Chapter 6 Contemporary Symmetric Ciphers

Similar documents
Double-DES, Triple-DES & Modes of Operation

Network Security Essentials Chapter 2

Block Cipher Operation. CS 6313 Fall ASU

Chapter 6: Contemporary Symmetric Ciphers

Chapter 3 Block Ciphers and the Data Encryption Standard

Symmetric Encryption Algorithms

CENG 520 Lecture Note III

Cryptography and Network Security Chapter 7

Block Cipher Operation

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Network Security Essentials

Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Introduction to Symmetric Cryptography

Secret Key Cryptography Overview

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Crypto: Symmetric-Key Cryptography

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Using block ciphers 1

IDEA, RC5. Modes of operation of block ciphers

Symmetric Encryption. Thierry Sans

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Information Security CS526

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Cryptography Symmetric Encryption Class 2

Information Security CS526

ECE 646 Lecture 8. Modes of operation of block ciphers

Modern Symmetric Block cipher

Practical Aspects of Modern Cryptography

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

Stream Ciphers An Overview

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Content of this part

Secret Key Cryptography

CSC 474/574 Information Systems Security

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

EEC-484/584 Computer Networks

Cryptography. Summer Term 2010

1 Achieving IND-CPA security

CIS 4360 Secure Computer Systems Symmetric Cryptography

Introduction to Cryptography. Lecture 3

Introduction to Cryptography. Lecture 3

Some Aspects of Block Ciphers

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

3 Symmetric Cryptography

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Stream Ciphers. Stream Ciphers 1

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

P2_L6 Symmetric Encryption Page 1

Block Cipher Modes of Operation

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

Data Encryption Standard (DES)

Symmetric Cryptography

Scanned by CamScanner

CPSC 467: Cryptography and Computer Security

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Lecture 4: Symmetric Key Encryption

NC7201 Communication. Dr.G.A.Sathish Kumar Professor EC

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

CSC574: Computer & Network Security

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Lecture 1 Applied Cryptography (Part 1)

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Unit-II. Symmetric Ciphers. To emphasize the 2 categories of traditional ciphers:substitution and transposition ciphers.

Summary on Crypto Primitives and Protocols

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

Symmetric-Key Cryptography

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Symmetric Encryption

CPSC 467b: Cryptography and Computer Security

Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan

7. Symmetric encryption. symmetric cryptography 1

Comp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today

Applied Cryptography Data Encryption Standard

Computer Security CS 526

Stream Ciphers and Block Ciphers

ECE 646 Fall 2008 Multiple-choice test

Overview of Security Principles

Cryptography MIS

Block Cipher Modes of Operation

Lecture 3: Symmetric Key Encryption

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

BCA III Network security and Cryptography Examination-2016 Model Paper 1

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Symmetric Key Cryptography

Stream Ciphers and Block Ciphers

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

10/3/2017. Cryptography and Network Security. Sixth Edition by William Stallings

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

CPSC 467b: Cryptography and Computer Security

Symmetric key cryptography

Cryptography III: Symmetric Ciphers

Transcription:

Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and sixty separate ciphers," said Holmes. The Adventure of the Dancing Men, Sir Arthur Conan Doyle

Multiple Encryption & DES clearly a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks AES is a new cipher alternative prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form

Double-DES? could use 2 DES encrypts on each block C = E K2 (E K1 (P)) issue of reduction to single stage and have meet-in-the-middle attack works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(2 56 ) steps

Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) encrypt & decrypt equivalent in security if K1=K2 then can work with single DES standardized in ANSI X9.17 & ISO8732 no current known practical attacks

Triple-DES with Three-Keys although are no practical attacks on twokey Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these C = E K3 (D K2 (E K1 (P))) has been adopted by some Internet applications, eg PGP, S/MIME

Modes of Operation block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts of data in practise ANSI X3.106-1983 Modes of Use (now FIPS 81) defines 4 possible modes subsequently 5 defined for AES & DES have block and stream modes

Electronic Codebook Book (ECB) message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks C i = DES K1 (P i ) uses: secure transmission of single values

Electronic CodeBook (ECB)

Advantages and Limitations of ECB message repetitions may show in ciphertext if aligned with message block particularly with data such as graphics or with messages that change very little, which become a code-book analysis problem weakness is due to the encrypted message blocks being independent main use is sending a few blocks of data

Cipher Block Chaining (CBC) message is broken into blocks linked together in encryption operation each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process C i = DES K1 (P i XOR C i-1 ) C -1 = IV uses: bulk data encryption, authentication

Cipher Block Chaining (CBC)

Message Padding at end of message must handle a possible last short block which is not as large as blocksize of cipher pad either with known non-data value (eg nulls) or pad last block along with count of pad size eg. [ b1 b2 b3 0 0 0 0 5] means have 3 data bytes, then 5 bytes pad+count this may require an extra entire block over those in message there are other, more esoteric modes, which avoid the need for an extra block

Advantages and Limitations of CBC a ciphertext block depends on all blocks before it any change to a block affects all following ciphertext blocks need Initialization Vector (IV) which must be known to sender & receiver if sent in clear, attacker can change bits of first block, and change IV to compensate hence IV must either be a fixed value (as in EFTPOS) or must be sent encrypted in ECB mode before rest of message

Cipher FeedBack (CFB) message is treated as a stream of bits added to the output of the block cipher result is feed back for next stage (hence name) standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc most efficient to use all bits in block (64 or 128) C i = P i XOR DES K1 (C i-1 ) C -1 = IV uses: stream data encryption, authentication

Cipher FeedBack (CFB)

Advantages and Limitations of CFB appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error

Output FeedBack (OFB) message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance C i = P i XOR O i O i = DES K1 (O i-1 ) O -1 = IV uses: stream encryption on noisy channels

Output FeedBack (OFB)

Advantages and Limitations of OFB bit errors do not propagate more vulnerable to message stream modification a variation of a Vernam cipher hence must never reuse the same sequence (key+iv) sender & receiver must remain in sync originally specified with m-bit feedback subsequent research has shown that only full block feedback (ie CFB-64 or CFB-128) should ever be used

Counter (CTR) a new mode, though proposed early on similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i O i = DES K1 (i) uses: high-speed network encryptions

Counter (CTR)

Advantages and Limitations of CTR efficiency can do parallel encryptions in hardware or software can preprocess in advance of need good for bursty high speed links random access to encrypted data blocks provable security (good as other modes) but must ensure never reuse key/counter values, otherwise could break (cf OFB)

Stream Ciphers process message bit by bit (as a stream) have a pseudo random keystream combined (XOR) with plaintext bit by bit randomness of stream key completely destroys statistically properties in message C i = M i XOR StreamKey i but must never reuse stream key otherwise can recover messages (see book cipher)

Stream Cipher Structure

Stream Cipher Properties some design considerations are: long period with no repetitions statistically random depends on large enough key large linear complexity properly designed, can be as secure as a block cipher with same size key but usually simpler & faster

RC4 a proprietary cipher owned by RSA (a private company) another Ron Rivest design, simple but effective variable key size, byte-oriented stream cipher widely used (web SSL/TLS, wireless WEP) key forms random permutation of all 8-bit values uses that permutation to scramble input info processed a byte at a time

RC4 Key Schedule starts with an array S of numbers: 0..255 use key to well and truly shuffle S forms internal state of the cipher for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j])

RC4 Encryption encryption continues shuffling array values sum of shuffled pair selects "stream key" value from permutation XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(s[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t]

RC4 Overview

RC4 Security claimed secure against known attacks have some analyses, none practical result is very non-linear since RC4 is a stream cipher, must never reuse a key have a concern with WEP, but due to key handling rather than RC4 itself

XTS-AES Mode for Block- Oriented Storage Devices P1619 was designed for the following characteristics

Operations on a Single Block There are two keys and two AES algoirithms j is the sequential number of the block within the sector; it acts like the counter in CTR mode i is the sector number; it acts like the IV in CBC See next slide

Terminology

Encryption and Decryption

Encryption of a Sector The input to the XTS-AES algorithm is m 128 bit blocks, P0, P1,, Pm, where the last block which may be only partially filled (see last slide)

Decryption of a Sector Notice that each block, except possibly the last block, is treated independently and may be processed in parallel

Handling the Final Block The last two blocks are encrypted and decrypted using a cipher stealing technique

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback