for the pseudo-random algorithm running on the microcontroller. We attempt to
address this issue by using a hardware-based true random generator that amplifies a
random electrical signal and samples to generate a proper seed

39
 5. CHAPTER 5: APPLICATIONS OF AES

5.1. Application of AES Encryption Algorithm.

AES encryption algorithm can still in used in many application such as VPN,
Compression toll, and is still unbreakable it is because of the strong encryption key.
Some of the application are listed below.

5.1.1. Archive and Compression Tool

In order to ensure the file security, many of us used compression tool such as
WinZip, RAR and 7 Zip. All of these application use the AES encryption algorithm in
order to ensure file security. Such application is use to compressed the file in order to
optimize the storage on our computer and decompress the file.

40
 5.1.2. Disk or Partition Encryption
Everyone in the world has some personal information, which they want to keep
secret from the attackers like bank account information, credit card information, and
personal documents. Many of us store all the personal information in one common
directory or disk and encrypt it with some security software. Such security software is
implemented on AES encryption algorithm. Some of the example of encryption
software that use AES encryption algorithm are BitLocker, FileVault and CipherShed
etc.

5.1.3. VPN
Virtual Private Network or VPN is also protected using AES encryption
algorithm. VPN is a tool that provide a security over a public internet. VPNs may
allow employees to securely access a corporate intranet while located outside the
office. They are used to securely connect geographically separated offices of an
organization, creating one cohesive network. VPN setup allow you to access a
websites from outside the country where all your favorite website are protected and
restricted so you can use the VPN setup to access the restricted websites. With simple
VPN setup you can connect to your private network over a less secure internet by
using a tunneling protocol. All such security of VPN is provided using AES
encryption algorithm. As VPN is like an internet application which is not created
almost the same and equally. Some of the best VPN like Express VPN and Nord VPN
use the AES encryption algorithm with 256 bit private key. With simple VPN setup
you can connect to your private network over a less secure internet by using a
tunneling protocol. All such security of VPN is provided using AES encryption
algorithm. VPN setup allow you to access a websites from outside the country where
all your favorite website are protected and restricted so you can use the VPN setup to
access the restricted websites. With simple VPN setup you can connect to your
private network over a less secure internet by using a tunneling protocol.

5.1.4. WhatsApp Messenger

Now a days WhatsApp messenger is a very popular messenger for sharing videos,
pictures with your friends and colleagues. The security of WhatsApp messenger is
provided using AES encryption algorithm.

41
 5.2. Advantage of AES Encryption Algorithm
1. It is considered as one of the robust protocol because of its implementation both in
software and hardware.
2. It is more secure against hacking because of its large private key such as 128 bit,
192 bit and 256 bit encryption.
3. It is most widely used protocol in most application like wireless communication,
bank financial transaction and e business etc.
4. No one can hack your personal information, if you encrypt your personal
information using AES encryption standard.
5. With 128 bit 2128 attempts are needed to break the encryption algorithm.

5.9. Disadvantages of AES Encryption Algorithm

1. Because of tool simple algebra structure, it is considered as vulnerable to attack.
2. Each and every block of the plain text is encrypted in the same way.
3. Very hard to implement in software because of its complexity.

42
 6. CHAPTER 6: EXPERIMENTAL PROGRAMMING

6.1. AES Encryption

In order to achieve message confidentiality between sender and receiver, the AES
encryption algorithm is implemented.
function [Result] = encryption(s, in)
{
Message = printf(“ please enter the private message to encrypt using AES:”)
LengthOfmessage=len(Message)
Message1 = printf(“ please enter the private key used to encrypt using AES:”)
LengthOfmessage1=len(Message1)
if (Parameters ~= 2)
{
error('invalid .');
end
}
43
 for i = 1:(s.rounds - 1)
{
bytes = SubstituteBox(bytes + 1);
bytes = RowsShifting(bytes, 0);
bytes = MixColumn(bytes, s);
bytes = bitxor(bytes, (s.keyexp((1:4) + 4*i, :))');
end
}
bytes = SubstituteBox(bytes + 1);
bytes = RowsShifting(bytes, 0);
bytes = bitxor(bytes, (s.keyexp(4*s.rounds + (1:4), :))');
Result = ChnageShape(bytes, 1, 16);
function Result = MixColumn(in, s)
{
Result = ChnageShape(in([1 6 11 16 5 10 15 4 9 14 3 8 13 2 7 12]),4,4); }
End }
}
In this code the AES encryption algorithm achieve the message confidentiality by
encrypting the plain text into cipher text. In order to encrypt the plain text, the
algorithm asked for the plain text from the user. The characters of the plain text must
be multiple of 16 because AES is a Block cipher and it only works on blocks of 16
bytes. The characters are converted to ASCII code.
These lines of codes are part of the AES encryption

6.2. AES Decryption

In these line of code the cipher text arte get back from the plain text as this
decryption process. As we know that the encryption and decryption process of AES is
same, we need to do the reverse process of encryption in case of decryption.
In these line of code the cipher text arte get back from the plain text as this
decryption process. As we know that the encryption and decryption process of AES is
same, we need to do the reverse process of encryption in case of decryption.
function [Result] = aesdecrypt(s, in)
if (Parameters ~= 2)
error(Invalid.');

