Chapter 2

Symmetric Encryption & Message

Confidentiality
 Table of Contents
Symmetric Encryption Principles Complete Summary Process
01 05

Cryptography Cryptanalysis
02 06

Type of Operations Feistel Cipher Structure

03 07

Symmetric Block Encryption (DES)

The Way in Which Plaintext is
04 Processed
08
 Table of Contents
Triple DES Location of Encryption Device
09 13

Advanced Encryption Standard

10

Key Distributions (Symmetric)

11

Other Symmetric Block Cipher

12
SYMMETRIC ENCRYPTION
PRINCIPLES
 SYMMETRIC ENCRYPTION PRINCIPLES

• An encryption scheme has five ingredients:

 Plaintext
 Encryption algorithm
 Secret Key
 Ciphertext
 Decryption algorithm

• Security depends on the secrecy of the key, NOT the secrecy of

the algorithm
 SYMMETRIC ENCRYPTION PRINCIPLES

• The purpose of encryption is to change data in such a way that only an

authorized recipient is able to reconstruct the plaintext.

• This allows us to transmit data without worrying about it getting into

unauthorized hands.
SYMMETRIC ENCRYPTION PRINCIPLES
CRYPTOGRAPHY
 CRYPTOGRAPHY

Cryptography is the practice of the enciphering and deciphering of

messages in secret code in order to render them unintelligible to all
but the intended receiver

THREE independent important components of the cryptography

process:

 Type of operations.

 The number of keys.

 The way in which the plaintext is processed.

TYPE OF OPERATIONS
 TYPE OF OPERATIONS

• The type of operations used for transforming plaintext to

ciphertext.

• All algorithms are based on 2 general principles:

 Substitution

 Transposition
 TYPE OF OPERATIONS

Substitution / Transposition
 SUBSTITUTION

• Substitution

Hello Alice, 56455 4565,

I Love You! 4 1478 45677

Regards, 89742214
Bob 365

Plain text Cipher text

 SUBSTITUTION

• Substitution involves replacing elements of the plaintext with other

elements according to a predefined rule or key.

• In the context of cryptography, this usually means substituting

letters or characters with other letters or characters.
 TRANSPOSITION

• Transposition

Hello Alice, Ohlle iceal,

I Love You! uI! LIoo vey

Regards, sargerd,
Bob oBb

Plain text Cipher text

 TRANSPOSITION

• Transposition involves rearranging the order of elements in the

plaintext without changing the actual elements themselves.

• Encrypting a message by means of transposition does not change

the original characters of this message, only their order is
modified.
THE NUMBER OF KEYS
USED
 THE NUMBER OF KEYS USED

Ohlle iceal,
The number of keys used
• single-key (symmetric) uI! LIoo vey
• two-key (asymmetric)
sargerd,
oBb

Cipher text

Note: Asymmetric will be discussed in detail in Chapter 3.

THE NUMBER OF KEYS USED

Symmetric / Asymmetric
 THE WAY IN WHICH
PLAINTEXT PROCESSED
 THE WAY IN WHICH PLAINTEXT PROCESSED

• Processed using block cipher or stream cipher.

Ohlle iceal, Ohlle iceal,

uI! LIoo vey uI! LIoo vey

sargerd, sargerd,
oBb oBb

Symmetric key Block Cipher

 THE WAY IN WHICH PLAINTEXT PROCESSED

• Stream Cipher - A stream cipher encrypts data one bit or one byte
at a time, in a continuous stream.

• Block Cipher - Encrypts data in fixed-size blocks.

 THE WAY IN WHICH PLAINTEXT PROCESSED

Block Cipher / Stream Cipher

COMPLETE SUMMARY
PROCESS
1 2 3

5 4
CRYPTANALYSIS
 CRYPTANALYSIS

• Process of attempting to discover the plaintext or key.

• The strategy used by the cryptanalyst (Hacker) depends on the

nature of the encryption scheme and the information available to
the cryptanalyst.
 CRYPTANALYSIS

Example of attack that adopts by cryptanalysis:

entity Theft

Brute Force Attack

Dictionary Attack

Probable Word Attack

 Brute Force Attack
• The approach involves trying and testing all possible keys in order to
recover the plaintext from cipher text.

• Consists of searching, by trial and error, for a username and

password.

• Any computer, network equipment, or service that is accessible via

the Internet, with a username and password, can be the target of a
brute force attack.

• Mobile devices, which are password protected, in addition to being

able to be attacked by the network, can also be the target of this type
of attack if the attacker has physical access to them
 Dictionary Attack
• It is a technique for defeating a cipher text by trying to determine its
decryption key by searching a large number of possibilities.

• Method used in cryptography and computer security to crack

passwords or encryption keys by systematically trying all words or
combinations of words from a pre-existing list known as a "dictionary"
or "wordlist.

• In contrast with a brute force attack, where all possibilities are

searched exhaustively, a dictionary attack only tries possibilities that
are most likely to succeed, typically derived from a list of words in a
dictionary.
 Probable Word Attack

• This attack, a guess is made as to a word that may occur in the

text.

• For example the guess that the words 'fuehrerhauptquartier' (the

Führer's headquarters) exists in the encrypted document.

• Probable word attacks can be effective in situations where the

attacker has some knowledge or assumptions about the plaintext.
 Average Time Required for Exhaustive Key Search

Key Size (bits) Number of Alternative Time required at 1 decryption/µs Time required at 106
Keys decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
FEISTEL CIPHER
STRUCTURE
 Feistel Cipher

• Virtually all conventional block encryption algorithms, including

DES have a structure first described by Horst Feistel of IBM in
1973

• The realization of a Feistel Network depends on the choice of the

following parameters and design features.
Classical Feistel Network
Classical Feistel Network
Feistel Cipher
 Feistel Cipher Structure

To increase security in Feistel Cipher Structure:

• Block size: larger block sizes mean greater security
• Key Size: larger key size means greater security
• Number of rounds: multiple rounds offer increasing security
• Subkey generation algorithm: greater complexity leads to
greater difficulty of cryptanalysis, but slows cipher
• Round function: greater complexity will make analysis harder,
but slows cipher
• Fast software encryption/decryption: the speed of execution of
the algorithm becomes a concern
SYMMETRIC BLOCK ENCRYPTION
DES
(DATA ENCRYPTION STANDARD)
 Data Encryption Standard (DES)

• The most widely used encryption scheme. However, due to

advances in computing power, DES is now considered to provide
inadequate security for most applications.

• DES is a block cipher.

• The plaintext is processed in 64-bit blocks and key is 56 bits in

length.

• The algorithm consists of several rounds of permutation and

substitution operations known as the Feistel network structure.
Plaintext

Cipher
text
56-bit key
Plaintext Key

Cipher
text Process

Cipher
text
Feistel
Cipher
 Feistel
DES Cipher
 DES
• The overall processing at each iteration:
• Li = Ri-1
• Ri = Li-1
• F(Ri-1, Ki)
 DES
• The overall processing at each iteration:
• Li = Ri-1
• Ri = Li-1
• F(Ri-1, Ki)
 DES
• The overall processing at each iteration:
• Li = Ri-1
• Ri = Li-1
• F(Ri-1, Ki)
 Disadvantage of DES
• DES uses a relatively short key length of 56 bits. With advances in
computing power, this key length is no longer considered secure
enough to resist brute-force attacks.

• DES operates on fixed-size blocks of 64 bits. This fixed block size

can be problematic when encrypting large amounts of data.

• DES has limited flexibility in terms of key sizes and modes of

operation. It only supports a 56-bit key length and a single block
size of 64 bits.
TRIPLE DES
 Disadvantage of DES
• Use three keys and three executions of the DES algorithm.

(encrypt-decrypt-encrypt)

C= E(K3, D(K2, E(K1,P) ) )

• C = ciphertext
• P = Plaintext
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K

• The effective key length of 168 bits

 Triple DES

C= E(K3, D(K2, E(K1,P) ) )

Step 1

Step 2

• C = ciphertext
• P = Plaintext Step 3
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K
Triple DES
Triple DES
 Triple DES overcome DES

• Triple DES (3DES) is designed to overcome some of the security

vulnerabilities of the Data Encryption Standard (DES).

• Longer key length, 168-bit key length, that overcomes the

vulnerability to brute-force attack of DES.

• Very resistant to cryptanalysis, in the sense of a longer time of

period to scrutinize the algorithm.
 Drawbacks of 3DES

• The original DES algorithm was designed in the mid-1970s when

hardware implementations were the primary focus. As a result, the
DES algorithm does not lend itself to efficient software
implementations due to its design and structure.

• 3DES which has three times as many rounds as DES. The

additional rounds further contribute to the increased computational
overhead and slower.

• Both DES & 3DES use a 64-bit block size. Unfortunately, the 64-bit
block size is not large enough for efficiency and security.
ADVANCED ENCRYPTION
STANDARD

(AES)
 Advance Encryption Standard

• Is a symmetric block cipher

• Uses a block length of 128 bits

• A key length that can be 128, 192 or 256 bits

• Does NOT use a Feistel structure but processes the entire data
block in parallel during each round using substitutions and
permutation
 Advance Encryption Standard

Four stages are used in AES:

• One of permutation and three of substitution.
• Stages:
• Substitute bytes: Uses a table to perform a byte-by-byte
substitution of the block.
• Shift rows: A simple permutation that is performed row by row.
• Mix columns: A substitution that alters each byte in a column as a
function of all of the bytes in the column.
• Add round key: A simple bitwise XOR of the current block with a
portion of the expanded key.
 Advanced Encryption Standard

• Once established that all four stages, all stages are reversible to
recover the plaintext.

• AES is considered a robust and reliable encryption algorithm,

offering strong security, efficiency, and broad compatibility.

• AES was selected by the National Institute of Standards and

Technology (NIST) in 2001 to replace the aging Data Encryption
Standard (DES) and Triple DES (3DES) algorithms.
Advanced Encryption Standard
KEY DISTRIBUTION
(SYMMETRIC)
 Key Distribution (Symmetric)

• Four possible ways or options to achieve key distribution:

Option 1:
• A key could be selected by Alice and physically delivered to Bob.

Option 2:
• A 3rd party could select the key and physically deliver it to Alice and
Bob.
 Key Distribution (Symmetric)

Option 3:
• If Alice and Bob have previously used a key, one party
could transmit the new key to the other, encrypted using
the old key.

E(NewKey)OldKey  D(NewKey)OldKey = NewKey

 Key Distribution (Symmetric)

Option 4:
• If Alice and Bob each have an encrypted connection to a
third party, the third party could deliver a key on the
encrypted links to Alice and Bob.
Step 2: Security service Step 3: KDC
buffer packet; asks KDC distributes session
Option 4:
for session key. key in both hosts.
3rd party

Step 1: Host sends

packet requesting
connection.

Alice Bob
Step 4: Buffered packet
transmitted.
OTHER SYMMETRIC BLOCK
CIPHER
 Other Symmetric Block Cipher

International Data Encryption Algorithm (IDEA)

• Symmetric block cipher developed in the early 1990s.
• It uses a 64-bit block size and supports key sizes of 128 bits.
• Used in PGP (Pretty Good Privacy)

Blowfish
• Easy to implement
• High execution speed
• It has been widely adopted in various applications, including disk
encryption, virtual private networks (VPNs), and secure file transfer
protocols.
 Other Symmetric Block Cipher

RC5
• Suitable for hardware and software
• Fast, simple
• Adaptable to processors of different word lengths
• Variable number of rounds
• Variable-length key
• Low memory requirement
• High security
• Data-dependent rotations
 Other Symmetric Block Cipher

CAST - 128
• It uses a fixed 64-bit block size and supports key sizes ranging from
40 bits to 128 bits.
• The round function differs from round to round.
• CAST-128 employs a Feistel network structure.
LOCATION OF ENCRYPTION
DEVICE
 Link encryption:
 A lot of encryption devices
 High level of security
 Decrypt each packet at every
switch
 End-to-end encryption
 The source encrypt and the
receiver decrypts
 Data is encrypted
 Header is not encrypted
 High Security: Both link and end-to-
end encryption are needed
Disadvantage: The message must be decrypted each time it
enters a packet switch.
Why?
Because: The switch must read the address (Virtual circuit
number) in the packet header to route the packet. Therefore,
the message is vulnerable at each switch.
THANK YOU
Insert the Subtitle of Your Presentation