ITEC4621 Network Security
Roadmap
Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Block Ciphers Modern Cryptographic Techniques
ITEC4621 Network Security
Basic Terminology plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of
deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis
ITEC4621 Network Security
How a Cryptosystem Works
Plaintext (M) (data file or messages)
encryption algorithm (E) + secret key A (KA)
Ciphertext (C) (stored or transmitted safely)
decryption algorithm (D) + secret key B (KB)
Plaintext (M) (original data or messages)
Note: Key A may be the same as Key B, depending on the algorithm
E(M) = CD(C) = MD(E(M)) = M
ITEC4621 Network Security
Brute Force Search always possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext
Key Size (bits) Number of Alternative Keys
Time required at 1 decryption/µs
Time required at 106 decryptions/µs
32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
26 characters (permutation)
26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years
ITEC4621 Network Security
Roadmap
Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Block Ciphers Modern Cryptographic Techniques
ITEC4621 Network Security
Types of Cryptography
Symmetric Cryptography Deploy the same secret key to encrypt and decrypt messages The secret key is shared between two parties Encryption algorithm is the same as decryption algorithm
Asymmetric (Public-key) Cryptography Private key, Public key The secret key is not shared and two parties can still
communicate using their public keys Encryption alg. is different from decryption alg.
ITEC4621 Network Security
Roadmap
Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Block Ciphers Modern Cryptographic Techniques
ITEC4621 Network Security
What is Symmetric Encryption used for?
Transmitting data over an insecure channel Secure stored data (encrypt & store) Provide integrity check:
ITEC4621 Network Security
Properties of Symmetric Cryptography
Message Confidentiality Message Authentication Message Integrity
ITEC4621 Network Security
A private key cipher is composed of two algorithms encryption algorithm E decryption algorithm D
The same key K is used for encryption & decryption K has to be distributed beforehand
Concept
ITEC4621 Network Security
Encrypt a plaintext P using a key K & an encryption algorithm E
C = E(K,P) Decrypt a ciphertext C using the same key K and the
matching decryption algorithm DP = D(K,C)
Note: P = D(K,C) = D(K, E(K,P))
Concept (cont.)
ITEC4621 Network Security
Depending on what a cryptanalyst has to work with, attacks can be classified into Ciphertext only attack Known plaintext attack Chosen plaintext attack Chosen ciphertext attack (most severe)
Cryptanalysis
ITEC4621 Network Security
Ciphertext-only Attack
Collect ciphertexts of several messages encrypted using the same encryption algorithm and try to recover plaintexts or encrypting key(s).
Given: C1 = Ek(P1), C2=Ek(P2), ..., Ci=Ek(Pi)
Deduce: Either P1, P2, …, Pi; k; or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)
ITEC4621 Network Security
Known-plaintext Attack
Able to collect ciphertext of several messages and corresponding plaintext, and try to resolve the encrypting key(s).
Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi)Deduce: Either k, or an algorithm
to infer Pi+1 from Ci+1=Ek(Pi+1)
ITEC4621 Network Security
Chosen-plaintext Attack
Able to collect ciphertext of several messages and associated plaintext, and also able to choose the plaintext that gets encrypted. Try to deduce the encrypting key(s).
More powerful than known-plaintext attack
Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi)
where the cryptanalyst gets to choose P1,…, Pi
Deduce: Either k, or an algorithm
to infer Pi+1 from Ci+1=Ek(Pi+1)
ITEC4621 Network Security
Chosen-ciphertext Attack
Able to choose different ciphertext to be decrypted and has access to the decrypted plaintext. Try to deduce the key
E.g. has access to a tamperproof box that does automatically decryption.
Given: C1, P1 = Dk(C1), C2, P2=Dk(C2), ..., Ci, Pi=Dk(Ci)Deduce: k
Primarily applicable to public-key algorithms.
ITEC4621 Network Security
Classification of Cryptosystems
Based on operations to transform plaintext into ciphertext Substitution Ciphers Transposition Ciphers
Based on the number of keys used Symmetric encryption Asymmetric (Public-key) encryption
Based on the way in which the plaintext is processed Block Cipher Stream Cipher
ITEC4621 Network Security
Roadmap
Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Modern Cryptographic Techniques
ITEC4621 Network Security
Classical Cryptographic Techniques
Substitution Ciphers Transposition Ciphers
ITEC4621 Network Security
Substitution Ciphers
Character in plaintext is substituted for another character in ciphertext
Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. E.g. AD, BE, XA
ROT13: commonly found in UNIX systems. Every plaintext character is rotated 13 places.
ITEC4621 Network Security
Caesar Cipher
earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter on example:
meet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB
ITEC4621 Network Security
Caesar Cipher (cont’d)
can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a numbera b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
then have Caesar cipher as:c = E(p) = (p + k) mod (26)p = D(c) = (c – k) mod (26)
ITEC4621 Network Security
Cryptanalysis of Caesar Cipher
only have 26 possible ciphers A maps to A,B,..Z
could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM"
ITEC4621 Network Security
Transposition Ciphers
Plaintext remains the same, but the order of characters is shuffled around.
E.G. “Columnar Transposition Cipher”Plaintext: COMPUTER GRAPHICS MAY BE SLOW BUT AT LEAST IT’S EXPENSIVE
COMPUTERGR
APHICSMAYB
ESLOWBUTAT
LEASTITSEX
PENSIVE
Ciphertext: CAELSOPSEEMHLAN…
ITEC4621 Network Security
Steganography
Plaintext can be hidden by two ways: Steganography: conceal the existence of the message Cryptography: render the message unintelligible to outsiders
using various kinds of transformation of the text Examples of Steganography
Character marking: overwrite text with pencil Invisible ink: use special substance Pin punctures: pin puncture on selected letters
ITEC4621 Network Security
One-time Pads
One-time pad is a large non-repeating set of truly random key letters Encryption is a additional modulo 26 of plaintext character For example:
Message: ONETIMEPAD Pad Sequence: TBFRGFARFM Ciphertext: IPKLPSFHGQBecauseO+T mod 26 = I 15+20 mod 26 = 9N+B mod 26 = P 14+2 mod 26 = 16E+F mod 26 = K, etc.
DecryptionP+K mod 26 = C P = C-K mod 26I-T mod 26 = 9-20 mod 26 = -11 mod 26 = -11+26 mod 26 = 15 mod 26 = O
ITEC4621 Network Security
Roadmap
Overview of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Modern Cryptographic Techniques
ITEC4621 Network Security
Cryptographic ProcessMessage
m1 m2 mn
Encryption
c1 c2 cn
Ciphertext
Message
m1 m2 mn
Decryption
c1 c2 cn
Ciphertext
ITEC4621 Network Security
Block Cipher and Stream Cipher
Block cipher: divides entire message in to blocks used to produce ciphertext.
Stream cipher: encrypts a data stream one bit or one byte at a time.
ITEC4621 Network Security
Stream Cipher
Converts plaintext to ciphertext 1 bit at a time. Simple stream cipher
Keystreamgenerator
Keystreamgenerator
keystream keystreamki ki
pi pi
Encrypt Decrypt
Ciphertext
ci
ci = pi ki
pi = ci ki because pi = pi ki ki
ITEC4621 Network Security
Stream Ciphers Message mod one-time
pad (previously discussed) Message XOR () one-
time pad
X Y X Y
0 0 0
0 1 1
1 0 1
1 1 0
Message Pad = Ciphertext
e.g. message = 101011011 pad = 111001100 Ciphertext = 010010111
ITEC4621 Network Security
Block Cipher
Divide a message M into m1, …, mn Add padding to last block
Use Ek to produce (ciphertext blocks) x1, …, xn
Use Dk to recover M from m1, …, mn
Modes of Block Ciphers: Electronic Cookbook Cipher Block Chaining Cipher Feedback Output Feedback
ITEC4621 Network Security
Electronic Cookbook (cont’d)
Ideal for short amount of data transfer e.g. encryption key ECB produces the same message pattern if using the
same input. Not secure for lengthy message, easy for cryptanalysis.
ITEC4621 Network Security
Cipher Block Chaining (cont’d)
Passing IV using ECB What’s the purpose of using IV? The same input pattern will not produce the same output. Suitable for lengthy message Suitable for general-purpose block oriented applications
ITEC4621 Network Security
Diffusion and Confusion
Confusion: hard to find any relationship between ciphertext and key.
Diffusion: spreads influence of individual plaintext or key bits over as much of the ciphertext as possible.
In particular, one bit change of plaintext or key must increase the difficulty of cryptanalysis.
ITEC4621 Network Security
Important Factors
Block size Larger block provides higher security, but reduce
encryption/decryption speed. A block size of 64 bits is reasonable tradeoff.
Key size Larger key size means higher security, but reduce speed. 64 bits are not enough, 128 bits preferable.
ITEC4621 Network Security
Important Factors (cont.)
Number of rounds Multiple rounds offer increasing security Typical size is 16 rounds
Subkey generation algorithm Greater complexity is better, difficult for cryptanalysis
Round function (F) Greater complexity is better, resistance to cryptanalysis
ITEC4621 Network Security
Proof: LD1 = RE15
Encryption side:
LE16 = RE15
RE16 = LE15 F(RE15, K16)Decryption side:
LD1 = RD0 = LE16 = RE15
RD1 = LD0 F(RD0, K16)
= RE16 F(RE15, K16)
= [LE15 F(RE15, K16)] F(RE15, K16)
= LE15 [F(RE15, K16) F(RE15, K16)]
= LE15 0
= LE15
ITEC4621 Network Security
Data Encryption Standard (DES)
A block of 64-bit data is encrypted using 56-bit key to produce a 64-bit block of ciphertext.
Decryption can be done by encrypting the ciphertext using the same key.
ITEC4621 Network Security
Calculation of F(R, K)
1. R is expanded to 48 bits.2. The expanded R is XORed with 48-bit K.3. Split 48-bit data into 8 groups of 6-bit data to enter S-Boxes4. For each of the group, do the following:
1. For the 6-bit data to enter each Si, 1st and 6th bits form a 2-bit binary number to identity the row number in Si.
2. The decimal value of 2nd – 4th bits identify the column number in Si.
3. The selected decimal value from Si is then converted into 4-bit binary output of Si.
ITEC4621 Network Security
Example
Input to S5: 100111 1st and 6th bits are 11 -> row 3 2nd-5th bits are 0011 -> column 3 The decimal value in row 3 and column 3 of S5 is 7. The output value of S5 is 0111
2 12 4 1 7 …14 11 2 12 4 … 4 2 1 11 10 …11 8 12 7 1 …
S5
ITEC4621 Network Security
Avalanche Effect
key desirable property of encryption alg where a change of one input or key bit results in changing
approx half output bits making attempts to “home-in” by guessing keys impossible DES exhibits strong avalanche
ITEC4621 Network Security
Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values brute force search looks hard recent advances have shown is possible
in 1997 on Internet in a few months in 1998 on dedicated h/w (EFF) in a few days in 1999 above combined in 22hrs! Recently, in a few hours
still must be able to recognize plaintext must now consider alternatives to DES
ITEC4621 Network Security
More about DES If only the attack on DES
is brute force, then use longer key size.
ITEC4621 Network Security
Multiple Encryption & DES
clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks
AES is a new cipher alternative prior to this alternative was to use multiple encryption with
DES implementations Triple-DES (3DES) is the chosen form
ITEC4621 Network Security
3DES with Two-Keys
hence must use 3 encryptions would seem to need 3 distinct keys
but can use 2 keys with E-D-E sequence C = EK1(DK2(EK1(P))) nb encrypt & decrypt equivalent in security if K1=K2 then can work with single DES
standardized in ANSI X9.17 & ISO8732 no current known practical attacks
ITEC4621 Network Security
Triple-DES with Three-Keys
although are no practical attacks on two-key Triple-DES have some indications
can use Triple-DES with Three-Keys to avoid even these C = EK3(DK2(EK1(P)))
has been adopted by some Internet applications, eg PGP, S/MIME