44
end
bytes = ChnageShape(in, 4, 4);
bytes = bitxor(bytes, (s.keyexp(s.rounds*4 + (1:4), :))');
for i = (s.rounds - 1):-1:1
{
bytes = RowsShifting(bytes, 1);
bytes = s.inv_s_box(bytes + 1);
bytes = bitxor(bytes, (s.keyexp((1:4) + 4*i, :))');
bytes = MixColumn(bytes, s);
end
}
bytes = RowsShifting(bytes, 1);
bytes = s.inv_s_box(bytes + 1);
bytes = bitxor(bytes, (s.keyexp(1:4, :))');
Result = ChnageShape(bytes, 1, 16);

function Result = MixColumn(in, s)

{
if (a && b)
{bytes = bitxor(bytes, (s.keyexp(1:4, :))');
}
Else
{
Result = ChnageShape(in([1 14 11 8 5 2 15 12 9 6 3 16 13 10 7 4]),4,4);
}
end
}

}% end of file

45
6.3. Results Snapshots

Figure 6.1: Results Snapshot-1

Figure 6.2: Results Snapshot-2

Figure 6.3: Results Snapshot-3

46
47
 7. CHAPTER 7: CONCLUSION

7.1. Conclusion

In this thesis symmetric encryption algorithm such as Advance Encryption

Algorithm is used to achieve the confidentiality of message between client and server
or between sender and receiver by encrypting the secret information using Advance

48
Encryption Standard. Advance Encryption Standard is block cipher algorithm which
encrypt the secret information as a block by block. A block contain multiple bytes
instead of single byte. It uses single private key to achieve the confidentiality of
message between sender and receiver. The long and variable size of private key
makes Advance encryption algorithm harder to crack than any other symmetric
encryption algorithm like Digital Encryption standard. Advance Encryption Standard
uses three different size of private key each for different round but the block size on
which the Advance Encryption Standard works is same for all the rounds. The size of
the private key are 128bit long for 10 rounds, 192bit long for 12 rounds and 256bit
long key for 14 rounds. Such variability of advanced encryption standard in the
rounds as well as in the private key achieve message confidentiality in an efficient
manner.

49
7.2. References
1. Cryptography and Network Security: Principles and Practice : A Book By
William Stalling
2. Digital Signature Algorithms. Cryptologia 37(4): 311-327 (2013)
3. E-Mail: Pretty Good Privacy. Encyclopedia of Information Assurance 2011
4. Network Security Essentials - Applications and Standards (4. ed., internat.
ed.). Pearson Education 2010, ISBN 978-0-13-610805-4, pp. 1-431
5. NIST Block Cipher Modes of Operation for Authentication and Combined
Confidentiality and Authentication. Cryptologia 34(3): 225-235(2010)
6. Cryptography and network security - principles and practice (3. ed.). Prentice
Hall 2003, ISBN 978-0-13-111502-6, pp. I-XIV, 1-681
7. Network security essentials - applications and standards (2. ed.). Prentice
Hall 2003, ISBN 978-0-13-120271-9, pp. I-XV, 1-409
8. Tutorial Point : Internet source.
9. ”What is Adanced Encryption Standards?”,
http://searchsecurity.techtarget.com/definition/Advanced- Encryption-Standard,
Dated: 11 July 2015
10. Daniel J. Bernstein, Cache-timing attacks on AES., Department of
Mathematics, Statistics, and Computer Science (M/C 249) The University of
Illinois at Chicago, IL 606077045
11. ”Encryption”, https://en.wikipedia.org/wiki/Encryption, Dated: 11 July 2015
12. https://en.wikipedia.org/wiki/Symmetric-key algorithm Dated: 11 July 2015
13. Bernstein, Daniel J. "Cache-timing attacks on AES." (2005).
14. Bogdanov, Andrey. "Improved side-channel collision attacks on AES."
In International Workshop on Selected Areas in Cryptography, pp. 84-95.
Springer, Berlin, Heidelberg, 2007.
15. Chang, Kuo-Huang, Yi-Cheng Chen, Chung-Cheng Hsieh, Chi-Wu Huang, and
Chi-Jeng Chang. "Embedded a low area 32-bit AES for image
encryption/decryption application." In 2009 IEEE International Symposium on
Circuits and Systems, pp. 1922-1925. IEEE, 2009.
16. Alabaichi, A., & Salih, A. I. (2015, October). Enhance security of advance
encryption standard algorithm based on key-dependent S-box. In 2015 Fifth

50
 International Conference on Digital Information Processing and
Communications (ICDIPC) (pp. 44-53). IEEE.
17. Network Security Essentials - Applications and Standards (4. ed., internat.
ed.). Pearson Education 2010, ISBN 978-0-13-610805-4, pp. 1-431
18. NIST Block Cipher Modes of Operation for Authentication and Combined
Confidentiality and Authentication. Cryptologia 34(3): 225-235(2010)
19. Cryptography and network security - principles and practice (3. ed.). Prentice
Hall 2003, ISBN 978-0-13-111502-6, pp. I-XIV, 1-681
20. Network security essentials - applications and standards (2. ed.). Prentice
Hall 2003, ISBN 978-0-13-120271-9, pp. I-XV, 1-409

51