8/7/2019 IS AES
1/21
Advanced Encryption Standard
3DES has 2 attractions that assure its
widespread use over the next few years.
1. The 168 bit-key length, it overcomes the
vulnerability in 3DES is the same as in DEA.
2. DES algorithm is the underlying base.
3DES is very resistant to cryptanalysis.
8/7/2019 IS AES
2/21
The Principal drawback of 3DES is that the
algorithm is relatively in software.
3DES , which has three times as many rounds as
DEA, is correspondingly slower.
The original DEA was designed for mid 1970`s
hardware implementation and does not produce
efficient software code.
Due to these reasons, 3DES is not
reasonable candidate for long term use.
8/7/2019 IS AES
3/21
As a replacement, NIST in 1997 issued a call for a
proposals for a new AES( Advanced Encryption
Standard ), which should have a security strength
equal to or greater than 3DES.
NIST specified that AES must be a symmetric
block cipher with a block length 128 bits andsupport for key length of 128, 192 and 256 bits.
NIST has selected Rijndael as the proposed AES
algorithm.2 researchers who developed Rijndael
are Dr.Joan Daemen and Dr.Vincent Rijmen.
8/7/2019 IS AES
4/21
AES uses a block cipher with a block length 128 bits
and support for key length of 128, 192 and 256 bits.
8/7/2019 IS AES
5/21
AES in brief:
AES is not a Feistel Structure.
AES does not use a Feistel Structure, but
processes the entire data block in parallel during
each round using substitution and permutation.
The key that is provided as input is expanded into
an array of forty-four 32-bit words. Four distinct
words(128 bits) serve as a round key for eachround.
8/7/2019 IS AES
6/21
Four different stages are used, 1 for permutation
(A complete change or a transformation or The
act of altering a given set of objects in a group)
and three for substitution:
1.Substitution bytes: uses a table (S-box) toperform a byte by byte substitution of the block.
2.Shift Rows : A simple permutation that isperformed row by row.
3.Mix Columns: A substitution that alerts each
byte in a column as a function of all of the bytes inthe column.
4.Add round Key: A simple bit-wise XOR of thecurrent block with a portion of the expanded key.
8/7/2019 IS AES
7/21
For encryption and decryption, the cipher text
begins with an Add round Key stage.
Only the Add round Key stage makes use of KEY.
Any other round applied at the beginning or end is
reversible with out the knowledge of the key.
The add round key stage itself is not formidable.
Other 3 rounds (except add round key) togetherscramble the bits, but do not provide any security
as they do not use any KEY.
8/7/2019 IS AES
8/21
8/7/2019 IS AES
9/21
Location Of Encryption Device:
In using encryption we need todecide what to encrypt and where to encrypt and
where the encryption gear should start.
There are two fundamental alternatives.
They are:
1. Link encryption.
2. end-to-end encryption.
8/7/2019 IS AES
10/21
8/7/2019 IS AES
11/21
1.Link encryption: In Link encryption, eachvulnerable communication link is equipped on
both ends with an encryption device. Thus all
traffic over all communications links is secured.
Although this requires a lot of encryption devices
in a large network, it provides a high level ofsecurity.
But one disadvantage with this approach is that,
the message must be decrypted each time itenters a packet Switch.
8/7/2019 IS AES
12/21
8/7/2019 IS AES
13/21
This is necessary because the switch must read
the address (virtual circuit number) in the packet
header to route the packet.
Thus the message is vulnerable at each switch. If
this is public packet switching network, the userhas no control over the security of the nodes.
8/7/2019 IS AES
14/21
2.End-to-End Encryption:
With end to end encryption process,
the encryption process is carried out at the twoend systems. The source host or the terminal
encrypts the data.
The data in encryption form is then transmittedunaltered over the network to the destination
terminal or host.
The destination shares a key with the host so to
decrypt the data. This approach seems to be
secured over the network links or switches
against the attacks. However this also have a bug?
8/7/2019 IS AES
15/21
8/7/2019 IS AES
16/21
Key Distribution: Key distribution can bedone in a no: of ways. For two parties A and B:
1. A key could be selected by A and physically
delivered to B.
2. A third party could select the key and physically
deliver it to A and B.
3. If A and B have previously and recently used a
key, one party could transmit the new key to the
other, encrypted using the old key.4. If A and B have an encrypted connection to a
third party C, C could deliver a key on the
encryption links to A and B.
8/7/2019 IS AES
17/21
To provide keys for end-to-end, option 4 is
preferable. Below diagram illustrate an
implementation of option 4.
8/7/2019 IS AES
18/21
For this session 2 kids of keys are identified.
They are:
1. Session Key: When 2 end systems (hosts,terminals) wish to communicate, they establisha logical connection (e.g. virtual circuit). For the
duration of that logical connection, all user data
are encrypted with a one time session key. At the conclusion of the session or connection
the key is destroyed.
2. Permanent Key: A permanent key is key usedbetween entities for the purpose of distributing
session keys.
8/7/2019 IS AES
19/21
The configuration consists of the following
elements:
1. Key distribution center (KDC): Determineswhich systems are allowed to communicate witheach other. When permission is granted for 2
systems to establish a connection, the KDC
provides a one time session key for thatconnection.
2. Security Service Module (SSM): Present atone protocol layer, performs end-to-end
encryption and obtain session keys on behalf ofusers.
8/7/2019 IS AES
20/21
8/7/2019 IS AES
21/21
THANK YOU
Top Related