Lecture 02 Symmetric Cryptography 1 Dr. Supakorn Kungpisdan [email protected].

Lecture 02 Symmetric Cryptography 1

Dr. Supakorn [email protected]

ITEC4621 Network Security

Roadmap

Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Block Ciphers Modern Cryptographic Techniques


Basic Terminology plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of

deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis


How a Cryptosystem Works

Plaintext (M) (data file or messages)

encryption algorithm (E) + secret key A (KA)

Ciphertext (C) (stored or transmitted safely)

decryption algorithm (D) + secret key B (KB)

Plaintext (M) (original data or messages)

Note: Key A may be the same as Key B, depending on the algorithm

E(M) = CD(C) = MD(E(M)) = M


Brute Force Search always possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext

Key Size (bits) Number of Alternative Keys

Time required at 1 decryption/µs

Time required at 106 decryptions/µs

32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years

168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years

26 characters (permutation)

26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years


Roadmap



Types of Cryptography

Symmetric Cryptography Deploy the same secret key to encrypt and decrypt messages The secret key is shared between two parties Encryption algorithm is the same as decryption algorithm

Asymmetric (Public-key) Cryptography Private key, Public key The secret key is not shared and two parties can still

communicate using their public keys Encryption alg. is different from decryption alg.


Symmetric Cryptography


Public-Key Cryptography


Roadmap



Model of Symmetric Cryptosystem


What is Symmetric Encryption used for?

Transmitting data over an insecure channel Secure stored data (encrypt & store) Provide integrity check:


Properties of Symmetric Cryptography

Message Confidentiality Message Authentication Message Integrity


A private key cipher is composed of two algorithms encryption algorithm E decryption algorithm D

The same key K is used for encryption & decryption K has to be distributed beforehand

Concept


Encrypt a plaintext P using a key K & an encryption algorithm E

C = E(K,P) Decrypt a ciphertext C using the same key K and the

matching decryption algorithm DP = D(K,C)

Note: P = D(K,C) = D(K, E(K,P))

Concept (cont.)


Depending on what a cryptanalyst has to work with, attacks can be classified into Ciphertext only attack Known plaintext attack Chosen plaintext attack Chosen ciphertext attack (most severe)

Cryptanalysis


Ciphertext-only Attack

Collect ciphertexts of several messages encrypted using the same encryption algorithm and try to recover plaintexts or encrypting key(s).

Given: C1 = Ek(P1), C2=Ek(P2), ..., Ci=Ek(Pi)

Deduce: Either P1, P2, …, Pi; k; or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)


Known-plaintext Attack

Able to collect ciphertext of several messages and corresponding plaintext, and try to resolve the encrypting key(s).

Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi)Deduce: Either k, or an algorithm

to infer Pi+1 from Ci+1=Ek(Pi+1)


Chosen-plaintext Attack

Able to collect ciphertext of several messages and associated plaintext, and also able to choose the plaintext that gets encrypted. Try to deduce the encrypting key(s).

More powerful than known-plaintext attack

Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi)

where the cryptanalyst gets to choose P1,…, Pi

Deduce: Either k, or an algorithm

to infer Pi+1 from Ci+1=Ek(Pi+1)


Chosen-ciphertext Attack

Able to choose different ciphertext to be decrypted and has access to the decrypted plaintext. Try to deduce the key

E.g. has access to a tamperproof box that does automatically decryption.

Given: C1, P1 = Dk(C1), C2, P2=Dk(C2), ..., Ci, Pi=Dk(Ci)Deduce: k

Primarily applicable to public-key algorithms.


Classification of Cryptosystems

Based on operations to transform plaintext into ciphertext Substitution Ciphers Transposition Ciphers

Based on the number of keys used Symmetric encryption Asymmetric (Public-key) encryption

Based on the way in which the plaintext is processed Block Cipher Stream Cipher


Roadmap

Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Modern Cryptographic Techniques


Classical Cryptographic Techniques

Substitution Ciphers Transposition Ciphers


Substitution Ciphers

Character in plaintext is substituted for another character in ciphertext

Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. E.g. AD, BE, XA

ROT13: commonly found in UNIX systems. Every plaintext character is rotated 13 places.


Caesar Cipher

earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter on example:

meet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB


K=3

Inner: ciphertextOuter: plaintext

Caesar Cipher


Caesar Cipher (cont’d)

can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

mathematically give each letter a numbera b c d e f g h i j k l m n o p q r s t u v w x y z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

then have Caesar cipher as:c = E(p) = (p + k) mod (26)p = D(c) = (c – k) mod (26)


Cryptanalysis of Caesar Cipher

only have 26 possible ciphers A maps to A,B,..Z

could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM"


Transposition Ciphers

Plaintext remains the same, but the order of characters is shuffled around.

E.G. “Columnar Transposition Cipher”Plaintext: COMPUTER GRAPHICS MAY BE SLOW BUT AT LEAST IT’S EXPENSIVE

COMPUTERGR

APHICSMAYB

ESLOWBUTAT

LEASTITSEX

PENSIVE

Ciphertext: CAELSOPSEEMHLAN…


Steganography

Plaintext can be hidden by two ways: Steganography: conceal the existence of the message Cryptography: render the message unintelligible to outsiders

using various kinds of transformation of the text Examples of Steganography

Character marking: overwrite text with pencil Invisible ink: use special substance Pin punctures: pin puncture on selected letters


One-time Pads

One-time pad is a large non-repeating set of truly random key letters Encryption is a additional modulo 26 of plaintext character For example:

Message: ONETIMEPAD Pad Sequence: TBFRGFARFM Ciphertext: IPKLPSFHGQBecauseO+T mod 26 = I 15+20 mod 26 = 9N+B mod 26 = P 14+2 mod 26 = 16E+F mod 26 = K, etc.

DecryptionP+K mod 26 = C P = C-K mod 26I-T mod 26 = 9-20 mod 26 = -11 mod 26 = -11+26 mod 26 = 15 mod 26 = O


Roadmap

Overview of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Modern Cryptographic Techniques


Cryptographic ProcessMessage

m1 m2 mn

Encryption

c1 c2 cn

Ciphertext

Message

m1 m2 mn

Decryption

c1 c2 cn

Ciphertext


Block Cipher and Stream Cipher

Block cipher: divides entire message in to blocks used to produce ciphertext.

Stream cipher: encrypts a data stream one bit or one byte at a time.


Stream Cipher

Converts plaintext to ciphertext 1 bit at a time. Simple stream cipher

Keystreamgenerator

Keystreamgenerator

keystream keystreamki ki

pi pi

Encrypt Decrypt

Ciphertext

ci

ci = pi ki

pi = ci ki because pi = pi ki ki


Stream Ciphers Message mod one-time

pad (previously discussed) Message XOR () one-

time pad

X Y X Y

0 0 0

0 1 1

1 0 1

1 1 0

Message Pad = Ciphertext

e.g. message = 101011011 pad = 111001100 Ciphertext = 010010111


Block Cipher

Divide a message M into m1, …, mn Add padding to last block

Use Ek to produce (ciphertext blocks) x1, …, xn

Use Dk to recover M from m1, …, mn

Modes of Block Ciphers: Electronic Cookbook Cipher Block Chaining Cipher Feedback Output Feedback


Electronic Cookbook


Electronic Cookbook (cont’d)

Ideal for short amount of data transfer e.g. encryption key ECB produces the same message pattern if using the

same input. Not secure for lengthy message, easy for cryptanalysis.


Cipher Block Chaining


Cipher Block Chaining (cont’d)

Passing IV using ECB What’s the purpose of using IV? The same input pattern will not produce the same output. Suitable for lengthy message Suitable for general-purpose block oriented applications


Cipher Feedback


Output Feedback


Diffusion and Confusion

Confusion: hard to find any relationship between ciphertext and key.

Diffusion: spreads influence of individual plaintext or key bits over as much of the ciphertext as possible.

In particular, one bit change of plaintext or key must increase the difficulty of cryptanalysis.


Feistel Cipher Structure

Round function


Important Factors

Block size Larger block provides higher security, but reduce

encryption/decryption speed. A block size of 64 bits is reasonable tradeoff.

Key size Larger key size means higher security, but reduce speed. 64 bits are not enough, 128 bits preferable.


Important Factors (cont.)

Number of rounds Multiple rounds offer increasing security Typical size is 16 rounds

Subkey generation algorithm Greater complexity is better, difficult for cryptanalysis

Round function (F) Greater complexity is better, resistance to cryptanalysis


Feistel Encryption and Decryption


Proof: LD1 = RE15

Encryption side:

LE16 = RE15

RE16 = LE15 F(RE15, K16)Decryption side:

LD1 = RD0 = LE16 = RE15

RD1 = LD0 F(RD0, K16)

= RE16 F(RE15, K16)

= [LE15 F(RE15, K16)] F(RE15, K16)

= LE15 [F(RE15, K16) F(RE15, K16)]

= LE15 0

= LE15


Data Encryption Standard (DES)

A block of 64-bit data is encrypted using 56-bit key to produce a 64-bit block of ciphertext.

Decryption can be done by encrypting the ciphertext using the same key.


DES Encryption


Single Round of DES Encryption


Permutation Table for DES


Permutation Tables for DES


DES Key Schedule Calculation

Permuted Choice 1 and 2


Calculation of F(R, K)

1. R is expanded to 48 bits.2. The expanded R is XORed with 48-bit K.3. Split 48-bit data into 8 groups of 6-bit data to enter S-Boxes4. For each of the group, do the following:

1. For the 6-bit data to enter each Si, 1st and 6th bits form a 2-bit binary number to identity the row number in Si.

2. The decimal value of 2nd – 4th bits identify the column number in Si.

3. The selected decimal value from Si is then converted into 4-bit binary output of Si.


DES S-Boxes

Permutation Function


DES S-Boxes (cont.)


DES S-Boxes (cont.)


Example

Input to S5: 100111 1st and 6th bits are 11 -> row 3 2nd-5th bits are 0011 -> column 3 The decimal value in row 3 and column 3 of S5 is 7. The output value of S5 is 0111

2 12 4 1 7 …14 11 2 12 4 … 4 2 1 11 10 …11 8 12 7 1 …

S5


Avalanche Effect

key desirable property of encryption alg where a change of one input or key bit results in changing

approx half output bits making attempts to “home-in” by guessing keys impossible DES exhibits strong avalanche


Avalanche Effect in DES


Strength of DES – Key Size

56-bit keys have 256 = 7.2 x 1016 values brute force search looks hard recent advances have shown is possible

in 1997 on Internet in a few months in 1998 on dedicated h/w (EFF) in a few days in 1999 above combined in 22hrs! Recently, in a few hours

still must be able to recognize plaintext must now consider alternatives to DES


More about DES If only the attack on DES

is brute force, then use longer key size.


Multiple Encryption & DES

clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks

AES is a new cipher alternative prior to this alternative was to use multiple encryption with

DES implementations Triple-DES (3DES) is the chosen form


3DES with Two-Keys

hence must use 3 encryptions would seem to need 3 distinct keys

but can use 2 keys with E-D-E sequence C = EK1(DK2(EK1(P))) nb encrypt & decrypt equivalent in security if K1=K2 then can work with single DES

standardized in ANSI X9.17 & ISO8732 no current known practical attacks


3DES with Two-Keys (cont.)


Triple-DES with Three-Keys

although are no practical attacks on two-key Triple-DES have some indications

can use Triple-DES with Three-Keys to avoid even these C = EK3(DK2(EK1(P)))

has been adopted by some Internet applications, eg PGP, S/MIME


3DES with Three-Keys (cont.)

Question?

Next weekSymmetric Cryptography 2

Date post:	01-Jan-2016
Category:	Documents
Upload:	dinah-fox
View:	218 times
Download:	0 times

Lecture 02 Symmetric Cryptography 1 Dr. Supakorn Kungpisdan [email protected].

Documents