Scanned by CamScanner

Similar documents
Symmetric-Key Cryptography

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Block ciphers, stream ciphers

Crypto: Symmetric-Key Cryptography

Goals of Modern Cryptography

Computer Security CS 526

CS 161 Computer Security

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

1 Achieving IND-CPA security

Cryptography: Symmetric Encryption [continued]

symmetric cryptography s642 computer security adam everspaugh

Cryptography. Andreas Hülsing. 6 September 2016

Information Security CS526

Cryptography [Symmetric Encryption]

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Introduction to Symmetric Cryptography

Block Ciphers Introduction

APNIC elearning: Cryptography Basics

Cryptography (cont.)

Cryptography 2017 Lecture 3

Network Security Essentials

Lecture 2: Secret Key Cryptography

Private-Key Encryption

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Winter 2011 Josh Benaloh Brian LaMacchia

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Lecture 4: Symmetric Key Encryption

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Stream Ciphers and Block Ciphers

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Lecture 3: Symmetric Key Encryption

Computational Security, Stream and Block Cipher Functions

Symmetric Cryptography

Cryptography Functions

Practical Aspects of Modern Cryptography

Symmetric Encryption. Thierry Sans

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Message authentication codes

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Course Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18

Symmetric Cryptography

Summary. Final Week. CNT-4403: 21.April

Chapter 6 Contemporary Symmetric Ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Block Ciphers. Secure Software Systems

symmetric cryptography s642 computer security adam everspaugh

Chapter 3 Block Ciphers and the Data Encryption Standard

CIS 4360 Secure Computer Systems Symmetric Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Block Cipher Operation. CS 6313 Fall ASU

Stream Ciphers and Block Ciphers

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Network Security Essentials Chapter 2

Double-DES, Triple-DES & Modes of Operation

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

CSE 127: Computer Security Cryptography. Kirill Levchenko

Encryption Details COMP620

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Feedback Week 4 - Problem Set

P2_L6 Symmetric Encryption Page 1

CS155. Cryptography Overview

EEC-484/584 Computer Networks

CSC 580 Cryptography and Computer Security

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Some Aspects of Block Ciphers

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University

Symmetric Cryptography. CS4264 Fall 2016

Introduction to Cryptography. Lecture 3

Ref:

Introduction to Cryptography. Lecture 3

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

CS 161 Computer Security

Block Cipher Modes of Operation

1 One-Time Pad. 1.1 One-Time Pad Definition

CS155. Cryptography Overview

PROTECTING CONVERSATIONS

Introduction to cryptology (GBIN8U16)

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Lecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Cryptography Introduction to Computer Security. Chapter 8

Cryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

ISA 562: Information Security, Theory and Practice. Lecture 1

CSC574: Computer & Network Security

Symmetric Crypto MAC. Pierre-Alain Fouque

Lecture 1 Applied Cryptography (Part 1)

18-642: Cryptography 11/15/ Philip Koopman

CS61A Lecture #39: Cryptography

Transcription:

Scanned by CamScanner

Scanned by CamScanner

Scanned by CamScanner

Scanned by CamScanner

Scanned by CamScanner

Scanned by CamScanner

Scanned by CamScanner

Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 30, 2018

Announcements Project 1 out this week, due 2 weeks from release date

Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris too

Cryptography Narrow definition: secure communication over insecure communication channels Broad definition: a way to provide formal guarantees in the presence of an attacker

Three main goals Confidentiality: preventing adversaries from reading our private data, Integrity: preventing attackers from altering some data, Authenticity: determining who created a given document

Modern Cryptography Symmetric-key cryptography The same secret key is used by both endpoints of a communication = Public-key (asymmetric-key) cryptography Sender and receiver use different keys =

Today: Symmetric-key Cryptography Whiteboard & notes: - Symmetric encryption definition - Security definition - One time pad (OTP) - Block cipher

Advanced Encryption Standard (AES) - Block cipher developed in 1998 by Joan Daemen and Vincent Rijmen - Recommended by US National Institute for Standard and Technology (NIST) - Block length n = 128, key length k = 256

AES ALGORITHM Just giving you a sense, no need to understand why its so 14 cycles of repetition for 256-bit keys. AES slides, credit Kevin Orr

Algorithm Steps - Sub bytes each byte in the state matrix is replaced with a SubByte using an 8-bit substitution box b ij = S(a ij )

Shift Rows Cyclically shifts the bytes in each row by a certain offset The number of places each byte is shifted differs for each row

Why secure? Not provably secure By educated belief/assumption: it stood the test of time and of much cryptanalysis (field studying attacks on encryption schemes) Various techniques to boost confidence in its security If we were to even have something probably secure, P is not NP

Uses Government Standard AES is standardized as Federal Information Processing Standard 197 (FIPS 197) by NIST To protect classified information Industry SSL / TLS SSH WinZip BitLocker Mozilla Thunderbird Skype But used as part of symmetric-key encryption or other crypto tools

Symmetric-key encryption from block ciphers

Why block ciphers not enough for encryption by themselves? Can only encrypt messages of a certain size If message is encrypted twice, attacker knows it is the same message

Original image

Eack block encrypted with a block cipher

Later (identical) message again encrypted

Symmetric key encryption scheme Can be reused (unlike OTP) Builds on block ciphers: Can be used to encrypt long messages Wants to hide that same block is encrypted twice Uses block ciphers in certain modes of operation

Electronic Code Book (ECB) Split message M in blocks P 1, P 2, Each block is a value which is substituted, like a codebook Each block is encoded independently of the other blocks C i = EK(Pi)

Encryption P 1 P 2 P 3 C 1 C 2 C 3 KeyGen = key gen of block cipher break message M into P1 P2 Pn Enc(K, P1 P2.. Pn) = (C1, C2,..., Pn) Dec(K, (C1,C2,..,Pn)) = (P1, P2,.., Pn)

Decryption C 1 C 2 C 3 P 1 P 2 P 3 What is the problem with ECB?

Does this achieve IND-KPA? No, attacker can tell if P i =P j

Original image

Encrypted with ECB

Later (identical) message again encrypted with ECB

CBC: Encryption P 1 P 2 P 3 C 1 C 2 C 3 IV may not repeat for messages with same P 1, choose it at random; not secret, part of ciphertext break message M into P1 P2 Pn Enc(K, P1 P2.. Pn) = (IV, C1, C2,..., Pn) Dec(K, (IV,C1,C2,..,Pn)) = (P1, P2,.., Pn)

CBC: Decryption C 1 C 2 C 3 P 1 P 2 P 3

Original image

Encrypted with CBC

CBC Popular, still widely used Achieves IND-KPA, and more (IND-CPA) Caveat: sequential encryption, hard to parallelize CTR mode gaining popularity

CTR: Encryption Enc(K, P1 P2 P3) = (nonce, C1, C2, C3) P 1 P 2 P 3 C 1 C 2 C 3 Nonce is similar to IV for CBC, one should not use the same nonce for two messages; choose it at random

CTR: Decryption Dec(K, (nonce,c1,c2,c3)) = (P1, P2, P3) C 1 C 2 C 3 P 1 P 2 P 3 Note, CTR decryption uses block cipher s encryption, not decryption

CBC vs CTR Security: Both IND-KPA, and even IND-CPA If you ever reuse the same nonce, CBC might leak some information about the initial plaintext blocks up to a first difference between two messages. CTR can leak information about various blocks in the message. Speed: Both modes require the same amount of computation, but CTR is parallelizable

Summary Encryption protects confidentiality IND-KPA is a security game expressing message indistinguishability OTP is secure if used only once Block ciphers help build symmetric-key encryption schemes with reusable sizes and arbitrary message lengths by chaining them in cipher modes

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback