Cryptography Foundations. Symmetric cryptography (conventional encryption) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 1
|
|
- Pauline Fleming
- 6 years ago
- Views:
Transcription
1 Cryptography Foundations Symmetric cryptography (conventional encryption) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 1
2 Outline Symmetric cryptography Symmetric encryption algorithms Attacks: brute-force vs. cryptanalysis Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 2
3 Outline Symmetric cryptography Symmetric encryption algorithms Attacks: Brute Force vs. Cryptanalysis Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 3
4 Symmetric cyphers Block-Oriented (or block ciphers) Used with different block modes of operation Byte-oriented modes vs. N-bytes-block-oriented modes Blocks with fixed size Key sizes and block sized defined (fixed) for each algorithm (you must know it) Stream-oriented (or stream ciphers) byte-stream-oriented or bit-stream-oriented operation Variable key-sizes (algorithm dependent) Fast to operate on stream-oriented inputs (bytes, bits) Ex., real-time, iterative-traffic or low-latency communication requirements 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 4
5 Characterized by: Block size (larger means greater security) Key size (larger means greater security) Round transformation function (greater complexity means more resistance) Number of rounds (multiple rounds increase security) Type of operations in a round function Substitutions (Sboxes) Transpositions by permutations with possible block expansion or block reduction (Pboxes), rotations (rotation tables) Boolean operations (XOR) Sub-key generation in each round (from the input key) Algebraic operations (modular arithmetics, matrix -operations, operations in GF2, etc.) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 5
6 Security Remember the robustness and assessment criteria (brute -force, test-analysis, cryptanalysis,. previous classes) Requires complexity (complex transformations in each round), large number of rounds, large keysize, large blocks Fast operation (performance) Speed of the algorithm is a concern Simplicity (ex., HW implementations and embedded solutions, fast computation, low computational cost, energy-savings, Ease of analysis Simplicity in the internal reference structure analyzable : formalisms and mathematical foundations The interesting algorithms must balance these tradeoffs, maximizing each criteria 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 6
7 Horst Feistel, IBM, 1973 Base structure for many symmetric algorithms (ex., DES) Decryption implemented as Encryption (input: ciphertext, and use of sub-keys in the reverse order) In each round: Li = Ri-1 Ri = Li-1 xor F(Ri-1, Ki) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 7
8 Symmetric block cyphers: AES, DES Figures in AES: 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 8
9 Performance of algorithms Comparisons in Java (standard JDK and Sun Crypto-Provider) See also: Openssl speed benchmark (speed test library performance) rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 9
10 Data Encryption Standard (DES) The most widely used encryption scheme, until 2000 The algorithm is reffered to the Data Encryption Algorithm (DEA) DES is a block cipher The plaintext is processed in 64-bit blocks The key is 56-bits in length 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 10
11 DES Algorithm Base: Feistel structure: The overall processing at each iteration (round): Li = Ri-1 Ri = Li-1 F(Ri-1, Ki) Security concerns about: >The algorithm and the key length (56-bits) > Weak, semi-weak or potentially weak keys > 1998, EFF, DES cracker machine (3 days) > 10 hours (machine Doing 10^6 decryptions/ microsec 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 11
12 Initial and final permutations 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 12
13 16 Rounds Sub-Key Generation For each roud Henric Johnson rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 13
14 Expansion/Permutation (EP box) and Pbox In: 32 bits EP Box Out: 48 bits In: 32 bits Pbox Out: 32 bits 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 14
15 Substitution Boxes (for 16 rounds) Ex: rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 15
16 S boxes (S1 to S4) Valores de entrada: 0 (000000) a 63 (111111) Ex: Note: values in each sbox: 0 to 15 (0000 a 1111) Ex: 8º sexteto MS (row 1) 1110 (column 14) Then: , then output is rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 16
17 Sboxes (S5 a S8) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 17
18 Sub-Key Generation For each roud Henric Johnson rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 18
19 Sub-key generation A sub-key is generated in each round PC1: two halfs (28 bits) obtained by permutation In each round, each half is rotated for the next round Input Key (56 bits) 2 Initial Sub-Keys (28 bits) (Initial Permutation PC1) 16 rotations (one per round): a specific rotation is defined for each round PC2: In each round, a permutation with reduction (56 > 48 bits) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 19
20 PC2 sub-key rescheduling 56 bits (28 left + 28 right) Block Ri-1 Key-Rotation XOR 48 bits PC2 S-BOX (round i) Key-Rotation (for the next round) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 20
21 Multiple Encryption & DES Clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks Cryptanalysis: demonstrated vulnerabilities Weak, Semi-Weak and Potentially Weak keys AES is a new cipher alternative The standard symmetric encryption for the XXI century Promoted by different organizations: NIST, ANSI, etc Prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form Compatibility, during the adoption of AES 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 21
22 Double-DES? No thanks Could use 2 DES encrypts on each block C = [ E K2 ( E K1 (P) ] Issue of reduction to single stage with single key (1992) and have meet-in-the-middle attack works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(2 56 ) steps 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 22
23 Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) Encrypt & decrypt equivalent in security If K1=K2 then can work with single DES (compatibility) standardized in ANSI X9.17 & ISO8732 Effective key length of 112 bits no current known practical attacks But the use of 3 keys is better (improvement of the key-length effect) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 23
24 Although are no practical attacks on two-key TripleDES have some indications can use Triple-DES with Three-Keys to avoid even these C = [ E K3 [ D K2 (E K1 (P) ] ] has been adopted by some Internet applications, eg PGP, S/MIME Paranoid? Use N times DEA with N different keys Problem? Effective key lenght: 168 bits Note: Triple or N-encryptiondecryption can be applied to any block cipher algorithm 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 24
25 TEMK Triple Encryption with Minimum Key Constants T1, T2 and T3 and Two initial Keys: K1, K2 to derive three keys: KX1, KX2, KX3 for triple encryption KXi = D(K2, E(K1,Ti)) Use of Triple encryption modes (ex., Inner CBC, Outer CBC) Triple encryption with prefix-pads (pad size < block size) Doubling Block Length Space Ntuple Encryption: ex., n=5, 3 keys, C=Ek1(Dk2(Ek3(Dk4(Ek5(P))))) Witening technique: C= K3 XOR E( K2, ( P XOR K1) ) Cascading multiple block ciphers: it is at least as hard to break as any of its component ciphers Combination technique Random bit-string R with the same size as M C = E(K1, R) XOR E(K2, (M XOR R) ) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 25
26 International Data Encryption Algorithm (IDEA) 128-bit key Used in PGP Blowfish Easy to implement High execution speed Run in less than 5K of memory 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 26
27 RC5 Suitable for hardware and software Fast, simple Adaptable to processors of different word lengths Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations Cast-128 Key size from 40 to 128 bits The round function differs from round to round 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 27
28 Skypjack Example of simple symmetric crypto, interesting for small devices and HW implementation (very usual before AES implementations in HW for embeded systems and small devices, such as micro-sensos, motes, etc 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 28
29 Symmetric block cyphers and characteristics Criptografia Simétrica > Estabelecimento de canais Operations seguros (Confidencialidade) (standadization) > Problemas da partilha (distribuição) XOR, S-boxes, P-Boxes das chaves. SET, Kerberos Criptografia Assimétrica EP Boxes, Rotations,... Confidencialidade: cifra com chave pública Financial standards 112/ Autenticidade: assinaturas (cifra com chave E-commerce, privada) PGP idem S/MIME, SSL Envolver sínteses (one-way hashing nas assinaturas) XOR, addition mod 2^16 Não repúdio: 128 garantida 8 no,multiplication pressuposto mod 2^16 de não PGP, revogação SSL da chave num dado tempo XOR + shift > Operação mais lenta Alg. Key size Rounds Structure Applications DES 3DES IDEA TEA Blowfish RC5 Cast < 448 < < AES 128, 192, ,12,14 XOR + Variable S-boxes Addition, subtraction XOR and rotation operations Addition, Subtraction, XOR, Rotation and S-boxes S boxes, Matrix SR-MC, XOR 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 29 SSL PGP Many: promoted as a standard after 2000 Later Later Jump AES Later
30 Symmetric block cyphers and characteristics Alg. Key size Rounds Structure Applications Operations (standadization) Skypjack 80 bits 4 x 8 = XOR, P-Boxes 32 Matrix-based Exp... Sensors, WSN communication 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 30
31 Skypjack W i 0 32 rounds W i 32 SKIPJACK is a 64-bit codebook utilizing an 80-bit cryptovariable (Key) SKIPJACK encrypt/decrypt 4-word (64-bit) data blocks by alternating between the two stepping rules (A and B) Input = W i0, 1 i 4, (i.e., k=0 for the beginning step), Counter initialized = 0 Steps (32 rounds of 8 step rules): Rules A, B, C, D The Counter Increment by one after each step The Output = W i 32, 1 i rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 31
32 Decryption Rule (A -1 and B -1 ) Rule A -1 W 1 k-1 = [G k-1 ] -1 (w 2k ) W 2 k-1 = w 3 k W 3 k-1 = w 4 k W 4 k-1 = w 1 k w 2 k counter k-1 Rule B -1 W 1 k-1 = [G k-1 ] -1 (w 2k ) W 2 k-1 = [G k-1 ] -1 (w 2k ) w 3 k counter k-1 W 3 k-1 = w 4 k W 4 k-1 = w 1 k 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 32
33 G - Permutation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 33
34 Design Features in HW SKIPJACK module implemented easily as a peripheral HW device (as a crypto module) with 16-bit host interface Data interface to the module using read/write operation to the registers Single design for Encryption and Decryption - Based upon a flag in control register Device specific look-up ROMs used for look-up tables Fast, Low-memory requirements, Weak Energy requirements (for the case of wireless devices with autonomous batteries) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 34
35 F -Table and Cryptovariable F -Table The F function is a G permutation in a look up table Row = The higher order 4-bit index Column = The lower order 4-bit index Cryptovariable The Cryptovariable (key) is 10 bytes = 80 bits long (labeled 0 through 9) and used in its natural order Cryptovariable subscript is used in G-Permutation are interpreted mod rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 35
36 Example of Top Level Design Two major verilog module Regmem module for external I/O interface Algorithm module for encrytion/decryption 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 36
37 Memory Map 13 total registers 12 for data interface 1 register for control 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 37
38 Interface Description Device Inputs Input data buffer: 4 word (64-bits) Cryptovariable (key) buffer: 5 word (80-bits) Operating flag: Encrypt/Decrypt (1 for encryption, 0 for decryption) Start (writing a 1 starts the operation) Device Outputs Output data buffer: 4 word (64-bits) Operating flag: Done (a 1 indicates that the last operation is complete) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 38
39 Algorithm Module 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 39
40 Algorithm Module - Blocks Control State Machine Controls the encryption/decryption process; K-Counter, Register Loading, Done indication bit Triggered by the Start command bit in control registers Fiestel Module Implements the G and G -1 function using logic and 4 look-up tables for F function P_reg1 through P_reg4 used for SKIPJACK data operation Input buffer can be reloaded with new data while operation is performed on the previous data - Speeds up throughput K-Counter Up/Down counter with preset and reset 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 40
41 Algorithm Module - State Machine 5-State machine to control both encryption/decryption 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 41
42 Algorithm Module - Feistel Module 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 42
43 Feistel Module - Description Single module to compute G and G -1 function Control based upon Enc_Decn control bit Reverses the input byte order to perform G -1 function (flipping the Fiestel structure to G function) 4 look-up ROMs (Altera specific) to implements F function 4 multiplexers 10:1 to select one of the 10 CV byte, controlled from the k-cntr look-up mechanism One 32 entry look-up ROM to eliminate mod 10 computation of 4k, 4k+1, 4k+2, 4k+3 4 multiplexers 2:1 (4-bit) to select the index for the encryption or decryption 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 43
44 AES 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 44
45 AES (Advanced Encryption Standard) Origins and characteristics clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks can use Triple-DES but slow, has small blocks US NIST issued call for ciphers in candidates accepted (Jun/98), 5 were shortlisted in Aug/99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001 designed by Rijmen-Daemen in Belgium an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs Simple to analyze 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 45
46 AES Requirements NIST Established the following reference criteria for proposals: Secret key / symmetric block cipher 128-bit data, 128/192/256-bit keys stronger & faster than Triple-DES active life of years (+ archival use) provide full specification & design details both C & Java implementations NIST have released all submissions & unclassified analyses 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 46
47 AES structure Not a Feistel structure Data block of 4 columns of 4 bytes is state (128 bits) Key is expanded to array of words (44 words of 32 bits) Has 9/11/13 rounds in which state undergoes: I : byte substitution (1 S-box used on every byte) II : shift rows (permute bytes between groups/columns) III : mix columns (subs using matrix multipy of groups) IV : add round key (XOR state with key material) view as alternating XOR key & scramble data bytes Initial XOR key material & incomplete last round With fast XOR & table lookup implementation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 47
48 Advanced Encryption Algorithm (AES) Internal structure Ex., 10 rounds for 128 bit keys Successive processing of block-state arrays, combined with the expanded key 128 bit sub-key in each round 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 48
49 Input/Output State Array and Key Expansion 16 rounds of successive transformation of a 128 bit blocks (state arrays), organized as a square matrix of bytes (16x16 bits, ordered by column) Key expanded from initial size (as a square matrix of bytes) to 44 columns (44 words, 4 bytes each) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 49
50 Byte Substitution A simple substitution of each byte (defined) Uses one table of 16x16 bytes containing a permutation of all bit values Each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by byte in row 9 column 5 which has value {2A} S-box constructed using defined transformation of values (byte-to-byte substitution of the block), byte values as polynomials in GF(2 8 ) designed to be resistant to all known attacks 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 50
51 Shift Rows a circular byte shift in each each 1 st row is unchanged 2 nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left decrypt inverts using shifts to right since state is processed by columns, this step permutes bytes between the columns 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 51
52 Mix Columns each column is processed separately / each byte is replaced by a value dependent on all 4 bytes in the column effectively a matrix multiplication in GF(2 8 ) using prime poly m(x) =x 8 +x 4 +x 3 +x rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 52
53 Add Round Key XOR state with 128-bits of the round key again processed by column (though effectively a series of byte operations) inverse for decryption identical since XOR own inverse, with reversed keys designed to be as simple as possible a form of Vernam cipher on expanded key requires other stages for complexity / security 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 53
54 I Advanced Encryption Algorithm (AES) XXXXX II III IV 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 54
55 Stream ciphers Block cipher (with ECB mode of operation) Structure for stream ciphers Possible implementation with block ciphers. How? 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 55
56 Stream ciphers process message bit by bit (as a stream) have a pseudo random keystream combined (XOR) with plaintext bit by bit randomness of stream key completely destroys statistically properties in message C i = M i XOR StreamKey i but must never reuse stream key otherwise can recover messages (cf book cipher) some design considerations are: long period with no repetitions statistically random depends on large enough key large linear complexity properly designed, can be as secure as a block cipher with same size key but usually simpler & faster 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 56
57 RC4 Proprietary cipher owned by RSA DSI Another Ron Rivest design, simple but effective Variable key size, byte-oriented stream cipher Widely used (web SSL/TLS, wireless WEP) Key forms random permutation of all 8-bit values Uses that permutation to scramble input info processed a byte at a time 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 57
58 RC4 Key Schedule starts with an array S of numbers: use key to well and truly shuffle S forms internal state of the cipher // Initialization, S and T for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) // Initial Permutation of S j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j]) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 58
59 RC4 Encryption encryption continues shuffling array values sum of shuffled pair selects "stream key" value from permutation XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(s[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t] 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 59
60 RC4 encryption model Algorithm explained in Stallings, Network Security Essentials (see section 2.4, Chapter 2) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 60
61 RC4 Security claimed secure against known attacks have some analyses, none practical result is very non-linear since RC4 is a stream cipher, must never reuse a key have a concern with WEP, but due to key handling and/or pattern-repetitions rather than RC4 itself 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 61
62 Other stream ciphers SEAL A series (ex., A5, A8, GSM) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 62
63 Outline Symmetric cryptography Symmetric encryption algorithms Attacks: Brute Force vs. Cryptanalysis Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 63
64 Also referred as conventional encryption, secret-key encryption or single-key encryption, or shared-secret key encryption Plaintext or cleartext M K ciphertext C K Plaintext or cleartext M (intelligible) Notation: M C={M}K M={C} K X Y= E[ K, X ] X=D [ K,Y ] 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 64
65 Block ciphers Modern symmetric methods (modern cryptography) Applied cryptography (computers, devices, HW, SW, ) Block-based design principles Initially inspired by classic methods (adapted for computers). More complexity Reference on standard structures: Ex., Feistel network structure Statistical properties Standardization Attacks: Brute Force attacks Differential and Linear Cryptanalysis principles Algebraic structures and operations Mathematic foundations 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 65
66 Stream ciphers Modern symmetric methods (modern cryptography) Applied cryptography (computers, devices, HW, SW, ) Stream-oriented processing Fast (ex., real-time bit-by-bit encryption/decryption) Also interesting for byte-streaming Interactive applications (ex., SSH) Download of byte-streams (ex., WEB, HTTP) Use of algebraic fast computations, boolean operations, modular arithmetic 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 66
67 Modern cryptography Key points Secrecy is in the key (not the algorithm, or its implementation) Publicly available, open specification, open validation More scrutiny more security Key-space, block-size implications Cryptanalysis: is the age of an algorithm an advantage? Modern symmetric encryption methods Algebraic structures Finite fields: groups, rings and fields Modular arithmetic Euclidean algorithm Finite fields of the form, GF(p) Polynomial arithmetic Finite fields of the form GF(2^n) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 67
68 Symmetric algorithms Block-oriented symmetric ciphers Ex., DES, TripleDES, IDEA, Skypjack, RC5, RC6, AES, Blowfish, Toofish, CAST-128,... Different modes of operation: ECB, CBC, CFB, OFB, CTR,... Stream-Ciphers Ex., RC4, SEAL, Katsumi, A-series (GSM), etc Bit-by-bit operation Byte-stream based transformations Hybrid structure is also possible: Stream Ciphers implemented with Block-Cipher building blocks 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 68
69 AES - Advanced Encryption Standard >> Originally Rijndael from Daemen and Rijmen Substitution of DES (NIST Call for proposals) Criteria for AES Keys: 128, 192, 256 bits, Block sizes: 128 bits High dispersion with a simple (auditable) and fast internal structure and algebraic proofs Block-operations in successive rounds» Block operated as a matrix» Substitution Boxes» Shift rows» Mix columns» XOR with sub-keys (generated form an expansion of the initial key) Implementation issues: simple and fast implementations in SW and HW, simple auditing Best indicators from all the NIST defined tests (CMVP) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 69
70 Symmetric cryptography requirements (1) An opponent who knows the algorithm and has access to one or more ciphertexts (C1, C2, Ci, Cn) would be unable to obtain the respective plaintexts (P1, P2, Pi, Pn), if she/he don t know the key K used to calculate Ci={Pi}K would be unable to figure out the key K, even if she/he is in possession of a number of pairs (Pi, Ci), with Ci = {Pi}K Security properties of symmetric ciphers Security in a symmetric encryption: depends on the secrecy of the secret key (as an input parameter for the encryption/decryption algorithm) not from the secrecy of the algorithm 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 70
71 Symmetric cryptography requirements (2) Security in symmetric cryptography requires: Sender and receiver (principals in a secure communication): must have obtained copies of the key K in a secure way (need a secure key-distribution protocol or secure key-establishment service) Must keep the shared keys K secure Key storage is an important concern Key exposition is an important concern Possible rekeying mechanisms (key-refreshments) for Perfect Backward Secrecy (PBS) and Perfect Future Secrecy (PFS) Prevention from possible compromising of keys Key-Independence ( perfect ) Fast or efficient rekeying may be an issue 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 71
72 Symmetric cryptography assessment Performance, implementation issues, test/certification Security concerns: Key size vs. Block Size: Robustness under Brute-Force Attacks Cryptanalysis attacks Cryptanalysis Differential cryptanalysis vs. Linear cryptanalysis Dispersion and entropy: formal distance tests between identical blocks resulting from different transformations of the same plaintext block Kasiski test: distance decomposition in prime factors and period evaluation with high probability as the CGD of the majority of evaluated distances Coincidence test: % of similar symbols in identical overlapping cryptograms in a progressive displacement Certification test programs and tools (ex., NIST CRYPTIK, METRIX rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 72
73 Symmetric cryptography assessment Other current formal security verifications and proofs on symmetric cryptography: Sensibility to initial setup conditions Ex: Consequences in one bit changes Evaluation of uniform distribution characteristics Binary balance and mean entropy for a large number of generated keys (and consecutive sub-keys) and a large number of blocks (and consecutive sub-blocks) Auto and Cross Correlation in large number of generated keys /and consecutive sub-keys) Resistance to statistical attacks on pseudo-random generation mechanisms Performance/adaptability for specific purposes (HW, RAM, OS primitives, etc) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 73
74 Robustness and computational security criteria Robustness: if it is impossible (computationally impossible) to decrypt a message on the basis of the ciphertext plus the knowledge of the encryption/decryption algorithm Computational security criteria: Infinite time to break with available computing power and resources (processing power MIPS, memory, storage, ) what is infinite time? Ex., More than the universe lifetime 10^11 years? Ex., More than the universe time in several orders of magnitude? Finite time to break but time exceeds the useful lifetime of the protected information Finite time to break but requires infinite or impossible computing power and resources what is impossible computing power? Ex., A quantity of computers requiring more silicon or germanium atoms than the total quantity of atoms (estimated) available in our galaxy? Ex., Processing speed required will cause the fusion of the materials? Available computing can break before the useful lifetime of the protected information but the cost (money) of such computing resources exceeds the value of the protected information 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 74
75 Big numbers [Schneier 1996] 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 75
76 Without no inherent mathematical weaknesses: Brute-force attack On average: half of key space searched 1 computer Computing Power aggregation Practical terms: need more than key search - Plaintext knowledge - More difficult in other cases: binary, compressed, hashed data 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 76
77 DES, IDEA, RC5, TEA, CAST-128, AES-128, AES-192, AES-256 AES-256 AES-192 TDEA / 3DES IDEA, RC5, TEA CAST-128, AES ^11 Universe lifetime DES 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 77
78 Moore s Law and other predictions Processing power doubles, each 18 months In 10 years, computers will be 100 times more powerful (general resources). A desktop will fit into a cell phone Gigabit wireless connectivity everywhere Personal networks will connect our computing devices and the remote services we subscribe to. Other aspects of the future are much more difficult to predict Anyone can not predict what the emergent properties of 100x computing power will bring: new uses for computing, new paradigms of communication. A 100x world will be different, in ways that will be surprising rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 78
79 More brute-force attack estimations Moore Law (computing power): double in each 18 months. Cost estimation to break Key size Year (attack) Ex., Breaking with $10 Millions in 2000: Extrapolation using the Moore law Symmetric Alg. (key sizes) Public- Key (ECC) Public Key (RSA) Time to Break Storage needs < 5 min Trivial months x10^6 years ^16 years 4GB 170GB 120TB Robert Silverman, Technical Report RSA Laboratories, rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 79
80 Brute-Force conclusions Even if managed to speed up by a factor of 1 trillion (10^12) Brute force attacks on 128 bit keys require 1 million years So, in practice, 128 bit keys (no weak keys, generated randomly and securely established and maintained) are unbreakable with brute-force attacks From this baseline the next security problem is the possible cryptanalysis attacks against specific algorithms 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 80
81 Cryptanalysis Process of attempting to discover the plaintext or key, from the known or available information Cryptanalytic attacks: opponents using cryptanalysis - difficult High security criteria + difficult More commonly employed 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 81
82 Confidentiality using symmetric encryption Best-Practices and Bad-Practices Concerns behind keys: Key maintenance, Key-exposition Key-distribution, Key-establishment Placement of the encryption/decryption function Key-generation process and (random)-number generation Key-generation process and weak-keys discarding Perfect forward vs. backward secrecy Rekeying needs Recuperation of keys How to use Cipher Block Modes of operation in a secure way (or how to choose the correct mode) Padding and its relevance Combination of methods: secure combination? Dynamic configuration of cipher-suites and security association parameters / protocol design and implementation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 82
83 Key-management in symmetric cryptography The previous problems are very relevant! In symmetric cryptography the key is the same for encryption /decryption Secret key-shared For 2 principals: 1 shared key 3 principals: 3 keys 4 principals: 6 keys 6 principals: 15 keys N principals: n(n-1)/2 keys O(n 2 ) Problem for secure-key-distribution, establishment and management Non KDC based (pre-established keys) KDC based (client/server model) Redundant KDCs (client/server group), ex., 1, 2, 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 83
84 Assessment approaches Assessment classic techniques Kasisky tests Frequency analysis Superposition and coincidence counting Friedman tests (variance analysis) See statistical analysis /Comparison_of_statistical_packages Other tests: Uniform distribution Binary balance ( 0 and 1 distribution) Entropy metrics (ex., medium value in two consecutive keys Auto-Correlation or cross-correlation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 84
85 Assessment approaches Conjugated statically tests in a battery (tools) Ex., Randomness tests: Assessment or certification programs and tools Ex., NIST: Ex: rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 85
86 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 86
87 Modes of Operation Block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks with 56-bit key need some way to encrypt/decrypt arbitrary amounts of data in practice ANSI X Modes of Use (now FIPS 81) defines 4 possible modes: ECB, CBC, CFB, OFB subsequently 5 defined for AES & DES: CTR have block and stream modes 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 87
88 Plaintext blocks encrypted in an independent weay Fast, parallelizable Message repetitions may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code -book analysis problem Weakness is due to the encrypted message blocks being independent: same plaintext blocks produces the same cyphertext blocks (using the same key) Main use is sending a few blocks of data 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 88
89 ECB: manipulation of encrypted blocks Ex., electronic banking transaction, ref. with DES 1 block = 64 bits Timestamp OPcode Swift Code ID Bank Orig. Swift Code ID Bank Dest Name of entity: Ex., 6 blocks IBAN Dest. Account Ex., 4 blocks Ammount EUROS Bank A Mallory Eavesdropping + Message Replying + Message Tampering (on specific blocks) Bank B 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 89
90 ECB (graphics, patterns) Plaintext and Ciphertex with ECB What we want 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 90
91 Cipher Block Chaining Mode (CBC) The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block. Repeating pattern of 64-bits are not exposed Use Initial Vector (IV) to start process C i = DES K1 (P i XOR C i-1 ) C -1 = IV Uses: bulk data encryption, authentication Same plaintext blocks => Different cyphertext blocks, even when the same key is used (different IVs) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 91
92 Henric Johnson rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 92
93 Security Performance + Security: plaintext patterns concealed by XORing with previous ciphertext blocks Input to blocks randomized by the previous cipher text block + Any change to a block affects all following ciphertext blocks +/- Plaintext somewhat difficult to manipulate Only 1 st block and last block can be removed) Bits changed in the first block: repetition allows controlled changes + More than one message can be encrypted with the same key + A ciphertext block depends on all blocks before it + Speed in ~the same as block cipher - But ciphertext is up to one block longer than the plaintext - No pre-processing is possible -/+ Encryption is not parallelizable, but decryption is parallelizable and has a random-access property 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 93
94 Fault-Tolerance - Need Initialization Vector (IV) which must be known to sender & receiver Requires synchronization if sent in clear, attacker can change bits of first block, and change IV to compensate hence IV must either be a fixed value (as in EFTPOS) or must be sent encrypted in ECB mode before rest of message A cipher text error affects one full plaintext block and the correspondent bit in the next block Synchronization errors unrecoverable 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 94
95 Cipher Feedback Mode (CFB) Conversion of a block ciphers as stream cipher (byte-oriented block cipher) Message is treated as a stream of bits Added to the output of the block cipher Result is feed back for next stage (hence name) Standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc Most efficient to use all bits in block (64 or 128) C i = P i XOR DES K1 (C i-1 ) C -1 = IV Uses: stream data encryption, authentication 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 95
96 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 96
97 Security + Appropriate when data arrives in bits/bytes, most common stream mode (without counting) + Plaintext concealed, input to block cipher is randomized + More than one message can be encrypted with the same key (changing the IV) +/- Plaintext somewhat difficult to manipulate Only 1 st block and last block can be removed) Bits changed in the first block: repetition allows controlled changes Performance + Speed is ~the same as the block cipher + Cipher text with the same size than plaintext (not counting the IV) +/- Encryption not parallelizable, decryption parallelizable and has a random access property + Some pre-processing is possible (previous cipher text can be encrypted (before a new plaintext block) Note that the block cipher is used in encryption mode at both 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 97
98 Fault-tolerance Limitation is need to stall while do block encryption after every n-bits Errors propogate for several blocks after the error: affecting correspondent bits of plaintext and the next full block Synchronization errors of full block sizes are recoverable. A 1-bit CFB can recover from the addition or loss of single bits 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 98
99 message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance C i = P i XOR O i O i = DES K1 (O i-1 ) O -1 = IV uses: stream encryption on noisy channels 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 99
100 Security Performance + Plaintext patterns concealed + Input to the block cipher is randomized + More than one message can be encrypted with the same key (provided that a different IV is used) - Plaintext is very easy to manipulate; any change in cipher text directly affects the plaintext - more vulnerable to message stream modification A variation of a Vernam cipher hence must never reuse the same sequence (key+iv) originally specified with m-bit feedback (but subsequent research has shown that only full block feedback ie CFB-64 or CFB-128) should ever be used for high security) + Speed is ~the same as block cipher - Cipher text is the same size as the plaintext, not counting the IV + Pre-Processing possible before the message is seen -/+ not parallelizable 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 100
101 Fault-tolerance + Bit errors do not propagate - Cipher text error affects only the corresponding bit of plaintext - But sender & receiver must remain in sync: synchronization error not recoverable 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 101
102 A new mode, though proposed early on Similar to OFB but encrypts counter value rather than any feedback value Must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i O i = DES K1 (i) Uses: high-speed network encryptions 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 102
103 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 103
104 Security Same criteria as OFB Random access to encrypted data blocks Provable security (good as other modes) But must ensure never reuse key/counter values, otherwise could break (cf OFB) Performance Efficiency + ~The same Better than OFB Parallelizable: can do parallel encryptions in h/w or s/w can pre-process in advance of need good for bursty high speed links Performance as OFB 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 104
105 Security CBC (entire blocks), CFB (mainly with m-bit blocks, more secure => larger m) ECB, OFB and Counter: plaintext easy to manipulate Performance ECB, CTR (parallelizable) CFB (only partial parallelization in the decryption) CBC same but no pre-processing OFB no parallelization, no pre-processing Fault-Tolerance CFB - synchronization errors of full block sizes are recoverable, but cipher text error affect the correspondent bit of plaintext + the next full block), OFB, CTR (ciphertext errors only affect the correspondent bit in plaintext) ECB, CBC, OFB, CTR - Sync. Errors unrecoverable, 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 105
106 OCB Mode (generic encryption mode) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 106
107 OCB Mode (Authentication computation) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 107
108 Other usual modes (Wireless communication settings) Mix counter modes, efficient block-chaining, merging in general encryption with authentication proofs, with the same goals as OCB Examples: IAPM XCBC CCM EAX GCM CWC PCFB CS 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 108
109 Comparative analysis See, ex: Svenda, IPICS 2004, Basic comparison of Modes for Authenticated-Encryption (IAPM, XCBC, OCB, CCM, EAX, CWC, GCM, PCFB, CS) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 109
110 Interleaving technique Ex., CBC Interleaving Multiplex/Demultiplex with Interleaving Single message Multiple messages 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 110
111 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 111
112 Message Padding At end of message must handle a possible last short block which is not as large as blocksize of cipher pad either with known non-data value (eg nulls) or pad last block along with count of pad size eg. [ b1 b2 b ] means have 3 data bytes, then 5 bytes pad+count this may require an extra entire block over those in message Padding standardization: PKCS#5, PKCS#7, OAEP, etc See practical classes / labs - examples There are other, more esoteric modes, which avoid the need for an extra block 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 112
113 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 113
114 Security principles Correct use of symmetric cryptography Need for secure key-distribution and management Choose between block and stream ciphers, according with the application needs and security concerns Key-sharing is an issue for applications with a large number of principals One only key for all the principals is not a good idea Possible approach: pair-wise shared keys Problem: for N principals you need to establish N x (N-1)/2 keys in the environment 1 for 2, 3 for 3, 6 for 4, 10 for 5,. 45 for 10, 4500 for 100, 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 114
115 Security principles Minimize the exposition of keys Minimal exposition in memory during runtime processes (discard as far as you don t need) Paranoid: delete/rewrite memory in explicit way with random bits 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 115
116 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 116
117 Link encryption: A lot of encryption devices (smart cards, TPMs) High level of security Decrypt each packet at every switch End-to-end encryption The source encrypt and the receiver decrypts Payload encrypted Header in the clear But you can encrypt headers with tunneling techniques (how?) High Security: Both link and end-to-end encryption are needed Virtualization VMs and Isolation (Hypervisor solutions) CPU Virtualization + I/O Virtualization Network perimiter defenses 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 117
118 Managing keys securely Different keys (or different passwords, different key seeds, etc...) for different security domains Managed with a MASTER KEY protecting a Trust Repository (Software vs. Hardware local strong encryption) Keys and Cryptographic functions inside trust computing modules (smartcards, HW tamper proof modules or TPMs) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 118
119 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 119
120 Establishment of symmetric keys Scale problem and key-management issues How many shared keys are managed by each principal? Possibility: 1 only key, shared with everybody (not good idea) One key shared by a pair of principals (pairwise keys): Combinations N, 2-2: N x (N-1)/2 chaves 10 principals: 45 keys, 11 pricipals: 55 keys,... How to retrieve a loss key? How to dismiss (revoke) compromised keys End-to-End vs. Link-to-link level PFS and PBS problem Perfect future secrecy and Perfect Backword Secrecy Key-independence for Perfect Fast methods for ReKeying Key-contribution and fairness requirements 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 120
121 You need secure key-distribution protocols to use cryptography Possible solutions 1. A key could be selected by A and physically delivered to B, involving a key-agreement between A and B 2. A third party could select the key and physically deliver it to A and B 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 121
122 Session keys: Data encrypted with a one-time session key Or one-time pad (rekeying) for each message in a session At the conclusion of the session, or message-by-message the key is destroyed (ephemeral keys) Permanent keys: Used between entities for the purpose of distributing session keys Used as long-time shared keys for the renegotiation of new session keys (rekeying process) Example: shared symmetric keys between the principals and KDCs Example: public-keys registered in PKCs for possible direct negotiation of shared symmetric keys by the principals themselves Keep in mind: it is a long-time duration secret critical to be managed and keep in security 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 122
123 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 123
124 Different key-distribution protocols Protocols with symmetric cryptography For entity authentication (no key-distribution) Server-less key establishment Server based key establishment (or KDC based) Multiple-server based key establishment Protocols with asymmetric cryptography Entity-authentication based (no key-distribution) Server based (or PKC based) protocols Key-Agreement protocols Diffie-Hellman based Elliptic-Curve D-H (ECDH Scheme) Identity-Based Conference or Group-oriented based Hybrid protocols 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 124
125 Different key-distribution protocols KDC based protocols ( ): Needham Schroeder and variants Otway-Rees Neuman-Stubblebine Miller-Neuman (kerberos) Yahalom Wide Mouth Frog Janson-Tsudik Bellare-Rogaway Who-Lam Gong Boyd PKC based protocols ( ) Needham-Schroeder with public-key crypto and variants Many others PKI based key-distribution, X509 Authentication services TLS Scheme Beller-Chang-Yacobi TMN AKA 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 125
126 William Stallings, Network Security Essentials, Chap.2 (summarized vision) William Stallings, W. Cryptography and Network Security: Principles and Practice, 2 nd edition. Pearson - Prentice Hall, 4 th edition, 2006, chap 2, chap 3, chap.5 and chap. 6 Schneier, B. Applied Cryptography, New York: Wiley, 1996 Complementary (for Authentication and Key-Establishment): Colin Boyd and A. Mathuria,, Protocols for Authentication and Key-Establishment, Springer, 2003 Base-protocols (ex, Needham-Schroeder), Distributed Systems bibliography See also Schroeder_protocol 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 126
Double-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationCrypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion
Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationConventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution
Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationCryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationIntroduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space
Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationCS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES
CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationSymmetric Cryptography. CS4264 Fall 2016
Symmetric Cryptography CS4264 Fall 2016 Correction: TA Office Hour Stefan Nagy (snagy2@vt.edu) Office hour: Thursday Friday 10-11 AM, 106 McBryde Hall 2 Slides credit to Abdou Illia RECAP AND HIGH-LEVEL
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationSymmetric Cryptography CS461/ECE422
Symmetric Cryptography CS461/ECE422 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Section 2.4-2.6 and 12.2 in Security in Computing
More informationSymmetric key cryptography
The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and
More informationIDEA, RC5. Modes of operation of block ciphers
C 646 - Lecture 8 IDA, RC5 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van
More informationSimple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.
UNIT II BLOCK CIPHER UNIT II Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring. 2.1 SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES) The overall structure of the simplified
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationSecret Key Cryptography Overview
Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc01_07/ Block ciphers
More informationComp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today
Comp527 status items Crypto Protocols, part 2 Crypto primitives Today s talk includes slides from: Bart Preneel, Jonathan Millen, and Dan Wallach Install the smart card software Bring CDs back to Dan s
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationStream Ciphers An Overview
Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationTechnological foundation
Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationU-II BLOCK CIPHER ALGORITHMS
U-II BLOCK CIPHER ALGORITHMS IDEA: Idea is block cipher similar to DES Works on 64 bit plaintext block Key is longer and consist of 128 bits Idea is reversible like DES i.e. same algorithm can be used
More informationConventional Encryption: Modern Technologies
Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationBlock Encryption and DES
Block Encryption and DES Plain Text Block 1 Block 2 Block 3 Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationDarshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques
Q 1. Draw and explain Feistel s structure for encryption and decryption. The exact realization of Feistel network depends on the choice of which parameters? Feistel cipher is based on the idea that instead
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationPGP: An Algorithmic Overview
PGP: An Algorithmic Overview David Yaw 11/6/2001 VCSG-482 Introduction The purpose of this paper is not to act as a manual for PGP, nor is it an in-depth analysis of its cryptographic algorithms. It is
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More information