Assignment
Siddhi Saxena
Btech IT
A7605319004
1.
Transport mode Tunnel mode
Here end hosts do IPsec encapsulation of their IPsec gateways provide service to other hosts
own data; hence IPsec needs to implemented in peer-to-peer tunnels; hence the end-hosts
on each end-hosts don’t need IPsec.
Lower overhead than tunnel mode More overhead required
No edits on IP header The entire packet is hashed or encrypted; IP
header is applied to the packet during transit.
Used in securing communication from one Used to tunnel traffic from one site to another
device to another.
It is good for ESP host-to-host traffic It is good for VPNs, gateway-to-gateway
security.
Provides protection primarily to upper layer Provides protection to entire IP packet
protocols
AH in transport mode authenticates the IP AH in tunnel mode authenticates the entire
payload and selected portions of IP header. inner IP packet and selected portions of the
outer IP header.
ESP in transport mode encrypts and optionally ESP in tunnel mode encrypts and optionally
authenticates the IP payload but not the IP authenticates the entire inner IP packet,
header. including the inner IP header.
2.
There are five types of operations in block cipher modes, ECB (Electronic Code Block) mode,
CBC (Cipher Block Chaining) mode, CFB (Cipher Feedback) mode, OFB (Output Feedback) mode
and CTR ( Counter) mode.
1. ECB mode
ECB mode stands for Electronic Code Block Mode. It is one of the simplest modes of
operation. In this mode, the plain text is divided into a block where each block is 64 bits.
Then each block is encrypted separately. The same key is used for the encryption of all
blocks. Each block is encrypted using the key and makes the block of ciphertext.
At the receiver side, the data is divided into a block, each of 64 bits. The same key which
is used for encryption is used for decryption. It takes the 64-bit ciphertext and, by using
the key convert the ciphertext into plain text.
As the same key is used for all blocks’ encryption, if the block of plain text is repeated in
the original message, then the ciphertext’s corresponding block will also repeat. As the
same key used for tor all block, to avoid the repetition of block ECB mode is used for an
only small message where the repetition of the plain text block is less.
�2. CBC Mode
CBC Mode stands for Cipher block Mode at the sender side; the plain text is divided into
blocks. In this mode, IV(Initialization Vector) is used, which can be a random block of
text. IV is used to make the ciphertext of each block unique.
The first block of plain text and IV is combined using the XOR operation and then
encrypted the resultant message using the key and form the first block of ciphertext.
The first block of ciphertext is used as IV for the second block of plain text. The same
procedure will be followed for all blocks of plain text.
At the receiver side, the ciphertext is divided into blocks. The first block ciphertext is
decrypted using the same key, which is used for encryption. The decrypted result will be
XOR with the IV and form the first block of plain text. The second block of ciphertext is
also decrypted using the same key, and the result of the decryption will be XOR with the
first block of ciphertext and form the second block of plain text. The same procedure is
used for all the blocks.
CBC Mode ensures that if the block of plain text is repeated in the original message, it
will produce a different ciphertext for corresponding blocks.
Note that the key which is used in CBC mode is the same; only the IV is different, which
is initialized at a starting point.
�3. CFB Mode
CFB mode stands for Cipher Feedback Mode. In this mode, the data is encrypted in the
form of units where each unit is of 8 bits.
Like cipher block chaining mode, IV is initialized. The IV is kept in the shift register. It is
encrypted using the key and form the ciphertext.
Now the leftmost j bits of the encrypted IV is XOR with the plain text’s first j bits. This
process will form the first part of the ciphertext, and this ciphertext will be transmitted
to the receiver.
Now the bits of IV is shifted left by j bit. Therefore the rightmost j position of the shift
register now has unpredictable data. These rightmost j positions are now filed with the
ciphertext. The process will be repeated for all plain text units.
�4. OFB mode
OFB Mode stands for output feedback Mode. OFB mode is similar to CDB mode; the
only difference is in CFB, the ciphertext is used for the next stage of the encryption
process, whereas in OFB, the output of the IV encryption is used for the next stage of
the encryption process.
The IV is encrypted using the key and form encrypted IV. Plain text and leftmost 8 bits
of encrypted IV are combined using XOR and produce the ciphertext.
For the next stage, the ciphertext, which is the form in the previous stage, is used as an
IV for the next iteration. The same procedure is followed for all blocks.
5. CTR Mode
� CTR Mode stands for counter mode. As the name is counter, it uses the sequence of
numbers as an input for the algorithm. When the block is encrypted, to fill the next
register next counter value is used.
Note: the counter value will be incremented by 1.
For encryption, the first counter is encrypted using a key, and then the plain text is XOR
with the encrypted result to form the ciphertext.
The counter will be incremented by 1 for the next stage, and the same procedure will be
followed for all blocks. For decryption, the same sequence will be used. Here to convert
ciphertext into plain text, each ciphertext is XOR with the encrypted counter. For the
next stage, the counter will be incremented by the same will be repeated for all
Ciphertext blocks.
3 Feistel Cipher is not a specific scheme of block cipher. It is a design model from which
many different block ciphers are derived. DES is just one example of a Feistel Cipher. A
cryptographic system based on Feistel cipher structure uses the same algorithm for both
encryption and decryption. The number of rounds used in a Feistel Cipher depends on
desired security from the system. More number of rounds provide more secure system. But
at the same time, more rounds mean the inefficient slow encryption and decryption
processes. Number of rounds in the systems thus depend upon efficiency–security tradeoff.
[Link] algorithm involves the process of dividing numbers and calculating the
remainders.
'a' and 'b' are the two natural numbers, 'a' >= 'b'.
Divide 'a' by 'b' and get the remainder of the operation, 'r'.
�If 'r' = 0, STOP. 'b' = the gcf (hcf, gcd) of 'a' and 'b'.
Else: Replace ('a' by 'b') and ('b' by 'r'). Return to the step above.
Step 1. Divide the larger number by the smaller one:
105 ÷ 80 = 1 + 25
Step 2. Divide the smaller number by the above operation's remainder:
80 ÷ 25 = 3 + 5
Step 3. Divide the remainder of the step 1 by the remainder of the step 2:
25 ÷ 5 = 5 + 0
At this step, the remainder is zero, so we stop:
5 is the number we were looking for - the last non-zero remainder.
This is the greatest (highest) common factor (divisor).
The greatest (highest) common factor (divisor):
gcf, hcf, gcd (105; 80) = 5
