L9: Stream and Block Ciphers. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Similar documents
CSE509: (Intro to) Systems Security

Fundamentals of Computer Security

Chapter 10: Cipher Techniques

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Symmetric Cryptography CS461/ECE422

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Block Cipher Operation. CS 6313 Fall ASU

L1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

L8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Block Cipher Modes of Operation

Secret Key Cryptography

Content of this part

Block Cipher Modes of Operation

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Introduction to Symmetric Cryptography

Using block ciphers 1

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Some Aspects of Block Ciphers

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Geldy : A New Modification of Block Cipher

Symmetric Encryption. Thierry Sans

Modern Symmetric Block cipher

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

CSC 474/574 Information Systems Security

7. Symmetric encryption. symmetric cryptography 1

3 Symmetric Cryptography

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

L17: Assurance. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

The Rectangle Attack

Double-DES, Triple-DES & Modes of Operation

Applied Cryptography Data Encryption Standard

Chapter 6 Contemporary Symmetric Ciphers

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Data Encryption Standard (DES)

ECE 646 Fall 2008 Multiple-choice test

Chapter 3 Block Ciphers and the Data Encryption Standard

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Modes of Operation. Raj Jain. Washington University in St. Louis

Stream Ciphers and Block Ciphers

6. Symmetric Block Cipher BLOWFISH Performance. Memory space. 3. Simplicity The length of the key. The length of the data block is 64.

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Lecture 4: Symmetric Key Encryption

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

Lecture 3: Symmetric Key Encryption

Symmetric Encryption Algorithms

Symmetric key cryptography

Cryptography and Network Security

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Block Cipher Operation

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Stream Ciphers and Block Ciphers

CIT 380: Securing Computer Systems. Symmetric Cryptography

CSCE 548 Building Secure Software Symmetric Cryptography

Crypto: Symmetric-Key Cryptography

Cryptography III: Symmetric Ciphers

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Network Security Essentials Chapter 2

Cryptology complementary. Symmetric modes of operation

Symmetric Cryptography

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Stream Ciphers. Stream Ciphers 1

CIS 4360 Secure Computer Systems Symmetric Cryptography

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Cryptography Part II Introduction to Computer Security. Chapter 8

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Computer Security CS 526

Symmetric Cryptography. CS4264 Fall 2016

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Cryptography Symmetric Encryption Class 2

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Introducing the PIC24F GB2 MCU Family: extreme Low Power with Hardware Crypto Engine

Assignment 3: Block Ciphers

Jordan University of Science and Technology

Network Security Essentials

EEC-484/584 Computer Networks

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

CSC574: Computer & Network Security

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

CPSC 467b: Cryptography and Computer Security

Study and Analysis of Symmetric Key-Cryptograph DES, Data Encryption Standard

Sirindhorn International Institute of Technology Thammasat University

Sankalchand Patel College of Engineering, Visnagar B.E. Semester V (CE/IT) INFORMATION SECURITY Practical List

Winter 2011 Josh Benaloh Brian LaMacchia

Introduction to Cryptography. Lecture 3

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 1 Applied Cryptography (Part 1)

Symmetric Encryption

Transcription:

L9: Stream and Block Ciphers Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 10/19/2016 CSCI 451 -Fall 2016 1

Acknowledgement Many slides are from or are revised from the slides of the author of the textbook Matt Bishop, Introduction to Computer Security, Addison- Wesley Professional, October, 2004, ISBN-13: 978-0-321-24774-5. Introduction to Computer Security @ VSU's Safari Book Online subscription http://nob.cs.ucdavis.edu/book/book-intro/slides/ 10/19/2016 CSCI 451 - Fall 2016 2

Outline Block ciphers Examples Attacks against direct use of block ciphers Cipher Block Chaining (CBC) Multiple encryption Stream ciphers One-time pad: proven secure Synchronous Stream Ciphers Self-Synchronous Stream Cipher 10/19/2016 CSCI 451 - Fall 2016 3

Block Ciphers Block ciphers divide a message into a sequence of parts, or blocks, and encipher each block with the same key Eenciphermentfunction E k (b) enciphermentof message bwith key k In what follows, m= b 1 b 2, each b i of fixed length Block cipher E k (m) = E k (b 1 )E k (b 2 ) 10/19/2016 CSCI 451 - Fall 2016 4

Block Cipher: Example DES is a block cipher b i = 64 bits, k= 56 bits Each b i enciphered separately using k AES is a block cipher b i = 128 bits, k= 128, or 192, or 256 bits Each b i enciphered separately using k 10/19/2016 CSCI 451 - Fall 2016 5

Block Ciphers Encipher and decipher multiple bits at once Each block enciphered independently Problem: identical plaintext blocks produce identical ciphertext blocks Example: two database records MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000 Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN 10/19/2016 CSCI 451 - Fall 2016 6

Solutions Use additional information Use Cipher Block Chaining (CBC mode) 10/19/2016 CSCI 451 - Fall 2016 7

Additional Information Insert additional varyinginformation into the plaintext block, then encipher Information about block s position Example: Bits from the preceding ciphertextblock (Feistel, 1973) Sequence number on each block (Kent, 1976) Disadvantage Effective block size is reduced because a block is in effect {additional bits bits from plaintext} 10/19/2016 CSCI 451 - Fall 2016 8

Cipher Block Chaining Cipher block chaining (CBC) Exclusive-or current plaintext block with previous ciphertext block: c 0 = E k (m 0 I) c i = E k (m i c i 1 ) for i > 0 where I is the initialization vector 10/19/2016 CSCI 451 - Fall 2016 9

Recap on DES Electronic Code Book (ECB): directly use DES, a block cipher Cipher Feedback (CFB): generate pseudo one-time pad Output Feedback (OFB): generate pseudo one-time pad Cipher Block Chaining (CBC): commonly used mode 10/19/2016 CSCI 451 - Fall 2016 10

DES Recap: CBC Mode Encryption init. vector m 1 DES m 2 DES c 1 sent c 2 sent 10/19/2016 CSCI 451 - Fall 2016 11

DES Recap: CBC Mode Decryption init. vector c 1 c 2 DES DES m 1 m 2 10/19/2016 CSCI 451 - Fall 2016 12

Multiple Encryption Double encipherment: c= E k (E k (m)) Effective key length is 2n, if k, k are length n Problem: breaking it requires 2 n+1 encryptions, not 2 2n encryptions Triple encipherment: EDE mode: c= E k (D k (E k (m)) Problem: chosen plaintext attack takes O(2 n ) time using 2 n ciphertexts Triple encryption mode: c=e k (E k (E k (m)) Best attack requires O(2 2n ) time, O(2 n ) memory 10/19/2016 CSCI 451 - Fall 2016 13

Stream Ciphers Stream ciphers use a nonrepeating stream of key elements to encipher characters of a message Eenciphermentfunction E k (b) enciphermentof message bwith key k In what follows, m= b 1 b 2, each b i of fixed length Stream cipher k= k 1 k 2 E k (m) = E k1 (b 1 )E k2 (b 2 ) If k 1 k 2 repeats itself, cipher is periodicand the kengthof its period is one cycle of k 1 k 2 10/19/2016 CSCI 451 - Fall 2016 14

Examples Vigenèrecipher b i = 1 character, k= k 1 k 2 where k i = 1 character Each b i enciphered using k imod length(k) Stream cipher One-time pad A stream cipher Key string chosen random, and at least as long as the message Not periodic because the key stream never repeats Proven impossible to break 10/19/2016 CSCI 451 - Fall 2016 15

Bit-Oriented Stream Ciphers Bit-oriented stream ciphers: each character is a bit Often (try to) implement one-time padby xor ing each bit of key with one bit of message Example: m= 00101 k= 10010 c= 10111 But how to generate a good key? 10/19/2016 CSCI 451 - Fall 2016 16

Synchronous Stream Ciphers To simulate a random, infinitely long key, synchronous stream ciphers generate key bits from a course other than the message itself Simplest approach: extracts bits from a register to use as the key Example: n-stage Linear Feedback Shift Register (LFSR) 10/19/2016 CSCI 451 - Fall 2016 17

n-stage Linear Feedback Shift Register nbit register r= r 0 r n 1 nbit tap sequence t= t 0 t n 1 Operation Use r n 1 as key bit Compute x= r 0 t 0 r n 1 t n 1 Shift rone bit to right, dropping r n 1, xbecomes r 0 10/19/2016 CSCI 451 - Fall 2016 18

Operation Xor ingeach bit of key with one bit of message r 0 r n 1 b i Simulating a random, infinitely long key, c i r 0 r n 1 r i = r i 1, 0 < i n r 0 t 0 + + r n 1 t n 1 10/19/2016 CSCI 451 - Fall 2016 19

Example The least significant bit is the right-most bit 4-stage LFSR; t= 1001 r k i new bit computation new r 0010 0 01 00 10 01 = 0 0001 0001 1 01 00 00 11 = 1 1000 1000 0 11 00 00 01 = 1 1100 1100 0 11 10 00 01 = 1 1110 1110 0 11 10 10 01 = 1 1111 1111 1 11 10 10 11 = 0 0111 0111 0 11 10 10 11 = 1 1011 Key sequence has period of 15 (010001111010110) 10/19/2016 CSCI 451 - Fall 2016 20

Notes on n-stage LFSR A known plaintext attack can reveal parts of the key sequence If the known plaintext is of length 2n, the tap sequence of an n-stage LFSR can be determined completely 10/19/2016 CSCI 451 - Fall 2016 21

n-stage Non-Linear Feedback Shift Register Do not use tap sequences. New key bit is any function of the current register bits nbit register r= r 0 r n 1 Use: Use r n 1 as key bit Compute x= f(r 0,, r n 1 ); fis any function Shift rone bit to right, dropping r n 1, xbecomes r 0 Note same operation as LFSR but more general bit replacement function 10/19/2016 CSCI 451 - Fall 2016 22

Example The least significant bit is the right-most bit 4-stage NLFSR; f(r 0, r 1, r 2, r 3 ) = (r 0 &r 2 ) r 3 r k i new bit computation new r 1100 0 (1 & 0) 0 = 0 0110 0110 0 (0 & 1) 0 = 0 0011 0011 1 (0 & 1) 1 = 1 1001 1001 1 (1 & 0) 1 = 1 1100 1100 0 (1 & 0) 0 = 0 0110 0110 0 (0 & 1) 0 = 0 0011 0011 1 (0 & 1) 1 = 1 1001 Key sequence has period of 4 (0011) 10/19/2016 CSCI 451 - Fall 2016 23

Eliminating Linearity NLFSRs not common No body of theory about how to design them to have long period Alternate approach: output feedback mode For E encipherment function, k key, r register: Compute r = E k (r); key bit is rightmost bit of r Set rto r and iterate, repeatedly enciphering register and extracting key bits, until message enciphered Variant: use a counter that is incremented for each encipherment rather than a register Take rightmost bit of E k (i), where iis number of encipherment 10/19/2016 CSCI 451 - Fall 2016 24

Self-Synchronous Stream Cipher Take key from message itself (autokey) Example: Vigenère, key drawn from plaintext key plaintext ciphertext Problem: XTHEBOYHASTHEBA THEBOYHASTHEBAG QALFPNFHSLALFCT Statistical regularities in plaintext show in key Once you get any part of the message, you can decipher more 10/19/2016 CSCI 451 - Fall 2016 25

Another Example Take key from ciphertext(autokey) Example: Vigenère, key drawn from ciphertext key plaintext ciphertext Problem: XQXBCQOVVNGNRTT THEBOYHASTHEBAG QXBCQOVVNGNRTTM Attacker gets key along with ciphertext, so deciphering is trivial 10/19/2016 CSCI 451 - Fall 2016 26

Variant Cipher feedback mode: 1 bit of ciphertextfed into nbit register Self-healing property: if ciphertextbit received incorrectly, it and next nbits decipher incorrectly; but after that, the ciphertextbits decipher correctly Need to know k, Eto decipher ciphertext r k E k (r) E m i c i 10/19/2016 CSCI 451 - Fall 2016 27

Summary Block ciphers Examples: DES, AES Attacks against direct use of block ciphers Cipher Block Chaining (CBC) Multiple encryption Stream ciphers Examples: Vigenère cipher, One-time pad One-time pad: proven secure Synchronous Stream Ciphers (LFSR, NLFSR) Self-Synchronous Stream Cipher 10/19/2016 CSCI 451 - Fall 2016 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback