Fundamentals of Computer Security

Similar documents
CSE509: (Intro to) Systems Security

Chapter 10: Cipher Techniques

L9: Stream and Block Ciphers. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Symmetric Cryptography CS461/ECE422

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Using block ciphers 1

Lecture 1 Applied Cryptography (Part 1)

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CPSC 467b: Cryptography and Computer Security

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Block Cipher Modes of Operation

05 - WLAN Encryption and Data Integrity Protocols

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Cryptographic Checksums

Fun with Crypto keys and protocols. some Bishop, some Jim, some RA

Content of this part

CPSC 467: Cryptography and Computer Security

Spring 2010: CS419 Computer Security

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Block Cipher Modes of Operation

CPSC 467b: Cryptography and Computer Security

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Secret Key Cryptography

Security Requirements

What did we talk about last time? Public key cryptography A little number theory

Practical Aspects of Modern Cryptography

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CS 161 Computer Security

CPSC 467: Cryptography and Computer Security

Chapter 9: Key Management

Stream Ciphers. Stream Ciphers 1

Data Integrity. Modified by: Dr. Ramzi Saifan

n-bit Output Feedback

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

CPSC 467b: Cryptography and Computer Security

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Winter 2011 Josh Benaloh Brian LaMacchia

Symmetric Encryption

Symmetric Encryption. Thierry Sans

Classic Cryptography: From Caesar to the Hot Line

CSC574: Computer & Network Security

CPSC 467: Cryptography and Computer Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions

Block Cipher Operation. CS 6313 Fall ASU

7. Symmetric encryption. symmetric cryptography 1

Stream Ciphers An Overview

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08

c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4) c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4)

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CSC 482/582: Computer Security. Security Protocols

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Appendix A: Introduction to cryptographic algorithms and protocols

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Symmetric Cryptography

Solutions to exam in Cryptography December 17, 2013

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

CS 161 Computer Security

Cryptography MIS

Summary on Crypto Primitives and Protocols

Geldy : A New Modification of Block Cipher

CS 161 Computer Security

Information Security & Privacy

CSC 580 Cryptography and Computer Security

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Cryptography. Dr. Ahmad Almulhem. Spring Computer Engineering Department, KFUPM. Ahmad Almulhem - Network Security Engineering / 84

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

CPSC 467b: Cryptography and Computer Security

CS 161 Computer Security

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Chapter 10: Key Management

Introduction to Cryptography. Steven M. Bellovin September 27,

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Lecture 1: Course Introduction

Encrypted Storage - Challenges and Methods. James Hughes Storage Technology Corporation

Computational Security, Stream and Block Cipher Functions

Cryptography (cont.)

CS 161 Computer Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Assignment 3: Block Ciphers

CS 161 Computer Security

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Some Aspects of Block Ciphers

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Chapter 3 Block Ciphers and the Data Encryption Standard

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Transcription:

Fundamentals of Computer Security Spring 2015 Radu Sion Ciphers 2005-15 Portions copyright by Matt Bishop and Wikipedia. Used with permission

Overview m 3 m 2 m 1 cipher c i Bob Alice cipher -1 m 1 m 2 m 3 Mallory Eve The compromise of individual blocks should not lead to the compromise of past communication! 2

Challenges Using a cipher requires knowledge of threats in the environment in which it will be used Is the set of possible messages small? Do the messages exhibit regularities that remain after encipherment? Can an active wire-tapper rearrange or change parts of the message? 3

Birthday paradox With 23 people in the same room chance of same birthday is over 50%!!! For N possible values expect a collision after seeing approx. sqrt(n) of them If N=2 n (n-bit key) after 2 n/2 ( birthday bound ) messages a collision is expected! 4

Birthday attack in action For 64-bit key, after seeing 2 32 transactions Eve can find message sent with same key! (how can she know? Using keyed MAC of standard message header?) Eve can then substitute old messages for new ones (e.g., reversing money transfers) 5

meet in the middle attack aka. collision attack Cousin of Birthday Attack C = E K2 (E K1 (M)) This does not have 2n bit security! Why? To find out whether C is an encryption of M: T: Build table E K (M) for all K Compute D K (C) for all K and lookup in T Takes 2 n+1 steps only 6

pre-computation attack If set of possible messages M is small Public key cipher f used Idea: pre-compute set of possible cipher-texts f(m), build table (m, f(m)) When cipher-text f(m) appears, use table to find m Also called forward searches 7

Pre-computation in action Cathy knows Alice will send Bob one of two enciphered messages: BUY or SELL Using public B, Cathy pre-computes m 1 = E public B ( BUY ) m 2 = E public B ( SELL ) Cathy sees Alice send Bob m 2 Cathy knows Alice sent SELL 8

Fun non-obvious example Digitized sound Seems like far too many possible plaintexts Initial calculations suggest 2 32 such plaintexts Analysis of redundancy in human speech reduced this to about 100,000 ( 2 17 ) small enough to worry about pre-computation attacks 9

Issue: misordered blocks Alice sends Bob message Message is LIVE (11 08 21 04) Enciphered message is 44 57 21 16 Eve intercepts it, rearranges blocks Now enciphered message is 16 21 57 44 Bob gets enciphered message, deciphers it He sees EVIL 10

Handling misordered blocks Signing each block won t stop it! Two approaches: Crypto-hash the entire message and sign it Place sequence numbers in each block of message, so recipient can tell intended order, then sign each block 11

More issues If plaintext repeats, ciphertext may too Example using DES: input (in hex): 3231 3433 3635 3837 3231 3433 3635 3837 corresponding output (in hex): ef7c 4bb2 b4ce 6f3b ef7c 4bb2 b4ce 6f3b Fix: cascade blocks together (chaining) More details later 12

So what is going on then? Use of strong cryptosystems, well-chosen (or random) keys not enough to be secure Other factors: Protocols directing use of cryptosystems Ancillary information added by protocols Implementation (not discussed here) Maintenance and operation (not discussed here) 13

Stream ciphers, block ciphers E encryption function E k (b) encryption of message b with key k In what follows, m = b 1 b 2, each b i of fixed length Block cipher E k (m) = E k (b 1 )E k (b 2 ) Stream cipher k = k 1 k 2 E k (m) = E k1 (b 1 )E k2 (b 2 ) If k 1 k 2 repeats itself, cipher is periodic and the length of its period is one cycle of k 1 k 2 14

Examples Vigenère cipher b i = 1 character, k = k 1 k 2 where k i = 1 character Each b i enciphered using k i mod length(k) Stream cipher DES b i = 64 bits, k = 56 bits Each b i enciphered separately using k Block cipher 15

Stream ciphers Often (try to) approximate one-time pad by xor ing each bit of key with one bit of message Example: m = 00101 k = 10010 c = 10111 But how to generate a good key? 16

Synchronous Stream Ciphers n-stage Linear Feedback Shift Register: n bit register r = r 0 r n 1 n bit tap sequence t = t 0 t n 1 Use: Use r n 1 as key bit Compute x = r 0 t 0 r n 1 t n 1 Shift r one bit to right, dropping r n 1, x becomes r 0 17

Example 4-stage LFSR; t = 1001 r k i new bit computation new r 0010 0 01 00 10 01 = 0 0001 0001 1 01 00 00 11 = 1 1000 1000 0 11 00 00 01 = 1 1100 1100 0 11 10 00 01 = 1 1110 1110 0 11 10 10 01 = 1 1111 1111 1 11 10 10 11 = 0 0111 1110 0 11 10 10 11 = 1 1011 Key sequence has period of 15 (010001011101110) 18

Make it difficult for bad guy n-stage Non-Linear Feedback Shift Register: n bit register r = r 0 r n 1 Use: Use r n 1 as key bit Compute x = f(r 0,, r n 1 ); f is any function Shift r one bit to right, dropping r n 1, x becomes r 0 Note same operation as LFSR but more general bit replacement function 19

Example 4-stage NLFSR; f(r 0, r 1, r 2, r 3 ) = (r 0 & r 2 ) r 3 r k i new bit computation new r 1100 0 (1 & 0) 0 = 0 0110 0110 0 (0 & 1) 0 = 0 0011 0011 1 (0 & 1) 1 = 1 1001 1001 1 (1 & 0) 1 = 1 1100 1100 0 (1 & 0) 0 = 0 0110 0110 0 (0 & 1) 0 = 0 0011 0011 1 (0 & 1) 1 = 1 1001 Key sequence has period of 4 (0011) 20

Making it even more difficult NLFSRs not common We don t know how to design them to have long period Alternate approach: output feedback mode For E encipherment function, k key, r register: Compute r = E k (r); key bit is rightmost bit of r Set r to r and iterate, repeatedly enciphering register and extracting key bits, until message enciphered Variant: use a counter that is incremented for each encipherment rather than a register Take rightmost bit of E k (i), where i is number of encipherment 21

Cipher Feedback Mode (CFB) Cipher feedback mode: 1 bit of ciphertext fed into n bit register Self-healing property: if ciphertext bit received incorrectly, it and next n bits decipher incorrectly; but after that, the ciphertext bits decipher correctly Need to know k, E to decipher ciphertext r k E k (r) E m i c i 22

CFB 23

Block Ciphers Encipher, decipher multiple bits at once Each block enciphered independently Problem: identical plaintext blocks produce identical ciphertext blocks Example: two database records MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000 Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN 24

Idea Insert information about block s position into the plaintext block, then encipher. Cipher block chaining mode (CBC): Exclusive-or current plaintext block with previous ciphertext block: c 0 = E k (m 0 I) c i = E k (m i c i 1 ) for i > 0 where I is the initialization vector 25

CBC 26

Issue with chaining How do we access/decrypt random blocks without having to decrypt everything before? 27

Solution: CTR Counter mode (CTR): Key constructed by encrypting block counter k i = E k (unique_nonce i) c i = m i k i e.g. unique_nonce=(message number) Question: why do we need the nonce? Careful: never use same (k,nonce) pair!!! 28

CTR 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback