Man in the middle attack in DES | How to prevent man in the middle attack

What is man in the middle attack?

Man-in-the-middle attack (Meet-in-the-middle attack) is a common type of security attack that allows attackers to eavesdrop on the communication between two users.

The attack takes place in between two users, allowing the attacker to “listen” to a conversation, without permission of users, hence the name “man-in-the-middle.”

How man in the middle attack takes place in DES

Figure: Block diagram of Double DES

As per DES algorithm, there will be one secret key used for encryption and decryption. As per double DES algorithm two keys K₁ & K₂ for encryption and also both key K₁ & K₂ are used for decryption.

Figure: Man in the middle attack in double DES

As per shown in figure, when generate first cipher text with help of plain text message and key K₁. Resultant cipher text will be stored, cipher text C₁ will be captured by attacker and it decrypt cipher text. Attacker can get original plain text. He/she will modify the plain text and generate new cipher text C₁ using key K₁ and send for another encryption process using key K₂.

Second encrypted cipher text sends to the receiver. Receiver side plain text is same as attacker plain text not the sender side plain text. This type of attack is called meet in the middle attack. We cannot easily detect man-in-the-middle attack, so we need to prevent man-in-the-middle attack before communication.

 

How to prevent from Man-in-the-Middle Attack

Strong WEP/WAP Encryption on Access Points

Strong Router Login Credentials

Virtual Private Network

Use of HTTPS

To learn more about man in the middle attack in double DES, Click here

    Watch more videos click here.

What is Block Cipher? | What is Stream Cipher? | Block vs Stream Cipher | Stream vs Block Cipher | Application of Block Cipher and Stream cipher

Introduction

Basically, cryptographic algorithm is used for transformation of plaintext into cipher text. There are basically two methods on which cryptographic algorithm is work.

Stream Cipher

In stream cipher keys and algorithms are applied to each binary digit in a data stream, one bit at a time, rather than encrypting block of data. One time pad cipher is the best example of stream cipher. Cipher feedback mode is converting block cipher into stream cipher.

 

Figure: Process of Stream Cipher

A stream cipher operates on plaintext accepting only one bit at a time. Stream cipher in which each bit of plain text message XOR with each bit of key to obtain cipher text message.

 

Figure: Example of Stream Cipher

There is a key stream generator which outputs a stream of bits: k1, k2, k3,...ki and XORed with a stream of plaintext bits p1, p2,...,pi to produce the stream of cipher text bits.

Ci = Pi ⊕ Ki

During decryption, the cipher text bits are XORed with a same key stream to recover the plain text bits.

Pi = Ci ⊕ Ki

If the key stream output is random that, it will take harder for a cryptanalyst to break it.

Advantage

High Speed transformation

Low error propagation

Disadvantage

Low diffusion

Less secure

Block Cipher

In Block cipher, plain text message divide into fixed size blocks and encrypt each block with some fixed size of key. Divide each plain text message into block of 64, 128, 256 bits and apply key size 40, 56, 64, 80, 128, 168, 192 and 256 bits which generates cipher text block same as size of plain text block. Data Encryption Standard (DES) is the best example of block cipher in which each block of 64-bit gets encrypted using 56-key bit and cipher text of 64-bit get generated.

Figure: Block diagram of block Cipher

A receiver side decrypt message with same key to generate plain text. Block cipher also uses the concept of key generator. Block cipher are used chaining mode, this is because for repeating text pattern, the same cipher block will be generated which can give clue to cryptanalyst regarding what is the original plain text. As a chaining mode, previous block is mixed with current block to avoid repeats in patterns. It is more secure.

Advantage

High Diffusion

More secure

Disadvantage

Encryption process is slow

Error propagation

Difference between Block Cipher and Stream cipher

To learn more about Block Cipher & Stream Cipher, Click here

    Watch more videos click here.

Difference between monoalphabetic cipher and polyalphabetic cipher | Polyalphabetic vs Monoalphabetic | Monoalphabetic vs Polyalphabetic

 

Introduction

Monoalphabetic and polyalphabetic both are types of substitution cipher.

Monoalphabetic cipher: It is a technique in which only one character convert from plain text to cipher text.

For example, Caesar cipher.

Polyalphabetic Cipher: It is a technique in which more than one (multiple) character convert from plain text to cipher text.

For example, Playfair cipher, Vigenère cipher, hill cipher, one time pad cipher.

 

Difference between monoalphabetic and polyalphabetic cipher

To learn more about Difference of monoalphabetic and polyalphabetic cipher, Click here

    Watch more videos click here.

Difference between substitution and transposition cipher | Substitution vs Transposition Cipher | Transposition vs Substitution Cipher

Introduction

There are basically two types of symmetric cipher: Substitution Cipher, Transposition Cipher.

Substitution Cipher: A substitution is a technique in which each letter or bit of the plaintext is substituted or replaced by some other letter, number or symbol to produce cipher text. For Example, ABC à XYZ

Types of Substitution Cipher: Caesar Cipher, Monoalphabetic Cipher, Vigenère Cipher, Playfair Cipher, One time pad cipher (Vernam cipher), Hill Cipher.

Transposition Cipher: In transposition technique, there is no replacement of alphabets or numbers occurs instead their positions are changed or reordering of position of plain text is done to produce cipher text. For Example, ABCDE  à  BADE.

Types of Transposition Cipher: Rail Fence Cipher, Columnar Transposition Cipher.

 

Difference between Substitution Cipher and Transposition Cipher

To learn more about Difference of Substitution and Transposition cipher, Click here

    Watch more videos click here.

What is Confusion? | What is Diffusion? | Claude Shannon Properties | Frustrate Statistical Cryptanalysis | Confusion vs Diffusion

Introduction

There are two basic methods of encryption:

 

A Shanon cipher, invented by its name "Claude Shannon". It is simplified cipher mechanism for encrypting mesaage using a shared secret key. A cipher is generally an algortihm for performing encryption or decryption, i.e., "a series of well-defined steps that can be followed as a procedure".

Properties of Claude Shannon

Confusion

It is a technique of ensuring that a cipher text gives no clue about plain text.

It is used in block and stream cipher method.

Achieved by Substitution technique.

Ex: ABC à XYZ

Diffusion

Increases the redundancy of the plain text by spreading it across rows and columns.

It is used in block cipher method.

Achieved by permutation known as Transposition technique.

Ex: ABC à CAB

It is also known as frustrate statistical cryptanalysis.

Difference between Confusion and Diffusion

To learn more about Confusion & Diffusion, Click here

    Watch more videos click here.

Double DES | Data Encryption Standard | DES Algorithm

Double DES

Double DES Encryption

Double DES performs the same operations as DES only difference is that double DES use two keys K1 & K2.

First it performs encryption on plain text P, which is encrypted using K1 and obtains first cipher text C1.

Again, cipher text C1 is encrypted by using another key K2 & generate final cipher text C2. 

Figure : Double DES Encryption

Double DES Decryption

Decryption of double DES is reverse of encryption.

First it performs decryption on cipher text C2, which is decrypted using K2 and obtains cipher text C1.

Again, cipher text C1 is decrypted by using another key K1 & generate original plain text P.

Figure : Double DES Decryption

To learn more about Double DES, Click here

    Watch more videos click here.

Feistel Cipher Structure | Feistel network | Feistel cipher encrytion and decryption | 16 rounds of encryption and decryption in feistel cipher

Feistel Cipher Structure

Introduction

Feistel proposed a scheme to produce a block cipher using permutation and substitution alternatively. The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key Ki. The plaintext block is divided into two halves, LE₀ and RE₀. The two halves of the data pass through rounds of processing and then combine to produce the ciphertext block.

Working of Feistel Cipher Structure

A substitution is performed on the left half of the data. This is done by applying a round function F to the right half of the data and then taking the exclusive-OR of the output of that function and the left half of the data. The round function has the same general structure for each round but is parameterized by the round subkey K_i. Permutation is performed that consists of the interchange of the two halves of the data. This structure is a particular form of the substitution-permutation network (SPN) proposed by Shannon.

To learn more about Feistel Cipher Structure, Click here

    Watch more videos click here.

What is symmetric key cryptography? | Elements of symmetric key cryptography | Symmetric Cipher Model in cryptography

Symmetric Key Cryptography

Same key is used for encryption and decryption is called symmetric key cryptography. It is also known as secret key cryptography.

 

Elements of Symmetric Key Cryptography

Plaintext is the original message or data that is fed into the algorithm as input.

Encryption algorithm performs various substitutions and transformations on the plaintext.

Secret key is a value independent of the plaintext and of the algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.

Ciphertext is the unreadable message produced as output. It depends on the plain text and secret key.

Decryption algorithm takes the cipher text and the secret key and produces the original plain text.

Same key is used for encryption and decryption process. So, it is called symmetric cipher.

Figure: Symmetric Key Cryptography

Mathematically it is represented as

For Encryption, Y = E (K, X)

For Decryption, X = D (K, Y)

where Y = Cipher text, X = Plain Text, E = encryption, D = Decryption, K = Secret shared key.

For example, Data Encryption Standards (DES), Advanced Encryption Standards (AES) and BLOWFISH.

To learn more about Symmetric Key Cryptography, Click here

Watch more videos click here.

Regiter Transfer Language | Register Transfer | Register Transfer micro-operation

Register Transfer Language

Micro-operation: A micro-operation is an elementary operation performed on the information stored in one or more registers. There are four types of microoperation: Register Transfer Micro-operation, Arithmetic Micro-operation, Logical Micro-operation, Shift Micro-operation.

The result of micro-operation may be stored in source or another register. Example of micro-operations are load, store, clear, shift, addition, count etc. A sequence of micro-operations is performed to complete one operation.

Let’s see example...

To add two numbers following micro-operation sequence has to be performed.

Step - 1:  Load first number in register 1

Step - 2: Load second number in register 2

Step - 3: Perform add micro-operation

Step - 4: Store the result in the destination register 3.

 

How we can we write above lengthy description in symbolic notation:

R1 ß A

R2 ß B

R3 ß R1 + R2

These symbolic notations are called a Register Transfer Language.

Here, T is used as a control variable. It is basically a Boolean variable having value 1 or 0. This statement indicates that the content of R1 are transferred to R2 only when T =1; otherwise transform operation is not performed. This means that if T=1 then R2 ßR1. (i.e., T: R2 ß R1)

Figure: Register Transfer

It is important to note that the clock is not included as a variable in the register transfer statement. It assumed that all transfer occurs during a clock edge transition either positive or negative.

If hardware permits two micro-operations can be executed at the same time. For example, exchanges the content of two registers, they perform R2ß R1 and R4ßR3 micro-operation simultaneously they are separated by comma in a statement.

T: R2 ß R1, R4ß R3.

To learn more about Register Transfer Language, Click here

    Watch more videos click here.

Types of Addresses in TCP/IP Protocol | Physical Address | Logical Address | Port Address | Specific Address

 

Types of Address

There are four types of addresses used in TCP/IP Protocol Suite.

 

Figure: Types of Addresses in TCP/IP Model

Physical Address

The physical address is the lowest level address and is also referred as link address. The physical address of a node is defined by its LAN. The physical address is included in the frame by the data link layer. Physical Address is 48 bits address. First 24 bits is decided by OUI and Lase 24 bits is decided by Vendor/Manufacturer of device.

 

Figure: Example of Physical Address

At data link layer, the frame contains physical addresses in the header. The data link layer at sender receives data from upper layer, encapsulates the data in a frame, adds a header.

Figure: Working of Physical Address

Only the station having matched address with destination address accepts the frames. The frame is checked, the header is removed and remove data encapsulation and deliver to upper layer.

Logical Address

Logical addresses are independent of underlying physical networks.

Figure: Example of Logical Address

It is a 32-bit address which uniquely defines host connected to Internet. The physical addresses change from hop to hop, but the logical address usually remains the same.

Figure: Working of Logical Address

Since different networks can have different address formats hence a universal address system is required which can identify each host uniquely of underlying physical networks. Logical addresses are necessary for universal communications.

 

Port Address

The IP addresses are necessary for data to travel from source to destination. But a communication process involves TELNET and FTP which requires addresses.

Figure: Types of Port Address

Port is communication end point. Use of port address (port number) is to process to process communication in network. Port address is 16 bit address.

Figure: Working of Port Address

In TCP/IP architecture, the label assigned to a process is called port address. In TCP/IP the port address is of 16-bit.

 

Specific Address

Specific addresses are designed by users for some applications. 

For example, www.facebook.com. 

It is the example of Universal Resource Locator (URL). It is used is used to find a document on the world wide web.

Figure: Exampel of URL

Another example, xyz@gmail.com. It is the example of e-mail address. Email is used send text and multimedia files over internet to particular user.

Figure: Example of Email Address

The specific addresses get changed to corresponding port and logical addresses by the station or host who sends it.

To learn more about Types of Addreses in TCP/IP Model, Click here

     Watch more videos click here.

Security Goals in Cryptography | Confidentiality | Integrity | Availability | Authentication | Non - Repudiation

 

Security Goals

Main goal of security is to protect data or information which is being transmitted and achieve the confidentiality, integrity and availability of the data. Following are the main goal of information security: Confidentiality, Integrity, Availability.

Figure: CIA Traingle

Confidentiality:

Principle of security, which ensure that only the sender & the receiver of a message come to know about the content of message. For example, in military application information from one higher authority is sending to another higher authority. During this transmission process when third unknown person is trying to get this confidential information. This type of information leakage caused because of interception of third person. Here it means loss of message confidentiality. The attack threatening the confidentiality is traffic analysis.

Integrity:

Principle of security, which ensure that the content of message must not be altered/modified during its transmission from sender to receiver. In this case change in the information need to be done by authorized person and through authorized mechanisms only. Integrity gives assurance that data received exactly as sent by an authorized sender. The attack threatening integrity is modification of message.

Availability:

Principle of security, which ensures that a resources/computer system is available for authorized users only. Information of bank account stored in bank server; student’s information stored in university. All this information needs to be available to all authorized users only. Imagine the situation arise, if all above information is not available to authorized users. This is only one attack which threatening principle of availability called denial of services.

Authentication:

Data authentication allows user or receiver to check whether that data really was sent by the actual sender or not. In the two-party communication this mechanism is achieved through symmetric cryptography. The sender and receiver share a secret key to calculate a message authentication code of all communication data.  Receiver knows that the data is send by exact or actual sender, if and only if message will accept by the receiver. The attack threatening integrity is masquerade.

Figure: CIA Traignle Compromised

Non-repudiation:

It prevents either sender or the receiver from denying that participated in all or part of the communication.

Non-repudiation, Origin: Proof that the message was sent by the specified party.

Non-repudiation, destination: Proof that the message was received by the specified party.

To learn more about Security Goals in cryptography, Click here

     Watch more videos click here.