| Date post: | 22-Nov-2014 |
| Category: |
Documents |
| Upload: | mohit-sharma |
| View: | 246 times |
| Download: | 1 times |
Data Encryption and Decryption
CONTENTS
1. ABSTRACT
2. INTRODUCTION
3. DESIGN PRINCIPLES & EXPLANATION
3.1. MODULES
3.2. MODULE DESCRIPTIOIN
4. PROJECT DICTIONARY
4.1. DATAFLOW DIAGRAMS
5. FORMS & REPORTS
5.1. I/O SAMPLES
6. BIBILIOGRAPHY
1. ABSTRACT
In the present system the network helps a particular
organization to share the data by using external devices. The
external devices are used to carry the data. The existing system
cannot provide security, which allows an unauthorized user to access
the secret files. It also cannot share a single costly printer. Many
interrupts may occur with in the system. In this project the
networking allows a company to share files or data without using
some external devices to carry the data. Similarly a company can
share the single costly printer. Though it is advantageous we have
numerous disadvantages, somebody writes the program and can
make the costly printer to misprint the data. Similarly some
unauthorized user may get access over the network and may perform
any illegal functions like deleting some of the sensitive information
like employee salary details while they are in transactions.
Security is the term that comes into the picture when some important
or sensitive information must be protect from an unauthorized
access. Hence there must be some way to protect the data from
them and even if he hack the information, he should not be able to
understand what the actual information in the file is? , which is the
main intension of the project. The project is designed to protect the
sensitive information while it is in transaction in the network. There
are many chances that an unauthorized person can have an access
over the network in some way and can access this sensitive
information. The project uses the strong secured algorithm-DATA
ENCRYPTION STANDARDS that enables and guarantees the
security of the information in the network.
2. INTRODUCTION
The project “Data Encryption and Decryption” is totally enhanced
with the features that enable us to feel the real-time environment.
Today’s world is mostly employing the latest networking techniques
instead of using stand-alone PC’s. Encryption or information
scrambling, technology is an important security tool. Properly applied
it can provide a secure communication channel even when the
underlying system and network infrastructure is not secure. This is
particularly important when data passes through shared systems or
network segments where multiple people may have access to the
information. In these situations, sensitive data and especially
passwords should be encrypted in order to protect it from unintended
disclosure or modification. Encryption is a procedure that involves a
mathematical transformation of information into scrambled
gobbledygook, called “cipher text”. The computational process (an
algorithm) uses a key, actually just a big number associated with a
password or pass phrase to compute or convert plain text into cipher
text with numbers or strings of characters. The resulting encrypted
text is decipherable only by the holder of the corresponding key. This
deciphering process is also called decryption. There are many
different and incompatible encryption techniques available, and not
all the software we need to use implements a common approach.
One very important feature of a good encryption scheme is the ability
to specify a key or password of some kind, and have the encryption
method alter itself such that each key or password produces a
different encrypted output, which requires a unique ‘key’ or
‘password’ to decrypt.
This can either be a symmetrical key (both encrypt and decrypt use
the same key) or Asymmetrical (encryption and decryption key are
different). The encryption key, the public key, is significantly different
from the decryption key, the private key such that attempting to
derive the private key from the public key involves many hours of
computing time making it impractical at best.
Decryption of data is also the other module which is implemented at
the receiver. When the encrypted data or a file is reached at the
receiver then that data has to be decrypted so that the information
can be viewed by the client/user.
SCOPE:
With the rapid development of multimedia data management
technologies over the internet there is need to concern about the
network, security and privacy of information. In multimedia
document, dissimation and sharing of data is becoming a common
practice for internet based application and enterprises.
As the networking forms are the open source for all the users, so
security of forms is a critical issue. At the present situations we are
using cryptography technique for providing security. Cryptography
constitutes of encryption and decryption processes.
PROJECT OVERVIEW:
CRYPTOGRAPHY:
Cryptography is the science of writing in secret code and is
an ancient art; the first documented use of cryptography in writing
dates back to circa 1900 B.C cryptography came soon after the
widespread development of computer communications. In data and
telecommunications, cryptography is necessary when communicating
over any untrusted medium, which includes just about any network,
particularly the Internet.
Within the context of any application-to-application communication,
there are some specific security requirements, including:
Authentication: The process of proving one's identity. (The
primary forms of host-to-host authentication on the Internet
today are name-based or address-based, both of which are
notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the
message except the intended receiver.
Integrity: Assuring the receiver that the received message has
not been altered in any way from the original.
Non-repudiation: A mechanism to prove that the sender
really sent this message.
Cryptography, then, not only protects data from theft or alteration,
but can also be used for user authentication. There are, in general,
three types of cryptographic schemes typically used to accomplish
these goals: secret key (or symmetric) cryptography, public-key (or
asymmetric) cryptography, and hash functions. In all cases, the initial
unencrypted data is referred to as plaintext. It is encrypted into
cipher text, which will in turn (usually) be decrypted into usable
plaintext.
TYPES OF CRYPTOGRAPHIC ALGORITHMS:
There are several ways of classifying cryptographic algorithms. They
will be categorized based on the number of keys that are employed
for encryption and decryption, and further defined by their
application and use. The three types of algorithms are:
Secret Key Cryptography (SKC): Uses a single key for both
encryption and decryption.
Public Key Cryptography (PKC): Uses one key for encryption
and another for decryption.
Hash Functions: Uses a mathematical transformation to
irreversibly “encryption”.
Secret Key Cryptography:
With secret key cryptography, a single key is used for both
encryption and decryption. The sender uses the key to encrypt the
plaintext and sends the cipher text to the receiver. The receiver
applies the same key to decrypt the message and recover the
plaintext. Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver; that, in fact, is the secret.
The biggest difficulty with this approach is the distribution of the key.
Secret key cryptography schemes are generally categorized as being
either stream ciphers or block ciphers.
Stream ciphers operate on a single bit at a time and implement some
form of feedback mechanism so that the key is constantly changing.
A block cipher is so-called because the scheme encrypts one block of
data at a time using the same key on each block. In general, the
same plaintext block will always encrypt to the same cipher text
when using the same key in a block cipher whereas the same
plaintext will encrypt to different cipher text in a stream cipher.
Stream ciphers come in several flavors but two are worth mentioning
here. Self-synchronizing stream ciphers calculate each bit in the key
stream as a function of the previous n bits in the key stream. It is
termed "self synchronizing" because the decryption process can stay
synchronized with the encryption process merely by knowing how far
into the n-bit key stream it is. One problem is error propagation; a
garbled bit in transmission will result in n garbled bits at the receiving
side. Synchronous stream ciphers generate the key stream is
independent of the message stream but by using the same key
stream generation function at sender and receiver. While stream
ciphers do not propagate transmission errors, they are, by their
nature, periodic so that the key stream will eventually repeat.
ENCRYPTION:
Encryption refers to algorithmic schemes that encode plain text
into non-readable form or cipher text, providing privacy. The
receiver of the encrypted text uses a “key” to decrypt the
message, returning it to its original plain text form. The key is the
trigger mechanism to the algorithm.
Until the advent of the Internet, encryption was rarely used by the
public, but was largely a military tool. Today, with online marketing,
banking, healthcare and other services, even the average
householder is aware of encryption.
Web browsers will encrypt text automatically when connected to a
secure server, evidenced by an address beginning with https. The
server decrypts the text upon its arrival, but as the information
travels between computers, interception of the transmission will
not be fruitful to anyone “listening in.” They would only see
unreadable data. There are many types of encryption and not all of
it is reliable. The same computer power that yields strong
encryption can be used to break weak encryption schemes.
Though browsers automatically encrypt information when
connected to a secure website, many people choose to use
encryption in their email correspondence as well. This can and
decrypts text. In asymmetric encryption schemes, such as RSA and
Diffie-Hellman, the scheme creates a “key pair” for the user: a
public key and a private key. The public key can be published
online for senders to use to encrypt text that will be sent to the
owner of the public key. Once encrypted, the cipher text cannot be
decrypted except by the one who holds the private key of that key
pair. This algorithm is based around the two keys working in
conjunction with each other. Asymmetric encryption is considered
one step more secure than symmetric encryption, because the
decryption key can be kept private.
Strong encryption makes data private, but not necessarily secure.
To be secure, the recipient of the data -- often a server -- must be
positively identified as being the approved party. This is usually
accomplished online using digital signatures or certificates.
As more people realize the open nature of the Internet, email and
instant messaging, encryption will undoubtedly become more
popular. Without encryption, information passed on the Internet is
not only available for virtually anyone to snag and read, but is often
stored for years on servers that can change hands or become
compromised in any number of ways. For all of these reasons
encryption is a goal worth pursuing.
Encryption and Decryption
ENCRYPTION:
Encryption is used in the creation of certificates and digital
signatures, in secure storage of secrets in the keychain, and in secure
transport of information. For the purposes of this book, encryption is
defined as the transformation of data into a form in which it cannot
be made sense of without the use of some key. Such transformed
data is referred to as cipher text. Use of a key to reverse this
process and return the data to its original (or plaintext) form is
called decryption.
Encryption can be anything from a simple process of substituting one
character for another—in which case the key is the substitution rule—
to a complex mathematical algorithm. For purposes of security, the
more difficult it is to decrypt the cipher text, the better. On the other
hand, if the algorithm is too complex, takes too long to do, or
requires keys that are too large to store easily, it becomes
impractical for use in a personal computer. Therefore, some balance
must be reached between strength of the encryption (that is, how
difficult it is for someone to discover the algorithm and the key) and
ease of use.
For practical purposes, the encryption need only be strong enough to
protect the data for the amount of time the data might be useful to a
person with malicious intent. For example, if you need to keep your
bid on a contract secret only until after the contract has been
awarded, an encryption method that can be broken in a few weeks
will suffice. If you are protecting your credit card number, you
probably want an encryption method that cannot be broken for many
years.
There are two main types of encryption in use in computer security,
referred to as symmetric key encryption and asymmetric key
encryption. A closely related process to encryption, in which the data
is transformed using a key and a mathematical algorithm that cannot
be reversed, is called cryptographic hashing.
The remainder of this section discusses encryption keys, key
exchange mechanisms and cryptographic hash functions.
Symmetric Keys:
Symmetric key cryptography is the classic use of keys that are
familiar with: the same key is used to encrypt and decrypt the data.
The classic, and most easily breakable, version of this is the Caesar
cipher, in which each letter in a message is replaced by a letter that
is a fixed number of positions away in the alphabet. In this case, the
key used to encrypt and decrypt the message is simply the number
of positions in the alphabet to shift the letters. Modern symmetric key
algorithms are much more sophisticated and much harder to break.
However, they share the property of using the same key for
encryption and decryption.
There are many different algorithms used for symmetric key
cryptography, offering anything from minimal to nearly unbreakable
security. Some of these algorithms offer strong security, easy
implementation in code, and rapid encryption and decryption. Such
algorithms are very useful for such purposes as encrypting files
stored on a computer to protect them in case an unauthorized
individual uses the computer. They are somewhat less useful for
sending messages from one computer to another, because both ends
of the communication channel must possess the key and must keep it
secure. Distribution and secure storage of such keys can be difficult
and can open security vulnerabilities.
Although secure techniques for exchanging or creating symmetric
keys can overcome this problem to some extent practical solution for
use in computer communications came about with the invention of
practical algorithms for asymmetric key cryptography.
Symmetric-key cryptography:
In symmetric-key cryptography, we encode our plain text by
mangling it with a secret key. Decryption requires knowledge of the
same key, and reverses the mangling.
Cipher text = encrypt (plaintext, key)
Plaintext = decrypt (cipher text, key)
Symmetric key cryptography is useful if you want to encrypt files on
your computer, and you intend to decrypt them yourself. In security,
we assume the encryption algorithms that we have chosen to use are
publicly known; only the key is secret to the participants.
Slogan: "obscurity is no security".
Introduction to Encryption:
Make any enquiry about computer security, and you will almost
immediately fall over the terms cryptography and encryption also
decryption, but what exactly is meant by this? The dictionary defines
cryptography as hidden writing.
But what is it used for?
Cryptography is used whenever someone wants to send a secret
message to someone else, in a situation where anyone might be able
to get hold of the message and read it. It was often used by generals
to send orders to their armies.
How does it work?
One of the best examples of early cryptography is the Caesar cipher.
It works like this. We should then have two lines of letters
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Now write the message. SEND MONEY TONIGHT
That should look like this:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
YZABCDEFGHIJKLMNOPQRSTUVWX
now every time you see a letter of your message in the top line, write
down instead the letter on the bottom line.
SEND MONEY TONIGHT becomes
QCLB KMLCW RMLGEFR
what you have done is performed a cryptographic transformation
your message.
To do it you have used an algorithm and a key, in this case the value
2 because we moved A two places forwards on the bottom line.
All we have to do now is make sure that the person receiving our
message knows the key and the algorithm. As long as they know it’s
the Caesar cipher and the key is 2 they can put their lower line two
places to the right, and by taking each letter of the message and
writing down the letter immediately above it, they can re-create the
original message.
The symmetric cipher:
Until we started using computers, these ciphers, with very much
better algorithms and much more complex keys were the order of the
day. However, the basic approach to this way of creating secret
messages has not really changed.
Taking the example above, the operation is as follows:
- take your message (plaintext)
- take an algorithm (Caesar)
- take a key (a number between 1 and 25)
- transform the message according to the algorithm using the key
Now you have an encrypted message (cipher text). The recipient
then:
- takes the encrypted message (cipher text)
- takes the algorithm (Caesar)
- takes the same key (the same number as chosen above)
- transforms the encrypted message according to the algorithm
using the key.
Now they have the original message back (plaintext). This is called a
symmetric cipher because you use the same algorithm and the same
key to carry out both encryption and decryption.
Strength of encryption:
The quality of the algorithm and key combination were the factors
that made the strength of the system. However, until there was
some automation you could not use really complex methods because
it simply took too long to encrypt and decrypt messages.
The encryption and decryption technique can be used to store
sensitive data in the databases. For example if user passwords are
encrypted and stored in the databases, then it’s highly secured
against unauthorized intrusions. Even though if the system is
compromised, the intruder has to know the original algorithm and the
key to retrieve the data.
NETWORK SECURITY:
Security means to protect the sensitive information while it is in
transaction in the network. If there is no security, then there are
many chances that an unauthorized person can have access over the
network in some way and can access this sensitive information. For
example:
Sys1 Sys2
Third
person
In the above diagram shows that sys1 and sys2 are transmit the data
simultaneously. Here third person will comes into the picture, sys1
transmit the data to the third person correctly and third person will
transmit the data to the sys2 is wrong. So in this sys2 will send the
data to the sys1 is wrong information. In the above diagram there is
no security. In this case we protect the security the data will send to
the systems in correct manner.
Network security is a complicated subject, historically only tackled by
well-trained and experienced experts. However as more and more
people need to understand the basics of security in a networked
world. This document was written with the basic computer user and
information systems manager in mind, explaining the concepts
needed to read through the hype in the marketplace and understand
risks and how to deal with them.
Risk Management: The game of security
It’s very important to understand that in security, one simply cannot
say, “What’s the best firewall?” There are two extremes: absolute
security and absolute access. The closest we can get to an absolutely
secure machine is one unplugged from the network, power supply,
locked in a sage, and thrown at the bottom of the ocean.
Unfortunately, it isn’t terribly useful in this state.
Types and Sources of Network Threats
Background information of networking that we can actually get into
the security aspects of all of this. First of all, we’ll get into the types
of threats there are against networked computers, and then some
things that can be done to protect you against various threats.
Denial-of-Service:
These attacks are probably the nastiest, and most difficult to address.
These are the nastiest, because they’re very easy to launch, difficult
to track, and it isn’t easy to refuse the requests of the attacker,
without also refusing legitimate requests for service.
Unauthorized Access:
It is a very high-level term that can refer to a number of different
sorts of attacks. The goal of these attacks is to access some resource
that your machine should not provide the attacker.
Executing Commands Illicitly:
It’s obviously undesirable for an unknown and untrusted person to be
able to execute commands on your server machines. There are two
main classifications of the security of this problem: normal user
access, and administrator access. A normal user can do a number of
things on a system that an attacker should not be able to do.
Confidentiality Breaches:
In the network threats there are must be know the “confidentiality”
and “authentication”. Confidentiality means sender and intended
receiver should only know the data. This means that the sender and
receiver know what the actual data is, third person will not know
theParticular data. That data will be in secured.
Authentication means that providing a way to authenticate yourself
to a computer system without sending your password “in the clear” is
an important security goal. Passwords send without encryption may
be discoverable by others if sent through or to insecure network
segments or systems.
Encrypt by using receiving public key, sender private key, and
decrypt by using receiving private key, sender public key. Here
encrypt means “confidentiality + authentication” decrypt means
“authentication + confidentiality”.
Before starting every project it’s planning is done. Planning a project
is a very important task and should be taken up with great care as
the efficiency of whole project largely depends upon its planning.
S_DES (Simplified Data Encryption standard):
The S-DES encryption algorithm takes an 8-bit block of plaintext and
a 10-bit key as input and produces an 8-bit block of cipher text as
output. The S-DES decryption algorithm takes an 8-bit block of cipher
text and the same 10-bit key used to produce that cipher text as
input and produces the original 8-bit block of plaintext.
The encryption algorithm involves five functions: an initial
permutation (IP); a complex function labeled fk, which involves both
permutation and substitution operations and depends on a key input;
a simple permutation function that switches (SW) the two halves of
the data; the function fk again; and finally a permutation function
that is the inverse of the initial permutation.
The function fk takes as input not only the data passing through the
encryption algorithm, but also an 8-bit key. The algorithm could have
been designed to work with a 16-bit key, consisting of two 8-bit sub
keys, one used for each occurrence of fk. Alternatively, a single 8-bit
key could have been used, with the same key used twice in the
algorithm. A compromise is to use a 10-bit key from which two 8-bit
sub keys are generated, as depicted in the figure. In this case, the
key is first subjected to a permutation (P10). Then a shift operation is
performed. The output of the shift operation then passes through a
permutation function that produces an 8-bit output (P8) for the first
sub keys (K1). The output of the shift operation also feeds into
another shift and another instance of P8 to produce the second sub
key (K2).
We can concisely express the encryption algorithm as a composition
of functions:
(IP)-1 * fk2 * SW * fk1 * IP
which can also be written as
Cipher text= (IP)-1(fk2 (SW (fk1 (IP (plain text)))))
Where K1=P8 (shift (P10 (key)))
K2 =P8 (shift (shift (P10 (key))))
Decryption is also shown in the figure and is essentially the reverse of
encryption:
Plain text= (IP)-1(fk1 (SW (fk2 (IP (cipher text)))))
S-DES Key Generation:
S-DES depends on the use of a 10-bit key shared between sender and
receiver. From this key, two 8-bit sub keys are produced for use in
particular stages of the encryption and decryption algorithm.
First, permute the key in the following fashion. Let the 10-key be
designated as (k1,k2,k3,k4,k5,k6,k7,k8,k9,k10). Then the
permutation P10is defined as
P10(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10)=(k3,k5,k2,k7,k4,k10,k1,k9,k8,k6
)
P10 can be concisely defined by the following display:
This table is read from left to right; each position in the table gives
the identity of the input bit that produces the produces the output bit
in that position. So the first output bit is bit 3 of the input; the second
output bit is bit 5 of the input, and so on.
Next we apply P8, which picks out and permutes 8 of the 10 bits
according to the following rule:
The result is sub key 1 (K1). We then go back to the pair of 5-bit
strings produced by the two LS-1 function perform a circular left shift
of 2 bit positions on each string.
S-DES Encryption:
Encryption involves the sequential applications of five
functions. We examine each of these.
Initial and Final Permutations:
The input to the algorithm is an 8-bit block of plain text, which we
first permute using the IP function:
IP
2 6 3 1 4 8 5 7
This retains all 8 bits of the plaintext but mixes them up. At the end
of the algorithm, the inverse permutation is used:
It is easy to show by example that
the second permutation is indeed
the reverse of the first; that is,
(IP)-1(IP(X)) =X.
The Function fk:
The most complex company of S-DES is the function fk, which
consists of a combination of permutation and substitution functions.
The functions can be expressed as follows. Let L and R be the
leftmost 4 bits and rightmost 4 bits of the 8-bit input to fk, and let F
be a mapping from 4-bit string to 4-bit string. Then we let
fk (L, R) = (L XOR F(R, SK), R)
where SK is a sub key and XOR is the bit-by-bit exclusive-OR
function.
IP-1
4 1 3 5 7 2 8 6
Expansion/Permutation:
And it uses two so-called s-boxes, S0 and S1. Here is S0
And here is S0:
And here is S1:
The first 4 bits are fed into the S-box S0 to produce a 2-bit output,
and the remaining 4 bits are fed into S1 to produce another 2-bit
output.
E/P
4 1 2 3 2 3 4 1
The S-boxes operates as follows. The first and fourth input bits are
treated as a two bit number that specify a row of the S-box, and the
second and third input bits specify a column of the S-box. The entry
in that row and column, in base 2, is the 2-bit output.
Next, the 4 bits produced by S0 and S1 undergo a further
permutation as Follows:
The output of the P4 is the output of the function F.
The Switch Function:
The function fk only alters the leftmost 4 bits of the input. The switch
function (SW) interchanges the left and right 4 bits so that the second
instance of fk operates on a different 4 bits. In this second instance,
the E/P, S0, S1, and P4 functions are the same. The key input is K2.
S-DES Decryption:
As with any, decryption uses the same algorithm as encryption,
except that the application of the sub keys is reserved.
DATA ENCRYPTION STANDARD
The most widely used encryption scheme is based on Data Encryption
Standard (DES) adapted in 1977 by the National Bureau of Standards,
now National Institute of Standards and Technology (NIST), as Federal
P4
2 4 3 1
Information processing standard 46 (FIPS PUB 46). The algorithm
itself is referred to as the Data Encryption Algorithm (DEA). For DES,
data are encrypted in 64-bit blocks using a 56-bit key. The algorithm
transforms 64-bit input in a series of steps into a 64-bit output. The
same steps, with the same key, are used to reverse the encryption.
The DES enjoys widespread use. It has also been the subject of much
controversy concerning how secure the DES is.
In the late 1960’s, IBM setup a research project in computer
cryptography led by Horst Feistel. The project concluded in 1971 with
the development of algorithm with the designation LUCIFER, which
was sold to Lloyd’s of London for use in a cash-dispensing system,
also developed by IBM. LUCIFER is a Feistel block cipher that operates
on blocks of 64 bits, using a key size of 128 bits.
In 1973, the National Bureau of Standards (NBS) issued a request for
proposals for a national cipher standard. IBM submitted the results of
its Tuchman-Meyer project. This was by far the best algorithm
proposed and was adopted in 1977 as the Data Encryption Standard.
Before its adoption as a standard, the proposed DES was subjected to
intense criticism, which has not subsided to this day. Two areas drew
the critics’ fire. First, the key length in IBM’s original LUCIFER
algorithm was 128 bits, but that of the proposed system was only 56
bits, an enormous reduction in key size of 72 bits. Critics feared that
this key length was too short to withstand Brute Force attacks. The
second area of concern was that the design criteria for the internal
structure of DES, the S-boxes, were classified. Thus users could not
be sure that the internal structure of DES was free of any hidden
weak points that would enable NSA decipher messages without
benefit of the key. Subsequent events, particularly the recent work
on differential cryptanalysis, seem to indicate that DES has a very
strong internal structure. Furthermore, according to IBM participants,
the only changes that were made to the proposal were changes to
the S-boxes, suggested by NSA that removed vulnerabilities identified
the course of the evaluation process.
DES ENCRYPTION
The overall scheme for DES encryption is illustrated in Figure below.
As with any encryption scheme, there are two inputs to the
encryption function: the plain text to be encrypted and the key. In
this case, the plain text must be 64 bits in length and the key is 56
bits in length.
Looking at the left hand side of the figure, we can see the processing
of the plain text proceeds in three phases. First, the 64-bit plain text
passes through an initial permutation (IP) that rearranges the bits to
produce the permuted input. This is followed by a phase consisting of
16 rounds of the same function, which involves both permutation and
substitution functions. The output of the last (sixteen) round consists
of 64 bits that are a function of the input plain text and the key. The
left and right halves of the output are swapped to produce the pre-
output. Finally, the pre-output is passed through a permutation (IP-1)
that is the inverse of the initial permutation function, to produce the
64-bit cipher text. With the exception of the initial and final
permutations, DES has the exact structure of Feistel cipher, as shown
in the figure.
The right-hand portion of fig above shows the way in which the 56-bit
key is used. Initially, the key is passed through a permutation
function. Then, for each of the 16 rounds, a sub key (K i) is produced
by the combination of a left circular shift and a permutation. The
permutation function is the same for each round, but a different sub
key is produced because of the repeated iteration of the key bit.
Initial Permutation:
Tables as shown in tables below define the initial permutation and its
inverse. The tables are to be interpreted as follows. The input to a
table consists of 64 bits numbered from 1 to 64. The 64 entries in the
permutation table contain a permutation of the numbers from 1 to
64. Each entry in the permutation table indicates the position of a
numbered input bit in the output, which also consists of 64 bits.
To see that these two permutation functions are needed in the
inverse of each other, consider the following 64-bit input M:
M1 M2 M3 M4 M5 M6 M7 M8
M9 M10 M11 M12 M13 M14 M15 M16
M17 M18 M19 M20 M21 M22 M23 M24
M25 M26 M27 M28 M29 M30 M31 M32
M33 M34 M35 M36 M37 M38 M39 M40
M41 M42 M43 M44 M45 M46 M47 M48
M49 M50 M51 M52 M53 M54 M55 M56
M57 M58 M59 M60 M61 M62 M63 M64
Where Mi is a binary digit. Then the permutation X = IP (M) is as
follows:
M58 M50 M42 M34 M26 M18 M10 M2
M60 M52 M44 M36 M28 M20 M12 M4
M62 M54 M46 M38 M30 M22 M14 M6
M64 M56 M48 M40 M32 M24 M16 M8
M57 M49 M41 M33 M25 M17 M9 M1
M59 M51 M43 M35 M27 M19 M11 M3
M61 M53 M45 M37 M29 M21 M13 M5
M63 M55 M47 M39 M31 M23 M15 M7
If we then take the inverse permutation Y= IP-1 (IP (M)), it can be seen
that the original ordering of the bits is restored.
Details of Single Round:
Figure: show the internal structure of a single round. Again, begin by
focusing on the left hand side of the diagram. A left and right half of
each 64-bit intermediate value is treated as separate 32-bit
quantities, labeled L (left) and R (right). The overall processing at
each round can be summarized in the following formulas:
Li = Ri-1
Ri = Li-1 XOR F (Ri-1, Ki)
The round key Ki is 48 bits. The R input is 32 bits. This R input is first
expanded to 48 bits by using a table that defines a permutation plus
an expansion that involves duplication of 16 of the R bits. Resulting
48 bits are XOR ed with Ki. This 48-bit result passes through a
substitution function that produces a 32-bit output, which is
permuted as defined by table.
Table: Permutation Table for DES
(a)Initial Permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
(b) Inverse Initial Permutation (IP-1)
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
(c) Expansion Permutation (E)
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
(d) Permutation function (P)
16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25
The role of the S-boxes in the function F is illustrated in Figure. The
substitution consists of a set of eight S-boxes each of which accepts 6
bits as input and produces 4 bits as output. The first and last bits of
the input to box Si form a 2-bit binary number to select one of four
substitutions defined by the four rows in the table for S i. The middle
four bits select one of the sixteen columns. The decimal value in the
cell selected by the row and column is then converted to its 4-bit
representation to produce the output.
Each row of an S-box defines a general reversible substitution. Figure
may be useful in understanding the mapping. The figure shows the
substitution for row 0 of box S1.
The operation of the S-boxes is worth further comment. Ignore for the
moment the contribution of the key (Ki). If you examine the
expansion table, you see that the 32 bits of input are split into groups
of 4 bits, and then become groups of 6 bits by taking the outer bits
R (32) )bit
s)
E
48 Bits
+
K (48) )b
its)
S1
S8
S2
SS4
S5
S6
S7
P
32 Bits
Calculation of F(R, K)
from the two adjacent groups. For example, if part of the input word
is
….efgh ijkl mnop…
this becomes
…defrghi hijklm imnopq…
The outer two bits of each group select one of four possible
substitutions. Then a 4-bit output value is substituted for the
particular 4-bit input. The 32-bit output from the eight S-boxes is then
permuted, so that on the next round the output from each B-box
immediately affects as many others as possible.
KEY GENERATION:
Returning to fig, we see that a 64-bit key used as input to the
algorithm. The bits of the key are numbered from 1 through 64; every
eight bit is ignored, as indicated by the lack of shading in table. This
is first subjected to a permutation governed by table labeled
Permuted Choice One. The resulting 56-bit key is then treated as two
28-bit quantities, labeled C0 and D0. At each round, Ci-1 and Di-1 are
separately separated to a circular shift, or rotation of 1 or 2 bits, as
governed by Table. These shifted values serve as input to the next
round. They also serve as input to Permuted Choice Two, which
produces a 48-bit output that serves as input to the function F (R i-1,
Ki).
DES DECRYPTION
As with any decryption uses the same algorithm as encryption,
except that the application of the sub keys is reserved.
Table Definition of DES S-Boxes
1
4
4 1
3
1 2 1
5
1
1
8 3 1
0
6 1
2
5 9 0 7
0 1
5
7 4 1
4
2 1
3
1 1
0
6 1
2
1
1
9 5 3 8
4 1 1
4
8 1
3
6 2 1
1
1
5
1
2
9 7 3 1
0
5 0
1
5
1
2
8 2 4 9 1 7 5 1
1
3 1
4
1
0
0 6 1
3
1
5
8 1 1
4
6 1
1
3 4 9 7 2 1
3
1
2
0 5 1
0
3 1
3
4 7 1
5
2 8 1
4
1
2
0 1 1
0
6 9 1
1
5
0 1
4
7 1
1
1
0
4 1
3
1 5 8 1
2
6 9 3 2 1
5
1
3
8 1
0
1 3 1
5
4 2 1
1
6 7 1
2
0 5 1
4
9
1
0
0 9 1
4
6 3 1
5
5 1 1
3
1
2
7 1
1
4 2 8
1
3
7 0 9 3 4 6 1
0
2 8 5 1
4
1
2
1
1
1
5
1
1
3
6 4 9 8 1
5
3 0 1
1
1 2 1
2
5 1
0
1
4
7
1 1
0
1
3
0 6 9 8 7 4 1
5
1
4
3 1
1
5 2 1
2
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
S2
S3
S1
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
21
2
4 1 7 1
0
1
1
6 8 5 3 1
5
1
3
0 1
4
9
1
4
1
1
2 1
2
4 7 1
3
1 5 0 1
5
1
0
3 9 8 6
4 2 1 1
1
1
0
1
3
7 8 1
5
9 1
2
5 6 3 0 1
4
1
1
8 1
2
7 1 1
4
2 1
3
6 1
5
0 9 1
0
4 5 3
1
2
1 1
0
1
5
9 2 6 8 0 1
3
3 4 1
4
7 5 1
1
1
0
1
5
4 2 7 1
2
9 5 6 1 1
3
1
4
0 1
1
3 8
9 1
4
1
5
5 2 8 1
2
3 7 0 4 1
0
1 1
3
1
1
6
4 3 2 1
2
9 5 1
5
1
0
1
1
1
4
1 7 6 0 8 1
3
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
1
3
2 8 4 6 1
5
1
1
1 1
0
9 3 1
4
5 0 1
2
7
S4
S5
S6
S7
1 1
5
1
3
8 1
0
3 7 4 1
2
5 6 1
1
0 1
4
9 2
7 1
1
4 1 9 1
2
1
4
2 0 6 1
0
1
3
1
5
3 5 8
2 1 1
4
7 4 1
0
8 1
3
1
5
1
2
9 0 3 5 6 1
1
(a) Input Key
(b) Permuted Choice One (PC-1)
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 16 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
(c) Permuted Choice Two (PC-2)
S8
14 7 11 24 1 5 3 28
15 6 21 10 23 19 12 4
26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40
51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32
(d) Schedule of Left Shifts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
INTRODUCTION ABOUT THE PROJECT
The project “DATA ENCRYPTION AND DECRYPTION” is totally
enhanced with the features that enable us to feel the real-time
environment. As the today’s world is mostly employing the latest
networking techniques instead of using stand-alone PC’s. As every
product possessing advantages might also have some disadvantages.
The advantages with the networking are that a company can share
files or data without need to use some external devices to carry the
data. Similarly, a company can share the single costly printer. Likely,
the disadvantages are also numerous. Somebody writes a program
and can make the costly printer to misprint the data. Similarly, some
unauthorized user may get access over the network and may perform
any illegal functions like deleting some of the sensitive information
like employee salary details, while they are in transaction. Our project
has some of the features described as follows:
Firstly, the project makes use of the secured networking concepts
that will make the sensitive information to be encrypted (converted)
in such a manner that will not be understood by the unauthorized
user who gains access over this information. To read the information
one must decrypt the encrypted information in a pre-specified
manner. Only sender and receiver both can have the systematic way
of access to the information.
Secondly, many of the today’s software are being pirated from the
original one. This must be prevented which is also the one of the
main intention of the project. Otherwise some other might pirate the
important software developed by you. A unique identification number
namely the “MAC Address” is used to protect the software from
piracy.
SECURITY:
“Security” is the term that comes into picture when some important
or sensitive information must be protected from an unauthorized
access. Today, the maximum of the world’s population is using
computers to access their required information in some form of the
networked systems. Some are accessing through the world’s famous
Internet and some through the different networks like LAN, WAN etc.
At the same time, there are some unauthorized persons, whom we
call “hackers”, who will just make some miscellaneous things in the
information. Neither the sender nor the receiver is aware of the
hacker and both thinks that the flow is going in the normal way
without any disturbance. Hence there must be some way to protect
the data from them and even if he hacks the information, he should
not be able to understand what’s the actual information in the file,
which is the main intention of the project.
The requirements of “information security” within an organization
have undergone two major changes in the last several decades.
Before the widespread use of data processing equipment, the
security of information felt to be valuable to an organization lock for
storing sensitive documents. An example of the latter is personnel
screening procedures used during the hiring process.
The first and foremost, security for this sensitive information
especially the case for a shared system, such as time-sharing system,
is even more accurate for systems that can be accessed over a public
telephone network, data network, or the Internet. To protect data and
to thwart hackers is known as “computer security”.
Secondly, the change that affected security is the introduction of
distributed systems and the use of networks and communication
facilities for carrying data between terminal user and computer and
between computer and computer. “Network security” measures
are needed to protect data during their transmission.
Before we proceed, there are some considerations how Information
can be threatened to access from an unauthorized person, what we
call as “Security Threats”. Some of them are shown as under:
Information Source
Information Destination
(a) Normal flow
(b) Interruption
(c) Interception
(d) Modification
The figure (a) shown is the normal flow of the information describing
how the actual data is sent from sender to receiver. The following
respective figures are described as below:
Interruption: This is the type of security threat in which the
sender thinks that he has successfully sent his file to the
receiver. The receiver is unaware of the information and he
might think that the sender has not yet sent the file.
Interception: In this, an unauthorized party gains access to
an asset. This is an attack on confidentiality. The unauthorized
party could be a person, a program, or a computer. Examples
include wiretapping to capture data in a network and the illicit
copying of files or programs.
Modification: In this, an unauthorized party not only gains
access to but tampers with an asset. This is an attack on
integrity. Examples include changing values in a data file,
altering a program so that it performs differently, and
modifying the content of messages being transmitted in a
network.
(e) Fabrication
Fabrication: An unauthorized party inserts counterfeit objects
into the system. This is an attack on authenticity. Examples
include the insertion of spurious messages in a network or the
addition of records to a file.
The assets mentioned above may be one of the following:
Hardware
Software
Data and
Communication lines and Networks
Note: - Our project is limited to the assets - Software and Data. We
are not at all concerned with Hardware and Communication lines and
Networks.
A MODEL FOR NETWORK SECURITY
A model for much of what we will be discussing is captured, in very
general terms, in figure. A message is to be transferred from one
party to another across some sort of Internet. The two parties, who
are the principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is established
by defining a route through the Internet from source to destination
and by the cooperative use of communication protocols by the two
principals.
Security aspects come into play when it is necessary or desirable to
protect the information transmission from an opponent who may
present a threat to confidentiality, authenticity, and so on. All the
techniques for providing security have two components:
A security-related transformation on the information to be sent.
Examples include the encryption of the message, which
scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of
the message, which can be used to verify the identity of the
sender.
Some secret information shared by the two principals and, it is
hoped, unknown to the opponent. An example is an encryption
key used in conjunction with the transformation to scramble the
message before transmission and unscramble it on reception.
A trusted third party may be needed to achieve secure transmission
and is responsible for distributing the secret information to the two
principals while keeping it from any opponent. Or a third party may
be needed to arbitrate disputes between the two principals
concerning the authenticity of a message transmission.
This general model shows that there are four basics tasks in
designing a particular security service:
Design an algorithm for performing the security-related
transformation. The algorithm should be such that an opponent
cannot defeat its purpose.
Generate the secret information to be used with the algorithm
Develop methods for the distribution and sharing of the secret
information.
Specify a protocol to be used by the two principals that makes use of
the security algorithm and the secret information to achieve a
particular security service.
EXISTING SYSTEM:
In the physical system the network helps a particular organization to
share the data by using external devices. The external devices are
used to carry data. The existing system cannot provide security,
which allows an unauthorized user to access the secret files. It also
cannot share a single costly printer. Many interrupts may occur with
in the system.
PRORPOSED SYSTEM:
In this system ‘security’ is the term that comes into picture when
some important or sensitive information must be protected from an
unauthorized access. Hence there must be some way to protect the
data from them and even if he hacks the information, he should not
be able to understand what’s the actual information in the file, which
is the main intension of the project.
3. DESIGN PRINCIPLES & EXPLANATION
3.1. MODULES
The system can be divided into 3 modules:
1. Login
2. Send File
3. View File
3.2. MODULE DESCRIPTIOIN
Login:
In this module the user is requested to enter the user name and
password, if he is a valid user, he enters the home page. The user ID
given is checked with the database table. The user has two options in
the home page to view a file and to send a file to other user.
Send File:
This module details with sending a file by attaching it to a message to
the other user specified. Before attaching a file, the specified file will
be encrypted by using a randomly generated key. We can send
maximum of only 3 files with a message. The major disadvantage of
the module is that it will encrypt only the plain text format files.
View File:
In this module the user is enabled to view the file that has been send
to him by other users. When the user selects a file from all the list of
files, the file is decrypted by using the same key, used while
encrypting. The decrypted file can be saved as an external file into
the secondary storage.
4. PROJECT DICTIONARY
4.1. DATAFLOW DIAGRAMS
A data flow diagram is graphical tool used to describe and analyze
movement of data through a system. These are the central tool and
the basis from which the other components are developed. The
transformation of data from input to output, through processed, may
be described logically and independently of physical components
associated with the system. These are known as the logical data flow
diagrams. The physical data flow diagrams show the actual
implements and movement of data between people, departments
and workstations. A full description of a system actually consists of a
set of data flow diagrams. Using two familiar notations Yourdon,
Gane and Sarson notation develops the data flow diagrams. Each
component in a DFD is labeled with a descriptive name. Process is
further identified with a number that will be used for identification
purpose. The development of DFD’s is done in several levels. Each
process in lower level diagrams can be broken down into a more
detailed DFD in the next level. The lop-level diagram is often called
context diagram. It consists a single process bit, which plays vital role
in studying the current system. The process in the context level
diagram is exploded into other process at the first level DFD.
The idea behind the explosion of a process into more process is that
understanding at one level of detail is exploded into greater detail at
the next level. This is done until further explosion is necessary and
an adequate amount of detail is described for analyst to understand
the process.
Larry Constantine first developed the DFD as a way of expressing
system requirements in a graphical from, this lead to the modular
design
.
A DFD is also known as a “bubble Chart” has the purpose of clarifying
system requirements and identifying major transformations that will
become programs in system design. So it is the starting point of the
design to the lowest level of detail. A DFD consists of a series of
bubbles joined by data flows in the system.
TYPES OF DATA FLOW DIAGRAMS
Current Physical
Current Logical
New Logical
New Physical
CURRENT PHYSICAL:
In Current Physical DFD process label include the name of people or
their positions or the names of computer systems that might provide
some of the overall system-processing label includes an identification
of the technology used to process the data. Similarly data flows and
data stores are often labels with the names of the actual physical
media on which data are stored such as file folders, computer files,
business forms or computer tapes.
CURRENT LOGICAL:
The physical aspects at the system are removed as mush as possible
so that the current system is reduced to its essence to the data and
the processors that transforms them regardless of actual physical
form.
NEW LOGICAL:
This is exactly like a current logical model if the user were completely
happy with he user were completely happy with the functionality of
the current system but had problems with how it was implemented
typically through the new logical model will differ from current logical
model while having additional functions, absolute function removal
and inefficient flows recognized.
NEW PHYSICAL:
The new physical represents only the physical implementation of the
new system.
SAILENT FEATURES OF DFD’s
The DFD shows flow of data, not of control loops and decision
are controlled considerations do not appear on a DFD.
The DFD does not indicate the time factor involved in any
process whether the dataflow take place daily, weekly, monthly
or yearly.
The sequence of events is not brought out on the DFD.
1) Login DFD:
2) View Files DFD:
3) Send File DFD:
4) Decrypt DFD:
5. FORMS & REPORTS
5.1. I/O SAMPLES
6. BIBILIOGRAPHY
1. CRYPTOGRAPHY AND NETWORK SECURITY
- William Stallins
2. SOFTWARE ENGINEERING
- Roger Pressman
3. MICROSOFT VB.NET 2003
- (PRESS)
4. ASP.NET 1.1 PROFESSIONAL
- (WROX PUBLICATIONS)
WEBSITES:
1. www.msdn.microsoft.com
2. www.4guysrolla.com
3. www.asp11.com
4. www.dotnetspider.com
![Vol. 3, Issue 12, December 2014 Analysis of Network Data ... · Decryption Techniques in Communication Systems ... Block diagram of data Encryption and Decryption [2] ... Algorithm](https://static.documents.pub/doc/80x56/5b7b0be27f8b9a4c4a8bd31e/vol-3-issue-12-december-2014-analysis-of-network-data-decryption-techniques.jpg)
