Block Cipher Operation

Similar documents
Double-DES, Triple-DES & Modes of Operation

Chapter 6 Contemporary Symmetric Ciphers

Block Cipher Operation. CS 6313 Fall ASU

1. Digital Signatures 2. ElGamal Digital Signature Scheme 3. Schnorr Digital Signature Scheme 4. Digital Signature Standard (DSS)

Block Encryption and DES

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Network Security Essentials Chapter 2

Chapter 3 Block Ciphers and the Data Encryption Standard

Modes of Operation. Raj Jain. Washington University in St. Louis

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

CENG 520 Lecture Note III

Content of this part

Symmetric Encryption Algorithms

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Crypto: Symmetric-Key Cryptography

ECE 646 Lecture 8. Modes of operation of block ciphers

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Using block ciphers 1

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Key Management and Distribution

Block Cipher Modes of Operation

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Router Virtualization Protocols

Introduction to Symmetric Cryptography

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Symmetric Encryption. Thierry Sans

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Lecture 4: Symmetric Key Encryption

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

CIS 4360 Secure Computer Systems Symmetric Cryptography

Lecture 3: Symmetric Key Encryption

Block Cipher Modes of Operation

Symmetric Encryption

MTAT Applied Cryptography

Secret Key Cryptography

IDEA, RC5. Modes of operation of block ciphers

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Symmetric key cryptography

Scanned by CamScanner

Secret Key Cryptography Overview

Encrypt Data (QC3ENCDT, Qc3EncryptData) API

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Stream Ciphers and Block Ciphers

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CSC 474/574 Information Systems Security

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Stream Ciphers. Stream Ciphers 1

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Wireless Network Security

Classical Encryption Techniques

CPSC 467b: Cryptography and Computer Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Some Aspects of Block Ciphers

Cryptography Symmetric Encryption Class 2

Chapter 6: Contemporary Symmetric Ciphers

Digital Signature. Raj Jain

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Lecture 1 Applied Cryptography (Part 1)

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Introduction to Cryptography. Lecture 3

Cryptography [Symmetric Encryption]

Network Access Control and Cloud Security

Symmetric-Key Cryptography

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

CSC574: Computer & Network Security

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Data Encryption Standard (DES)

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

CSCE 548 Building Secure Software Symmetric Cryptography

CPSC 467b: Cryptography and Computer Security

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Modern Symmetric Block cipher

The Rectangle Attack

1 Achieving IND-CPA security

CPSC 467: Cryptography and Computer Security

EEC-484/584 Computer Networks

Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.

Selection of Techniques and Metrics

Symmetric Cryptography

Introduction to Cryptography. Lecture 3

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Stream Ciphers and Block Ciphers

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Cryptography and Network Security

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Block Ciphers. Advanced Encryption Standard (AES)

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Transcription:

Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple DES, DES-X 2. Encryption Modes for long messages: 1. Electronic Code Book (ECB) 2. Cipher Block Chaining (CBC) 3. Cipher Feedback (CFB) 4. Output Feedback (OFB) 5. Counter (CTR) Mode 6. XTS-AES Mode for Block-oriented Storage Devices These slides are based partly on Lawrie Brown s slides supplied with William Stallings's book Cryptography and Network Security: Principles and Practice, 7 th Ed, 2017. 6-2 Double-DES Triple-DES C = E K2 (E K1 (P)) Meet-in-the-middle attack Developed by Diffie and Hellman in 1977 Can be used to attack any composition of 2 functions X = E K1 (P) = D K2 (C) Attack by encrypting P with all 2 56 keys and storing Then decrypt C with keys and match X value Verify with one more pair Takes max of O(2 56 ) steps Total 2 57 operations Only twice as secure as single DES 6-3 E k1 (P) D k2 (C) Use DES 3 times: C = E K3 (D K2 (E K1 (P))) E-D-E provides the same level of security as E-E-E E-D-E sequence is used for compatibility with legacy K1=K2=K3 DES PGP and S/MIME use this 3 key version Provides 112 bits of security Two keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) Standardized in ANSI X9.17 & ISO8732 No current known practical attacks Several proposed impractical attacks might become basis of future attacks 6-4

Electronic Codebook (ECB) Mode How to encode multiple blocks of a long message? Each block is encoded independently of the others C i = E K (P i ) Each block is substituted like a codebook, hence name. ECB Limitations Using the same key on multiple blocks makes it easier to break Identical Plaintext Identical Ciphertext Does not change pattern: Ref: http://en.wikipedia.org/wiki/block_cipher_modes_of_operation 6-5 Original ECB Better NIST SP 800-38A defines 5 modes that can be used with any block cipher Ref: http://en.wikipedia.org/wiki/modes_of_operation 6-6 Cipher Block Chaining (CBC) Advantages and Limitations of CBC Add random numbers before encrypting Previous cipher blocks is chained with current plaintext block Use an Initial Vector (IV) to start process C i = E K (P i XOR C i-1 ) C -1 = IV Any change to a block affects all following ciphertext blocks Need Initialization Vector (IV) Must be known to sender & receiver If sent in clear, attacker can change bits of first block, and change IV to compensate Hence IV must either be a fixed value, e.g., in Electronic Funds Transfers at Point of Sale (EFTPOS) Or must be sent encrypted in ECB mode before rest of message Sequential implementation. Cannot be parallelized. 6-7 6-8

Message Padding Last block may be shorter than others Pad Pad with count of pad size [ANSI X.923] 1. E.g., [ b1 b2 b3 0 0 0 0 5] = 3 data, 5 pad w 1 count byte 1. A 1 bit followed by 0 bits [ISO/IEC 9797-1] 2. Any known byte value followed by zeros, e.g., 80-00 3. Random data followed by count [ISO 10126] 1. E.g., [b1 b2 b3 84 67 87 56 05] 4. Each byte indicates the number of padded bytes [PKCS] 1. E.g., [b1 b2 b3 05 05 05 05 05] 5. Self-Describing Padding [RFC1570] Each pad octet contains its index starting with 1 E.g., [b1 b2 b3 1 2 3 4 5] Cipher Text Stealing (CTS) Alternative to padding which adds extra bytes. Last 2 blocks are specially coded Tail bits of (n-1)st encoded block are added to nth block and order of transmission of the two blocks is interchanged. Size of ciphertext is same as plane text. No extra bytes. Ref: http://en.wikipedia.org/wiki/padding_%28cryptography%29 6-9 6-10 Stream Modes of Operation Use block cipher as some form of pseudo-random number generator The random number bits are then XOR ed with the message (as in stream cipher) Convert block cipher into stream cipher 1. Cipher feedback (CFB) mode 2. Output feedback (OFB) mode 3. Counter (CTR) mode Cipher Feedback (CFB) Message is added to the output of the block cipher Result is feed back for next stage (hence name) Standard allows any number of bit (1, 8, 64 or 128 etc) to be feed back, denoted CFB-1, CFB-8, CFB-64, CFB-128 etc Most efficient to use all bits in block (64 or 128) C i = P i XOR E K (C i-1 ) C -1 = IV Errors propagate for several blocks after the error 6-11 6-12

Output Feedback (OFB) Output of the cipher is feed back (hence name) Feedback is independent of message Can be computed in advance O i = E K (O i-1 ) C i = P i XOR O i O -1 = IV Advantages and Limitations of OFB Needs an IV which is unique for each use if ever reuse attacker can recover outputs Bit errors do not propagate More vulnerable to message stream modification Sender & receiver must remain in sync Only use with full block feedback Subsequent research has shown that only full block feedback (i.e., CFB-64 or CFB-128) should ever be used 6-13 6-14 Counter (CTR) Advantages and Limitations of CTR Encrypt counter value rather than any feedback value Different key & counter value for every plaintext block (never reused) O i = E K (i) C i = P i XOR O i Efficiency Can do parallel encryptions in h/w or s/w Can preprocess in advance of need Good for bursty high speed links Random access to encrypted data blocks Provable security (good as other modes) But must never reuse key/counter values, otherwise could break 6-15 6-16

Storage Encryption File encryption: Different keys for different files May not protect metadata, e.g., filename, creation date, Individual files can be backed up Encrypting File System (EFS) in NTFS provides this svc Disk encryption: Single key for whole disk or separate keys for each partition Master boot record (MBR) may or may not be encrypted Boot partition may or may not be encrypted. Operating system stores the key in the memory Can be read by an attacker by cold boot Trusted Platform Module (TPM): A secure coprocessor chip on the motherboard that can authenticate a device Disk can be read only on that system. Recovery is possible with a decryption password or token 6-17 Storage Encryption (Cont) If IV is predictable, CBC is not usable in storage because the plain text is chosen by the writer Ciphertext is easily available to other users of the same disk Two messages with the first blocks=biv 1 and b IV 2 will both encrypt to the same ciphertext Need to be able to read/write blocks without reading/writing other blocks 6-18 CBC XTS-AES Mode XTS = XEX-based Tweaked Codebook mode with Ciphertext Stealing (XEX = Xor-Encrypt-xor) Creates a unique IV for each block using AES and 2 keys T j = E K2 (i) j Size of K2 = size of block C j = E K1 (P j T j )T j K1 256 bit for AES-256 where i is logical sector # & j is block # (sector = n blocks) = primitive element in GF(2 128 ) defined by polynomial x Advantages and Limitations of XTS-AES Multiplication is modulo x 128 +x 7 +x 2 +x+1 in GF(2 128 ) Efficiency Can do parallel encryptions in h/w or s/w Random access to encrypted data blocks Has both nonce & counter Defined in IEEE Std 1619-2007 for block oriented storage use Implemented in numerous packages and operating systems including TrueCrypt, FreeBSD, and OpenBSD softraid disk encryption software (also native in Mac OSX Lion s FileVault), in hardware-based media encryption devices by the SPYRUS Hydra PC Digital Attaché and the Kingston DataTraveler 5000. 6-19 Ref: http://en.wikipedia.org/wiki/disk_encryption_theory 6-20

Summary 3DES generally uses E-D-E with 2 keys 112b protection ECB: Same ciphertext for the same plaintext Easier to break Homework 6 For each of the modes ECB, CBC and CTR: a. Identify whether decrypted plaintext block P 3 will be corrupted if there is an error in block C 1 of the transmitted cipher text. b. Assuming that the ciphertext contains N blocks, and that there was a bit error in the source version of P 1, identify through how many ciphertext blocks this error is propagated. (e) XTS-AES 6-21 6-22 Lab 6 Acronyms This homework requires two computers with SSH and telnet client and servers installed. You can download the following open source SSH and telnet clients: http://www.freesshd.com/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ These utilities are installed on CSE571XPC and CSE571XPS in our lab. Start wireshark on the client machine (CSE571XPS). telnet (Putty) to the server (CSE571XPC) and login with your username and password. Logout. Use follow the TCP stream option (right click on the packet) to see your username and password on the screen. Capture the screen and circle your password. ssh (Putty) to the server (CSE571XPC) and login with your username and password. Logout. Stop wireshark and read the trace. Capture the screen. Circle the password characters. Note the difference in the two logins? 3DES Triple DES AES Advanced Encryption Standard ANS American National Standard ANSI American National Standards Institute ATM Asynchronous Transfer Mode CBC Cipher Block Chaining CFB Cipher feedback CTR Counter mode CTS Cyphertext Stealing DES Data Encryption Standard ECB Electronic Code Book EFS Encrypting File System EFTPOS Encrypted File Transfers at Point of Sale FreeBSD Free Berkeley System Distribution FTP File Transfer Protocol GF Galois Field 6-23 6-24

Acronyms (Cont) IEC International Electrotechnical Commission IEEE Institution of Electrical and Electronics Engineers IP Internet Protocol ISO International Standards Organization MBR Master boot record MIME Multipurpose Internet Mail Extensions NIST National Institute of Science and Technology NTFS New Technology File System OFB Output feedback mode OSX Apple's MAC Operating System PC Personal Computer PGP Pretty Good Privacy PKCS Public Key Cryptography Standards S/MIME Secure MIME SP Special Publication SSH Secure Shell Acronyms (Cont) TCP Transmission Control Protocol TPM Trusted Platform Module TV Television XEX Xor Encrypt Xor XOR Exclusive Or XTS XEX-based tweaked-codebook mode with ciphertext stealing 6-25 6-26 Scan This to Download These Slides Related Modules CSE571S: Network Security (Spring 2017), index.html CSE473S: Introduction to Computer Networks (Fall 2016), http://www.cse.wustl.edu/~jain/cse473-16/index.html Raj Jain http://rajjain.com Wireless and Mobile Networking (Spring 2016), http://www.cse.wustl.edu/~jain/cse574-16/index.html CSE571S: Network Security (Fall 2014), http://www.cse.wustl.edu/~jain/cse571-14/index.html Audio/Video Recordings and Podcasts of Professor Raj Jain's Lectures, https://www.youtube.com/channel/ucn4-5wznp9-ruozqms-8nuw 6-27 6-28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback