Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Similar documents
Information Security CS526

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Double-DES, Triple-DES & Modes of Operation

Chapter 6 Contemporary Symmetric Ciphers

Information Security CS526

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Stream Ciphers An Overview

Stream Ciphers. Stream Ciphers 1

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Network Security Essentials Chapter 2

Network Security Essentials

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Chapter 6: Contemporary Symmetric Ciphers

Introduction to Cryptography. Lecture 3

Cryptography. Summer Term 2010

Comp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Introduction to Cryptography. Lecture 3

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

Symmetric Encryption. Thierry Sans

How crypto fails in practice? CSS, WEP, MIFARE classic. *Slides borrowed from Vitaly Shmatikov

Computer Security CS 526

1 Achieving IND-CPA security

Cryptography BITS F463 S.K. Sahay

Basic Probability Theory

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

IDEA, RC5. Modes of operation of block ciphers

Lecture 2: Secret Key Cryptography

Cryptography and Network Security Chapter 7

Practical Aspects of Modern Cryptography

Cryptography Functions

Symmetric Cryptography

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Lecture 4: Symmetric Key Encryption

Some Aspects of Block Ciphers

3 Symmetric Cryptography

Enhancing Security of Improved RC4 Stream Cipher by Converting into Product Cipher

CS61A Lecture #39: Cryptography

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Winter 2011 Josh Benaloh Brian LaMacchia

Symmetric Encryption Algorithms

Cryptography and Network Security

U-II BLOCK CIPHER ALGORITHMS

CHAPTER 2. KEYED NON-SURJECTIVE FUNCTIONS IN STREAM CIPHERS54 All bytes in odd positions of the shift register are XORed and used as an index into a f

Cryptography III: Symmetric Ciphers

Lecture 3: Symmetric Key Encryption

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

Computer Security 3/23/18

Introduction to Cryptology. Lecture 2

Basic principles of pseudo-random number generators

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Design Of High Performance Rc4 Stream Cipher For Secured Communication

CSC 580 Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

A Related-Key Cryptanalysis of RC4

CPS2323. Symmetric Ciphers: Stream Ciphers

Midterm Exam. CS381-Cryptography. October 30, 2014

CPSC 467b: Cryptography and Computer Security

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Dynamic Stream Ciphering Algorithm

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CPSC 467b: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security

COMP4109 : Applied Cryptography

Cryptography [Symmetric Encryption]

Secret Key Cryptography (Spring 2004)

Secret Key Cryptography

Hardware Implementation of RC4 Stream Cipher using VLSI

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Lecture 2: Shared-Key Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography

CSC574: Computer & Network Security

Lecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Scanned by CamScanner

Introduction to Symmetric Cryptography

Cache Timing Attacks in Cryptography

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Classical Cryptography

EEC-484/584 Computer Networks

CSE 127: Computer Security Cryptography. Kirill Levchenko

Crypto: Symmetric-Key Cryptography

CPSC 467b: Cryptography and Computer Security

Cryptography 2017 Lecture 3

An Efficient Stream Cipher Using Variable Sizes of Key-Streams

Cryptography III: Symmetric Ciphers

Transcription:

Stream ciphers Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 91

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 92 Stream Cipher Suppose you want to encrypt a stream of data, such as: the data from a keyboard the data from a sensor Block ciphers might be awkward/inefficient (consider each keystroke as a block??).

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 93 Stream cipher The way we use a stream cipher is a bit like a the way we use a one-time pad (OTP): we generate a key that s as long as the data. However, we generate it from a short random seed, so it is not random like the key used in the OTP. The key stream is not random, but pseudorandom. Plaintext Ciphertext Key/Seed Pseudo-random generator Keystream

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 94 Example 1: LFSR Linear Feedback Shift Register: Building block for many stream ciphers Can be implemented very efficiently Key idea: have register of single bit cells shifted by one at every clock cycle together with feedback function Source: Wikipedia

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 95 Example: Source: Wikipedia

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 96 Reasoning about LFSRs Interesting property: Length of keystream period If the LFSR has n bits, the keystream period will be at most 2 n, but could be much less. LFSRs are not very secure.

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 97 Combining LFSRs LFSRs are insecure in practice (given a lot of output, the tap positions can be computed fairly efficiently) Hence multiple LFSRs are combined in non-linear fashion Source: Wikipedia

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 98 Content Scrambling System (CSS) is an encryption system used on DVDs. Sector encryption is combination of two LFSR s added modulo 256 (observing carry bit from previous addition): seed 1 K 0 K 1 17 bit LFSR add modulo 256 8 bit keystream 1 K 2 K 3 K 4 25 bit LFSR However, analysis showed that this can be broken in time 2 17 (which is much less than the expected 2 42 ) [see the wikipedia page on CSS].

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 99 A5/1 Stream cipher used in GSM mobile phone communication Became public knowledge through leaks and reverse engineering Built from three LFSRs with irregular clock cycle 54 bit secret key and 22 bit initialisation vector A register is shifted only if its clock bit is the same as majority of the three clock bits

Source: Wikipedia Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 100

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 101 Security of A5/1 Better design: Clock shift make cryptanalysis much harder However, advanced techniques means mainstream PC with terabytes of flash memory (to store pre-processed tables) can break A5/1 with probability 90% in a few seconds

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 102 Example 2: RC4 Stream cipher invented 1987 by Ron Rivest Main datastructure is array S of 256 bytes. Consists of two phases: Initalisation of S phase ( key schedule ) Keystream generation phase

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 103 Code for RC4 for i := 0 to 255 do S[i] := i end j := 0 for i := 0 to 255 do j := (j + S[i] + K[i mod keylength]) mod 256 swap(s[i],s[j]) end i := 0 j := 0 while GeneratingOutput: i := (i + 1) mod 256 j := (j + S[i]) mod 256 swap(s[i],s[j]) evolve the array output S[(S[i] + S[j]) mod 256] end every element will get swapped eventually chose the swapped element randomly don t reveal the internal state

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 104 Graphical representation Source: Wikipedia

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 105 Properties of RC4 Extremely compact, and beautiful Exhaustively studied Two books, and hundreds of research papers Pretty good! But not good enough by modern standards: Numerous attacks (biases in the stream, especially the first few bytes) Led to real attacks on WEP, and modes of TLS that use it

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 106 WEP Old standard for encryption on wireless networks based on RC4: RC4 is run on a seed consisting of the pre-shared WEP key (128 bits) and an initialisation vector of 24 bits. Initialisation vector only 24 bits, hence key streams repeat after at most 2 24 frames First bytes of key stream can be known by adversary because standard headers are always sent. These two facts have led to the development of a method which can crack the key in minutes on modern PC hardware. Thus, WEP is is seriously broken - don t use it.

Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 107 Example 3 A block cipher like AES, using counter mode. This is certainly the best of the stream ciphers seen so far!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback