Professional Documents
Culture Documents
08 Chapter3
08 Chapter3
CHAPTER 3
RESEARCH METHODOLOGY
3.1 INTRODUCTION
After receiving the shared secret key from the server, client B
verifies the authentication of the trusted server and client A. Once found
authenticated, client B accepts the key. As a result client B generate the
shared secret key, encrypted its and sends it to the trusted server. Server S
verifies the authentication on client B and accepts the key and sends it to
client A. On receiving the shared key client A verifies the authentication of
the trusted server and client B. if authenticated it verifies the shared secret key
received from client B. On verification the secured communication between
Client A and B begins.
3.2.1 Notations
p: a large prime.
3.2.2 Procedure
The information that each client shares only with the server is their
corresponding passwords.
Choose nonce r A
Choose RA R Zp
Compute NA gRA(modp)
Compute KAS NArA(mod p)
{IDA,IDB,IDS,EpwA(NA),FS(rA),fKAS(NA)}
Choose nonce rB
Choose RB RZp
Compute NB gRB(modp)
Compute KBS NBRB(mod p)
{IDA,IDB,IDS,,EpwA(NA),FS(rA),fKAS(NA),
EpwB(NB),FS(rB),fKBS(N}
RS
Step 3 : B , fKAS (IDA, IDB, KAS,NBRS), NARS, fKBS (IDA,IDB,
KBS, NA RS)}.
{NBRS,fKAS(IDA,IDB,KAS,NBRS),{NARS,fKBS(IDA,IDB,KBS,NARS)}
RS
Step 4 : B , f KAS (IDA, IDB, KAS, NBRS), fK(IDB, K)}
User A Server
User B
Verify fKBS(IDA,IDB,KBS,NARS)
Compute K (NARS)RB(mod p)
{ NBRS, fKAS(IDA,IDB,KAS,NBRS),fK(IDB,K)}
Verify fKAS(IDA,IDB,KAS,NBRS
Compute K (NBRS)RA(mod p)
Verify fK(IDB,K)
{fK(IDA,K)}
Verify fK(IDA,K)
Finally client A and client B has exchanged the secret key and now
the secured communication begins using the shared secret key. The overall
representation of the encrypted key exchange protocol is shown in figure 3.7.
69
Choose nonce rA
Choose RA R Zp
Compute NA gRA(modp)
Compute KAS NArA(mod p)
{IDA,IDB,IDS,EpwA(NA),FS(rA),fKAS(NA)}
Choose nonce rB
Choose RA RZp
Compute NA gRA(modp)
Compute KAS NArA(mod p)
{IDA,IDB,IDS,EpwA(NA),FS(rA),fKAS(NA),EpwB(NB),FS(rB),fKBS(NB)}
DecryptEpwA(NA) and E pwB(NB)
Extract rA and rB from Fs(rA) and Fs(rB)
compute KAS NArA(mod p)
compute KBS NBrB (mod p)
Verify fKAS(NA) and fKBS(NB)
Choose RS R Zp
Compute NARS (mod p) and NBRS(mod p)
{NBRS,fKAS(IDA,IDB,KAS,NBRS),NARS, fKBS(IDA,IDB,KBS,NARS)}
Verify fKBS(IDA,IDB,KBS,NARS)
Compute K (NARS)RB(mod p)
{NBRS, fKAS(IDA,IDB,KAS,NBRS),NARS,{fK(IDB,K)}
Verify fKAS(IDA,IDB,KAS,NBRS)
Compute K (NBRS)RA(mod p)
Verify fK (IDB,K)
{fK(IDA,K)}
Verify fK(IDA,K)
RS
Step7 : After receiving the message B simply compares N*A =
NARS.If N*A RS
= NARS, it follows that PWA* = PWA. The
diagrammatic representation of the same is shown in Figure 3.8.
{IDA,IDB,IDS,EPWA(NA),FS(rA),fKAS(NA),EPWB(NB),FS(rB),fKBS (NB)}
Choose nonce rC
Choose RC R Zp
Compute NC gRC(modp)
Compute KCS NCrC(mod p)
{IDA,IDC,IDS,EPWA(NA),FS(rA),fKAS(NA),EPWC(NC),F S(rC),fKCS (NC)}
fK(IDA,K)
Verify fK(IDA,K)
Step2 : C S: {IDA, IDC, ID S, EPWA (N A), F S(r A), f KAS (N A), E PWC(N C),
F S(rC ), f KCS (NC)}
RS RS RS
Step3 : S C :{ NC , fKAS(IDA, ID C, K AS, NC ), NC , fKCS(IDA,
ID C, K CS, NARS )}
RS RA
If successful B computes the session key K = (N C ) =
gRSRARC and authenticates C by checking f K(IDC,K). If
authentication is passed, B computes and sends f K(IDA,K) (B
uses ID A to make C believe that it is A).
Prime number
Cyclic group
For example, if G = { g0, g1, g2, g3, g4, g5 } is a group, then g6 = g0,
and G is cyclic.
Properties
NOT: The output value is the inverse of the input value (i.e.,
the output is TRUE if the input is false, FALSE if the input is
true)
78
XOR 0 1
0 0 1
1 1 0
The problem with secret keys is exchanging them over the Internet
or a large network while preventing them from falling into the wrong hands.
Anyone who knows the secret key can decrypt the message. One answer is
asymmetric encryption, in which there are two related keys as a key pair. A
public key is made freely available to anyone who might want to send you a
message. A private key is kept secret, so that only you know it. Any message
(text, binary files, or documents) that are encrypted by using the public key
can only be decrypted by applying the same algorithm, but by using the
80
matching private key. Any message that is encrypted by using the private key
can only be decrypted by using the matching public key.
This means that there is no worry about passing public keys over
the Internet (the keys are supposed to be public). A problem with asymmetric
encryption, however, is that it is slower than symmetric encryption. It requires
far more processing power to both encrypt and decrypt the content of the
message.
S-DES
The function fK takes as input not only the data passing through the
encryption algorithm, but also an 8-bit key. The algorithm could have been
designed to work with a 16-bit key, consisting of two 8-bit subkeys, one used
for each occurrence of fK. Alternatively, a single 8-bit key could have been
used, with the same key used twice in the algorithm.
81
ciphertext = IP(fk2(SW(fk1(IP(plaintext)))))
First, the key is permuted in the following fashion. Let the 10-bit
key be designated as (k1, k2,k3, k4, k5, k6, k7, k8, k9, k10 10). Then the
permutation P10 is defined as:
P10( k1, k2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, k2, k7, k4, k10,
k1, k9, k8, k6) P10 can be concisely defined by the display:
This Table 3.1 is read from left to right; each position in the table
gives the identity of the input bit that produces the output bit in that position.
So the first output bit is bit 3 of the input; the second output bit is
bit 5 of the input, and so on. For example, the key (1010000010) is permuted
to (1000001100). Next, perform a circular left shift (LS-1), or rotation,
separately on the first five bits and the second five bits. In our example, the
result is (00001 11000). Next we apply P8, which picks out and permutes 8 of
the 10 bits according to the following rule:
P8
6 3 7 4 8 5 10 9
S-DES Encryption
IP
26314857
83
This retains all 8 bits of the plaintext but mixes them up. At the end
of the algorithm, the inverse permutation is used.
1
IP
41357286
The Function fK
E/P
41232341
84
n4 n1 n2 n3
n2 n3 n4 n1
The 8-bit subkey K1 = ( k11 11, k12 12, k13 13, k14 14, k15 15,
k16 16, k17 17, k18 18) is added to this value using exclusive- OR:
The first 4 bits (first row of the preceding matrix) are fed into the S-
box S0 to produce a 2-bit output, and the remaining 4 bits (second row) are fed
into S1 to produce another 2-bit output. The S-boxes operate as follows. The first
and fourth input bits are treated as a 2-bit number that specify a row of the S-box,
and the second and third input bits specify a column of the S- box.
The entry in that row and column, in base 2, is the 2-bit output. For
example, if ( box. p0,0 p0,3 0,3) = (00) and ( p0,1 p0,2 0,2) = (10), then the
output is from row 0, column 2 of S0, which is 3, or (11) in binary. Similarly,
( p1,0 p1,3 1,3) and ( p1,1 p1,2 1,2) are used to index into a row and column
of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1
undergo a further permutation as follows:
P4
2431
85
The function fK only alters the leftmost 4 bits of the input. The
switch function (SW) interchanges the left and right 4 bits so that the second
instance of fK operates on a different 4 bits. In this second instance, the E/P,
S0, S1, and P4 functions are the same. The key input is K2.
IP an initial permutation
The resulting 8 bit of the function fK is then given as an input to the inverse
permutation IP-1, which is the inverse of the initial permutation IP.
Encryption Decryption
P10
SHIFT
SW SW
K2 K2
P8
fK fK
IP-1 IP
The 8 bit plain text is permuted using the initial permutation and
the output is fed into the function fK. The function fK divides the 8 bit
plaintext into two 4 bits. The right most 4 bits of the initial permuted output is
permuted again using expansion permutation E/P so that, it results in an 8 bit.
87
The resulting 8 bits are EX-ORed with the 8 bit key input K1. The output of
the EX-OR gate 1 is then divided into the right most 4 and left most 4 bits.
Each 4 bit is given as an input to two different substitution boxes S0 and S1.
The output of the substitution boxes are permuted using P4 permutation. The
resulting 4 bit of the P4 permutation is then EX-ORed with the left most 4 bits
of the output of initial permutation using EX-OR gate 2.
IP
E/P
+ K1
S0 S1
P4
+ E/P
+ K2
S0 K2 S1
P4
IP -1
The 4 bit output of EX-OR gate 2 and the right most 4 bit of the
initial permutation are given as an input to the SW function. The SW function
is the simple permutation that swaps the rightmost 4 bit with the liftmost 4 bit.
The rightmost 4 bit of the SW function is then expanded to 8 bit using the
expansion permutation E/P. The Expanded 8 bit is then EX-OR ed with the
key input K2. The output of the EX-OR gate 3, 8 bit is divided into two
halves and are given as input to two different substitution boxes S0 and S1.
Initial permutation
k1 k2 k3 k4 k5 k6 k7 k8
k2 k6 k3 k1 k4 k8 k5 k7
Expansion/Permutation (E/P)
Exp
k1 k2 k3 k4
k4 k1 k2 k3 k2 k3 k4 k1
from the shift function are given as an input to the P8 permutation. The P8
permutation accepts 10 bits as input and produces 8 bit as output. The
resulting 8 bit is taken as the key K1. The 5 bit output from the two shift
function (LS-1) is given as input to two different shift function (LS-2). The
resulting 10 bits from the two different (LS 2) functions are given as input to
P8 permutation. The P8 permutation function accepts 10 bits as input and
produces 8 bits as output. The 8 bit output from the P8 permutation function
is taken as the key input K2. The diagrammatic representation of the same is
shown in the Figure 3.14.
10
P10
5 5
LS-1 LS-1
5 5
P8
8
K1
LS-2 LS-2
5 5
P8
8
K2
P10 Permutation
k1 k2 k3 k4 k5 k6 k7 k8 k9 k10
k3 k5 k2 k7 k4 k10 k1 k9 k8 k6
P8 Permutation
Permutate 10 into 8
k1 k2 k3 k4 k5 k6 k7 k8 k9 k10
k6 k3 k7 k4 k8 k5 k10 k9
In the left shift (LS-1) function, 5 bits are accepted as input. Each
bit in the input pattern is shifted one bit to its left. The leftmost bit is then
shifted towards the rightmost position. Hence the output bit pattern differs
entirely from the input bit pattern. The diagrammatic representation of the
same is shown in the Figure 3.17.
k3 k5 k2 k7 k4 k10 k1 k9 k8 k6
k5 k2 k7 k4 k3 k1 k9 k8 k6 k10
The left shift (LS-2) function also shifts the input bits to the left
where the leftmost two bit are shifted to the rightmost bit position at the
output. The leftmost bit occupies the second right position and the second left
bit occupies the rightmost bit position. The output of the shift operation
differs entirely from the input bit. The diagrammatic representation of the
same is shown in the Figure 3.18.
k3 k5 k2 k7 k4 k10 k1 k9 k8 k6
k2 k7 k4 k3 k5 k9 k8 k6 k10 k1
Substitution Boxes
S0 S1
1 0 3 2 0 1 2 3
3 2 1 0 2 0 1 3
0 2 1 3 3 0 1 0
3 1 3 2 2 1 0 3
RSA
Key generation
RSA involves a public key and a private key. The public key can be
known to everyone and is used for encrypting messages. Messages encrypted
with the public key can only be decrypted using the private key. The keys for
the RSA algorithm are generated the following way:
Compute n = pq.
n is used as the modulus for both the public and private keys
Encryption
A transmits its public key (n,e) to B and keeps the private key
secret. B then wishes to send message M to A. A first turns M into an integer
0 < m < n by using an agreed-upon reversible protocol known as a padding
scheme. it then computes the cipher corresponding to the message.
This can be done quickly using the method of exponentiation by squaring. B
then transmits to A.
Decryption
p = 61 and q = 53
Compute n = pq
e = 17
d = 2753
To decrypt c = 855
97
SHA1 Features: