AES Encryption

Hello there,

I wanted to talk today about AES encryption.  I have been recently challenged to use it to secure a set of data that's dynamically generated on device. Thought it's not easy to get it in place, we managed to implement the basic algorithm/use it to encode our sensitive data. 

I selected from many sources in the web some info that I wanted to share them with you. 

• What's AES?

AES is short for Advanced Encryption Standard.

AES is a symmetric encryption algorithm processing data in block of 128 bits. A bit can take the values zero and one, in effect a binary digit with two possible values as opposed to decimal digits, which can take one of 10 values. 
Under the influence of a key, a 128-bit block is encrypted by transforming it in a unique way into a new block of the same size. 
AES is symmetric since the same key is used for encryption and the reverse transformation, decryption. The only secret necessary to keep for security is the key. 
AES may configured to use different key-lengths, the standard defines 3 lengths and the resulting algorithms are named AES-128, AES-192 and AES-256 respectively to indicate the length in bits of the key. 
Each additional bit in the key effectively doubles the strength of the algorithm, when defined as the time necessary for an attacker to stage a brute force attack, i.e. an exhaustive search of all possible key combinations in order to find the right one.

• Features

- AES is a block cipher with a block length of 128 bits.

- AES allows for three different key lengths: 128, 192, or 256 bits.

- Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys.

- Except for the last round in each case, all other rounds are identical.

- Each round of processing includes one single-byte based substitution step, a row-wise permutation step, a column-wise mixing

step, and the addition of the round key. The order in which these four steps are executed is different for encryption and decryption.

- To appreciate the processing steps used in a single round, it is best to think of a 128-bit block as consisting of a 4 × 4 matrix of bytes, arranged as follows:

 byte0 byte4 byte8 byte12

   byte1 byte5 byte9 byte13

      byte2 byte6 byte10 byte14

      byte3 byte7 byte11 byte15

- Therefore, the first four bytes of a 128-bit input block occupy the first column in the 4 × 4 matrix of bytes. The next four bytes occupy the second column, and so on.

- The 4 × 4 matrix of bytes is referred to as the state array.

-  AES also has the notion of a word. A word consists of four bytes, that is 32 bits. Therefore, each column of the state array is a word, as is each row.

-  Each round of processing works on the input state array and produces an output state array.

-  The output state array produced by the last round is rearranged into a 128-bit output block.

• Example

Lets assume the inputs for the encryption are: 

* 16-bit Plaintext, P: 1101 0111 0010 1000 
* 16-bit Key, K: 0100 1010 1111 0101

Step 1: Key Generation

The first step is to generate the sub-keys. This is called Key Generation or Key Expansion:The input key, K, is split into 2 words, w0 and w1:
w0 = 0100 1010
w1 = 1111 0101

The first sub-key, Key0, is in fact just the input key: Key0 = w0w1 = K 

The other sub-keys are generated as follows:
 w2 = w0 XOR 10000000 XOR SubNib(RotNib(w1))
(Note: RotNib() is “rotate the nibbles”, which is equivalent to swapping the nibbles)
= 0100 1010 XOR 10000000 XOR SubNib(0101 1111) 

(Note: SubNib() is “apply S-Box substitution on nibbles using encryption S-Box”)
= 1100 1010 XOR SubNib(0101 1111) = 1100 1010 XOR 0001 0111 = 1101 1101
w3 = w2 XOR w1 = 1101 1101 XOR 1111 0101
= 0010 1000

w4 = w2 XOR 0011 0000 XOR SubNib(RotNib(w3)) = 1101 1101 XOR 0011 0000 XOR SubNib(1000 0010) = 1110 1101 XOR 0110 1010 = 1000 0111
w5 = w4 XOR w3 = 1000 0111 XOR 0010 1000
= 1010 1111

Now the sub-keys are:
Key0 = w0w1 = 0100 1010 1111 0101
Key1 = w2w3 = 1101 1101 0010 1000
Key2 = w4w5 = 1000 0111 1010 1111

Step 2: Encryption

Now let’s do the encryption. There is an initial operation (Add Round Key), followed by the main Round, followed by the final Round. 

(Note, the main difference in the real DES is that the main Round is repeated many times).

Remember, the output of each operation is used as the input to the next operation, always operating on 16-bits. 

The 16-bits can be viewed as a state matrix of nibbles.

Step 2.1:

Add Round 0 Key

Plaintext XOR Key1 =    1101 0111 0010 1000 XOR 0100 1010 1111 0101 =   1001 1101 1101 1101

Step 2.2: Round 1

Nibble Substitution (S-boxes): Each nibble in the input is used in the Encryption S-Box to generate an output nibble.

Input    =  1001 1101 1101 1101 

Output =  0010 1110 1110 1110

Shift Row: Swap 2nd nibble and 4th nibble (note, in this example, its not so easy to see since 2nd and 4th nibbles are the same!)

= 0010 1110 1110 1110

Mix Columns: Apply the matrix multiplication with the constant matrix, M, the addition operation is simply an XOR, and for the multiplication operation you can use a lookup table. 

Me = 

        1 4

        4 1

S= 0010 1110

        1110 1110

   =    S00’     S01’ 

         S10’     S11’

Output = 1111 0110 0011 0011

Add Round 1 Key

= 1111 0110 0011 0011 XOR 1101 1101 0010 1000

= 0010 1011 0001 1011

Step 2.3 FinalRound

Nibble Substitution (S-boxes) = 1010 0011 0100 0011

Shift Row (2nd and 4th) = 1010 0011 0100 0011

Add Round 2 Key:

 1010 0011 0100 0011 XOR

1000 0111 1010 1111 = 0010 0100 1110 1100

Now we have the final ciphertext. Ciphertext = 0010 0100 1110 1100

• Available implementations 

There are many implementations of AES encryptions available out there, e.g.:

- OpenSSL 

- Microsoft CryptoAPI

- Java Cryptography AES extension

and others. 

• Conclusion 

There is currently no evidence that AES has any weaknesses making any attack other than exhaustive search, i.e. brute force, possible. 

Even AES-128 offers a sufficiently large number of possible keys, making an exhaustive search impractical for many decades, provided no technological breakthrough causes the computational power available to increase dramatically and that theoretical research does not find a short cut to bypass the need for exhaustive search.

Hope you enjoy the Post 

Regards

Anis

What's VSAT ?

Hi folks,
I have  been a bit silent for a couple of weeks, because of business reason. But I'm back again and I was reading a bit about VSAT and the future of Hight Speed data delivery over the Globe, and I wanted to share a couple of my findings. Here you go :

What is a VSAT system?

       The use of VSAT systems is growing throughout the world as a way of establishing private satellite communications networks for large organizations that have several widely dispersed locations, or providing higher bandwidth for the individual. Depending on bandwidth requirement (data speed and/or communications channels), VSAT systems can be relatively small (1 - 2 meter antenna) and easily installed. By linking VSAT terminals to larger hub stations (or land earth stations), a network can be established inexpensively, although in this type of configuration, VSATs can communicate only via the hub and not from remote terminal to remote terminal. This configuration is called STAR configuration. VSAT networks can readily be configured so that the hub can broadcast data to all the VSAT terminals at higher rates than they can communicate to the hub.

How does a VSAT work?

A VSAT network has three components:

• A central hub (also called a master earth station)
• The satellite
• A virtually unlimited number of VSAT earth stations in various locations - across a country or continent

Content originates at the hub, which features a very large -15 to 36-foot (4,5 -11m)- antenna. The hub controls the network through a network management system (NMS) server, which allows a network operator to monitor and control all components of the network. The NMS operator can view, modify and download individual configuration information to the individual VSATs.

Outbound information (from the hub to the VSATs) is sent up to the communications satellite's transponder, which receives it, amplifies it and beams it back to earth for reception by the remote VSATs. The VSATs at the remote locations send information inbound (from the VSATs to the hub) via the same satellite transponder to the hub station.

This arrangement, where all network communication passes through the network's hub processor, is called a "star" configuration, with the hub station at the center of the star. One major advantage of this configuration is that there is virtually no limit on the number of remote VSATs that can be connected the hub. "Mesh" configurations also allow for direct communication between VSATs.

For satellites to gain a foothold in the delivery of advanced broadband services, seamless inter-connectivity with terrestrial networks is imperative. For best results, the network should be designed to exploit the unique virtue of satellite in geostationary orbit, namely that it can be a shared resource available, as needed, to many users spread over a very large proportion of the Earth's surface. This is the concept of bandwidth-on-demand. In an ideal network, each terminal communicates with all others (full-mesh connectivity), but utilizes satellite capacity only on an as-needed basis. Such an architecture can be implemented if the terminals operate in a Time Division Multiple Access (TDMA) mode (transmit in bursts) and are capable of doing this at a variety of different frequencies (FDMA and TDMA).

The DAMA System (Demand Assigned Multiple Access)

A DAMA system is typically a mesh network that allows direct connection between any two nodes in the network, sharing the bandwidth of a satellite transponder space which can be allocated to each remote terminal as required. DAMA supports full mesh, point-to-point or point-to-multipoint communications - any user can connect directly to any other user anywhere within the network - and the most superior systems achieve this with TDMA. The result is economical and flexible bandwidth sharing with any mix of voice, fax, video and data traffic. The key point is that DAMA optimises the use of satellite capacity by allocating satellite resources to each active node upon demand. By using a DAMA system, satellite resources can support a very much larger number of users than a Single Channel Per Carrier (SCPC) system.

Advantages of VSAT technology

As companies compete for an increasingly savvy customer looking for value (quality and service), information technology and communications networks are becoming tools to achieve business goals. Today's networks must support the need to improve customer service, increase per site revenues and reduce costs (all driving net income growth) - in the most cost-effective manner possible. Further, network managers want virtual 100% availability. They need to easily expand the network when they acquire, move or add new sites to the operations. In addition, they require network flexibility - ease of migration from existing legacy systems as well as addition of new network applications as their companies offer additional services to its customers

Businesses and organizations give many reasons for using VSAT networks over terrestrial alternatives. Among them are:

• Cost-effective
• Flexibility
• Accessibility
• Availability
• Reliability
• Versatility
• Transmission quality
• High network performance
• Fast transmissions
• Control
• Ability to handle large amounts of data
• Single vendor solution for both equipment and bandwidth
• Broadcast capability
• Ability to handle Voice, Video and Data
  

 Hope you enjoy it.
Anis

What's a Next Generation Network(NGN)?

Welcome to my blog once again, today I'm going to talk about NGN.

I have been working in the Telecommunication branch for 6 years already, I got to work in the GSM Core Network, including Intelligent Network, HLR and with Core GPRS Equipments.  Later on I worked on the Billing platform. Lately, I was reading about NGN and I wanted to share some of the basics that I found interesting. Let's start with the definition:

A Next Generation Network (NGN) is a packet-based network able to provide services including Telecommunication Services and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying transport-related technologies. It offers unrestricted access by users to different service providers. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users.

Before introducing NGN, services were integrated vertically  over the network infrastructure, means for example: Telephone service were supplied on the top of a  Telephony Network, Video services were supplied on the top of Video Networks, Internet services were supplied on the top of Internet and Packet Network infrastructure.

With the introduction of NGN, services are now horizontally provided. NGN is then a Platform offering services Endpoints and hiding the Transport layer. We can assume that NGN converges to only one protocol at the end, which is IP!

We used to strugle understating SS7 and Sigtran protocols, with NGN, services are exposed over IP. Interfaces are to be defined by the Network architects, and a set of IMS (IP Multimedia Service) to support additional access networks types such as xDSL and WLAN. I will cover IMS in a different blog post.

NGN is definitely a revolutionary concept that makes easy offering Services to the cloud, by unifying the access types and offering emulation mechanisms for legacy protocols and gateways, but it remains a concern with regards to Security and QoS.  The beauty of it is that all services are carried over IP! This confirms the fact that once should not talk about Telco and IT as sisters any more, they are now married and the future now is now to harmonize all of this with comming Releases of NGN!

I hope you enjoy this post, and I will post again about all related topics(IMS/Emulation of Legacy access networks, etc...)

All the best 

A way of living

A physicist, a business major and a mathematician are asked whether it is better to have a wife or a girl-friend.
The physicist says, of course a wife. She will cook for you have some small-talk with you and keep you up to date about the real world.
The business major says. A girl-friend is much better, you can have sex with her every night and when you are bored by her you just have a new one.
The mathematician say, having both is the best. You can tell your wife that you are at the girl-friend, you tell your girl-friend that you are with your wife and then you finally have time for research.
Of course, someone should tell the story the other way around with husband and lover.

Could it be better ?

An engineer, a chemist, a mathematician, a topologist, a physicist and a theoretical physicist are sent to prison and given only a can with food. Then they are left alone for a week.After a week the guards check the cells.The enigneer is quite OK and you can see a broken can in the corner. When he was left alone and hungry he took out a lever and broke the lid of the can.Also the chemist is alife and in the corner of his cell you can see the steaming left-overs of a can. When he was left alone and hungry he took out some acid and etched away the lid of the can.The mathematician however is no longer. On the wall you can see the following words: I define the can is open. Conclusion, you cannot eat from an open can!

Job Search: How could you be successful ?

Getting out of the university as fresher, you would definitely face a set of challenges and you will start asking your self: from where shall I start? how would I choose my first employer? How can I build up a profile that would value my skills and successfully sell my self ?

The first thing that in my opinion should be at your table, is actually the type of your first employer.
Successfully integrating into the job market is a challenging step, this is obviously due to the fact that the Job market is huge. You may be confused in front of Job portals, stating hundred of Jobs and firms looking for people like you.
After writing your precious application, you will start applying for jobs. Few things need to be checked before starting your journey:

• Read carefully the Job offer! This is a must. Some people just look at the Job offer title, for example: Software Engineer and they just apply! first, the required skills should be checked, the seniority level should be checked, the work environment needs to be checked. If you are a fresher and you apply for a Job mentioning a work experience, then most probably your application would land in the bin... If you do not fulfill the language requirement mentioned on the Job offer, don't apply! 
• How does your application look like? Did you wrote a cover letter? do you value your skills and prove them in your CV? did you checket the language spelling in your application? have you put any reference letter in your application? 
• Are you willing to reallocate if you get a Job? this needs to be mentioned in your application?
• When would you be available for an interview ad eventually to start working?? mention this clearly in your application?
• Salary expectation! Here is a stressing point! Don't overvalue your self, search for a salary survey that would list average salary that would fit your skills. Do remember that the Job location is important in defining which salary your are expecting (e.g. a Job in Frankfurt or Munich pays more than the same Job(even in the same firm) in a small town in Germany.
• Do not lie in your CV. If you don't have a valid experience, don't state it into your CV! You could be ashamed being asked to prove your experience at a further step of the hiring process!

Coming back to the employer, I think that for a fresher, starting in a small firm would be more beneficial.
Usually, in small firms, knowledge transfer is more smooth and communication is less bureaucratic. This means, getting in touch with Senior people is easier, this also applies for company processes, as usually they are compact and adapted to the company size.
I also recommend staying in the same Job at least 2 years. Less than that, the experience would not really make much sense once it's stated in your CV.

Do not run for money, money will come to you if you deserve it! and remember, you need to go for the Job, the Job does not come to you, unless you are a genius :)

Hope you find this post beneficial:)

Talk to you soon
Anis

A thanks note to my mom

I could not start blogging, I felt that a precious person needs to head up all my posts.

Dear Mom,

I couldn't have asked for a better mother! You're always there to give excellent advice, make great food, go shopping, or just listen. You're truly a terrific mom and a special person too. Thank you for being you! 

 When I get to officially declare you the Best Mom Ever. Though I may not always say it (or show it), you mean the world to me. Thank you for being there. I don't know what I'd do without you. I love you!

Your son,

Anis