Symmetric Encryption. Thierry Sans

Similar documents
Network Security Essentials Chapter 2

Stream Ciphers and Block Ciphers

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Stream Ciphers and Block Ciphers

Chapter 3 Block Ciphers and the Data Encryption Standard

Crypto: Symmetric-Key Cryptography

Block Cipher Operation. CS 6313 Fall ASU

Lecture 2: Shared-Key Cryptography

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Cryptography 2017 Lecture 3

Computer and Data Security. Lecture 3 Block cipher and DES

Double-DES, Triple-DES & Modes of Operation

Symmetric Encryption Algorithms

Jaap van Ginkel Security of Systems and Networks

Lecture 3: Symmetric Key Encryption

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Lecture 4: Symmetric Key Encryption

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Private-Key Encryption

7. Symmetric encryption. symmetric cryptography 1

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Network Security Essentials

Modern Symmetric Block cipher

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Winter 2011 Josh Benaloh Brian LaMacchia

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Computer Security CS 526

Chapter 6: Contemporary Symmetric Ciphers

CENG 520 Lecture Note III

Symmetric Cryptography

CSC574: Computer & Network Security

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Conventional Encryption: Modern Technologies

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Cryptography [Symmetric Encryption]

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

APNIC elearning: Cryptography Basics

Chapter 6 Contemporary Symmetric Ciphers

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Lecture 1 Applied Cryptography (Part 1)

Classical Cryptography. Thierry Sans

Data Encryption Standard (DES)

ECE 646 Lecture 8. Modes of operation of block ciphers

Symmetric Cryptography. Chapter 6

Cryptography and Network Security

IDEA, RC5. Modes of operation of block ciphers

Lecture 4. Encryption Continued... Data Encryption Standard (DES)

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Cryptography III: Symmetric Ciphers

CIS 4360 Secure Computer Systems Symmetric Cryptography

Content of this part

Introduction to Modern Symmetric-Key Ciphers

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Symmetric Cryptography CS461/ECE422

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Introduction to Symmetric Cryptography

Introduction to Cryptography. Lecture 3

Information Security CS526

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

CSC 474/574 Information Systems Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Symmetric key cryptography

Applied Cryptography Data Encryption Standard

Symmetric Key Cryptography

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Week 4. : Block Ciphers and DES

3 Symmetric Cryptography

CIT 380: Securing Computer Systems. Symmetric Cryptography

Cryptography Symmetric Encryption Class 2

Secret Key Cryptography

Symmetric-Key Cryptography

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Symmetric Key Cryptography

Secret Key Algorithms (DES)

Lecture 2: Secret Key Cryptography

Introduction to Cryptography. Lecture 3

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

CSCE 813 Internet Security Symmetric Cryptography

Scanned by CamScanner

Cryptography Functions

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Cryptography: Symmetric Encryption [continued]

Block ciphers, stream ciphers

CS 392/681 Computer Security. Module 1 Private Key Cryptography

Practical Aspects of Modern Cryptography

Computer Security 3/23/18

Cryptography MIS

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

EEC-484/584 Computer Networks

The Rectangle Attack

CS Network Security. Module 6 Private Key Cryptography

Stream Ciphers. Stream Ciphers 1

Secret Key Cryptography Overview

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Transcription:

Symmetric Encryption Thierry Sans

Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion Replacing a symbol with another 4. Randomization Repeated encryptions of the same text are different

The attacker's model Exhaustive Search Try all possible n keys (in average it takes n/2 tries) Ciphertext only You know one or several random ciphertexts Known plaintext You know one or several pairs of random plaintext and their corresponding ciphertexts Chosen plaintext You know one or several pairs of chosen plaintext and their corresponding ciphertexts Chosen ciphertext You know one or several pairs of plaintext and their corresponding chosen ciphertexts A good crypto system resists all attacks

Functional Requirements E D The same key k is used for encryption E and decryption D 1. Dk(Ek(m))=m for every k, Ek is an injection with inverse Dk 2. Ek(m) is easy to compute (either polynomial or linear) 3. Dk(c) is easy to compute (either polynomial or linear) 4. c = Ek(m) finding m is hard without k (exponential)

Outline Stream cipher RC4 - Rivest Cipher 4 Block cipher Encryption standards DES (and 3DES) - Data Encryption Standard AES - Advanced Encryption Standard Block cipher modes of operation

Stream Cipher

XOR Cipher (a.k.a Vernham Cipher) a modern version of Vigenere Use to combine the message and the key E k (m) = k m D k (c) = k c Problem : known-plaintext attack Dk(Ek(m)) = k (k m) = m so k = (k m) m x x = 0 x 0 = x

Mauborgne Cipher - a modern version of OTP Use a random stream as encryption key Defeats the know-plaintext attack Problem : Key-reused attack (a.k.a two-time pad) C 1 = k m 1 C 2 = k m 2 so C 1 C 2 = (k m 1 ) (k m 2 ) = (m1 m2) 0 = (m1 m2) x x = 0 x 0 = x

Random Number Generator True Random Number Generator No, because we want to be able to encrypt and decrypt Pseudo-Random Generator Stretch a a fixed-size seed to obtain an unbounded random sequence

Stream cipher Can we use k as a seed? Ek(m) = m RNG(k) Be careful of key reused attack! Typical usage : choose a new s and send it using another encryption scheme E Ek(m) = (E k(s), m RNG(s))

RC4 - Rivest Cipher 4 Key Size Speed 40-2048 bits ~ 8 cycles / byte Very simple implementation

MS Word and Excel 2003 used the same key to re-encrypt documents after editing changes

WEP - Wired Equivalent Privacy A random number IV (24 bits only) transmitted in clear between the clients and the base station RC4_key = IV + SSID_password 50% chance the same IV will be used again after 5000 packets

Block Cipher

Ideal block cipher m n bits E n bits c n' bits k Combines confusion (substitution) and diffusion (permutation) Changing single bit in plaintext block or key results in changes to approximately half the ciphertext bits Completely obscure statistical properties of the original message A known-plaintext attack does not reveal the key

DES - Data Encryption Standard Block size Key Size Speed Algorithm 64 bits 56 bits ~ 50 cycles per byte Feistel Network Timeline 1972 NBS call for proposals 1974 IBM Lucifer proposal analyzed by DOD and enhanced by NSA 1976 adopted as standard 2004 NIST withdraws the standard

Cryptography and Network Security by William Stalllings Feistel Network Li = Ri-1 Ri = Li-1 Fi(Ri-1,ki) Properties: F is an arbitrary function that scrambles the input based on a key F is not necessary invertible A Feistel Network is invertible Achieves confusion and diffusion

Security of DES - DES Challenges (brute force contests) 1998 Deep Crack, the EFF's DES cracking machine used 1,856 custom chips Speed : matter of days Cost : $250,000 2006 COPACOBANA, the COst-optimized Parallel COdeBreaker used 120 FCPGAs Speed : less than 24h Cost : $10,000

How about 2DES? 2DESk1,k2(m) = Ek2(Ek1(m)) Meet-in-the-middle attack - known-plaintext attack 1. Brute force E k1 (m) and save results in a table called TE (2 56 entries) 2. Brute force D k2 (c) and save results in a table called TD (2 56 entries) 3. Match the two tables together to get the key candidates The more plaintext you know, the lesser key candidates Effective key-length (entropy) is 57 bits This attacks applies to every encryption algorithm used as such

3DES (Triple DES) 3DESk1,k2,k3(m) = Ek3(Dk2(Ek1(m))) Effective key length (entropy) : 112 bits Very popular, used in PGP, TLS (SSL) But terribly slow

AES - Advanced Encryption Standard Timeline 1996 NIST issues public call for proposal 1998 15 algorithms selected 2001 winners were announced

Rijindael by J. Daemen and V. Rijmen Block size Key Size Speed Mathematical Foundation 128 bits 128, 192, 256 bits ~18-20 cycles / byte Galois Fields Implementation Basic operations :, +, shift Small code : 98k Adopted by the NIST in December 2001

Encryption Modes a.k.a. how to encrypt long messages ECB - Electronic Code Book CBC - Cipher Block Chaining CFB - Cipher Feedback OFB - Output Feedback CTR - Counter

ECB - Electronic Code Book Each plaintext block is encrypted independently with the key Block can be encrypted in parallel The same block is encrypted to the same ciphertext

How bad is ECB mode with a large data?

CBC - Cipher Block Chaining Introduce some randomness using the previous ciphertext block Repeating plaintext blocks are not exposed in the ciphertext No parallelism The Initialization Vector should not be known by the opponent and must be send separately (ECB mode for instance)

CTR - Counter Introduce some randomness using a counter High entropy and parallelism Sensitive to key-reused attack Popular usage : IPsec (coming soon in this course)

Key-reused attack on CTR K = K = =

Stream Cipher vs Block Cipher

Approach Stream Cipher Encrypt one symbol of plaintext directly into a symbol of ciphertext Block Cipher Encrypt a group of plaintext symbols as one block Pro Fast High diffusion Cons Low diffusion Slow Stream cipher and block cipher are often used together Stream cipher for encrypting large volume of data Block cipher for encrypting fresh pseudo-random seeds

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback