CIS 6930/4930 Computer and Network Security. Project requirements

Similar documents
AIT 682: Network and Systems Security

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Introduction. Secret Key Cryptography. Outline. Secrets? (Cont d) Secret Keys or Secret Algorithms? Introductory Remarks Feistel Cipher DES AES

Secret Key Cryptography

Cryptography Functions

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

CSCE 813 Internet Security Symmetric Cryptography

Modern Block Ciphers

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Symmetric Cryptography. Chapter 6

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Chapter 6: Contemporary Symmetric Ciphers

CSC 474/574 Information Systems Security

Cryptographic Algorithms - AES

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

Chapter 3 Block Ciphers and the Data Encryption Standard

P2_L6 Symmetric Encryption Page 1

CSC574: Computer & Network Security

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Secret Key Algorithms (DES)

Modern Symmetric Block cipher

Symmetric Encryption Algorithms

CSC 474/574 Information Systems Security

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Making and Breaking Ciphers

Introduction to Modern Symmetric-Key Ciphers

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:

Computational Security, Stream and Block Cipher Functions

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Secret Key Cryptography

Jordan University of Science and Technology

Symmetric Cryptography

Computer and Data Security. Lecture 3 Block cipher and DES

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Data Encryption Standard (DES)

Goals of Modern Cryptography

Lecture 3: Symmetric Key Encryption

Block Ciphers. Secure Software Systems

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

Lecture 1 Applied Cryptography (Part 1)

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

Symmetric Key Cryptosystems. Definition

Lecture 4: Symmetric Key Encryption

Block Encryption and DES

Fundamentals of Cryptography

18-642: Cryptography 11/15/ Philip Koopman

CPS2323. Block Ciphers: The Data Encryption Standard (DES)

Network Security Essentials Chapter 2

CIS 3362 Final Exam 12/4/2013. Name:

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

CS61A Lecture #39: Cryptography

CSC 580 Cryptography and Computer Security

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Crypto: Symmetric-Key Cryptography

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Worksheet - Reading Guide for Keys and Passwords

Applied Cryptography Data Encryption Standard

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Practical Aspects of Modern Cryptography

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Secret Key Cryptography Overview

A SIMPLIFIED IDEA ALGORITHM

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Cryptography and Network Security. Sixth Edition by William Stallings

S-DES Encryption template. Input:

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

CNT4406/5412 Network Security

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Symmetric Cryptography. CS4264 Fall 2016

CENG 520 Lecture Note III

Cryptography MIS

Symmetric Encryption. Thierry Sans

Lecture 3: Block Ciphers and the Data Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

International Journal of Advance Engineering and Research Development

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

18-642: Cryptography

Winter 2011 Josh Benaloh Brian LaMacchia

7. Symmetric encryption. symmetric cryptography 1

Technological foundation

Cryptography 2017 Lecture 3

COMP4109 : Applied Cryptography

Introduction to Cryptography

Lecture 2: Secret Key Cryptography

Cryptography and Network Security

Computer Security 3/23/18

Content of this part

Stream Ciphers and Block Ciphers

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Transcription:

CIS 6930/4930 Computer and Network Security Project requirements

Project Requirement Form a team of 3 people to complete the course project. The project has 100pts + 20pts (extra credit) Report requirement: at least 5 pages, at most 1.5 line spacing, time New Roman, 11pt. Report deadline: April 30th 1/24/2017 2

Project Goal Train yourself to think about security Learn to collaborate with others Learn to find useful resources Learn to write clear and well-organized technical reports. 1/24/2017 3

Assigned Project Secure Instant Point-to-Point (P2P) Messaging In this project, you need to design a secure instant messaging tool for Alice and Bob (like Gtalk, skype or ICQ chat). The system supports the following functions Alice and Bob can use the tool to send instant messages to each other. 1/24/2017 4

Assigned Project (Cont d) Project description (Cont d) Alice and Bob share the same password (or passphrase), they must use the password to set up the tool to correctly encrypt and decrypt messages shared between each other. Each message during Internet transmission must be encrypted using a 56-bit key. 1/24/2017 5

Computer Language You can use any computer language (Java, C++, Python) and leverage any existing opensource software, tools, or commands (e.g., md5sum, sha1sum) to design the system. 1/24/2017 6

Design Issues With a 56-bit key, what cipher you should use? DO NOT directly use the password as the key, how can you generate the same key between Alice and Bob to encrypt messages? What will be used for padding? 1/24/2017 7

Design Issues (Cont d) A graphical user interface (GUI) is preferred. Display ciphertext and plaintext How should Alice and Bob set up an initial connection and also maintain the connection with each other on the Internet? You may refer to socket/network programming in a particular computer language 1/24/2017 8

Extra Credits Design a key management mechanism to periodically update the key used between Alice and Bob. Justify why the design can enhance security. 1/24/2017 9

Research Paper In lieu of the assignment project, you can also write a research paper. If you plan to write a research paper, you need to submit a proposal before Feb 20 th. Your research paper is due on April 30 th. 1/24/2017 10

Research paper (Cont d) Identify a security-related problem Analyze the problem, propose solution and verity its effectiveness It may be a new problem, i.e., nobody has considered before Or it may be a problem already addressed by others. But you have a better solution Validation: show your approach is workable or better Theoretical analysis + experimental verification 1/24/2017 11

Suggested Topics Behavior biometrics Location tracking Attacks against automobile systems Security of Bitcoins Trust management in social networks Detection of fake Wi-Fi spots Privacy-preserving for the cloud service Security in the smart grid Threats to the implantable medical devices Big data security Other topics you are interested PhD students are encouraged to connect the project with your research topic 1/24/2017 12

Places for good references DBLP http://www.informatik.uni-trier.de/~ley/db/ Citeseer http://citeseer.ist.psu.edu ACM Portal http://dl.acm.org/ IEEE Xplore http://ieeexplore.ieee.org/xplore/guesthome.jsp 1/24/2017 13

Places for good references (Cont d) Major security conferences IEEE symposium on Security and Privacy (Oakland conference, IEEE S&P) ACM Conference on Computer and communications security (CCS) USENIX Security symposium Network and Distributed System Symposium (NDSS) Annual International Cryptology Conference (crypto) Eurocrypto Conference (enrocrypto) Top database and networking conferences SIGMOD, VLDB, ICDE,WWW, SIGCOMM, INFOCOMM, 1/24/2017 14

CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms 23

Secret Key Cryptography plaintext Encryption ciphertext Decryption plaintext key Same key is used for both encryption and decryption This one key is shared by two parties who wish to communicate securely Also known as symmetric key cryptography, or shared key cryptography 24

Applications of Secret Key Crypto Communicating securely over an insecure channel Alice encrypts using shared key Bob decrypts result using same shared key Authentication Bob can verify if a message is generated by Alice 25

Applications (Cont d) Message integrity Alice computes a message integrity code (MIC) from the message using the shared key Bob decrypts the MIC on receipt, and verifies that it agrees with message contents 26

Generic Block Encryption Converts one input plaintext block of fixed size n bits to an output ciphertext block also of n bits plaintext block 0 block 1 block 2 key ciphertext Encryption block 0 block 1 block 2 27

Key Sizes A Key should be selected from a large potential set to prevent brute force attacks If a key is of 3 bits, what are the possible keys? 000, 001, 010, 011, 100, 101, 110,111 Given a pair of (plaintext, ciphertext), an attacker can do a brute force search to find the key If a key is of n bits, how many possible keys does a brute force attacker need to search? 28

Secret key sizes Key Sizes (Cont d) 40 bits were considered adequate in 70 s 56 bits used by DES were adequate in the 80 s 128 bits are adequate for now If computers increase in power by 40% per year, need roughly 5 more key bits per decade to stay sufficiently hard to break 29

Notation Notation X Y X Y K{m} Meaning Bit-wise exclusive-or of X and Y Concatenation of X and Y Message m encrypted with secret key K 30

Two Principles for Cipher Design Confusion: Make the relationship between the <plaintext, key> input and the <ciphertext> output as complex (non-linear) as possible Diffusion: Spread the influence of each input bit across many output bits 31

Exploiting the Principles Idea: use multiple, alternating permutations and substitutions, e.g., S P S P S P S P S P Do they have to alternate? e.g. S S S P P P S S? Consecutive Ps or Ss do not improve security Confusion is mainly accomplished by substitutions Diffusion is mainly accomplished by permutations 32

Secret Key (Cont d) Basic technique used in secret key ciphers: multiple applications of alternating substitutions and permutations plaintext S P S P S ciphertext key 33

Basic Form of Modern Block Ciphers Plaintext block Key Preprocessing Sub-Key Generation Rounds of Encryption i=1,2,,n Sub-Key #1 Sub-Key #2 Sub-Key #3 Sub-Key #n Postprocessing Ciphertext block 34

Feistel Ciphers 35

Feistel Ciphers Feistel Cipher has been a very influential template for designing a block cipher Major benefit: Encryption and decryption take the same time they can be performed on the same hardware Examples: DES, RC5 36

One Round of Feistel Encryption 1. Break input block i into left and right halves L i and R i 2. Copy R i to create output half block L i+1 L i Input block i f R i K i 3. Half block R i and key K i are scrambled by function f 4. XOR result with input half-block L i to create L i+1 R i+1 output half-block R i+1 Output block i+1 37

One Round of Feistel Decryption Just reverse the arrows! Why? Output block i+1 L i R i f K i L i+1 R i+1 Input block i 38

Feistel Cipher: Decryption (cont d)

Parameters of a Feistel Cipher Block size Key size Number of rounds Subkey generation algorithm Scrambling function f 42

Summary 43

DES (Data Encryption Standard) Standardized in 1976 by NBS proposed by IBM, Feistel cipher Criteria (official) provide high level of security security must reside in key, not algorithm not patented efficient to implement in hardware must be slow to execute in software 44

DES Basics Blocks: 64 bit plaintext input, 64 bit ciphertext output Rounds: 16 Key: 64 bits every 8 th bit is a parity bit, so really 56 bits long 64 bit plaintext block DES Encryption 64 bit ciphertext block 56 bit key (+ 8 bits parity) 45

DES Top Level View 64-bit Input Initial Permutation 56-bit Key Generate round keys Round 1 Round 2 Round 16 48-bit K 1 48-bit K 2 48-bit K 16 Swap Halves Final Permutation 64-bit Output 46

Initial and Final Permutations Initial permutation given below input bit #58 output bit #1, input bit #50 output bit #2, 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 64-bit Input Initial Permutation Round 1 Round 2 Round... 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate round keys 48-bit K 1 48-bit K 2 48-bit K 16 47

Initial (Cont d) Final permutation is just inverse of initial permutation, i.e., input bit #1 output bit #58 input bit #2 output bit #50 64-bit Input Initial Permutation Round 1 Round 2 Round... 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate round keys 48-bit K 1 48-bit K 2 48-bit K 16 48

Initial (Cont d) Note #1: Initial Permutation is fully specified (independent of key) therefore, does not improve security! why needed? Note #2: Why is final Permutation needed? to make this a Feistel cipher i.e., the decryption is the reverse of encryption 49

8 rows Key Generation: First Permutation First step: throw out 8 parity bits, then permute resulting 56 bits 7 columns 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 64-bit Input Initial Permutation Round 1 Round 2 Round... 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate round keys 48-bit K 1 48-bit K 2 48-bit K 16 Parity bits left out: 8,16,24, 50

KeyGen: Processing Per Round C i-1 28 bits D i-1 28 bits 48 bit K i Circular Left Shift C i Permutation with Discard Circular Left Shift D i 28 bits 28 bits Rounds i = 1,2,9,16: left circular shift 1 bit Other rounds: left circular shift 2 bits 51

KeyGen: Permutation with Discard 28 bits 24 bits, each half of key Left half of K i = permutation of C i 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 Bits dicarded: 9,18,22,25 Bits discarded: 35,38,43,54 Right half of K i = permutation of D i 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 52

One DES (Feistel) Round Input block i L i R i 64-bit Input Initial Permutation Round 1 Round 2 Round... 16 Swap Halves Final Permutation 56-bit Key Generate round keys 48-bit K 1 48-bit K 2 48-bit K 16 f K i 64-bit Output L i+1 R i+1 Output block i+1 53

DES Round: f (Mangler) Function function f = Mangler Input block i 32-bit half block L i R i Expansion f K i 48 bits K i S-Box (substitution) L i+1 R i+1 Output block i+1 Permutation 32-bit half block 54

32 bits 48 bits f: Expansion Function these bits are repeated 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 55

f: S 1 (Substitution) Each row and column contain different numbers I2/I3/I4/I5 0 1 2 3 4 5 6 F I1/I6 0 E 4 D 1 2 F B 1 0 F 7 4 E 2 D 2 4 1 E 8 D 6 2 3 F C 8 2 4 9 1 8 Example: input= 100110, output= 1000 input = 101101, out put =? 56

f: Permutation 32bits 32bits 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25 57

DES Implementation That s it! Operations Permutation Swapping halves Substitution (S-box, table lookup) Bit discard Bit replication Circular shift XOR Hard to implement? HW: No, SW: Yes 58

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback