CSE509: (Intro to) Systems Security

Similar documents
Fundamentals of Computer Security

Chapter 10: Cipher Techniques

L9: Stream and Block Ciphers. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Symmetric Cryptography CS461/ECE422

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Cryptographic Checksums

Block Cipher Modes of Operation

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Lecture 1 Applied Cryptography (Part 1)

05 - WLAN Encryption and Data Integrity Protocols

Using block ciphers 1

Spring 2010: CS419 Computer Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

CPSC 467b: Cryptography and Computer Security

Block Cipher Modes of Operation

Fun with Crypto keys and protocols. some Bishop, some Jim, some RA

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Chapter 9: Key Management

Security Requirements

Content of this part

Practical Aspects of Modern Cryptography

What did we talk about last time? Public key cryptography A little number theory

CPSC 467: Cryptography and Computer Security

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

CSE509: (Intro to) Systems Security

Classic Cryptography: From Caesar to the Hot Line

n-bit Output Feedback

CPSC 467: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Data Integrity. Modified by: Dr. Ramzi Saifan

Secret Key Cryptography

CS 161 Computer Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CSC 482/582: Computer Security. Security Protocols

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions

CPSC 467b: Cryptography and Computer Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Information Security & Privacy

Symmetric Encryption

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Winter 2011 Josh Benaloh Brian LaMacchia

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Introduction to Symmetric Cryptography

Stream Ciphers. Stream Ciphers 1

7. Symmetric encryption. symmetric cryptography 1

Chapter 10: Key Management

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Symmetric Cryptography. CS4264 Fall 2016

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Geldy : A New Modification of Block Cipher

CSC 580 Cryptography and Computer Security

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Symmetric Cryptography

INFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2

CPSC 467b: Cryptography and Computer Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

6. Symmetric Block Cipher BLOWFISH Performance. Memory space. 3. Simplicity The length of the key. The length of the data block is 64.

Cryptography. Dr. Ahmad Almulhem. Spring Computer Engineering Department, KFUPM. Ahmad Almulhem - Network Security Engineering / 84

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Introduction to Cryptography. Steven M. Bellovin September 27,

Introduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee

Symmetric Crypto MAC. Pierre-Alain Fouque

Solutions to exam in Cryptography December 17, 2013

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

CSE484 Final Study Guide

CS 161 Computer Security

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Module 1: Classical Symmetric Ciphers

Cryptography (cont.)

Cryptography MIS

Lecture 1: Course Introduction

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

CS 161 Computer Security

Assignment 3: Block Ciphers

Lecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

Lecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels

Computational Security, Stream and Block Cipher Functions

Feedback Week 4 - Problem Set

Stream Ciphers An Overview

Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

EEC-484/584 Computer Networks

CPSC 467: Cryptography and Computer Security

Block Cipher Operation. CS 6313 Fall ASU

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

Transcription:

CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Ciphers 2005-12 Portions copyright by Matt Bishop. Used with permission

Ciphers Overview Naïve Usage Types of Ciphers Systems Security September 12, 2012 2

Ciphers???! Mechanisms for message security But isn t everything? Fast? Secure? Suited for environment? Systems Security September 12, 2012 3

Ciphers???! m 3 m 2 m 1 cipher c i Bob Alice cipher -1 m 1 m 2 m 3 Mallory Eve The compromise of individual blocks should not lead to the compromise of past communication! Systems Security September 12, 2012 4

Problems Using a cipher requires knowledge of threats in the environment in which it will be used Is the set of possible messages small? Do the messages exhibit regularities that remain after en-cipherment? Can an active wire-tapper rearrange or change parts of the message? Systems Security September 12, 2012 5

Collision Attack: Birthday Attacks With 23 people in the same room chance of same birthday is over 50%!!! For N possible values expect a collision after seeing approx. sqrt(n) of them If N=2 n (n-bit key) after 2 n/2 ( birthday bound ) messages a collision is expected! Systems Security September 12, 2012 6

Birthday Attack Deployed For 64-bit key, after seeing 2 32 transactions Eve can find message sent with same key! (how can she know? Using keyed MAC of standard message header?) Eve can then substitute old messages for new ones (e.g., reversing money transfers) Systems Security September 12, 2012 7

Collision Attack: Meet in the Middle Cousin of Birthday Attack C = E K2 (E K1 (M)) This does not have 2n bit security! Why? For a known (C,M) pair do this: T: Build table E K (M) for all K Compute D K (C) for all K and lookup in T Takes 2 n+1 steps only Systems Security September 12, 2012 8

Attack: Pre-computation If set of possible messages M is small Public key cipher f used Idea: pre-compute set of possible ciphertexts f(m), build table (m, f(m)) When cipher-text f(m) appears, use table to find m Also called forward searches Systems Security September 12, 2012 9

Example Cathy knows Alice will send Bob one of two enciphered messages: BUY or SELL Using public B, Cathy pre-computes m 1 = E public B ( BUY ) m 2 = E public B ( SELL ) Cathy sees Alice send Bob m 2 Cathy knows Alice sent SELL Systems Security September 12, 2012 10

Another example: may not be obvious Digitized sound Seems like far too many possible plaintexts Initial calculations suggest 2 32 such plaintexts Analysis of redundancy in human speech reduced this to about 100,000 ( 2 17 ) small enough to worry about pre-computation attacks Systems Security September 12, 2012 11

Mis-ordered Blocks Alice sends Bob message Message is LIVE (11 08 21 04) Enciphered message is 44 57 21 16 Eve intercepts it, rearranges blocks Now enciphered message is 16 21 57 44 Bob gets enciphered message, deciphers it He sees EVIL Systems Security September 12, 2012 12

Notes Signing each block won t stop it! Two approaches: Crypto-hash the entire message and sign it Place sequence numbers in each block of message, so recipient can tell intended order, then sign each block Systems Security September 12, 2012 13

Statistical Regularities If plaintext repeats, ciphertext may too Example using DES: input (in hex): 3231 3433 3635 3837 3231 3433 3635 3837 corresponding output (in hex): ef7c 4bb2 b4ce 6f3b ef7c 4bb2 b4ce 6f3b Fix: cascade blocks together (chaining) More details later Systems Security September 12, 2012 14

What These Mean Use of strong cryptosystems, well-chosen (or random) keys not enough to be secure Other factors: Protocols directing use of cryptosystems Ancillary information added by protocols Implementation (not discussed here) Maintenance and operation (not discussed here) Systems Security September 12, 2012 15

Stream, Block Ciphers E encipherment function E k (b) encipherment of message b with key k In what follows, m = b 1 b 2, each b i of fixed length Block cipher E k (m) = E k (b 1 )E k (b 2 ) Stream cipher k = k 1 k 2 E k (m) = E k1 (b 1 )E k2 (b 2 ) If k 1 k 2 repeats itself, cipher is periodic and the kength of its period is one cycle of k 1 k 2 Systems Security September 12, 2012 16

Examples Vigenère cipher b i = 1 character, k = k 1 k 2 where k i = 1 character Each b i enciphered using k i mod length(k) Stream cipher DES b i = 64 bits, k = 56 bits Each b i enciphered separately using k Block cipher Systems Security September 12, 2012 17

Stream Ciphers Often (try to) implement one-time pad by xor ing each bit of key with one bit of message Example: m = 00101 k = 10010 c = 10111 But how to generate a good key? Systems Security September 12, 2012 18

Synchronous Stream Ciphers n-stage Linear Feedback Shift Register: n bit register r = r 0 r n 1 n bit tap sequence t = t 0 t n 1 Use: Use r n 1 as key bit Compute x = r 0 t 0 r n 1 t n 1 Shift r one bit to right, dropping r n 1, x becomes r 0 Systems Security September 12, 2012 19

Example 4-stage LFSR; t = 1001 r k i new bit computation new r 0010 0 01 00 10 01 = 0 0001 0001 1 01 00 00 11 = 1 1000 1000 0 11 00 00 01 = 1 1100 1100 0 11 10 00 01 = 1 1110 1110 0 11 10 10 01 = 1 1111 1111 1 11 10 10 11 = 0 0111 1110 0 11 10 10 11 = 1 1011 Key sequence has period of 15 (010001011101110) Systems Security September 12, 2012 20

NLFSR n-stage Non-Linear Feedback Shift Register: consists of n bit register r = r 0 r n 1 Use: Use r n 1 as key bit Compute x = f(r 0,, r n 1 ); f is any function Shift r one bit to right, dropping r n 1, x becomes r 0 Note same operation as LFSR but more general bit replacement function Systems Security September 12, 2012 21

Example 4-stage NLFSR; f(r 0, r 1, r 2, r 3 ) = (r 0 & r 2 ) r 3 r k i new bit computation new r 1100 0 (1 & 0) 0 = 0 0110 0110 0 (0 & 1) 0 = 0 0011 0011 1 (0 & 1) 1 = 1 1001 1001 1 (1 & 0) 1 = 1 1100 1100 0 (1 & 0) 0 = 0 0110 0110 0 (0 & 1) 0 = 0 0011 0011 1 (0 & 1) 1 = 1 1001 Key sequence has period of 4 (0011) Systems Security September 12, 2012 22

Eliminating Linearity NLFSRs not common We don t know how to design them to have long period Alternate approach: output feedback mode For E encipherment function, k key, r register: Compute r = E k (r); key bit is rightmost bit of r Set r to r and iterate, repeatedly enciphering register and extracting key bits, until message enciphered Variant: use a counter that is incremented for each encipherment rather than a register Take rightmost bit of E k (i), where i is number of encipherment Systems Security September 12, 2012 23

Self-Synchronous Stream Cipher Take key from message itself (autokey) Example: Vigenère, key drawn from plaintext key XTHEBOYHASTHEBA plaintext THEBOYHASTHEBAG ciphertext QALFPNFHSLALFCT Problem: Statistical regularities in plaintext show in key Once you get any part of the message, you can decipher more Systems Security September 12, 2012 24

Another Example Take key from ciphertext (autokey) Example: Vigenère, key drawn from ciphertext key XQXBCQOVVNGNRTT plaintext THEBOYHASTHEBAG ciphertext QXBCQOVVNGNRTTM Problem: Attacker gets key along with ciphertext, so deciphering is trivial Systems Security September 12, 2012 25

Variant Cipher feedback mode: 1 bit of ciphertext fed into n bit register Self-healing property: if ciphertext bit received incorrectly, it and next n bits decipher incorrectly; but after that, the ciphertext bits decipher correctly Need to know k, E to decipher ciphertext r k E k (r) E m i Systems Security September 12, 2012 26 c i

Block Ciphers Encipher, decipher multiple bits at once Each block enciphered independently Problem: identical plaintext blocks produce identical ciphertext blocks Example: two database records MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000 Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN Systems Security September 12, 2012 27

Solution: CBC Insert information about block s position into the plaintext block, then encipher. Cipher block chaining mode (CBC): Exclusive-or current plaintext block with previous ciphertext block: c 0 = E k (m 0 I) c i = E k (m i c i 1 ) for i > 0 where I is the initialization vector Systems Security September 12, 2012 28

Solution: CTR Counter mode (CTR): Key constructed by encrypting block counter k i = E k (unique_nonce i) c i = m i k i e.g. unique_nonce=(message number) Question: why do we need the nonce? Careful: never use same (k,nonce) pair!!! Systems Security September 12, 2012 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback