Cryptography Foundations. Symmetric cryptography (conventional encryption) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 1

Size: px
Start display at page:

Download "Cryptography Foundations. Symmetric cryptography (conventional encryption) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 1"

Transcription

1 Cryptography Foundations Symmetric cryptography (conventional encryption) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 1

2 Outline Symmetric cryptography Symmetric encryption algorithms Attacks: brute-force vs. cryptanalysis Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 2

3 Outline Symmetric cryptography Symmetric encryption algorithms Attacks: Brute Force vs. Cryptanalysis Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 3

4 Symmetric cyphers Block-Oriented (or block ciphers) Used with different block modes of operation Byte-oriented modes vs. N-bytes-block-oriented modes Blocks with fixed size Key sizes and block sized defined (fixed) for each algorithm (you must know it) Stream-oriented (or stream ciphers) byte-stream-oriented or bit-stream-oriented operation Variable key-sizes (algorithm dependent) Fast to operate on stream-oriented inputs (bytes, bits) Ex., real-time, iterative-traffic or low-latency communication requirements 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 4

5 Characterized by: Block size (larger means greater security) Key size (larger means greater security) Round transformation function (greater complexity means more resistance) Number of rounds (multiple rounds increase security) Type of operations in a round function Substitutions (Sboxes) Transpositions by permutations with possible block expansion or block reduction (Pboxes), rotations (rotation tables) Boolean operations (XOR) Sub-key generation in each round (from the input key) Algebraic operations (modular arithmetics, matrix -operations, operations in GF2, etc.) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 5

6 Security Remember the robustness and assessment criteria (brute -force, test-analysis, cryptanalysis,. previous classes) Requires complexity (complex transformations in each round), large number of rounds, large keysize, large blocks Fast operation (performance) Speed of the algorithm is a concern Simplicity (ex., HW implementations and embedded solutions, fast computation, low computational cost, energy-savings, Ease of analysis Simplicity in the internal reference structure analyzable : formalisms and mathematical foundations The interesting algorithms must balance these tradeoffs, maximizing each criteria 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 6

7 Horst Feistel, IBM, 1973 Base structure for many symmetric algorithms (ex., DES) Decryption implemented as Encryption (input: ciphertext, and use of sub-keys in the reverse order) In each round: Li = Ri-1 Ri = Li-1 xor F(Ri-1, Ki) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 7

8 Symmetric block cyphers: AES, DES Figures in AES: 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 8

9 Performance of algorithms Comparisons in Java (standard JDK and Sun Crypto-Provider) See also: Openssl speed benchmark (speed test library performance) rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 9

10 Data Encryption Standard (DES) The most widely used encryption scheme, until 2000 The algorithm is reffered to the Data Encryption Algorithm (DEA) DES is a block cipher The plaintext is processed in 64-bit blocks The key is 56-bits in length 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 10

11 DES Algorithm Base: Feistel structure: The overall processing at each iteration (round): Li = Ri-1 Ri = Li-1 F(Ri-1, Ki) Security concerns about: >The algorithm and the key length (56-bits) > Weak, semi-weak or potentially weak keys > 1998, EFF, DES cracker machine (3 days) > 10 hours (machine Doing 10^6 decryptions/ microsec 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 11

12 Initial and final permutations 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 12

13 16 Rounds Sub-Key Generation For each roud Henric Johnson rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 13

14 Expansion/Permutation (EP box) and Pbox In: 32 bits EP Box Out: 48 bits In: 32 bits Pbox Out: 32 bits 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 14

15 Substitution Boxes (for 16 rounds) Ex: rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 15

16 S boxes (S1 to S4) Valores de entrada: 0 (000000) a 63 (111111) Ex: Note: values in each sbox: 0 to 15 (0000 a 1111) Ex: 8º sexteto MS (row 1) 1110 (column 14) Then: , then output is rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 16

17 Sboxes (S5 a S8) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 17

18 Sub-Key Generation For each roud Henric Johnson rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 18

19 Sub-key generation A sub-key is generated in each round PC1: two halfs (28 bits) obtained by permutation In each round, each half is rotated for the next round Input Key (56 bits) 2 Initial Sub-Keys (28 bits) (Initial Permutation PC1) 16 rotations (one per round): a specific rotation is defined for each round PC2: In each round, a permutation with reduction (56 > 48 bits) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 19

20 PC2 sub-key rescheduling 56 bits (28 left + 28 right) Block Ri-1 Key-Rotation XOR 48 bits PC2 S-BOX (round i) Key-Rotation (for the next round) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 20

21 Multiple Encryption & DES Clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks Cryptanalysis: demonstrated vulnerabilities Weak, Semi-Weak and Potentially Weak keys AES is a new cipher alternative The standard symmetric encryption for the XXI century Promoted by different organizations: NIST, ANSI, etc Prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form Compatibility, during the adoption of AES 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 21

22 Double-DES? No thanks Could use 2 DES encrypts on each block C = [ E K2 ( E K1 (P) ] Issue of reduction to single stage with single key (1992) and have meet-in-the-middle attack works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(2 56 ) steps 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 22

23 Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) Encrypt & decrypt equivalent in security If K1=K2 then can work with single DES (compatibility) standardized in ANSI X9.17 & ISO8732 Effective key length of 112 bits no current known practical attacks But the use of 3 keys is better (improvement of the key-length effect) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 23

24 Although are no practical attacks on two-key TripleDES have some indications can use Triple-DES with Three-Keys to avoid even these C = [ E K3 [ D K2 (E K1 (P) ] ] has been adopted by some Internet applications, eg PGP, S/MIME Paranoid? Use N times DEA with N different keys Problem? Effective key lenght: 168 bits Note: Triple or N-encryptiondecryption can be applied to any block cipher algorithm 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 24

25 TEMK Triple Encryption with Minimum Key Constants T1, T2 and T3 and Two initial Keys: K1, K2 to derive three keys: KX1, KX2, KX3 for triple encryption KXi = D(K2, E(K1,Ti)) Use of Triple encryption modes (ex., Inner CBC, Outer CBC) Triple encryption with prefix-pads (pad size < block size) Doubling Block Length Space Ntuple Encryption: ex., n=5, 3 keys, C=Ek1(Dk2(Ek3(Dk4(Ek5(P))))) Witening technique: C= K3 XOR E( K2, ( P XOR K1) ) Cascading multiple block ciphers: it is at least as hard to break as any of its component ciphers Combination technique Random bit-string R with the same size as M C = E(K1, R) XOR E(K2, (M XOR R) ) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 25

26 International Data Encryption Algorithm (IDEA) 128-bit key Used in PGP Blowfish Easy to implement High execution speed Run in less than 5K of memory 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 26

27 RC5 Suitable for hardware and software Fast, simple Adaptable to processors of different word lengths Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations Cast-128 Key size from 40 to 128 bits The round function differs from round to round 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 27

28 Skypjack Example of simple symmetric crypto, interesting for small devices and HW implementation (very usual before AES implementations in HW for embeded systems and small devices, such as micro-sensos, motes, etc 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 28

29 Symmetric block cyphers and characteristics Criptografia Simétrica > Estabelecimento de canais Operations seguros (Confidencialidade) (standadization) > Problemas da partilha (distribuição) XOR, S-boxes, P-Boxes das chaves. SET, Kerberos Criptografia Assimétrica EP Boxes, Rotations,... Confidencialidade: cifra com chave pública Financial standards 112/ Autenticidade: assinaturas (cifra com chave E-commerce, privada) PGP idem S/MIME, SSL Envolver sínteses (one-way hashing nas assinaturas) XOR, addition mod 2^16 Não repúdio: 128 garantida 8 no,multiplication pressuposto mod 2^16 de não PGP, revogação SSL da chave num dado tempo XOR + shift > Operação mais lenta Alg. Key size Rounds Structure Applications DES 3DES IDEA TEA Blowfish RC5 Cast < 448 < < AES 128, 192, ,12,14 XOR + Variable S-boxes Addition, subtraction XOR and rotation operations Addition, Subtraction, XOR, Rotation and S-boxes S boxes, Matrix SR-MC, XOR 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 29 SSL PGP Many: promoted as a standard after 2000 Later Later Jump AES Later

30 Symmetric block cyphers and characteristics Alg. Key size Rounds Structure Applications Operations (standadization) Skypjack 80 bits 4 x 8 = XOR, P-Boxes 32 Matrix-based Exp... Sensors, WSN communication 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 30

31 Skypjack W i 0 32 rounds W i 32 SKIPJACK is a 64-bit codebook utilizing an 80-bit cryptovariable (Key) SKIPJACK encrypt/decrypt 4-word (64-bit) data blocks by alternating between the two stepping rules (A and B) Input = W i0, 1 i 4, (i.e., k=0 for the beginning step), Counter initialized = 0 Steps (32 rounds of 8 step rules): Rules A, B, C, D The Counter Increment by one after each step The Output = W i 32, 1 i rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 31

32 Decryption Rule (A -1 and B -1 ) Rule A -1 W 1 k-1 = [G k-1 ] -1 (w 2k ) W 2 k-1 = w 3 k W 3 k-1 = w 4 k W 4 k-1 = w 1 k w 2 k counter k-1 Rule B -1 W 1 k-1 = [G k-1 ] -1 (w 2k ) W 2 k-1 = [G k-1 ] -1 (w 2k ) w 3 k counter k-1 W 3 k-1 = w 4 k W 4 k-1 = w 1 k 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 32

33 G - Permutation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 33

34 Design Features in HW SKIPJACK module implemented easily as a peripheral HW device (as a crypto module) with 16-bit host interface Data interface to the module using read/write operation to the registers Single design for Encryption and Decryption - Based upon a flag in control register Device specific look-up ROMs used for look-up tables Fast, Low-memory requirements, Weak Energy requirements (for the case of wireless devices with autonomous batteries) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 34

35 F -Table and Cryptovariable F -Table The F function is a G permutation in a look up table Row = The higher order 4-bit index Column = The lower order 4-bit index Cryptovariable The Cryptovariable (key) is 10 bytes = 80 bits long (labeled 0 through 9) and used in its natural order Cryptovariable subscript is used in G-Permutation are interpreted mod rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 35

36 Example of Top Level Design Two major verilog module Regmem module for external I/O interface Algorithm module for encrytion/decryption 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 36

37 Memory Map 13 total registers 12 for data interface 1 register for control 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 37

38 Interface Description Device Inputs Input data buffer: 4 word (64-bits) Cryptovariable (key) buffer: 5 word (80-bits) Operating flag: Encrypt/Decrypt (1 for encryption, 0 for decryption) Start (writing a 1 starts the operation) Device Outputs Output data buffer: 4 word (64-bits) Operating flag: Done (a 1 indicates that the last operation is complete) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 38

39 Algorithm Module 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 39

40 Algorithm Module - Blocks Control State Machine Controls the encryption/decryption process; K-Counter, Register Loading, Done indication bit Triggered by the Start command bit in control registers Fiestel Module Implements the G and G -1 function using logic and 4 look-up tables for F function P_reg1 through P_reg4 used for SKIPJACK data operation Input buffer can be reloaded with new data while operation is performed on the previous data - Speeds up throughput K-Counter Up/Down counter with preset and reset 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 40

41 Algorithm Module - State Machine 5-State machine to control both encryption/decryption 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 41

42 Algorithm Module - Feistel Module 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 42

43 Feistel Module - Description Single module to compute G and G -1 function Control based upon Enc_Decn control bit Reverses the input byte order to perform G -1 function (flipping the Fiestel structure to G function) 4 look-up ROMs (Altera specific) to implements F function 4 multiplexers 10:1 to select one of the 10 CV byte, controlled from the k-cntr look-up mechanism One 32 entry look-up ROM to eliminate mod 10 computation of 4k, 4k+1, 4k+2, 4k+3 4 multiplexers 2:1 (4-bit) to select the index for the encryption or decryption 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 43

44 AES 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 44

45 AES (Advanced Encryption Standard) Origins and characteristics clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks can use Triple-DES but slow, has small blocks US NIST issued call for ciphers in candidates accepted (Jun/98), 5 were shortlisted in Aug/99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001 designed by Rijmen-Daemen in Belgium an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs Simple to analyze 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 45

46 AES Requirements NIST Established the following reference criteria for proposals: Secret key / symmetric block cipher 128-bit data, 128/192/256-bit keys stronger & faster than Triple-DES active life of years (+ archival use) provide full specification & design details both C & Java implementations NIST have released all submissions & unclassified analyses 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 46

47 AES structure Not a Feistel structure Data block of 4 columns of 4 bytes is state (128 bits) Key is expanded to array of words (44 words of 32 bits) Has 9/11/13 rounds in which state undergoes: I : byte substitution (1 S-box used on every byte) II : shift rows (permute bytes between groups/columns) III : mix columns (subs using matrix multipy of groups) IV : add round key (XOR state with key material) view as alternating XOR key & scramble data bytes Initial XOR key material & incomplete last round With fast XOR & table lookup implementation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 47

48 Advanced Encryption Algorithm (AES) Internal structure Ex., 10 rounds for 128 bit keys Successive processing of block-state arrays, combined with the expanded key 128 bit sub-key in each round 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 48

49 Input/Output State Array and Key Expansion 16 rounds of successive transformation of a 128 bit blocks (state arrays), organized as a square matrix of bytes (16x16 bits, ordered by column) Key expanded from initial size (as a square matrix of bytes) to 44 columns (44 words, 4 bytes each) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 49

50 Byte Substitution A simple substitution of each byte (defined) Uses one table of 16x16 bytes containing a permutation of all bit values Each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by byte in row 9 column 5 which has value {2A} S-box constructed using defined transformation of values (byte-to-byte substitution of the block), byte values as polynomials in GF(2 8 ) designed to be resistant to all known attacks 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 50

51 Shift Rows a circular byte shift in each each 1 st row is unchanged 2 nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left decrypt inverts using shifts to right since state is processed by columns, this step permutes bytes between the columns 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 51

52 Mix Columns each column is processed separately / each byte is replaced by a value dependent on all 4 bytes in the column effectively a matrix multiplication in GF(2 8 ) using prime poly m(x) =x 8 +x 4 +x 3 +x rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 52

53 Add Round Key XOR state with 128-bits of the round key again processed by column (though effectively a series of byte operations) inverse for decryption identical since XOR own inverse, with reversed keys designed to be as simple as possible a form of Vernam cipher on expanded key requires other stages for complexity / security 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 53

54 I Advanced Encryption Algorithm (AES) XXXXX II III IV 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 54

55 Stream ciphers Block cipher (with ECB mode of operation) Structure for stream ciphers Possible implementation with block ciphers. How? 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 55

56 Stream ciphers process message bit by bit (as a stream) have a pseudo random keystream combined (XOR) with plaintext bit by bit randomness of stream key completely destroys statistically properties in message C i = M i XOR StreamKey i but must never reuse stream key otherwise can recover messages (cf book cipher) some design considerations are: long period with no repetitions statistically random depends on large enough key large linear complexity properly designed, can be as secure as a block cipher with same size key but usually simpler & faster 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 56

57 RC4 Proprietary cipher owned by RSA DSI Another Ron Rivest design, simple but effective Variable key size, byte-oriented stream cipher Widely used (web SSL/TLS, wireless WEP) Key forms random permutation of all 8-bit values Uses that permutation to scramble input info processed a byte at a time 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 57

58 RC4 Key Schedule starts with an array S of numbers: use key to well and truly shuffle S forms internal state of the cipher // Initialization, S and T for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) // Initial Permutation of S j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j]) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 58

59 RC4 Encryption encryption continues shuffling array values sum of shuffled pair selects "stream key" value from permutation XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(s[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t] 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 59

60 RC4 encryption model Algorithm explained in Stallings, Network Security Essentials (see section 2.4, Chapter 2) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 60

61 RC4 Security claimed secure against known attacks have some analyses, none practical result is very non-linear since RC4 is a stream cipher, must never reuse a key have a concern with WEP, but due to key handling and/or pattern-repetitions rather than RC4 itself 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 61

62 Other stream ciphers SEAL A series (ex., A5, A8, GSM) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 62

63 Outline Symmetric cryptography Symmetric encryption algorithms Attacks: Brute Force vs. Cryptanalysis Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 63

64 Also referred as conventional encryption, secret-key encryption or single-key encryption, or shared-secret key encryption Plaintext or cleartext M K ciphertext C K Plaintext or cleartext M (intelligible) Notation: M C={M}K M={C} K X Y= E[ K, X ] X=D [ K,Y ] 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 64

65 Block ciphers Modern symmetric methods (modern cryptography) Applied cryptography (computers, devices, HW, SW, ) Block-based design principles Initially inspired by classic methods (adapted for computers). More complexity Reference on standard structures: Ex., Feistel network structure Statistical properties Standardization Attacks: Brute Force attacks Differential and Linear Cryptanalysis principles Algebraic structures and operations Mathematic foundations 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 65

66 Stream ciphers Modern symmetric methods (modern cryptography) Applied cryptography (computers, devices, HW, SW, ) Stream-oriented processing Fast (ex., real-time bit-by-bit encryption/decryption) Also interesting for byte-streaming Interactive applications (ex., SSH) Download of byte-streams (ex., WEB, HTTP) Use of algebraic fast computations, boolean operations, modular arithmetic 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 66

67 Modern cryptography Key points Secrecy is in the key (not the algorithm, or its implementation) Publicly available, open specification, open validation More scrutiny more security Key-space, block-size implications Cryptanalysis: is the age of an algorithm an advantage? Modern symmetric encryption methods Algebraic structures Finite fields: groups, rings and fields Modular arithmetic Euclidean algorithm Finite fields of the form, GF(p) Polynomial arithmetic Finite fields of the form GF(2^n) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 67

68 Symmetric algorithms Block-oriented symmetric ciphers Ex., DES, TripleDES, IDEA, Skypjack, RC5, RC6, AES, Blowfish, Toofish, CAST-128,... Different modes of operation: ECB, CBC, CFB, OFB, CTR,... Stream-Ciphers Ex., RC4, SEAL, Katsumi, A-series (GSM), etc Bit-by-bit operation Byte-stream based transformations Hybrid structure is also possible: Stream Ciphers implemented with Block-Cipher building blocks 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 68

69 AES - Advanced Encryption Standard >> Originally Rijndael from Daemen and Rijmen Substitution of DES (NIST Call for proposals) Criteria for AES Keys: 128, 192, 256 bits, Block sizes: 128 bits High dispersion with a simple (auditable) and fast internal structure and algebraic proofs Block-operations in successive rounds» Block operated as a matrix» Substitution Boxes» Shift rows» Mix columns» XOR with sub-keys (generated form an expansion of the initial key) Implementation issues: simple and fast implementations in SW and HW, simple auditing Best indicators from all the NIST defined tests (CMVP) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 69

70 Symmetric cryptography requirements (1) An opponent who knows the algorithm and has access to one or more ciphertexts (C1, C2, Ci, Cn) would be unable to obtain the respective plaintexts (P1, P2, Pi, Pn), if she/he don t know the key K used to calculate Ci={Pi}K would be unable to figure out the key K, even if she/he is in possession of a number of pairs (Pi, Ci), with Ci = {Pi}K Security properties of symmetric ciphers Security in a symmetric encryption: depends on the secrecy of the secret key (as an input parameter for the encryption/decryption algorithm) not from the secrecy of the algorithm 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 70

71 Symmetric cryptography requirements (2) Security in symmetric cryptography requires: Sender and receiver (principals in a secure communication): must have obtained copies of the key K in a secure way (need a secure key-distribution protocol or secure key-establishment service) Must keep the shared keys K secure Key storage is an important concern Key exposition is an important concern Possible rekeying mechanisms (key-refreshments) for Perfect Backward Secrecy (PBS) and Perfect Future Secrecy (PFS) Prevention from possible compromising of keys Key-Independence ( perfect ) Fast or efficient rekeying may be an issue 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 71

72 Symmetric cryptography assessment Performance, implementation issues, test/certification Security concerns: Key size vs. Block Size: Robustness under Brute-Force Attacks Cryptanalysis attacks Cryptanalysis Differential cryptanalysis vs. Linear cryptanalysis Dispersion and entropy: formal distance tests between identical blocks resulting from different transformations of the same plaintext block Kasiski test: distance decomposition in prime factors and period evaluation with high probability as the CGD of the majority of evaluated distances Coincidence test: % of similar symbols in identical overlapping cryptograms in a progressive displacement Certification test programs and tools (ex., NIST CRYPTIK, METRIX rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 72

73 Symmetric cryptography assessment Other current formal security verifications and proofs on symmetric cryptography: Sensibility to initial setup conditions Ex: Consequences in one bit changes Evaluation of uniform distribution characteristics Binary balance and mean entropy for a large number of generated keys (and consecutive sub-keys) and a large number of blocks (and consecutive sub-blocks) Auto and Cross Correlation in large number of generated keys /and consecutive sub-keys) Resistance to statistical attacks on pseudo-random generation mechanisms Performance/adaptability for specific purposes (HW, RAM, OS primitives, etc) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 73

74 Robustness and computational security criteria Robustness: if it is impossible (computationally impossible) to decrypt a message on the basis of the ciphertext plus the knowledge of the encryption/decryption algorithm Computational security criteria: Infinite time to break with available computing power and resources (processing power MIPS, memory, storage, ) what is infinite time? Ex., More than the universe lifetime 10^11 years? Ex., More than the universe time in several orders of magnitude? Finite time to break but time exceeds the useful lifetime of the protected information Finite time to break but requires infinite or impossible computing power and resources what is impossible computing power? Ex., A quantity of computers requiring more silicon or germanium atoms than the total quantity of atoms (estimated) available in our galaxy? Ex., Processing speed required will cause the fusion of the materials? Available computing can break before the useful lifetime of the protected information but the cost (money) of such computing resources exceeds the value of the protected information 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 74

75 Big numbers [Schneier 1996] 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 75

76 Without no inherent mathematical weaknesses: Brute-force attack On average: half of key space searched 1 computer Computing Power aggregation Practical terms: need more than key search - Plaintext knowledge - More difficult in other cases: binary, compressed, hashed data 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 76

77 DES, IDEA, RC5, TEA, CAST-128, AES-128, AES-192, AES-256 AES-256 AES-192 TDEA / 3DES IDEA, RC5, TEA CAST-128, AES ^11 Universe lifetime DES 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 77

78 Moore s Law and other predictions Processing power doubles, each 18 months In 10 years, computers will be 100 times more powerful (general resources). A desktop will fit into a cell phone Gigabit wireless connectivity everywhere Personal networks will connect our computing devices and the remote services we subscribe to. Other aspects of the future are much more difficult to predict Anyone can not predict what the emergent properties of 100x computing power will bring: new uses for computing, new paradigms of communication. A 100x world will be different, in ways that will be surprising rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 78

79 More brute-force attack estimations Moore Law (computing power): double in each 18 months. Cost estimation to break Key size Year (attack) Ex., Breaking with $10 Millions in 2000: Extrapolation using the Moore law Symmetric Alg. (key sizes) Public- Key (ECC) Public Key (RSA) Time to Break Storage needs < 5 min Trivial months x10^6 years ^16 years 4GB 170GB 120TB Robert Silverman, Technical Report RSA Laboratories, rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 79

80 Brute-Force conclusions Even if managed to speed up by a factor of 1 trillion (10^12) Brute force attacks on 128 bit keys require 1 million years So, in practice, 128 bit keys (no weak keys, generated randomly and securely established and maintained) are unbreakable with brute-force attacks From this baseline the next security problem is the possible cryptanalysis attacks against specific algorithms 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 80

81 Cryptanalysis Process of attempting to discover the plaintext or key, from the known or available information Cryptanalytic attacks: opponents using cryptanalysis - difficult High security criteria + difficult More commonly employed 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 81

82 Confidentiality using symmetric encryption Best-Practices and Bad-Practices Concerns behind keys: Key maintenance, Key-exposition Key-distribution, Key-establishment Placement of the encryption/decryption function Key-generation process and (random)-number generation Key-generation process and weak-keys discarding Perfect forward vs. backward secrecy Rekeying needs Recuperation of keys How to use Cipher Block Modes of operation in a secure way (or how to choose the correct mode) Padding and its relevance Combination of methods: secure combination? Dynamic configuration of cipher-suites and security association parameters / protocol design and implementation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 82

83 Key-management in symmetric cryptography The previous problems are very relevant! In symmetric cryptography the key is the same for encryption /decryption Secret key-shared For 2 principals: 1 shared key 3 principals: 3 keys 4 principals: 6 keys 6 principals: 15 keys N principals: n(n-1)/2 keys O(n 2 ) Problem for secure-key-distribution, establishment and management Non KDC based (pre-established keys) KDC based (client/server model) Redundant KDCs (client/server group), ex., 1, 2, 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 83

84 Assessment approaches Assessment classic techniques Kasisky tests Frequency analysis Superposition and coincidence counting Friedman tests (variance analysis) See statistical analysis /Comparison_of_statistical_packages Other tests: Uniform distribution Binary balance ( 0 and 1 distribution) Entropy metrics (ex., medium value in two consecutive keys Auto-Correlation or cross-correlation 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 84

85 Assessment approaches Conjugated statically tests in a battery (tools) Ex., Randomness tests: Assessment or certification programs and tools Ex., NIST: Ex: rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 85

86 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 86

87 Modes of Operation Block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks with 56-bit key need some way to encrypt/decrypt arbitrary amounts of data in practice ANSI X Modes of Use (now FIPS 81) defines 4 possible modes: ECB, CBC, CFB, OFB subsequently 5 defined for AES & DES: CTR have block and stream modes 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 87

88 Plaintext blocks encrypted in an independent weay Fast, parallelizable Message repetitions may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code -book analysis problem Weakness is due to the encrypted message blocks being independent: same plaintext blocks produces the same cyphertext blocks (using the same key) Main use is sending a few blocks of data 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 88

89 ECB: manipulation of encrypted blocks Ex., electronic banking transaction, ref. with DES 1 block = 64 bits Timestamp OPcode Swift Code ID Bank Orig. Swift Code ID Bank Dest Name of entity: Ex., 6 blocks IBAN Dest. Account Ex., 4 blocks Ammount EUROS Bank A Mallory Eavesdropping + Message Replying + Message Tampering (on specific blocks) Bank B 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 89

90 ECB (graphics, patterns) Plaintext and Ciphertex with ECB What we want 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 90

91 Cipher Block Chaining Mode (CBC) The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block. Repeating pattern of 64-bits are not exposed Use Initial Vector (IV) to start process C i = DES K1 (P i XOR C i-1 ) C -1 = IV Uses: bulk data encryption, authentication Same plaintext blocks => Different cyphertext blocks, even when the same key is used (different IVs) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 91

92 Henric Johnson rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 92

93 Security Performance + Security: plaintext patterns concealed by XORing with previous ciphertext blocks Input to blocks randomized by the previous cipher text block + Any change to a block affects all following ciphertext blocks +/- Plaintext somewhat difficult to manipulate Only 1 st block and last block can be removed) Bits changed in the first block: repetition allows controlled changes + More than one message can be encrypted with the same key + A ciphertext block depends on all blocks before it + Speed in ~the same as block cipher - But ciphertext is up to one block longer than the plaintext - No pre-processing is possible -/+ Encryption is not parallelizable, but decryption is parallelizable and has a random-access property 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 93

94 Fault-Tolerance - Need Initialization Vector (IV) which must be known to sender & receiver Requires synchronization if sent in clear, attacker can change bits of first block, and change IV to compensate hence IV must either be a fixed value (as in EFTPOS) or must be sent encrypted in ECB mode before rest of message A cipher text error affects one full plaintext block and the correspondent bit in the next block Synchronization errors unrecoverable 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 94

95 Cipher Feedback Mode (CFB) Conversion of a block ciphers as stream cipher (byte-oriented block cipher) Message is treated as a stream of bits Added to the output of the block cipher Result is feed back for next stage (hence name) Standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc Most efficient to use all bits in block (64 or 128) C i = P i XOR DES K1 (C i-1 ) C -1 = IV Uses: stream data encryption, authentication 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 95

96 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 96

97 Security + Appropriate when data arrives in bits/bytes, most common stream mode (without counting) + Plaintext concealed, input to block cipher is randomized + More than one message can be encrypted with the same key (changing the IV) +/- Plaintext somewhat difficult to manipulate Only 1 st block and last block can be removed) Bits changed in the first block: repetition allows controlled changes Performance + Speed is ~the same as the block cipher + Cipher text with the same size than plaintext (not counting the IV) +/- Encryption not parallelizable, decryption parallelizable and has a random access property + Some pre-processing is possible (previous cipher text can be encrypted (before a new plaintext block) Note that the block cipher is used in encryption mode at both 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 97

98 Fault-tolerance Limitation is need to stall while do block encryption after every n-bits Errors propogate for several blocks after the error: affecting correspondent bits of plaintext and the next full block Synchronization errors of full block sizes are recoverable. A 1-bit CFB can recover from the addition or loss of single bits 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 98

99 message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance C i = P i XOR O i O i = DES K1 (O i-1 ) O -1 = IV uses: stream encryption on noisy channels 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 99

100 Security Performance + Plaintext patterns concealed + Input to the block cipher is randomized + More than one message can be encrypted with the same key (provided that a different IV is used) - Plaintext is very easy to manipulate; any change in cipher text directly affects the plaintext - more vulnerable to message stream modification A variation of a Vernam cipher hence must never reuse the same sequence (key+iv) originally specified with m-bit feedback (but subsequent research has shown that only full block feedback ie CFB-64 or CFB-128) should ever be used for high security) + Speed is ~the same as block cipher - Cipher text is the same size as the plaintext, not counting the IV + Pre-Processing possible before the message is seen -/+ not parallelizable 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 100

101 Fault-tolerance + Bit errors do not propagate - Cipher text error affects only the corresponding bit of plaintext - But sender & receiver must remain in sync: synchronization error not recoverable 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 101

102 A new mode, though proposed early on Similar to OFB but encrypts counter value rather than any feedback value Must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i O i = DES K1 (i) Uses: high-speed network encryptions 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 102

103 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 103

104 Security Same criteria as OFB Random access to encrypted data blocks Provable security (good as other modes) But must ensure never reuse key/counter values, otherwise could break (cf OFB) Performance Efficiency + ~The same Better than OFB Parallelizable: can do parallel encryptions in h/w or s/w can pre-process in advance of need good for bursty high speed links Performance as OFB 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 104

105 Security CBC (entire blocks), CFB (mainly with m-bit blocks, more secure => larger m) ECB, OFB and Counter: plaintext easy to manipulate Performance ECB, CTR (parallelizable) CFB (only partial parallelization in the decryption) CBC same but no pre-processing OFB no parallelization, no pre-processing Fault-Tolerance CFB - synchronization errors of full block sizes are recoverable, but cipher text error affect the correspondent bit of plaintext + the next full block), OFB, CTR (ciphertext errors only affect the correspondent bit in plaintext) ECB, CBC, OFB, CTR - Sync. Errors unrecoverable, 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 105

106 OCB Mode (generic encryption mode) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 106

107 OCB Mode (Authentication computation) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 107

108 Other usual modes (Wireless communication settings) Mix counter modes, efficient block-chaining, merging in general encryption with authentication proofs, with the same goals as OCB Examples: IAPM XCBC CCM EAX GCM CWC PCFB CS 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 108

109 Comparative analysis See, ex: Svenda, IPICS 2004, Basic comparison of Modes for Authenticated-Encryption (IAPM, XCBC, OCB, CCM, EAX, CWC, GCM, PCFB, CS) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 109

110 Interleaving technique Ex., CBC Interleaving Multiplex/Demultiplex with Interleaving Single message Multiple messages 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 110

111 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 111

112 Message Padding At end of message must handle a possible last short block which is not as large as blocksize of cipher pad either with known non-data value (eg nulls) or pad last block along with count of pad size eg. [ b1 b2 b ] means have 3 data bytes, then 5 bytes pad+count this may require an extra entire block over those in message Padding standardization: PKCS#5, PKCS#7, OAEP, etc See practical classes / labs - examples There are other, more esoteric modes, which avoid the need for an extra block 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 112

113 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 113

114 Security principles Correct use of symmetric cryptography Need for secure key-distribution and management Choose between block and stream ciphers, according with the application needs and security concerns Key-sharing is an issue for applications with a large number of principals One only key for all the principals is not a good idea Possible approach: pair-wise shared keys Problem: for N principals you need to establish N x (N-1)/2 keys in the environment 1 for 2, 3 for 3, 6 for 4, 10 for 5,. 45 for 10, 4500 for 100, 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 114

115 Security principles Minimize the exposition of keys Minimal exposition in memory during runtime processes (discard as far as you don t need) Paranoid: delete/rewrite memory in explicit way with random bits 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 115

116 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 116

117 Link encryption: A lot of encryption devices (smart cards, TPMs) High level of security Decrypt each packet at every switch End-to-end encryption The source encrypt and the receiver decrypts Payload encrypted Header in the clear But you can encrypt headers with tunneling techniques (how?) High Security: Both link and end-to-end encryption are needed Virtualization VMs and Isolation (Hypervisor solutions) CPU Virtualization + I/O Virtualization Network perimiter defenses 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 117

118 Managing keys securely Different keys (or different passwords, different key seeds, etc...) for different security domains Managed with a MASTER KEY protecting a Trust Repository (Software vs. Hardware local strong encryption) Keys and Cryptographic functions inside trust computing modules (smartcards, HW tamper proof modules or TPMs) 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 118

119 Outline Symmetric cryptography Symmetric encryption algorithms Cipher block modes of operation Padding Encryption devices: location and management Key-distribution with symmetric cryptography 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 119

120 Establishment of symmetric keys Scale problem and key-management issues How many shared keys are managed by each principal? Possibility: 1 only key, shared with everybody (not good idea) One key shared by a pair of principals (pairwise keys): Combinations N, 2-2: N x (N-1)/2 chaves 10 principals: 45 keys, 11 pricipals: 55 keys,... How to retrieve a loss key? How to dismiss (revoke) compromised keys End-to-End vs. Link-to-link level PFS and PBS problem Perfect future secrecy and Perfect Backword Secrecy Key-independence for Perfect Fast methods for ReKeying Key-contribution and fairness requirements 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 120

121 You need secure key-distribution protocols to use cryptography Possible solutions 1. A key could be selected by A and physically delivered to B, involving a key-agreement between A and B 2. A third party could select the key and physically deliver it to A and B 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 121

122 Session keys: Data encrypted with a one-time session key Or one-time pad (rekeying) for each message in a session At the conclusion of the session, or message-by-message the key is destroyed (ephemeral keys) Permanent keys: Used between entities for the purpose of distributing session keys Used as long-time shared keys for the renegotiation of new session keys (rekeying process) Example: shared symmetric keys between the principals and KDCs Example: public-keys registered in PKCs for possible direct negotiation of shared symmetric keys by the principals themselves Keep in mind: it is a long-time duration secret critical to be managed and keep in security 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 122

123 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 123

124 Different key-distribution protocols Protocols with symmetric cryptography For entity authentication (no key-distribution) Server-less key establishment Server based key establishment (or KDC based) Multiple-server based key establishment Protocols with asymmetric cryptography Entity-authentication based (no key-distribution) Server based (or PKC based) protocols Key-Agreement protocols Diffie-Hellman based Elliptic-Curve D-H (ECDH Scheme) Identity-Based Conference or Group-oriented based Hybrid protocols 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 124

125 Different key-distribution protocols KDC based protocols ( ): Needham Schroeder and variants Otway-Rees Neuman-Stubblebine Miller-Neuman (kerberos) Yahalom Wide Mouth Frog Janson-Tsudik Bellare-Rogaway Who-Lam Gong Boyd PKC based protocols ( ) Needham-Schroeder with public-key crypto and variants Many others PKI based key-distribution, X509 Authentication services TLS Scheme Beller-Chang-Yacobi TMN AKA 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 125

126 William Stallings, Network Security Essentials, Chap.2 (summarized vision) William Stallings, W. Cryptography and Network Security: Principles and Practice, 2 nd edition. Pearson - Prentice Hall, 4 th edition, 2006, chap 2, chap 3, chap.5 and chap. 6 Schneier, B. Applied Cryptography, New York: Wiley, 1996 Complementary (for Authentication and Key-Establishment): Colin Boyd and A. Mathuria,, Protocols for Authentication and Key-Establishment, Springer, 2003 Base-protocols (ex, Needham-Schroeder), Distributed Systems bibliography See also Schroeder_protocol 2011 rev, Henrique J. Domingos, DI/FCT/UNL Symmetric Encryption Slide 126

Double-DES, Triple-DES & Modes of Operation

Double-DES, Triple-DES & Modes of Operation Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES

More information

Chapter 6 Contemporary Symmetric Ciphers

Chapter 6 Contemporary Symmetric Ciphers Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and

More information

Network Security Essentials Chapter 2

Network Security Essentials Chapter 2 Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need

More information

Chapter 3 Block Ciphers and the Data Encryption Standard

Chapter 3 Block Ciphers and the Data Encryption Standard Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition

More information

Network Security Essentials

Network Security Essentials Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science

More information

CENG 520 Lecture Note III

CENG 520 Lecture Note III CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process

More information

Symmetric Encryption Algorithms

Symmetric Encryption Algorithms Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm

More information

Block Cipher Operation. CS 6313 Fall ASU

Block Cipher Operation. CS 6313 Fall ASU Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES

More information

Chapter 6: Contemporary Symmetric Ciphers

Chapter 6: Contemporary Symmetric Ciphers CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?

More information

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher

More information

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST

More information

Computer Security 3/23/18

Computer Security 3/23/18 s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks

More information

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C

More information

Symmetric Encryption. Thierry Sans

Symmetric Encryption. Thierry Sans Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion

More information

7. Symmetric encryption. symmetric cryptography 1

7. Symmetric encryption. symmetric cryptography 1 CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption

More information

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation

More information

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function

More information

Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7 Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively

More information

Information Security CS526

Information Security CS526 Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for

More information

Cryptography MIS

Cryptography MIS Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message

More information

Secret Key Cryptography

Secret Key Cryptography Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:

More information

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some 3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption

More information

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a

More information

Stream Ciphers and Block Ciphers

Stream Ciphers and Block Ciphers Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.

More information

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori

More information

Content of this part

Content of this part UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this

More information

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security. Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins

More information

Symmetric Key Cryptography

Symmetric Key Cryptography Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver

More information

Data Encryption Standard (DES)

Data Encryption Standard (DES) Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:

More information

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated

More information

Modern Symmetric Block cipher

Modern Symmetric Block cipher Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm

More information

APNIC elearning: Cryptography Basics

APNIC elearning: Cryptography Basics APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security

More information

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.

More information

Practical Aspects of Modern Cryptography

Practical Aspects of Modern Cryptography Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private

More information

Symmetric Cryptography

Symmetric Cryptography CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...

More information

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types

More information

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50 Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested

More information

3 Symmetric Cryptography

3 Symmetric Cryptography CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption

More information

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d) CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation

More information

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message

More information

Symmetric Cryptography. CS4264 Fall 2016

Symmetric Cryptography. CS4264 Fall 2016 Symmetric Cryptography CS4264 Fall 2016 Correction: TA Office Hour Stefan Nagy (snagy2@vt.edu) Office hour: Thursday Friday 10-11 AM, 106 McBryde Hall 2 Slides credit to Abdou Illia RECAP AND HIGH-LEVEL

More information

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National

More information

Stream Ciphers and Block Ciphers

Stream Ciphers and Block Ciphers Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.

More information

Secret Key Algorithms (DES)

Secret Key Algorithms (DES) Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used

More information

Cryptography Functions

Cryptography Functions Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)

More information

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)

More information

Lecture 4: Symmetric Key Encryption

Lecture 4: Symmetric Key Encryption Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by

More information

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries

More information

Symmetric Cryptography CS461/ECE422

Symmetric Cryptography CS461/ECE422 Symmetric Cryptography CS461/ECE422 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Section 2.4-2.6 and 12.2 in Security in Computing

More information

Symmetric key cryptography

Symmetric key cryptography The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and

More information

IDEA, RC5. Modes of operation of block ciphers

IDEA, RC5. Modes of operation of block ciphers C 646 - Lecture 8 IDA, RC5 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van

More information

Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.

Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring. UNIT II BLOCK CIPHER UNIT II Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring. 2.1 SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES) The overall structure of the simplified

More information

Lecture 3: Symmetric Key Encryption

Lecture 3: Symmetric Key Encryption Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07

More information

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

More information

Winter 2011 Josh Benaloh Brian LaMacchia

Winter 2011 Josh Benaloh Brian LaMacchia Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash

More information

Symmetric Cryptography. Chapter 6

Symmetric Cryptography. Chapter 6 Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms

More information

Lecture 1 Applied Cryptography (Part 1)

Lecture 1 Applied Cryptography (Part 1) Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication

More information

Secret Key Cryptography Overview

Secret Key Cryptography Overview Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc01_07/ Block ciphers

More information

Comp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today

Comp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today Comp527 status items Crypto Protocols, part 2 Crypto primitives Today s talk includes slides from: Bart Preneel, Jonathan Millen, and Dan Wallach Install the smart card software Bring CDs back to Dan s

More information

Computer and Data Security. Lecture 3 Block cipher and DES

Computer and Data Security. Lecture 3 Block cipher and DES Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach

More information

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P)) CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption

More information

Block Cipher Operation

Block Cipher Operation Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple

More information

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of

More information

CIS 4360 Secure Computer Systems Symmetric Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

More information

Computer Security CS 526

Computer Security CS 526 Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY

More information

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018 Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.

More information

Cryptography III: Symmetric Ciphers

Cryptography III: Symmetric Ciphers Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary

More information

Crypto: Symmetric-Key Cryptography

Crypto: Symmetric-Key Cryptography Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three

More information

Stream Ciphers An Overview

Stream Ciphers An Overview Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext

More information

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working

More information

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption

More information

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel (a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on

More information

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4 EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review

More information

BCA III Network security and Cryptography Examination-2016 Model Paper 1

BCA III Network security and Cryptography Examination-2016 Model Paper 1 Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct

More information

Technological foundation

Technological foundation Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards

More information

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney. PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs

More information

U-II BLOCK CIPHER ALGORITHMS

U-II BLOCK CIPHER ALGORITHMS U-II BLOCK CIPHER ALGORITHMS IDEA: Idea is block cipher similar to DES Works on 64 bit plaintext block Key is longer and consist of 128 bits Idea is reversible like DES i.e. same algorithm can be used

More information

Conventional Encryption: Modern Technologies

Conventional Encryption: Modern Technologies Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution

More information

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis

More information

ECE 646 Lecture 8. Modes of operation of block ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.

More information

Introduction to Cryptography. Lecture 3

Introduction to Cryptography. Lecture 3 Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic

More information

CSC 580 Cryptography and Computer Security

CSC 580 Cryptography and Computer Security CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,

More information

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and

More information

Block Encryption and DES

Block Encryption and DES Block Encryption and DES Plain Text Block 1 Block 2 Block 3 Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available

More information

Information Security CS526

Information Security CS526 Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days

More information

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17

More information

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques Q 1. Draw and explain Feistel s structure for encryption and decryption. The exact realization of Feistel network depends on the choice of which parameters? Feistel cipher is based on the idea that instead

More information

Secret Key Cryptography

Secret Key Cryptography Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would

More information

PGP: An Algorithmic Overview

PGP: An Algorithmic Overview PGP: An Algorithmic Overview David Yaw 11/6/2001 VCSG-482 Introduction The purpose of this paper is not to act as a manual for PGP, nor is it an in-depth analysis of its cryptographic algorithms. It is

More information

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.). Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the

More information

EEC-484/584 Computer Networks

EEC-484/584 Computer Networks EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to

More information

P2_L6 Symmetric Encryption Page 1

P2_L6 Symmetric Encryption Page 1 P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,

More information

Summary on Crypto Primitives and Protocols

Summary on Crypto Primitives and Protocols Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance

More information

Introduction to Symmetric Cryptography

Introduction to Symmetric Cryptography Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography

More information

Goals of Modern Cryptography

Goals of Modern Cryptography Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary

More information

1 Achieving IND-CPA security

1 Achieving IND-CPA security ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

More information