Symmetric Cryptography

Similar documents
Cryptography [Symmetric Encryption]

Cryptography (cont.)

Cryptography: Symmetric Encryption [continued]

Web Security Symmetric Encryption & Authentication

Symmetric Cryptography

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Modern Symmetric Block cipher

Cryptography 2017 Lecture 3

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Some Aspects of Block Ciphers

Network Security Essentials Chapter 2

Crypto: Symmetric-Key Cryptography

Chapter 3 Block Ciphers and the Data Encryption Standard

3 Symmetric Cryptography

Cryptography Functions

Symmetric Encryption. Thierry Sans

Network Security Essentials

Secret Key Cryptography

P2_L6 Symmetric Encryption Page 1

Computer and Data Security. Lecture 3 Block cipher and DES

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Symmetric Encryption Algorithms

Making and Breaking Ciphers

Lecture 4: Symmetric Key Encryption

Data Encryption Standard (DES)

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Cryptographic Algorithms - AES

Information Security CS526

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Block Cipher Operation. CS 6313 Fall ASU

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

7. Symmetric encryption. symmetric cryptography 1

Secret Key Cryptography

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CENG 520 Lecture Note III

Winter 2011 Josh Benaloh Brian LaMacchia

Lecture 3: Symmetric Key Encryption

Computational Security, Stream and Block Cipher Functions

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Information Security CS526

CSE 127: Computer Security Cryptography. Kirill Levchenko

Secret Key Algorithms (DES)

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

CSC574: Computer & Network Security

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Content of this part

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Applied Cryptography Data Encryption Standard

Symmetric Cryptography. Chapter 6

Software Security Design Principles + Intro to Crypto

Double-DES, Triple-DES & Modes of Operation

Computer Security 3/23/18

Goals of Modern Cryptography

Chapter 6: Contemporary Symmetric Ciphers

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

symmetric cryptography s642 computer security adam everspaugh

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Block Ciphers. Advanced Encryption Standard (AES)

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Scanned by CamScanner

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Symmetric Cryptography. CS4264 Fall 2016

Chapter 6 Contemporary Symmetric Ciphers

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Lecture 1 Applied Cryptography (Part 1)

Cryptography and Network Security. Sixth Edition by William Stallings

COMP4109 : Applied Cryptography

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

Block ciphers, stream ciphers

Computer Security CS 526

Secret Key Cryptography Overview

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Software Security and Intro to Cryptography

Introduction to Symmetric Cryptography

Lecture 5. Constructions of Block ciphers. Winter 2018 CS 485/585 Introduction to Cryptography

Cryptography and Network Security

Modern Block Ciphers

Introduction to Modern Symmetric-Key Ciphers

Symmetric-Key Cryptography

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Security and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 5: Pseudo Random Permutations and Block Ciphers

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

CSCE 813 Internet Security Symmetric Cryptography

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Encryption Details COMP620

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

1 Achieving IND-CPA security

Transcription:

CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...

Goals for Today Under the hood: Symmetric encryption

Attack Scenarios for Encryption Ciphertext-Only Known Plaintext Chosen Plaintext Chosen Ciphertext (and Chosen Plaintext) (General advice: Target strongest level of privacy possible -- even if not clear why -- for extra safety )

Chosen-Plaintext Attack encrypt(key,pin) PIN is encrypted and transmitted to bank Crook #1 changes his PIN to a number of his choice Crook #2 eavesdrops on the wire and learns text corresponding to chosen plaintext PIN repeat for any PIN value

Attack Scenarios for Integrity What do you think these scenarios should be?

One-Time Pad = 10111101 = 00110010 10001111 10111101 00110010 = Key is a random bit sequence as long as the plaintext Encrypt by bitwise XOR of plaintext and key: text = plaintext key Decrypt by bitwise XOR of text and key: text key = (plaintext key) key = plaintext (key key) = plaintext Cipher achieves perfect secrecy if and only if there are as many possible keys as possible plaintexts, and every key is equally likely (Claude Shannon)

Advantages of One-Time Pad Easy to compute Encryption and decryption are the same operation Bitwise XOR is very cheap to compute As secure as theoretically possible Given a text, all plaintexts are equally likely, regardless of attacker s computational resources as long as the key sequence is truly random True randomness is expensive to obtain in large quantities as long as each key is same length as plaintext But how does the sender communicate the key to receiver?

Disadvantages = 10111101 = 00110010 10001111 10111101 00110010 = Key is a random bit sequence as long as the plaintext Encrypt by bitwise XOR of plaintext and key: text = plaintext key Decrypt by bitwise XOR of text and key: text key = (plaintext key) key = plaintext (key key) = plaintext Disadvantage #1: Keys as long as messages. Impractical in most scenarios Still used by intelligence communities

Disadvantages = 10111101 = 00110010 0 10001111 0 10111101 00110010 = Key is a random bit sequence as long as the plaintext Encrypt by bitwise XOR of plaintext and key: text = plaintext key Decrypt by bitwise XOR of text and key: text key = (plaintext key) key = plaintext (key key) = plaintext Disadvantage #2: No integrity protection

Disadvantages Disadvantage #3: Keys cannot be reused P1 = 00000000 = 00110010 00110010 C1 00000000 00110010 = P2 = 11111111 = 00110010 11001101 C2 11111111 00110010 = Learn relationship between plaintexts: C1 C2 = (P1 K) (P2 K) = (P1 P2) (K K) = P1 P2

Reducing Keysize What do we do when we can t pre-share huge keys? When OTP is unrealistic We use special cryptographic primitives Single key can be reused (with some restrictions) But no longer provable secure (in the sense of the OTP) Examples: Block s, stream s

Background: Permutation 1 2 3 4 1 2 3 4 CODE becomes DCEO For N-bit input, N! possible permutations Idea: split plaintext into s; for each use secret key to pick a permutation Without the key, permutation should look random

Block Ciphers Operates on a single chunk ( ) of plaintext For example, 64 bits for DES, 128 bits for AES Same key is reused for each (can use short keys) Plaintext Key Ciphertext

Block Cipher Security Result should look like a random permutation As if plaintext bits were randomly shuffled Only computational guarantee of secrecy Not impossible to break, just very expensive If there is no efficient algorithm (unproven assumption!), then can only break by brute-force, try-every-possible-key search Time and cost of breaking the exceed the value and/or useful lifetime of protected information

Block Cipher Operation (Simplified) Block of plaintext Key S S S S S S S S repeat for several rounds S S S S Block of text Add some secret key bits to provide confusion Each S-box transforms its input bits in a random-looking way to provide diffusion (spread plaintext bits throughout text) Procedure must be reversible (for decryption)

Feistel Structure (Stallings Fig 2.2)

DES Feistel structure Ladder structure: split input in half, put one half through the round and XOR with the other half After 3 random rounds, text indistinguishable from a random permutation if internal F function is a pseudorandom function (Luby & Rackoff) DES: Data Encryption Standard Feistel structure Invented by IBM, issued as federal standard in 1977 64-bit s, 56-bit key + 8 bits for parity

DES and 56 bit keys (Stallings Tab 2.2) 56 bit keys are quite short 1999: EFF DES Crack + distibuted machines < 24 hours to find DES key DES ---> 3DES 3DES: DES + inverse DES + DES (with 2 or 3 diff keys)

Advanced Encryption Standard (AES) New federal standard as of 2001 Based on the Rijndael algorithm 128-bit s, keys can be 128, 192 or 256 bits Unlike DES, does not use Feistel structure The entire is processed during each round Design uses some very nice mathematics

Basic Structure of Rijndael 128-bit plaintext (arranged as 4x4 array of 8-bit bytes) 128-bit key S byte substitution Shift rows Mix columns shift array rows (1 st unchanged, 2 nd left by 1, 3 rd left by 2, 4 th left by 3) mix 4 bytes in each column (each new byte depends on all bytes in old column) add key for this round Expand key repeat 10 times

Encrypting a Large Message So, we ve got a good, but our plaintext is larger than 128-bit size Electronic Code Book (ECB) mode Split plaintext into s, encrypt each one separately using the Cipher Block Chaining (CBC) mode Split plaintext into s, XOR each with the result of encrypting previous s Counter (CTR) mode Use to generate keystream, like a stream...

ECB Mode plaintext text Identical s of plaintext produce identical s of text No integrity checks: can mix and match s

CBC Mode: Encryption plaintext Initialization vector (random) text Identical s of plaintext encrypted differently Last depends on entire plaintext Still does not guarantee integrity

CBC Mode: Decryption plaintext Initialization vector decrypt decrypt decrypt decrypt text

ECB vs. CBC [Picture due to Bart Preneel] AES in ECB mode AES in CBC mode Similar plaintext s produce similar text s (not good!)

Information Leakage in ECB Mode [Wikipedia] Encrypt in ECB mode

CBC and Electronic Voting plaintext Initialization vector (supposed to be random) DES DES DES DES text Found in the source code for Diebold voting machines: DesCBCEncrypt((des_c_*)tmp, (des_c_*)record.m_data, totalsize, DESKEY, NULL, DES_ENCRYPT)

CTR Mode: Encryption Initial ctr (random) ctr ctr+1 ctr+2 ctr+3 pt pt pt pt text Identical s of plaintext encrypted differently Still does not guarantee integrity Fragile if ctr repeats

CTR Mode: Decryption Initial ctr ctr ctr+1 ctr+2 ctr+3 ct ct ct ct pt pt pt pt

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback