CIS 4360 Secure Computer Systems Symmetric Cryptography

Similar documents
CSCE 548 Building Secure Software Symmetric Cryptography

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

CIS 4360 Secure Computer Systems Applied Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CSE 127: Computer Security Cryptography. Kirill Levchenko

Message Authentication Codes and Cryptographic Hash Functions

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Lecture 1 Applied Cryptography (Part 1)

Data Integrity. Modified by: Dr. Ramzi Saifan

Block Cipher Operation. CS 6313 Fall ASU

Cryptographic Concepts

Message authentication codes

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Cryptography Functions

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Winter 2011 Josh Benaloh Brian LaMacchia

Unit 8 Review. Secure your network! CS144, Stanford University

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

CSCE 813 Internet Security Symmetric Cryptography

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Network Security Essentials Chapter 2

Cryptography MIS

APNIC elearning: Cryptography Basics

Cryptographic hash functions and MACs

Symmetric, Asymmetric, and One Way Technologies

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

CSCE 715: Network Systems Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Network Security Essentials

ECE 646 Lecture 8. Modes of operation of block ciphers

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Computer Security 3/23/18

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Computer and Data Security. Lecture 3 Block cipher and DES

Secret Key Cryptography

Summary on Crypto Primitives and Protocols

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Double-DES, Triple-DES & Modes of Operation

Security. Communication security. System Security

Symmetric Primitives. (block ciphers, stream ciphers, hash functions, keyed hash functions and (pseudo)random number generators)

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

CSC 474/574 Information Systems Security

symmetric cryptography s642 computer security adam everspaugh

Symmetric Encryption. Thierry Sans

Introduction to Cryptography. Lecture 6

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Cryptographic Hash Functions

7. Symmetric encryption. symmetric cryptography 1

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

MTAT Applied Cryptography

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

CS 161 Computer Security

CS408 Cryptography & Internet Security

Modern Symmetric Block cipher

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Chapter 3 Block Ciphers and the Data Encryption Standard

Introduction to Symmetric Cryptography

CSC 774 Network Security

Data Encryption Standard (DES)

KALASALINGAM UNIVERSITY

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Study Guide to Mideterm Exam

CPSC 467b: Cryptography and Computer Security

Security Requirements

CSC 474/574 Information Systems Security

Symmetric Encryption Algorithms

Chapter 6 Contemporary Symmetric Ciphers

CPSC 467b: Cryptography and Computer Security

Stream Ciphers. Stream Ciphers 1

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Content of this part

Crypto: Symmetric-Key Cryptography

Block Cipher Modes of Operation

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Computer Security: Principles and Practice

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

CSC574: Computer & Network Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Cryptography and Network Security

PROTECTING CONVERSATIONS

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Information Security CS526

UNIT - IV Cryptographic Hash Function 31.1

Data Integrity & Authentication. Message Authentication Codes (MACs)

EEC-484/584 Computer Networks

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Transcription:

CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017

Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography Confidentiality, data integrity, authentication, nonrepudiation Building blocks of Cryptography Cryptographic hash, encryption, MAC, digital signature Cryptographic Hash Password storage, verifying data integrity Do not use MD5 and SHA-1 CIS 4360 Secure Computer Systems 2

Previous class By sending m and Hash(m), can the receiver verify the integrity of m, i.e., to verify whether m has been manipulated during the transmission? If not, what should you do? No, cryptographic hash can be used to verify data integrity only if the integrity of the hash value itself is assured. Typically, if the message and the digest value are transmiaed in the same channel, it is in vain as the adversary can replace both the message and the corresponding hash value. Message AuthenDcaDon Code and Digital Signature are used when the hash value can also be aaacked (discussed later) CIS 5512 Operating Systems 3

Cryptography Primitives Cryptography PrimiDves Symmetric Cryptography Cryptographic Hash Asymmetric Cryptography Symmetric EncrypDon Message AuthenDcaDon Code Asymmetric EncrypDon (encrypdon using PU; decrypdon using PR) Digital Signature (sign using PR; verify using PU) Stream Cipher Block Cipher CIS 4360 Secure Computer Systems 4

Notation C: ciphertext P: plaintext K: key PR: private key PU: public key E: encryption; e.g., C = E (K, P) D: decryption; e.g., P = D(K, C) H: hash : e.g., x y means x concatenated with y CIS 4360 Secure Computer Systems 5

Symmetric Block Cipher - DES DES: Data Encryption Standard NIST symmetric encryption standard 1976-2001 Already broken; 56-bit key size is too small Block size: 64 bits 64-bit plaintext input; 64-bit ciphertext output How it works? Feistel structure: input block is divided into halves and processed alternatively XOR, Substitution (using the S-box), and Permutation (using the P-box) CIS 4360 Secure Computer Systems 6

Feistel Structure CIS 4360 Secure Computer Systems 7

Symmetric Block Cipher Triple-DES Triple-DES: still widely used C 1 = E(K 1, P), C 2 = D(K 2, C 1 ), C 3 = E(K 3, C 2 ) Key size: 3 x 56 = 168 bits; secure When k 1!= k 2 and k 1 = k 3 Key size: 2 x 56 = 112 bits; insecure When k 1 = k 2 = k 3, 3-DES becomes DES, since the second operation (D) offsets the first (E) It provides compatibility with DES when needed Disadvantage: slow CIS 4360 Secure Computer Systems 8

Symmetric Block Cipher - AES Advanced Encryption Standard (or Rijndael) Superseded DES as the NIST symmetric encryption standard since 2001 Block size: 128 bits (16 bytes) Key size: 128, 192 or 256 bits (slower with longer keys) DES vs. AES Longer key size -> more secure AES is faster than DES AES is suitable for parallel processing Encryption based on substitution and permutation https://youtu.be/evjfwdrtmv0 CIS 4360 Secure Computer Systems 9

Serious Issue with Block Ciphers DES can only process 64-bit blocks AES can only process 128-bit blocks If you simply divide a long message into 64-bit or 128-bit blocks, and process them independently (this strategy is called Electronic Codebook ) Identical plaintext blocks lead the same ciphertext blocks CIS 4360 Secure Computer Systems 10

Serious Issue with Block Ciphers The simple strategy Electronic Codebook (ECB) leaks too much information By applying ECB encryption to the left bitmap image, you get the right one *- ECB CIS 4360 Secure Computer Systems 11

Modes of Operation for Block Ciphers A Mode of Operation describes how block ciphers are applied to a message longer than a block; usually, it is simply called Mode E.g., ECB (do not use it), CBC (Cipher Block Chaining), CFB (Cipher Feedback) How to interpret AES128-CBC? AES128: cipher block with 128-bit key CBC: mode of operation Similarly, you can interpret 3DES-CFB CIS 4360 Secure Computer Systems 12

CBC (Cipher Block Chaining) Even identical plaintext blocks will produce different ciphertext (as long as their preceding ciphertext blocks are different) Initialization Vector (IV) has the same size as the plaintext; by varying the IV, even if the same key is applied to encrypting two identical messages, the ciphertext is different Thus the adversary cannot infer whether the two messages are identical CIS 4360 Secure Computer Systems 13

Effect of Applying CBC *- CBC CIS 4360 Secure Computer Systems 14

Decryption based on CBC If you provide an incorrect IV, will you get wrong decryption results? Only the first block is corrupted; you still get correct results for other blocks This property is NOT necessarily true with other modes of operations CIS 4360 Secure Computer Systems 15

Stream Cipher - RC4 In stream ciphers, the key is used to generate a keystream (a key-seeded pseudorandom stream of bits), which is XORed with the plaintext CIS 4360 Secure Computer Systems 16

Stream Cipher - RC4 Rivest Cipher 4 (considered insecure) Key size: 40 2048 bits Warning: The first few bytes of the keystream leak the information of the key; so discard the first, say 1024, bytes of the keystream before using it CIS 4360 Secure Computer Systems 17

Block Cipher vs. Stream Cipher Stream Cipher is faster Stream Cipher is simpler to implement in h/w Stream Cipher can operate on a single bit In streaming, it is beneficial for reducing the latency Stream Cipher works well even if the length of the plaintext is unknown Stream Cipher does not need mode of operation Stream Cipher does not need padding (e.g., 120-bit data block is padded to 128 bits) CIS 4360 Secure Computer Systems 18

Block Cipher vs. Stream Cipher Stream Ciphers have security problems that Block Ciphers do not have Key cannot be reused C 1 = P 1 XOR K; C 2 = P 2 XOR K; C 1 XOR C 2 = (P 1 XOR K) XOR (P 2 XOR K) = P 1 XOR P 2 Bit-flipping attack Assume P 1 = 1000, P 2 = 9999, C 1 = P 1 XOR K You can get C 2 = P 2 XOR K by C 1 XOR P 1 XOR P 2 = (P 1 XOR K) XOR P 1 XOR P 2 = P 2 XOR K CIS 4360 Secure Computer Systems 19

Previous class By sending m and Hash(m) on Internet, can the receiver verify the integrity of m, i.e., to verify whether m has been manipulated during the transmission? If not, what should you do? No, cryptographic hash can be used to verify data integrity only if the integrity of the hash value itself is assured. Typically, if the message and the digest value are transmiaed in the same channel, it is in vain as the adversary can replace both the message and the corresponding hash value. Message AuthenDcaDon Code and Digital Signature are used when the hash value can also be aaacked (discussed later) CIS 5512 Operating Systems 20

MAC (Message Authentication Code) The digest h = H(m) is generated without any key, such that anyone (including the adversary) can create it What if a key is used? Now the adversary cannot forge a keyed-hash value without the key This is the purpose of MAC A MAC is a short string used to verify the message integrity and authentication mac = MAC(k, m) To prevent the replay attack, the message should contain timestamp, sequence number CIS 4360 Secure Computer Systems 21

A Popular MAC Algorithm: HMAC Hash-based Message Authentication Code A typical wrong design:mac(k, m) = H(k m) Susceptible to length extension attacks if the hash uses the Merkle Damgård Construction Based on H(k m) the adversary can extend the message and still get a valid MAC: H(k m m ) CIS 4360 Secure Computer Systems 22

A Popular MAC Algorithm: HMAC To resist Length Extension Attack HMAC(m, k) = H( k H( k m) ) // nested hash The hash function uses MD5, SHA-1, SHA-2 MD5 and SHA-1 are insecure Only SHA-2 is recommended now E.g., if SHA256 is used, it is called HMAC-SHA256 The key size >= the block size to make full use of the hash resistance In HMAC-SHA256, the key size should be 256 bit CIS 4360 Secure Computer Systems 23

KMAC SHA-3 Derived MAC SHA-3 does not use the Merkle-Damgård Construction, so is not vulnerable to the Length Extension Attack Can still use SHA-3 in HMAC (the nested hash), but it is over-kill KMAC (Keccak MAC) H(k m) Uses SHA-3 (Keccak) Simpler and faster than HMAC; Arbitrary-length output NIST in 2016 http://csrc.nist.gov/publications/drafts/800-185/sp800_185_draft.pdf CIS 4360 Secure Computer Systems 24

Summary Cryptography PrimiDves Symmetric Cryptography Cryptographic Hash Asymmetric Cryptography Symmetric EncrypDon Message AuthenDcaDon Code Asymmetric EncrypDon (encrypdon using PU; decrypdon using PR) Digital Signature (sign using PR; verify using PU) Stream Cipher Block Cipher CIS 4360 Secure Computer Systems 25

Writing Assignments When to use Stream Ciphers? Can MAC be used to achieve non-repudiation? CIS 4360 Secure Computer Systems 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback