Security Protocols is a class of cryptographic algorithms. The both of encryption and decryption process are used by using the same key. Nowadays cryptanalysis on security protocols is encouraging the use of larger key sizes and complex algorithms to fulfill the un crack able state. A protocol describes how the algorithms should be used. The Protocol which includes details about data structures and representations is called as sufficient detailed protocol. And it can be used to implement multiple, interoperable versions of a program. In whatever way, computational complexity is an increase by using this leads. By using high-end computing hardware this will develop high performance security protocols schemes by researchers. Peer -to- peer (p2p) or enterprise grids are as one of the approaches for developing cost effective high-end computing systems. By using them one can improve the performance of security protocols through parallel execution. For adoption by businesses to secure their documents by using this approach makes it attractive. And in this project we implement some security protocols like DES. In some Places, DES is also called as DEA (the Data Encryption Algorithm)
Symmetric key cryptography, also called private key or secret key cryptography, is a method that uses the same key for encryption of plain text to generate the cipher text and decryption of the cipher text to get the original plain text. This method is used to secure data for transmission over open networks such as the Internet. By the use of advanced algorithms the use of keys is complemented .These algorithms are divided into two parts. One is stream ciphers and another one is block ciphers. steam ciphers are encrypt the bytes of message at a time, and block ciphers are take a number of bytes but it will encrypt them as a single unit. Blocks of 64k bits have been commonly used. By NIST advanced Encryption standard algorithm is approved in December 2001 uses 128-bit Blocks.
Some examples of popular and well-respected symmetric algorithms include Serpent, AES (Rijndael), Blowfish, CAST5, RC4, DES, and IDEA.
A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. In this project we implement some security protocols like DES. DES was developed at IBM in 1977 and endorsed by the U.S. Department of Defense as an official standard and forms the basis not only for the Automatic Teller Machines (ATM) PIN authentication but a variant is also utilized in UNIX password encryption. DES applies a symmetric 56-bit key to each 64- bit block of data. The process can run in several modes and involves 16 rounds or operations. DES consists of 16 rounds, so in order to produce the cipher text the main algorithm is to be repeated for 16 times. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially.
In many applications and environments we use data encryption i.e., Cryptography. The specific utilization of encryption and the implementation of the DES and TDEA1 will be based on many factors particular to the computer system and its associated components. Normally, cryptography is used to secure the data from physical theft or in communications. While communication we secure the data by encrypting it at the transmitting point and decrypting it at the receiving point. File security provides protection to data by encrypting it when it is recorded on a storage medium and decrypting it when it is read back from the storage medium.
2. History of DES
In the early 1970s the origins of DES go back. In 1972, a strong cryptographic algorithm was needed to protect the non classified information in the National Institute of Standards and Technology. The algorithm was required to be cheap, widely and very secure. NIST envisioned something that would be used in a wide variety of applications available to the general public and could be used in a wide variety of applications. Such an algorithm was asked by them for public proposals. IBM submitted the Lucifer algorithm in 1974, most of NIST's design requirements is to meet which appeared. Computer security needs after concluding a study on the US government's, the standards of US body NBS (National Bureau of Standards) now it's NBS is named as NIST (National Institute of Standards and Technology) for encrypting unclassified wide standard which identifies a need for a government, sensitive information. On 15 May 1973, solicited proposals for a cipher would meet rigorous design criteria after consulting with the NSA, NBS. However none of the submissions, turned out to be suitable. on 27 August 1974 a second request was issued. This time, during the period of 1973-1974 the IBM submitted a candidate who was deemed acceptable a cipher developed based on an earlier algorithm. The IBM team was involved in cipher design and analysis included Bill Notz, Roy Adler, Don Coppersmith, Lynn Smith, Carl Meyer, Mike Matyas, Walter Tuchman, Edna Grossman, Feistel, Alan Konheim, and Bryant Tuckerman.
The Federal Register was published on 17 March 1975. Two open workshops were held in the following year to discuss the proposed standard. Various parties have their some criticism, from public-key cryptography pioneers included, shortened key length citing and "S-boxes" mysterious and improper interference as evidence from the NSA. The suspicion was that the intelligence agency was covertly weakened the algorithm so that theybut any body can't read that encrypted message. One of the designers of DES Alan Konheim commented that, "We sent the S-boxes off to Washington and all different they came back." Select Committee on Intelligence reviewed by the United States Senate and the NSA's actions to determine whether there was any improper involvement. Finding them as unclassified summary published in 1978, the Committee wrote:
"The DES development, NSA convinced IBM and the key size was reduced in sufficient; an S-box structure was indirectly assisted in development; and the final DES algorithm was certified, to the best knowledge and free from any statistical or mathematical weakness."
However, it also found that
"Any way the NSA algorithm design was not tamper. the algorithm was invented and designed by the IBM, made all pertinent decisions regarding it, and for all commercial applications concurred that the agreed upon key size was more than adequate for which the DES was intended."
Walter Tuchman, DES team another member, is saying that, "They developed the entirely DES algorithm within IBM using IBMers. A single wire did not dictate by the NSA". In contrast, a declassified NSA book on crypto logic history states:
"For a data encryption standard (DES) NBS solicited private industry in 1973. Disappointing the first offerings, so on its own algorithm NSA works. Deputy director Howard Rosenblum, for research and engineering, discovered that Walter Tuchman for general use IBM was working on a modification to Lucifer. Tuchman a clearance given by the NSA and bring him in to work with the Agency on his Lucifer modification jointly."
"To strengthen the algorithm against all except brute force attacks both NSA and IBM worked closely and to strengthen substitution tables, called as S-boxes. To reduce the length of the key from 64 to 48 bits NSA tried to convince IBM and on a 56-bit key they compromised ultimately." In the S-boxes some of the suspicions about hidden weaknesses were allayed in 1990, Eli Biham and Adi Shamir by the open publication and independent discovery of differential cryptanalysis, for breaking block ciphers it's a general method. The S-boxes of DES which have more resistant to the attack than if they were chosen in random, strongly suggesting that in the 1970s IBM know about the technique back. This was absolute case in 1994; some of the original design for the S-boxes was published by the Don Coppersmith. IBM's secrecy decision explained by the Coppersmith saying, "That was because differential cryptanalysis was very powerful tool, used against in many schemes, and national security was affected in the public domain could adverted that there was concern that such information." Levy quotes Walter Tuchman: "they asked us to stamp all our documents confidential... We actually put a number on each one and locked them up in safes, because they were considered U.S. government classified. They said that do it. So I did it".
3. Literature Review:
The process of transforming plaintext data into cipher text in order to prevent any unauthorized recipient from retrieving the original data is known as Encryption. So, to maintain data secrecy encryption is used. At the transmitter end the sender encrypts the data and sends it over the public network and at the receiver end the receiver has to decrypt the data to read the original data. The Data which is represented as numbers is encrypted using a special encryption formula called a key. So, to send and receive the data securely, this key should be known to both sender and receiver. The sender uses this key to encrypt the data before transmission and the receiver uses this key to decrypt the data. The encryption and decryption process is shown in the figure below.
To keep information confidential and to ensure its integrity and authenticity a tool called Cryptography is used. All modern Cryptographic systems are based on Kirchhoff's principle of having a publicly-known algorithm and a secret key. To transform the plaintext into the cipher text many Cryptographic algorithms use complex transformations involving substitutions and permutations. If Quantum Cryptography is made practical then the use of one-time pads may provide truly unbreakable Cryptosystems.
Cryptographic algorithms can be divided into two types. They are:
- Symmetric-key algorithms and
- Public-key algorithms.
In this to convert the plaintext into the cipher text the Symmetric-key algorithms mangle the bits in a series of rounds parameterized by the key. The most popular symmetric-key algorithms at present are Triple DES and Rijndael (AES). These algorithms are used in electronic code book mode, stream cipher mode, counter mode, cipher block chaining mode and others.
(b) Public-key algorithms:
In Public-key algorithms there are different keys for encryption and decryption (i.e. a separate key is used for encryption and a separate key is used for decryption and the decryption key cannot be derived from the encryption key). Because of this property it is possible to publish the public key. RSA is the most popular public-key algorithm and the strength of the RSA algorithm lies in the fact that it is very difficult to factor large numbers.
These algorithms are very useful in digital signatures. Using symmetric-key and public-key algorithms several schemes have been devised for digital signatures. Commonly, messages that are to be signed are hashed using algorithms like MD5 or SHA-1, and then these hashes are signed rather than the original messages.
Public-key management is done by using certificates. Certificates are documents which bind a principal to a public key. Trusted authority can sign the Certificates. In advance the root of the chain has to be obtained, but many root certificates are generally built into them by browsers.
In this paper, we proposed both the encryption and decryption algorithms. The decryption process is just a reverse of encryption process. We used insertion, rotation, transposition, shift, complement and pack of computer operation in the two algorithms that are mentioned in this paper. We implemented these algorithms using C language and got the result of processing time.
Every block cipher involves a transformation of a block of plaintext into a block of cipher text, where the transformation depends on the key. The mechanism of diffusion seeks to make the statistical relationship between the plaintext and cipher text as complex as possible in order to thwart attempts to deduce the key. Confusion seeks to make the relationship between the statistics of the cipher text and the value of the encryption key as complex as possible, again to thwart attempts to discover the key.
The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output. These transformations are defined in Table 3.3, which is interpreted as follows: The first and last bits of the input to box Si form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for Si. The middle four bits select one of the sixteen columns. The decimal value in the cell selected by the row and column is then converted to its 4-bit representation to produce the output. For example, in S1, for input 011001, the row is 01 (row 1) and the column is 1100 (column 12). The value in row 1, column 12 is 9, so the output is 1001.
The 56 bit key size comes from security considerations as we know now. It was big enough so that an exhaustive key search was about as hard as the best direct attack (a form of differential cryptanalysis called a T-attack, known by the IBM & NSA researchers), but no bigger. The extra 8 bits were then used as parity (error detecting) bits, which makes sense given the original design use for hardware communications links. However we hit an incompatibility with simple s/w implementations since the top bit in each byte is 0 (since ASCII only uses 7 bits), but the DES key schedule throws away the bottom bit! A good implementation needs to be cleverer!
DES (or any block cipher) forms a basic building block, which en/decrypts a fixed sized block of data. However to use these in practise, we usually need to handle arbitrary amounts of data, which may be available in advance (in which case a block mode is appropriate), and may only be available a bit/byte at a time (in which case a stream mode is used).
To overcome the problems of repetitions and order independence in ECB, want some way of making the cipher text dependent on all blocks before it. This is what CBC (Cipher Block Chaining) gives us, by combining the previous cipher text block with the current message block before encrypting. To start the process, use an Initial Value (IV), which is usually well known (often all 0's), or otherwise is sent, ECB encrypted, just before starting CBC use. CBC mode is applicable whenever large amounts of data need to be sent securely, provided that its available in advance (eg email, FTP, web etc)
CBC is the generally used block mode. The chaining provides an avalanche effect, which means the encrypted message
Cannot be changed or rearranged without totally destroying the subsequent data.
One issue is how to handle the last block, which may well not be complete. In general have to pad this block (typically with 0's), and then must recognise padding at other end - may be obvious (eg in text the 0 value should usually not occur), or otherwise must explicitly have the last byte as a count of how much padding was used (including the count). Note that if this is happened, if the last block IS an even multiple of 8 bytes, will have to add an extra block, all are padding so as to have a count in the last byte.
If the data is only available a bit/byte at a time (eg. terminal session, sensor value etc), then must use some other approach to encrypting it, so as not to delay the info. Idea here is to use the block cipher essentially as a pseudo-random number generator (see stream cipher lecture later) and to combine these "random" bits with the message. Note as mentioned before, XOR is an easily inverted operator (just XOR with same thing again to undo). Again start with an IV to get things going, and then use the cipher text as the next input. As originally defined, idea was to "consume" as much of the "random" output as needed for each message unit (bit/byte) before "bumping" bits out of the buffer and re-encrypting. This is wasteful though, and slows the encryption down as more encryptions are needed. An alternate way to think of it is to generate a block of "random" bits, consume them as message bits/bytes arrive, and when they're used up, only then feed a full block of cipher text back. This is CFB-64 mode, the most efficient. This is the usual choice for quantities of stream oriented data, and for authentication use.
3.1. HOW ENCRYPTION WORKS
In the encryption process, each character of data is compared with the key. Consider a scenario in which the string "THE SKY IS HIGH" has to be encrypted and transmitted. There are many ways to do this. One of them is a simple letter to number method in which, each letter (alphabet) in the string is represented by a particular number (digit). If one uses a direct alphabet to number representation in which A = 1, B = 2, C = 3 and so on up to Z =26 then the above string is converted into the following sequence of numbers: 20 8 5 19 11 25 9 19 8 9 7 8. This sequence of numbers is then transmitted over a network, and the receiver can decrypt the sequence of numbers using the same key in reverse to get the original message, i.e., the string "THE SKY IS HIGH". Decryption is as below: From left to right, the number 20 translates to the letter T, 8 to H, 5 to E, and so on and finally the receiver gets the entire message: "THE SKY IS HIGH". The above is a simple encryption/decryption method but in most cases the data is encrypted/decrypted using much more complex formulas and methods.
This is about 8 bits long simple key; some keys are as large as 128 bits and extremely complex. The key is to be cracked if it is larger (in bits), the more complex the encryption and the more difficult.
3.1.1. Encryption Keys
To encode and decode encrypted messages, one must know the proper key (or) keys for encryption. Formula that defines which character in the data translates to which encoded character the encryption key is the table or. Here, encryption keys are fall into two types. They are public key encryption and private key encryption.
3.1.2. Private Key Encryption
Private keys are also called as symmetrical keys. In private key encryption, the sender and receiver share same key to encrypt and decrypt all messages. Communication makes difficult to initiate for the first time. To each user how can securely transmit the single key? Anyhow, public keys encryption can be used.
3.1.3. Public Key Encryption
Public key encryption, or a Diffie-Hellman algorithm, uses two types of keys for encryption and decryption of data they are public key and private key. Another name for Public keys are asymmetrical keys. On the receiver's side message can be encrypted using public key and then encrypted message is sent to the receiver, he can decrypt it using its private key. This is referred as a one-way communication. If the receiver wants to send to sender, the same principle can be used. With the original sender's public key the message is encrypted (the original sender is now going to be the receiver of this new message) and can only be decrypted with his or her private key. If the original sender does not have a public key, a message can still be sent with a digital certificate (also sometimes referred to as a digital ID). The digital ID verifies the sender of the message. Fig.2 shows public key- encrypted communication between two units, User X and User Y.
3.2. METHODS OF ENCRYPTION
There are various types of encryption methods, they can be classified according to, how the plaintext is processed (either stream cipher or block cipher), or according to the type of operations used for transforming plaintext to cipher text. The second class can be one of the two styles, substitution (which maps each element in the plaintext into another element) and transposition (which rearrange elements in the plaintext). Basically the two methods of producing cipher text are stream cipher and block cipher. The two methods are similar except the amount of data which encrypts on each pass. Most modern encryption schemes use some form of a block cipher.
3.2.1. Stream Cipher
For encryption of data we are using one simplest method called stream cipher, where each bit of the data is sequentially encrypted using one bit of the key as shown in Fig.3.
A crypto key which varies in length is used to make a stream cipher more difficult to crack. One can produce cipher text, on behalf of by randomly changing the crypto key used on each bit of data which is impossible to crack. This is because using different random keys would not generate any repeating patterns which can give a cracker the clues required to break the crypto key. The main advantage of the stream cipher is fastness and suitable for streaming application but its main disadvantage is that it is not suitable in some architecture. One example of the stream cipher method is the RC4 technique.
3.2.2. Block Cipher
Unlike stream ciphers (which encrypt every single bit) block ciphers are designed to encrypt data in chunks of a specific size as shown in Fig.4. A block cipher specifies how much data should be encrypted on each pass (called a block) and what size key should be applied to each block. For example, the Data Encryption Standard (DES) specifies that DES encrypted data should be processed in 64-bit blocks using a 56-bit key. There are some different algorithms are used to block cipher encryption. First take the data and break it into blocks while applying the key in to each block. Although it is efficient, it can produce repetitive cipher text. If two blocks of data contain exactly the same information, the resulting blocks of cipher text is identical, a cracker can use cipher text which repeats in a nonrandom fashion to break the crypto key. Blowfish encryption technique is an example of the block ciphering.
3.2.3. One Way Encryption
Another special type of encryption is "one way encryption", where the enciphering process is irreversible. The plaintext can never be recovered from the cipher text. This may seem pointless but it is the most familiar to computer users. Passwords on UNIX systems are encrypted by a one way algorithm. When a password is chosen it is enciphered and placed into permanent storage. When the user logs on, the password entered at the login prompt is encrypted by this method and resultant cipher text that is compared with the cipher text held on disk. An encrypted password can be broken by somebody who guesses the correct password; this is why passwords are chosen carefully.
3.3 Hybrid Systems
It is possible to overcome the disadvantages of each by combining public and private key cryptosystems. Public key pairs are used to set up a secure session, and then data is exchanged using a secret key system. This provides both the security and authentication processes of public key systems and the bulk data encryption capabilities.
Pretty Good Privacy (PGP) is a well known security system used by computer enthusiasts to encrypt their email; it is an example of a practical hybrid encryption system which uses both secret key and public key.
3.3.1. Overview of Hybrid Encryption Approach
The various cryptographic algorithms are available for network security. The symmetric cryptographic algorithms are high speed compared to asymmetric cryptographic algorithms or public key cryptographic systems (RSA, Elliptic Curve Cryptography). The public key cryptographic algorithms are more secure than symmetric algorithms. It has two keys one for encryption and another for decryption. In this hybrid encryption technique we use symmetric encryption for encryption/decryption and using public key cryptosystems for authentication.
3.3.2 Hybrid Encryption Technique
In this hybrid encryption technique, sender using 128-bit session key value with AES-Rijndael to encrypt the message.
The hash value of message was encrypted using RSA algorithm with 1028 bit public key of the receiver. In the receiver side the decryption done for the encrypted message using AES-Rijndael with 128-bit session key value. To calculate the hash value using hash function SHA-512 for the original message. With 1028 bit private key of the receiver to decryption the encrypted hash value. To ensure the integrity the comparison performed between calculated and decrypted hash values. The following figure 2 and figure 3 explain this process.
3.4 Network security:-
Every company concern Network Security which is a prime that uses computers and takes to protect its computer systems. A hacker or competitor may gain access to critical or sensitive data known as compromised network security, possibly resulting in data complete, or even destruction of the system.
Appropriate network security is achieved when a user has to go through several layers of security before being able to access the desired network. The more layers the system has, the more secure it is.
The systems administrator is often in charge of network security since he has administrator privileges on the system. In fact, only the systems administrator and his assistants should have administrative access to the mainframe server and related computer terminals. This will help keep unauthorized people in the company from changing any data on the servers.
A systems administrator will also build a secure firewall for the network, which may include an encryption layer and sentinel software that automatically repels an unauthorized program from gaining access. The administrator may also place restrictions on employees' computers to prevent them from accessing websites that may have malicious coding or malware that will install itself on a user's computer. Anti-adware and malware programs are available for individual computers, as well as for networks.
One problem that generally arises when network security is implemented is that of flexibility. Management must balance security issues against employees' ability to access websites for their work. Communication among management, the systems administrator and employees is critical for network security to operate and for the employees to be able to work with it.
As evidenced in dealing with past e-mail and network viruses, security breaches are costly and detrimental to production and efficiency. U.S. companies spend millions of dollars each year in network security measures. A company's best defense against network security breaches is a multi-pronged attack. Firewalls with no single point of access, frequent security updates, sharp systems administrators, and early installation of anti-adware will all help keep a network safe.
3.4.1 Public Key Cryptography
Every Egyptian received two names, which were known respectively as the true name and the good name, or the great name and the little name; and while the good or little name was made public, the true or great name appears to have been carefully concealed.
So far all the cryptosystems discussed have been private/secret/single key (symmetric) systems. All classical and modern block and stream ciphers are of this form.
- traditional private/secret/single key cryptography uses one key
- shared by both sender and receiver
- if this key is disclosed, communications are compromised
- also is symmetric, parties are equal
- hence does not protect sender from receiver forging a message & claiming is sent by sender
Will now discuss the radically different public key systems, in which two keys are used. Anyone knowing the public key can encrypt messages or verify signatures, but cannot decrypt messages or create signatures, counter-intuitive though this may seem. It works by the clever use of number theory problems that are easy one way but hard the other. Note that public key schemes are neither more secure than private key (security depends on the key size for both), nor do they replace private key schemes (they are too slow to do so), rather they complement them.
3.4.2 Why Public-Key Cryptography?
Cryptography can developed to address two key issues. Those are discussed below
o key distribution - how to have secure communications in general without having to trust a KDC with your key
- No need for secure key delivery
- No one else needs to know your private key
o digital signatures - how to verify a message comes intact from the claimed sender
3.4.3 Public-Key Characteristics:
The characteristics that it is:
- computationally infeasible to find decryption key knowing only algorithm & encryption key
- computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known
- Oneway-ness is desirable: exp/log, mul/fac
- either of the two related keys can be used for encryption, with the other used for decryption (in some schemes)
3.4.4 Public-Key Cryptosystems: Secrecy and Authentication
Here see various components of public-key schemes used for both secrecy and authentication. Note that separate key pairs are used for each of these - receiver owns and creates secrecy keys, sender owns and creates authentication keys.
Public key schemes are no more or less secure than private key schemes - in both cases the size of the key determines the security. Note also that you can't compare key sizes - a 64-bit private key scheme has very roughly similar security to a 512-bit RSA - both could be broken given sufficient resources. But with public key schemes at least there's usually a firmer theoretical basis for determining the security since it's based on well-known and well studied number theory problems.
As per the above proposed block diagram for the project .Mainly, we have to implement 4 basic modules are as follows
- Splitting the input data into two halves or parts
- Shifting the input to the 1 bit left
- Forming the different permutations for the given input data
- Implementation of the XOR operation.
The above mentioned are come under the initial simulations. In this we have 4 stages as discussed above. From the given four stages the project starts with the first stage of the initial simulations i.e., splitting the input data into two halves or parts. In this stage we have to write a program for splitting the data.
In this program we will use the pointers concept because this stage will be used at different places in the algorithm, so for good feasibility we use the pointer concept. So first discuss what a pointer is
A variable that contains the memory location of another variable is known as pointer. To describe the compiler that the variable is used as a pointer is by specifying the asterisk (*) preceding the variable name. And we have to tell the compiler what type of pointer we want. So the syntax will be as follows
By using this concept the first stage of the initial simulations is completed.
From the given four stages I already submitted the first stage. Now I am submitting the next stages. For 2nd stage we have directly have an operator in C language. The operator for left shift is <<. So we directly use this operator. For 4th stage also we have directly have an operator in C language. The operator for Xor is ^. For better use in the program we had written in the function.
For 3rd stage i.e., forming the permutations for the given input data. Again we have use the concept of pointers as discussed before. And it is written in the functions so that the task will be easy to solve.
First of all we will discuss about what is a function.
A Function is an independent program which performs some task. This can be used in a main program or any subprograms.
There are two types of functions.
- Library function (Predefined function)
- User defined function
Fuction_name: It can be any valid identifier like xor, sum, permute etc. Return_type: In can be any valid data type like int, char, float, void etc (default int) Return type is required when you want function should return any value and if you don't want that function return any value then write void as a return type. Parameter list: It is set of value which you want to give the function and they are separated by comma.
4.1. Feistel function:
We have one more important module in this project i.e., Feistel function. Here the internal functions such as XOR, Permutation, and S-blocks are executed. The figure below shows the operation and steps in Feistel function.
The above F-function operates on half block of 32 bits and has 4 stages.
- In the first stage, half block of 32 bits is expanded to 48 bits using 'E' (Expansion Permutation) by duplicating some keys.
- The resulting code is mixed with sub key by suing XOR operation. Hence sixteen 48 bits are generated for the total sixteen rounds using key schedule from the main key.
- The resulting block after mixing with sub key is divided into 8 S-boxes (Substitution boxes) each block containing 6 bits. These 8 S-boxes replaces 6 input bits to 4 outbits using nonlinear transformation provided in the form of a look-up table.
- The resulting 32 bit data from these S-boxes are rearranged in the final P-box shown above using a permutation.
The expansion function is interpreted as for the initial and final permutations. Note that some bits from the input are duplicated at the output; e.g. the fifth bit of the input is duplicated in both the sixth and eighth bit of the output. Thus, the 32-bit half-block is expanded to 48 bits.
As it was a one of the important module and using many times in the algorithm I written the program In the form of function which can be used any where in the algorithm.
4.2. KEY GENERATION:
Now, the figure below explains how the sub keys are generated i.e., key schedule for encryption.
Figure 2 is the block diagram of the key generator for the DES encryption. At first the 56bits are selected from the 64 bits by using permutation choice1 and the remaining 8 bits can be discarded or used as the parity bits. Then these 56 bits are divided into two parts and each part consists of 28 bits each and they treated separately. Subsequently we will rotate left to the both parts and then 48 sub key bits are selected by Permuted Choice 2 (PC-2) - 24 bits from the left half, and 24 from the right. These rotations are denoted by "<<<" in the diagram.
The key schedule for decryption is similar to the above one but these sub keys are in reverse order compared to encryption. Except that change, encryption follows the same process.
From the 64 bit input data, 56 bits are selected using PC1 (Permuted Choice-1) and remaining 8 bits are either used as parity check bits or simply discarded. This 56 bit data is divided into two halves of 28 bits each. In each round both halves are rotated left(denoted as <<< in figure) by 1 or 2 bits (which is specified for each round) and 48 sub key bits are selected by PC-2 (24 bits from left half and 24 bits from right half). These rotations mean in each sub key a different set of bits are used; approximately each bit is used 14 out of the 16 sub keys. The procedure for generating the sub keys - known as key scheduling - is so simple:
- Round number set to be as R to 1.
- Divide the present 56-bit key, K, into two blocks, each block consists of 28-bits, the two blocks are named as L (the left-hand half) and R (the right-hand half).
- As described in the below table rotate both L left & R left by the same number of bits.
- Join L & R to obtain new k.
- In order to get final K[R], apply Permuted Choice 2 (PC-2) to K, where R indicates the round number.
- Repeat this procedure until we got all 16 sub keys K -K , by incrementing R by1.
For decryption the sub keys are in reverse order when compared to encryption and the remaining process remains the same as encryption.
Hence the above process can be simplified into 4 steps.
- Compaction & PC1 : Here the 64 bit input data is compacted into 56 bits using PC1 by discarding 8th bit in each byte thereby ignoring a total of 8 bits. Then PC1 performs a simple permutation of these 56 bits.
- Shifting: By left shifting the data by 1 or 2 bits 48 bits are selected from 56 bits.
- Splitting: This 48 bits are spitted to two halves of 24 bits each.
- PC-2: These two halves are again concatenated into 48 bits and undergo a simple permutation using PC-2.
Now I have done with key scheduling as we discusses as above. At first I have taken input as the output came from PC1. Because generally after sending the input to the PC1 the output will come as we taken as an input in the program. And for Shifting I had written RotatekeyL function, because we don't know how many bits to shift every time. So I had written in a function such that it can be used for n number of bits shifting. And for PC2 also I had written a pc2 function as it was used many times in key scheduling.
4.2.1 Initial Permutation:-
This module is the starting module of the main block diagram. In this module we have to do the initial permutation according to the input given to the initial permutation block and then later it should be split into the 2 halvesi.e., L and R.
4.2.2 Final permutation (IP-1)
This module is the Ending module of the main block diagram. In this module we have to combine the left and right blocks and then later it to do the Inverse initial permutation according to the output came after combining theleft and right inputs.
In cryptography, an S-Box (Substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the cipher text - Shannon's property of confusion. In many of cases, to resist cryptanalysis the S-Boxes are carefully chosen.
In general, an S-Box takes some number of input bits, m, and transforms them into some number of output bits, n: an m-n S-Box can be implemented as a lookup table with 2m words of n bits each. Fixed tables are normally used, as in the Data Encryption Standard (DES), but in some ciphers the tables are generated dynamically from the key; e.g. the Blowfish and the Twofish encryption algorithms. Bruce Schneier describes IDEA's modular multiplication step as a key-dependent S-Box.
Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits (the first and last bits), and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output would be "1001".
For many years the 8 S-Boxes of DES were the subject of intense study out of a concern that a backdoor a vulnerability known only to its designers might have been planted in the cipher. The S-Box design criteria were eventually published after the public rediscovery of differential cryptanalysis, showing that they had been carefully tuned to increase resistance against this specific attack. An S-Box could significantly weaken DES when other research had already indicated that even small modifications.
For good S-Boxes there was a great deal of research into the design of, and DES was released than when more is understood about their use in block ciphers.
4.3. DES ENCRYPTION:-
The Below block diagram is for DES encryption. We already discussed and developed the many modules in this. So now we will combine all those modules which are written in functions. As we written in function we will call all those functions in a systematic way according to the above flow chart. In the middle we 16 rounds, so we will use the for loop for calculating and implementing all these rounds.
4.4. DES DECRYPTION:-
The DES decryption will be done by writing the code for reverse procedure for DES Encryption.
In various applications and environments DES is utilized. The performance and utilization of the algorithm is based on the computer ad its configuration. Generally, these algorithms are used to while it is being communicated between two points for securing the data or protect from physical theft when it is stored in a vulnerable medium. Security providing to the data in communication is data by encrypting it at the transmitting point and decrypting it at the receiving point. File security provides protection to data by encrypting it when it is recorded on a storage medium and decrypting it when it is read back from the storage medium.
The Below one is the desktop of the Linux operating System
- By clicking the Menu button we can go to Accessories and then go to terminal window. This is the window where we edit and run the C programs.
- In terminal Window we have to edit the C files as shown below.
- The C Editor of the Linux will be shown as below. In this we can edit the program and after that we can save that for running in a terminal window.
- For Compiling the C file we have to execute the command as shown in the below snapshot
- For Compiling the C file and for creating the output file we have to execute the command as shown in the below snapshot
- After Compiling we have to check the output of the source code by using the command as shown below
- The Output will be shown as below
For giving Security in the areas of Data Security like Defense and other applications from the Hackers we developed DES Algorithm in Linux C so that the coding will have the security rather than windows. File security provides protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In this we have done total DES algorithm according to the mentioned block Diagram. By this we provide a Confidentiality as well as Message authentication.
- J. Daemen, L. R. Knudsen, and V. Rijmen: The Galois Field GF(28). http: //www.ddj.com/documents/s=936/ddj9710e/9710es1.htm, Dr. Dobb's Journal, (October 1997).
- V. Rijmen: The block cipher Rijndael. http://www.esat.kuleuven.ac.be/ ~rijmen/rijndael/, (2001).
- Wikipedia. Cryptographic protocol en.wikipedia.org/wiki/Cryptographic_protocol
- W. Stallings. Cryptography and Network Security: Principles and Practice, 3rd Edition. Prentice Hall, New Jersey, USA, 2003.
- searchSecurity.com. Data Encryption Standard. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213893,00.html
- FIPS PUB 46-3 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Reaffirmed 1999 October 25
- Langford, Susan K., Martin E. Hellman: Differential-Linear Cryptanalysis. CRYPTO 1994: 17-25
- Campbell, Keith W., Michael J. Wiener: DES is not a Group. CRYPTO 1992: pp512-520