Date post: | 22-Nov-2014 |
Category: |
Technology |
Upload: | ali-habeeb |
View: | 476 times |
Download: | 1 times |
Information System Information System SecuritySecurity
Lecture 2Lecture 2
Symmetric cryptographySymmetric cryptography
22
ReferencesReferences
1.1. Cryptography and Network SecurityCryptography and Network Security, By W. , By W. Stallings. Prentice Hall, 2003.Stallings. Prentice Hall, 2003.
2.2. Handbook of applied Cryptography Handbook of applied Cryptography by A. by A. Menezes, P. Van Oorschot and S. Vanstone. 5Menezes, P. Van Oorschot and S. Vanstone. 5thth printing, 2001printing, 2001http://www.cacr.math.uwaterloo.ca/hachttp://www.cacr.math.uwaterloo.ca/hac
3.3. Cryptography: A Very Short Introduction Cryptography: A Very Short Introduction (Very Short Introduction S.)(Very Short Introduction S.), by, by Fred Piper and Fred Piper and Sean Murphy, Oxford University Press, 2002.Sean Murphy, Oxford University Press, 2002.
33
OutlineOutline
1.1. CryptographyCryptography
2.2. Symmetric Cipher systemsSymmetric Cipher systems
3.3. Stream CipherStream Cipher– Vernam CipherVernam Cipher– One-time padOne-time pad
4.4. Block cipherBlock cipher– DESDES– Triple DESTriple DES– AESAES
5.5. Modes of operationModes of operation– ECBECB– CBCCBC
44
1. Cryptography1. Cryptography
Cryptography is a means of providing information security.Cryptography is a means of providing information security.
Cryptography is the study of mathematical techniques related to Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, integrity, aspects of information security such as confidentiality, integrity, authentication, and non-repudiation which form the main authentication, and non-repudiation which form the main objectives of ISSobjectives of ISS
Other ISS objectives are derived upon these four aspectsOther ISS objectives are derived upon these four aspects
55
CryptographyCryptography
Cryptanalysis: the study of mathematical techniques for Cryptanalysis: the study of mathematical techniques for attempting to defeat cryptographic techniques.attempting to defeat cryptographic techniques.
Cryptanalyst: is the one who engages in cryptanalysis.Cryptanalyst: is the one who engages in cryptanalysis.
Cryptology: the study of cryptanalysis and cryptography.Cryptology: the study of cryptanalysis and cryptography.
Cryptosystem (Cryptographic system): is a general term Cryptosystem (Cryptographic system): is a general term referring to a set of cryptographic primitives used to provide referring to a set of cryptographic primitives used to provide information security services.information security services.– Also called a Also called a ciphercipher..
66
A cipher modelA cipher model
A (Symmetric) cipher model consists of:A (Symmetric) cipher model consists of:– Plaintext, Plaintext, mm: the original intelligible message fed into the encryption algo.: the original intelligible message fed into the encryption algo.
– Encryption algo., Encryption algo., EE: performs various substitutions and transformation on : performs various substitutions and transformation on mm..
– Secret key, Secret key, KK: an input to : an input to EE, and a value independent of , and a value independent of mm. .
– Ciphertext, Ciphertext, CC: scrambled message produced as output of : scrambled message produced as output of EE. it depends on . it depends on mm and and KK..
– Decryption algo., Decryption algo., DD: the reverse of : the reverse of EE. it takes . it takes CC and and KK and produces and produces mm. .
ciphertextciphertextEncryptionAlgorithm(eg, AES)
Decryptionalgorithm
secret key secret key
plaintextplaintext
Sender Receiver
77
Symmetric-key systems Symmetric-key systems
Symmetric cipher – Encryption key and decryption key are exactly the same, or
– Decryption key is easily obtained from the encryption key.
All practical cipher systems prior to the 1980’s were symmetric cipher systems.
The study of symmetric cipher systems is often referred to as symmetric cryptography.– Also referred to as conventional cryptography, single-key
cryptography, or secret-key cryptography.
88
Public-key systemsPublic-key systems
In public-key cipher systems– Computationally infeasible (in other words, practically
impossible) to determine the decryption key from the encryption key.
In this case the encryption key and the decryption key must be different. For this reason, public key cipher systems are sometimes referred to as asymmetric cipher systems.
The study of public key cipher systems is often referred to as public-key or asymmetric cryptography.
99
CryptographyCryptography
Cryptographic techniques are divided into 2 types:Cryptographic techniques are divided into 2 types:– Symmetric-key CryptographySymmetric-key Cryptography
Symmetric-key ciphersSymmetric-key ciphers– Block cipherBlock cipher
– Stream cipherStream cipher Arbitrary length Hash functions (MACs)Arbitrary length Hash functions (MACs) SignaturesSignatures IdentificationIdentification Pseudorandom sequences Pseudorandom sequences
– Public-key CryptographyPublic-key Cryptography Asymmetric-key ciphers Asymmetric-key ciphers
– Integer Factorization
– Discrete logarithmDiscrete logarithm SignaturesSignatures IdentificationIdentification
1010
2. Symmetric ciphers2. Symmetric ciphers
There are two classes: Block cipher and Stream There are two classes: Block cipher and Stream cipher. cipher.
1 …… 1 …… 0 ……0 ……0
E
1……...1……..1…….0…….1
100110110100010111010010
110010011101010010001001
E E E E
100110110100010111010010
110010011101010010001001
100110 110100 010111 010010
E E E E
110010 011101 010010 001001
… … … …
Stream cipher Block cipher
1111
3. Stream Ciphers3. Stream Ciphers
A A stream cipherstream cipher is an encryption scheme which treats the is an encryption scheme which treats the plaintext symbol-by-symbol (e.g., bit or character)plaintext symbol-by-symbol (e.g., bit or character)– A A keystreamkeystream is a sequence of symbols is a sequence of symbols ee11ee22ee33…. …. K K (the key space for a (the key space for a
set of encryption transformations)set of encryption transformations)
– AA an alphabet of definition of an alphabet of definition of qq symbols symbols
– Encryption: Encryption: EEee is a simple substitution cipher with block length 1, where e is a simple substitution cipher with block length 1, where e
K K EEee = = EEee11 (m(m11) ) EEee22 (m(m22) …= c) …= c11cc22……
PlaintextPlaintext m= m m= m1 1 mm22.... and ciphertext and ciphertext c = cc = c11cc22……
– Decryption: Decryption: DDdd = = DDdd11 (c(c11) D) Ddd22 (c(c22) …= m) …= m11mm22…… , , ddii=e=eii-1-1
The security stream ciphers depends on the changing keysteam The security stream ciphers depends on the changing keysteam rather than the encryption function (may be simple, e.g., XOR).rather than the encryption function (may be simple, e.g., XOR).
1212
Vernam CipherVernam Cipher
random key bits k1, k2,…, kn
plaintext bits p1, p2,…, pn
+p1 k1 p2 k2…pn Kn
ciphertext bits
A stream cipher defined on the alphabet A={0,1}
The keystream is a binary string (k=k1…kt) of the same length as the plaintext m (=m1 … mt)
Encryption ccii=mi ki , Decryption mmii=ci ki
1313
One-time padOne-time pad
If the key string is randomly chosen and never used again then Vernam cipher is called a one-time pad
One-time pad’s drawback: The keystream must be as long as the One-time pad’s drawback: The keystream must be as long as the plaintext.plaintext. – This increases the difficulty of key distribution and key managementThis increases the difficulty of key distribution and key management
Solution: generate the key stream pseudorandomly (Solution: generate the key stream pseudorandomly (i.e.i.e., keystream , keystream generated from a smaller secret key).generated from a smaller secret key).
Keystreamgenerator
key random key bits k1 k2… kn
plaintext bits p1 p2… pn
+p1 k1,…, pn kn
ciphertext bits
Model of a stream cipher
1414
Properties of stream Properties of stream ciphersciphers
Advantages:Advantages:– No error propagation: a ciphertext digit is modified during transmission No error propagation: a ciphertext digit is modified during transmission
doesn’t affect the decryption of other ciphertext digitsdoesn’t affect the decryption of other ciphertext digits– Easy for implementationEasy for implementation– FastFast
Drawbacks:Drawbacks:– Requirement for synchronization: sender and receiver must be Requirement for synchronization: sender and receiver must be
synchronizedsynchronized (ie, they must use the same key and operate on the same (ie, they must use the same key and operate on the same position (digit)). If synchronization is lost due to digit insertion or position (digit)). If synchronization is lost due to digit insertion or deletion then re-synchronization is required.deletion then re-synchronization is required.
They are suitable for applications where errors are intolerable.They are suitable for applications where errors are intolerable.– GSM and phone networks.GSM and phone networks.
A Modern Stream cipher: RC4 (1987). A Modern Stream cipher: RC4 (1987).
1515
4. Block ciphers4. Block ciphers
A A block cipherblock cipher is an encryption scheme which breaks up the is an encryption scheme which breaks up the plaintext message into blocks of a fixed length and produces plaintext message into blocks of a fixed length and produces ciphertext blocks of the same length.ciphertext blocks of the same length.
Block ciphers encrypt one block at a time, using a complex Block ciphers encrypt one block at a time, using a complex encryption functionencryption function
Examples Examples – DES: operates on blocks of 64 bitsDES: operates on blocks of 64 bits– AES: operates on blocks of 128 bitsAES: operates on blocks of 128 bits
Block ciphers can be used in various modes (Block ciphers can be used in various modes (modes of modes of operationoperation).).
1616
Data Encryption Standard Data Encryption Standard (DES)(DES)
DES design is based on two general concepts: DES design is based on two general concepts: – product cipher: combination of two or more operations product cipher: combination of two or more operations
(transposition, translation (e.g., XOR), arithmetic (transposition, translation (e.g., XOR), arithmetic operations, modular multiplication, simple substitutions.)operations, modular multiplication, simple substitutions.)
– Feistel Concept: Feistel Concept:
Block of ciphertextBlock of ciphertextEncryptionAlgorithm
(DES)
Encryption key
Block of plaintext
64
56
64
1717
Feistel principleFeistel principle
An An iterated block cipheriterated block cipher is a block cipher involving the is a block cipher involving the sequential repetition of an internal function called sequential repetition of an internal function called round round functionfunction. Parameters include:. Parameters include:rr, number of rounds,, number of rounds,nn block size block size and and kk, the input key from which , the input key from which rr subkeys subkeys kkii ( (round keysround keys) are ) are
derived.derived. A A Feistel CipherFeistel Cipher is an iterated cipher mapping a 2 is an iterated cipher mapping a 2tt-bit plaintext -bit plaintext
((LL00, R, R00), for ), for tt-bit blocks -bit blocks LL00 and and RR00, to a ciphertext (, to a ciphertext (RRrr, L , L rr), ),
through an through an rr-round process (-round process (r r ≥≥ 1 1) for each ) for each 1 1 ≤≤ i i ≤≤ r r, round , round ii maps (maps (LLi-1i-1,R,Ri-1i-1))((LLii,R,Rii) as follows:) as follows:
– LLi i = R= Ri-1i-1
– RRi i = L= Li-1i-1 + f(R + f(Ri-1i-1,k,kii))
Decryption is achieved by the same r-round process but with Decryption is achieved by the same r-round process but with subkeys in reverse order.subkeys in reverse order.
1818
Feistel principleFeistel principle
L0 R0
f
L1=R0 R1 = L0 f (R0, k1)
f
L2= R1
Key k1
Key k2
R2 = L1 f (R1,k2)
plaintext
1
3
45
6
7
2
round 1
round 2
1919
DES EncryptionDES Encryption (ch 7 ,[2]) (ch 7 ,[2])
L0 R0
f
L1=R0R1 = L0 f (R0, k1)
Key k1
Plaintext
IP
L16 = R15
IP-1
R16 = L15 f (R15, k16)
Ciphertext
64
32
32 4
8
32
32
64
32
32
2020
DES’s DES’s ff function function
Ri-1 (32 bits)
Expansion Permutation
Ri-1 (48 bits)
Ki (48 bits)
S1 S2 S3 S4 S5 S6 S7 S8
6 bits into each
P
32 bits
4 bits out of each
2121
DES propertiesDES properties
DES has 4 weak keys and six pairs of semi-weak keysDES has 4 weak keys and six pairs of semi-weak keys– A DES weak key is a key A DES weak key is a key kk such that such that EEkk(E(Ekk(x))=x(x))=x for all for all xx
– A pair of DES semi weak keys is a pair (A pair of DES semi weak keys is a pair (KK11,K,K22) with ) with EEkk11(E(Ekk22
(x))=x(x))=x
Tables 7.5 and 7.6, of weak and semi-weak keys on pp. 258 of [2].Tables 7.5 and 7.6, of weak and semi-weak keys on pp. 258 of [2].
DES Today DES Today – A DES key can be found by anyone determined enough.A DES key can be found by anyone determined enough.
In 1998 Electronic Frontier Foundation managed to break DES (using In 1998 Electronic Frontier Foundation managed to break DES (using DES Cracker, costing < $250,000 ) in less than 3 days. DES Cracker, costing < $250,000 ) in less than 3 days.
– Differential and linear cryptanalysis provide academic attacks on Differential and linear cryptanalysis provide academic attacks on DES.DES.
– However, DES is still in use in many applications.However, DES is still in use in many applications.– Triple DES or AES are commonly recommended instead of DES.Triple DES or AES are commonly recommended instead of DES.
2222
Triple DESTriple DES
ciphertexciphertextt
EncryptUsing DES
plaintext
Key K1
DecryptUsing DES
EncryptUsing DES
Key K2
Key K3
3
2
4
• Key =k1 k2k3
• Key are longer (192 bits)
• Three times slower than DES
2323
Advanced Encryption Advanced Encryption Standard Standard
In November 2001 the USA NIST announced In November 2001 the USA NIST announced RijndaelRijndael algorithm as the AES to replace DES as a FIPS 197algorithm as the AES to replace DES as a FIPS 197
Became effective in May 2002Became effective in May 2002 AES is a symmetric encryption algorithmAES is a symmetric encryption algorithm Block size 128, rounds 10, 12, or 14 depending on the key Block size 128, rounds 10, 12, or 14 depending on the key
size (128, 192, or 256)size (128, 192, or 256)
AES will probably be worldwide used very soonAES will probably be worldwide used very soon It’s security not proved yetIt’s security not proved yet
Block of ciphertextBlock of ciphertext
AES
Encryption key
Block of plaintext
128
128, 196, or 256
128
2424
Other Block ciphersOther Block ciphers
IDEA (International Data Encryption Algorithm)IDEA (International Data Encryption Algorithm)– Published in 1991Published in 1991– Operates on 64-bit blocks, and 128-bit key and produces Operates on 64-bit blocks, and 128-bit key and produces
blocks of 64 bitsblocks of 64 bits
Other ciphers: FEAL, SAFER, RC5, …Other ciphers: FEAL, SAFER, RC5, …
Block of ciphertextBlock of ciphertextIDEA
Encryption key
Block of plaintext
64
128
64
2525
5. Modes of operation5. Modes of operation
1.1. Electronic CodeBook (ECB):Electronic CodeBook (ECB): Identical plaintext blocks (under the Identical plaintext blocks (under the
same key) result in identical ciphertext.same key) result in identical ciphertext. Chaining dependency: blocks are Chaining dependency: blocks are
enciphered independently of other enciphered independently of other blocks.blocks.
Error propagation: one or more bit Error propagation: one or more bit errors in a single ciphertext affect errors in a single ciphertext affect decipherment of that block only.decipherment of that block only.
ECB is not recommended for messages ECB is not recommended for messages longer than one block, or if keys are longer than one block, or if keys are reused for more than one-block reused for more than one-block message.message.
Security of ECB may be improved by Security of ECB may be improved by inclusion of random padding bits in each inclusion of random padding bits in each block.block.
E Ekey
xj
n
-1
n
cj
Encryption
Decryption
Electronic CodeBook Electronic CodeBook (ECB)(ECB)
key
xj
2626
6. Modes of operation6. Modes of operation
2.2. Cipher-Block Chaining (CBC):Cipher-Block Chaining (CBC):
E Ekey
n
-1
n
Encryption
decryption
+
key
c0=IV
+
Cipher-Block Chaining Cipher-Block Chaining (CBC)(CBC)
cj-1
xj
xj
cj
cj-1
Identical plaintexts: identical ciphertext blocks result when the same plaintext is enciphered under the key and IV.
Chaining dependency: a ciphertext cj
depends on xj and all preceding
plaintext blocks rearranging the order of ciphertext blocks affects decryption.
Error propagation: a single bit error in ciphertext block cj affects decipherment of cj and cj+1.
Error recovery: CBC is self-synchronizing in the sense that if an error occurs in block cj, cj+2 is correctly recovered.
IV is not secret but needs integrity.
2727
Properties of block ciphersProperties of block ciphers
Block ciphers do propagate errors (to a limited extent), but are Block ciphers do propagate errors (to a limited extent), but are quite flexible and can be used in different ways in order to quite flexible and can be used in different ways in order to provide different security properties.provide different security properties.
The properties of cryptographic algorithms are not only affected The properties of cryptographic algorithms are not only affected by algorithm design, but also by the ways in which the by algorithm design, but also by the ways in which the algorithms are used. Different modes of operation can algorithms are used. Different modes of operation can significantly change the properties of a block cipher.significantly change the properties of a block cipher.
The security of block ciphers mainly depends on the complexity The security of block ciphers mainly depends on the complexity of the encryption function whereas thus of stream ciphers of the encryption function whereas thus of stream ciphers depend on the keystream randomness.depend on the keystream randomness.
They can be used to provide confidentiality, data integrity, or They can be used to provide confidentiality, data integrity, or user authentication, and can even be used to provide the user authentication, and can even be used to provide the keystream generator for stream cipherskeystream generator for stream ciphers