Network Security Essentials Chapter 2

Similar documents
Double-DES, Triple-DES & Modes of Operation

Chapter 6 Contemporary Symmetric Ciphers

Chapter 3 Block Ciphers and the Data Encryption Standard

Symmetric Encryption Algorithms

CENG 520 Lecture Note III

Block Cipher Operation. CS 6313 Fall ASU

Chapter 6: Contemporary Symmetric Ciphers

Network Security Essentials

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

Cryptography and Network Security Chapter 7

Symmetric Cryptography. Chapter 6

Modern Block Ciphers

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

Cryptography Symmetric Encryption Class 2

Symmetric Encryption. Thierry Sans

Crypto: Symmetric-Key Cryptography

Block Encryption and DES

Stream Ciphers and Block Ciphers

Stream Ciphers and Block Ciphers

Cryptography and Network Security

Secret Key Cryptography Overview

Information Security CS526

Data Encryption Standard (DES)

Modern Symmetric Block cipher

Symmetric Cryptography CS461/ECE422

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 4: Symmetric Key Encryption

Computer and Data Security. Lecture 3 Block cipher and DES

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Secret Key Cryptography

7. Symmetric encryption. symmetric cryptography 1

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Lecture 1 Applied Cryptography (Part 1)

3 Symmetric Cryptography

ECE 646 Lecture 8. Modes of operation of block ciphers

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

IDEA, RC5. Modes of operation of block ciphers

Cryptography and Network Security. Lecture 02 Symmetric Encryption. Ediz ŞAYKOL

Computer Security: Principles and Practice

Computer Security 3/23/18

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Classical Encryption Techniques

Lecture 3: Symmetric Key Encryption

Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

Cryptography and Network Security. Sixth Edition by William Stallings

P2_L6 Symmetric Encryption Page 1

Block Cipher Operation

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

CIS 4360 Secure Computer Systems Symmetric Cryptography

Symmetric Cryptography

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Symmetric Key Cryptography

EEC-484/584 Computer Networks

Secret Key Cryptography

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Unit-II. Symmetric Ciphers. To emphasize the 2 categories of traditional ciphers:substitution and transposition ciphers.

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Winter 2011 Josh Benaloh Brian LaMacchia

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Computer Security CS 526

Cryptography III: Symmetric Ciphers

Conventional Encryption: Modern Technologies

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Information Security CS526

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan

Content of this part

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Goals of Modern Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Secret Key Algorithms (DES)

Cryptographic Algorithms - AES

U-II BLOCK CIPHER ALGORITHMS

Cryptography MIS

CSC 474/574 Information Systems Security

CSC574: Computer & Network Security

Some Aspects of Block Ciphers

Cryptography Functions

Jaap van Ginkel Security of Systems and Networks

Applied Cryptography Data Encryption Standard

Practical Aspects of Modern Cryptography

Introduction to Symmetric Cryptography

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

CSCE 813 Internet Security Symmetric Cryptography

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Block Ciphers. Advanced Encryption Standard (AES)

Stream Ciphers An Overview

Cryptography 2017 Lecture 3

APNIC elearning: Cryptography Basics

Information Systems Security

Symmetric Key Cryptography

Transcription:

Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need it?

Symmetric Encryption or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-key was only type prior to invention of public- key in 1970 s and by far most widely used

Some Basic Terminology plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis

Some Basic Terminology cleartext - is this the same as plaintext? Also, do all ciphers need a key? Is a password the same as a key? Are there ciphers that use neither?

Symmetric Cipher Model

Requirements two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver mathematically have: Y = E(K, X) X = D(K, Y) assume encryption algorithm is known implies a secure channel to distribute key

Cryptography can characterize cryptographic system by: type of encryption operations used substitution transposition product number of keys used single-key or private two-key or public way in which plaintext is processed block stream

Cryptanalysis objective to recover key not just message general approaches: cryptanalytic attack brute-force attack if either succeed all key use compromised Hence the value of perfect forward secrecy

Cryptanalytic Attacks ciphertext only only know algorithm & ciphertext, is statistical, know or can identify plaintext known plaintext know/suspect plaintext & ciphertext chosen plaintext select plaintext and obtain ciphertext chosen ciphertext select ciphertext and obtain plaintext chosen text select plaintext or ciphertext to en/decrypt

Brute Force Search always possible to simply try every key most basic attack, proportional to key size assume either know / recognize plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 10 6 decryptions/µs 32 2 32 = 4.3 10 9 2 31 µs = 35.8 minutes 2.15 milliseconds 56 2 56 = 7.2 10 16 2 55 µs = 1142 years 10.01 hours 128 2 128 = 3.4 10 38 2 127 µs = 5.4 10 24 years 5.4 10 18 years 168 2 168 = 3.7 10 50 2 167 µs = 5.9 10 36 years 5.9 10 30 years 26 characters (permutation) 26! = 4 10 26 2 10 26 µs = 6.4 10 12 years 6.4 10 6 years

Feistel Cipher Structure Horst Feistel devised the feistel cipher based on concept of invertible product cipher partitions input block into two halves process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves implements Shannon s S-P net concept

Feistel Cipher Structure

Feistel Cipher Design Elements block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis

Data Encryption Standard (DES) most widely used block cipher in world adopted in 1977 by NBS (now NIST) as FIPS PUB 46 encrypts 64-bit data using 56-bit key has widespread use has been considerable controversy over its security

DES History IBM developed Lucifer cipher by team led by Feistel in late 60 s used 64-bit data blocks with 128-bit key then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES

DES Design Controversy although DES standard is public was considerable controversy over design in choice of 56-bit key (vs Lucifer 128-bit) and because design criteria were classified subsequent events and public analysis show in fact design was appropriate use of DES has flourished especially in financial applications still standardised for legacy application use

Multiple Encryption & DES clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks AES is a new cipher alternative prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form

Double-DES? could use 2 DES encrypts on each block C = E K2 K2 (E K1 K1 (P)) issue of reduction to single stage and have meet-in-the-middle attack works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(2 56 ) steps

Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) nb encrypt & decrypt equivalent in security if K1=K2 then can work with single DES standardized in ANSI X9.17 & ISO8732 no current known practical attacks several proposed impractical attacks might become basis of future attacks

Triple-DES with Three-Keys although are no practical attacks on two- key Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these C = E K3 K3 (D K2 (E K1 K1 (P))) has been adopted by some Internet applications, eg PGP, S/MIME

Triple-DES with... one key? Is that a keying option?

Origins clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks can use Triple-DES but slow, has small blocks US NIST issued call for ciphers in 1997 15 candidates accepted in Jun 98 5 were shortlisted in Aug-99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001

The AES Cipher - Rijndael designed by Rijmen-Daemen in Belgium has 128/192/256 bit keys, 128 bit data an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity

AES Encryption Process

AES Structure data block of 4 columns of 4 bytes is state key is expanded to array of words has 9/11/13 rounds in which state undergoes: byte substitution (1 S-box used on every byte) shift rows (permute bytes between groups/columns) mix columns (subs using matrix multiply of groups) add round key (XOR state with key material) view as alternating XOR key & scramble data bytes initial XOR key material & incomplete last round with fast XOR & table lookup implementation

AES Structure

AES Round

Random Numbers many uses of random numbers in cryptography nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad in all cases its critical that these values be statistically random, uniform distribution, independent unpredictability of future values from previous values true random numbers provide this care needed with generated random numbers

Pseudorandom Number Generators (PRNGs) often use deterministic algorithmic techniques to create random numbers although are not truly random can pass many tests of randomness known as pseudorandom numbers created by Pseudorandom Number Generators (PRNGs)

Random & Pseudorandom Number Generators

Stream Cipher Structure

Stream Cipher Properties some design considerations are: long period with no repetitions statistically random depends on large enough key large linear complexity properly designed, can be as secure as a block cipher with same size key but usually simpler & faster

RC4 a proprietary cipher owned by RSA DSI another Ron Rivest design, simple but effective variable key size, byte-oriented stream cipher widely used (web SSL/TLS, wireless WEP/WPA) key forms random permutation of all 8-bit values uses that permutation to scramble input info processed a byte at a time

RC4 Key Schedule starts with an array S of numbers: 0..255 use key to well and truly shuffle S forms internal state of the cipher for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j])

RC4 Encryption encryption continues shuffling array values sum of shuffled pair selects "stream key" value from permutation XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(s[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t]

RC4 Overview

RC4 Security claimed secure against known attacks have some analyses, none practical result is very non-linear since RC4 is a stream cipher, must never reuse a key have a concern with WEP, but due to key handling rather than RC4 itself

Modes of Operation block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts of data in practise NIST SP 800-38A defines 5 modes have block and stream modes to cover a wide variety of applications can be used with any block cipher

Electronic Codebook Book (ECB) message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks C i = E K (P i ) uses: secure transmission of single values

Advantages and Limitations of ECB message repetitions may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem weakness is due to the encrypted message blocks being independent main use is sending a few blocks of data

Advantages and Limitations of ECB Finally! Time for our first real example!

Cipher Block Chaining (CBC) message is broken into blocks linked together in encryption operation each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process C i = E K (P i XOR C i-1 C -1 = IV i-1 ) uses: bulk data encryption, authentication

Cipher Block Chaining (CBC) Let's revisit our example!

Cipher Block Chaining (CBC)

Cipher FeedBack (CFB) message is treated as a stream of bits added to the output of the block cipher result is feed back for next stage (hence name) standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc most efficient to use all bits in block (64 or 128) C i = P i XOR E K (C C -1-1 = IV (C i-1 ) uses: stream data encryption, authentication

s-bit Cipher FeedBack (CFB-s)

Advantages and Limitations of CFB appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propagate for several blocks after the error

Counter (CTR) a new mode, though proposed early on similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused) O i = E K (i) C i = P i XOR O i uses: high-speed network encryptions

Counter (CTR)

Advantages and Limitations of efficiency CTR can do parallel encryptions in h/w or s/w can preprocess in advance of need good for bursty high speed links random access to encrypted data blocks provable security (good as other modes) but must ensure never reuse key/counter values, otherwise could break (cf OFB)

Considerations when comparing error propagation block modes e.g. an error in an ECB will only affect 1 block an error with CBC only affects 2 blocks parallelization CTR and ECB might be able to parallelize, but have fun trying that with CBC! Initialization vectors, nonces, and pads A recurring theme, but are these a concern?

Consideration for future discussions how will we actually share those keys? if we can't easily share symmetric keys, does that mean we don't really use this form of cryptography? is transforming the human-readable into the secret really the only use for keys? is there anything else we'd like to discuss?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback