Symmetric Cryptography. CS4264 Fall 2016

Similar documents
Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

EEC-484/584 Computer Networks

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

CS 332 Computer Networks Security

Encryption. INST 346, Section 0201 April 3, 2018

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Computer and Data Security. Lecture 3 Block cipher and DES

Computer Security 3/23/18

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Encryption Details COMP620

Computational Security, Stream and Block Cipher Functions

Winter 2011 Josh Benaloh Brian LaMacchia

Lecture 4: Symmetric Key Encryption

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptography Functions

Ref:

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Data Encryption Standard (DES)

APNIC elearning: Cryptography Basics

CSC 474/574 Information Systems Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Public Key Algorithms

Computer Security CS 526

Lecture 2: Secret Key Cryptography

Computer Security: Principles and Practice

Lecture 1 Applied Cryptography (Part 1)

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 3 Block Ciphers and the Data Encryption Standard

Modern Symmetric Block cipher

Week 5: Advanced Encryption Standard. Click

Lecture 3: Symmetric Key Encryption

Data Encryption Standard

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Network Security Essentials

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

EEC-682/782 Computer Networks I

Symmetric Cryptography

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Cryptography MIS

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Secret Key Cryptography

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Making and Breaking Ciphers

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Data Encryption Standard

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Goals of Modern Cryptography

Cryptography and Network Security. Sixth Edition by William Stallings

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CIT 380: Securing Computer Systems. Symmetric Cryptography

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

CSC 8560 Computer Networks: Network Security

P2_L6 Symmetric Encryption Page 1

CPSC 467b: Cryptography and Computer Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Symmetric Encryption Algorithms

CPSC 467b: Cryptography and Computer Security

Stream Ciphers and Block Ciphers

Block Ciphers. Secure Software Systems

Information Security CS526

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Chapter 6: Contemporary Symmetric Ciphers

PGP: An Algorithmic Overview

Introduction to Symmetric Cryptography

Stream Ciphers and Block Ciphers

Practical Aspects of Modern Cryptography

3 Symmetric Cryptography

Chapter 30 Cryptography 30.1

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Cryptography and Network Security

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

Block Ciphers Introduction

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

U-II BLOCK CIPHER ALGORITHMS

Public Key Cryptography

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Symmetric Cryptography. Chapter 6

Conventional Encryption: Modern Technologies

CSC 474/574 Information Systems Security

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Symmetric Encryption. Thierry Sans

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Presented by: Kevin Hieb May 2, 2005

Cryptography [Symmetric Encryption]

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Symmetric-Key Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Cryptography and Network Security

Goals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010

Symmetric Cryptography CS461/ECE422

Scanned by CamScanner

Cryptography (cont.)

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

CPSC 467: Cryptography and Computer Security

Transcription:

Symmetric Cryptography CS4264 Fall 2016

Correction: TA Office Hour Stefan Nagy (snagy2@vt.edu) Office hour: Thursday Friday 10-11 AM, 106 McBryde Hall 2

Slides credit to Abdou Illia RECAP AND HIGH-LEVEL CONCEPTS 3

Recap: Encryption Encryption: encoding information, only authorized parties can read Plaintext: the intended communication information (original message) Ciphertext: encrypted message (usually not understandable) Cipher: encryption/decryption algorithm Key: a parameter of the (en-)decryption algorithm that determines output Plaintex EncrypEon Algorithm Ciphertex Ciphertex DecrypEon Algorithm Plaintex Symmetric-key scheme (e.g., DES, AES) The keys for encryption and decryption are the same. Communicating parties must have the same key before communication Public key scheme (e.g., RSA) Public key is published for anyone to encrypt a message Only authorized parties have the private key to decrypt the message 4

Symmetric Key Encryption Methods Two categories of methods Stream cipher: operates on individual bits (or bytes); one at a time Block cipher: operates on fixed-length groups of bits called blocks Only a few symmetric methods are used today Methods Year approved Comments Data Encryption Standard - DES 1977 1998: Electronic Frontier Foundation s Deep Crack breaks a DES key in 56 hrs DES-Cipher Block Chaining Triple DES TDES or 3DES 1999 Advanced Encryption Standard AES 2001 among the most used today Other symmetric encryption methods IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish 5

Data Encryption Standard (DES) DES is a block encryption method, i.e. uses block cipher DES uses a 64 bit key; It is actually 56 bits + 8 bits computable from the 56 bits Problem: same input plaintext gives same output ciphertext 64-Bit Plaintext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) DES EncrypEon Process 64-Bit Ciphertext Block 6

Confusion: attacker should not be able to predict what will happen to the ciphertext by changing one char in the plaintext Encrypt each block independently à not secure! Need to chain them together ECB (not secure) Cipher-block chaining 7

DES-Cipher Block Chaining DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder An 64-bit initialization vector is used for first block First 64-Bit Plaintext Block DES Key IniEalizaEon Vector (IV) DES EncrypEon Process Second 64-Bit Plaintext Block DES Key First 64-Bit Ciphertext Block DES EncrypEon Process Second 64-Bit Ciphertext Block 8

Triple DES (3DES) 168-Bit Encryption with Three 56-Bit Keys Sender Receiver 1st Encrypts original plaintext with The 1 st key Decrypts ciphertext with the 3d key 3rd 2nd Decrypts output of first step with the 2 nd key Encrypts output of the first step with the 2 nd key 2nd 3rd Encrypts output of second step with the 3d key; gives the ciphertext to be sent Decrypts output of second step with the 1 st key; gives the original plaintext 1st 9

Triple DES (3DES) using two keys 112-Bit Encryption With Two 56-Bit Keys Sender Receiver 1st Encrypts plaintext with the 1 st key Decrypts ciphertext with the 1 st key 1st 2nd Decrypts output with the 2 nd key Encrypts output with the 2 nd key 2nd 1st Encrypts output with the 1 st key Decrypts output with the 1 st key 1st 10

Your knowledge about Cryptography Based on the way DES and 3DES work, which of the following is true? a) b) c) 3DES requires more processing time than DES Compared 3DES, DES requires more RAM Both a and b Given the increasing use of mobile devices, 3DES will be more practical than DES. a) b) True False 11

Advanced Encryption Standard - AES Developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael Offers key lengths of 128 bit, 192 bit, and 256 bit Efficient in terms of processing power and RAM requirements compared to 3DES Can be used on a wide variety of devices including o Cellular phones o PDAs o Etc. 12

DES, 3DES, and AES DES 3DES AES Key Length (bits) 56 112 or 168 128, 192, 256 Key Strength Weak Strong Strong Processing Requirements Moderate High Modest RAM Requirements Moderate High Modest 13

How does DES/AES work? THE ALGORITHMS BEHIND 14

S-box: table-lookup based substitution P-box: table-lookup based permutation DES Confusion Substitutions Permutations Diffusion Substitutions and Permutations. 15

Confusion: the interceptor should not be able to predict what will happen to the ciphertext by changing one char in the plaintext Diffusion: the cipher should spread the info from the plaintext over the entire ciphertext Cipher-block chaining (CBC) 16

Cipher Block Chaining cipher block: if input block repeated, will produce same cipher text --- not secure! t=1 m(1) = HTTP/1.1 block cipher t=17 m(17) = HTTP/1.1 block cipher c(1) c(17) = k329am02 = k329am02 Cipher block chaining: XOR ith input block, m(i), with previous block of cipher text, c(i-1) - c(0) transmitted to receiver in clear - what happens in HTTP/1.1 scenario from above? c(i-1) m(i) + block cipher c(i) 17

DES in Cipher Block Chaining mode DES: inputs are in blocks of 64 bits XOR In each DES box, there are 16 cycles of operaeons 18

Initialization vector sent along with the cipher-text Cipher block chaining mode <Init vec, C 0, C 1 > is given to the sender Picture from Bishop [Computer Security] 19

Decryption uses the same key and init vec EncrypEon DecrypEon Now we understand Cipher Block Chaining, So how exactly does DES work? Picture from Bishop [Computer Security] 20

16 cycles in DES 21

A Cycle in DES 32 bits 64 bits 32 bits Right half and key to 48 bits L j = R j-1 R j = L j-1 XOR f(r j-1, k j ) 22

How to reduce 64-bit key to 48 bits? How to expand 32-bit right half to 48 bits? Types of Permutations. 23

Expansion permutation lookup table 24

S-boxes (Substitution-boxes) Now Put them together Details of a cycle in DES. 25

Permutation box used in DES (P-box) 26

S-box -- How is substitution done? Table lookup (total 8 S-boxes) 27

28

S-box lookup (substitution) input 48 bits Divide inputs into 8 blocks (6-bit each) B1, B2, B3, B4, B5, B6, B7, B8 Block B i is operated on by S-Box S i Block B i has bits b1,b2,b3,b4,b5,b6 b1,b2,b3,b4,b5,b6 b1 b6: 01 b2 b3 b4 b5: 1001 9 0 1 0 0 1 1 Block7: 3 In S-box S 7, lookup the table at row 1 column 9 Thus, we subsetute B 7 (010011) with 3 (0011) Results are 32 bits (not 48 bits); all values in lookup table under 15 1 29

Complete DES, decryption 1. 64-bit key is reduced to 56 bits (removing for every 8 bits) 2. Initial permutation: a block of 64 data bits is permuted 3. 16 cycles of the following 1 2 3 Key is shifted & permuted according to tables Right half of data substituted & permuted XOR left half with right half 4. Final permutation done for one block 5. Cipher block chaining Encryption Rewrite above into L j = R j-1 R j = L j-1 XOR f(r j-1, k j ) Decryption is the same as encryption result depends only on previous cycle R j-1 = L j L j-1 = R j XOR f(l j, k j ) Use keys in reverse order k 16, k 15, 30

Estimating the feasibility of brute-force attacks 2 56 possible keys Diffie-Hellman parallel attack: 10 6 chips, 1 ms per key-test à done in 1day Would cost $20M in 77, but feasible as hardware gets cheaper 1997 a brute-force attack was proven successful Divide key search space among 3,500 machines and done in 4-mon DES challenge by RSA Lab Experimentally validated 1977 s concern on DES security 31

How to formally analyze the security of DES? Select pairs of plaintext with subtle differences and observe effects on ciphertext [Biham-Shamir 90] differential analysis Chosen-plaintext attack: adversary selects plaintext DES S-box 6-bit input 4-bit output Output should be independent on input and key, however, in DES s: same bit in two plaintext d: different bit ddsdsd dsss 14 times/64 ddds 14 times/64 6-bit Key The analysis allows inferring values of key bits 6-bit Key 32

3-DES or triple-des http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 3-DES is a compound operation of DES encryption and decryption operations 1. TDEA encrypeon operaeon: the transformaeon of a 64-bit block I into a 64-bit block O that is defined as follows: O = E K3 (D K2 (E K1 (I))). 2. TDEA decrypeon operaeon: the transformaeon of a 64-bit block I into a 64-bit block O that is defined as follows: O = D K1 (E K2 (D K3 (I))) For key-bundle (K1, K2, K3) 1. Keying OpEon 1: K1, K2 and K3 are independent keys; 2. Keying OpEon 2: K1 and K2 are independent keys and K3 = K1; 3. Keying OpEon 3: K1 = K2 = K3 same as DES. 33

AES: Advanced Encryption Standard New (Nov. 2001) symmetric-key NIST standard replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys Involves computation on Galois field Algebraic operations beyond scrambling bits Brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES Estimated by NIST in 2001 block ciphers: DES, 3DES, Blowfish, AES 34

An AES Round 35

side channel attacks are possible when an attacker has an additional channel of information about a cryptosystem. e.g., information gained from the physical implementation of a cryptosystem measuring the time it takes to encrypt a message e.g., from power consumption e.g., electromagneec emissions of monitors or the sound produced by keyboards. Image from Siemens Lab Reflection in the eye http://www.scientificamerican.com/ article.cfm?id=hackers-can-steal-from-reflections 36

Q: What is the key disadvantage of Symmetric Key Encryption? 37

Diffie-Hellman public-key key exchange protocol Two parties to compute a common, shared key Based on the hardness of discrete logarithm problem Given integers n and g and prime number p, compute k such that o n = g k mod p Solutions known for small p Solutions computationally infeasible as p grows large Diffie s speech on PKC [recommend to start from 25.5-minute] hips://www.youtube.com/watch?v=1bjuuuxcaay Invented by Whieield Diffie and MarEn Hellman in 1976 38

Example Scenario Alice wants to exchange key to Bob Assume others can eavesdrop their communication channel 39

Diffie-Hellman key exchange Algorithm Constants: prime p, integer g 0, 1, p 1 Clarify public key and private key : Known to all participants - Private: cannot show it to others Goal: Alice and Bob agree on - a shared Public: can key show K it to shared w/o other attacker people knowing Alice chooses private key s Alice, computes her public key K Alice = g salice mod p Bob chooses private key s Bob, computes his public key K Bob = g sbob mod p Now we can exchange public keys K Alice and K Bob To communicate with Bob, Alice computes K shared = K Bob salice mod p To communicate with Alice, Bob computes K shared = K Alice sbob mod p It can be shown these keys are equal Use shared key to communicate with symmetric-key encryption (e.g., AES) 40

Example Assume p = 53 and g = 17 Alice chooses k Alice = 5 - Then K Alice = 17 5 mod 53 = 40 Bob chooses k Bob = 7 - Then K Bob = 17 7 mod 53 = 6 Shared key: - K Bob kalice mod p = 6 5 mod 53 = 38 - K Alice kbob mod p = 40 7 mod 53 = 38 Read the textbook. DH key exchange and its man-in-the-middle vulnerability. Think about how to fix it. 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback