CAP361: Security and Privacy of Information Lecture Number 05-08 Bhagat Avinash

CAP361:
SECURITY AND PRIVACY OF INFORMATION Lecture Number 05-08 Bhagat Avinash

Asst. Prof.
Domain:D3
School of Computing Applications Lovely Professional University
Email: [email protected] [email protected]
Symmetric Encryption and Message Confidentiality
3/1/2013
Network Security Essentials

Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Symmetric Encryption and Message Confidentiality 2
Some Basic Terminology

plaintext original message
ciphertext coded message

cipher algorithm for transforming plaintext to ciphertext key info used in cipher known only to sender/receiver
encipher (encrypt) converting plaintext to ciphertext

decipher (decrypt) recovering ciphertext from plaintext cryptography study of encryption principles/methods
cryptanalysis (codebreaking) study of principles/ methods of deciphering ciphertext without knowing key
cryptology field of both cryptography and cryptanalysis
Symmetric Cipher Model
Requirements
Two requirements for secure use of encryption:
1. a strong encryption algorithm 2. a secret key known only to sender / receiver
mathematically have:
Y = E(K, X) X = D(K, Y)
Encryption depends upon secrecy of key

Cryptography can be classified as :

type of encryption operations used
substitution transposition product
Cryptography
number of keys used

single-key or private two-key or public
way in which plaintext is processed

block stream
Cryptanalysis
The process of attempting to discover the plaintext or key Objective to recover key not just message general approaches:
cryptanalytic attack brute-force attack
Cryptanalysis
Cryptanalytic Attacks : rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
Cryptanalysis
Brute-force attack : The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.
Type of Attack
Known to Cryptanalyst
Ciphertext only
Encryption algorithm
Ciphertext Encryption algorithm Ciphertext One or more plaintext-ciphertext pairs formed with the secret key Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key
10
Known plaintext
Chosen plaintext
Type of Attack
Chosen Ciphertext
Known to Cryptanalyst
Ciphertext Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Chosen text
Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key
Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext Symmetric Encryption and Message generated with the secret key Confidentiality
11
Brute Force Search

always possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext
Key Size (bits) 32 56 128 168 26 characters (permutation) Number of Alternative Keys 232 = 4.3 109 256 = 7.2 1016 2128 = 3.4 1038 2168 = 3.7 1050 26! = 4 1026 Time required at 1 decryption/s 231 s 255 s 2127 s 2167 s = 35.8 minutes = 1142 years = 5.4 1024 years = 5.9 1036 years Time required at 106 decryptions/s 2.15 milliseconds 10.01 hours 5.4 1018 years 5.9 1030 years 6.4 106 years
2 1026 s = 6.4 1012 years
12
Symmetric Block Encryption Algorithms
The most commonly used symmetric encryption algorithms are block cipher. A block cipher processes the plaintext input in fixed sized blocks and produces a block of ciphertext of equal size Feistel Cipher Structure
Data Encryption Standard Triple DES(3DES) Advanced Encryption Standard.
13
Feistel Cipher Structure
Feistel Cipher Structure is a particular example of the more general structure used by all symmetric block ciphers. It consists of
Sequence of rounds With each round performing substitutions and permutations conditioned by a secret key value.
14

Horst Feistel devised the feistel cipher of IBM
The inputs to the encryption algorithm are
Plaintext block of length 2w A key K
The plain text block is divided into two halves, LE0 and RE0. The two halves of the data pass through n rounds of processing and then combine to provide cipher text block.
15

Each round i has inputs LEi-1 and REi-1 derived from the previous round, as well as a sub key Ki derived the overall K Sub keys are generated from main key K using sub key generation algorithm.
16
The Feistel Cipher Structure
17
Round i
Li-1 Ri-1
f +
ki
Li
Ri
18
19
Feistel Cipher Design Elements

Exact realization of a symmetric block cipher depends on following parameters and design features:
block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis

Block size
Larger block size means greater security but it reduces encryption / decryption speed typical size 128 bits.
Key size
Larger key size means greater security but it reduces encryption / decryption speed typical size 128 bits
Number of rounds
Single round offers inadequate security. Multiple rounds offers greater security. Generally 16 rounds
21

Subkey Generation Algorithm
Greater complexity in algorithm should lead greater difficulty of cryptanalysis.
Round function
Grater complexity generally means greater resistance to cryptanalysis.
Fast S/W en/decryption

Encryption is embedded in application or utility functions accordingly speed of the execution of the algorithm becomes convern.
22
Data Encryption Standard (DES)

Most widely used block cipher in world Adopted in 1977 by NBS (national bureau of standards )
Now NIST (national inst. Of standards and

technology) Encrypts 64-bit data using 56-bit key Has widespread use
23
DES History
IBM developed Lucifer cipher
by team led by Feistel in late 60s

used then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES 64-bit data blocks with 128-bit key
DES Design Controversy

Although DES standard is public
Was considerable controversy over design

In choice of 56-bit key (vs lucifer 128-bit) And because design criteria were classified Subsequent events and public analysis show in fact design was appropriate Use of DES has flourished Especially in financial applications Still standardised for legacy application use
DES : Basic Principles DES is a Block Cipher. It Encrypts data in blocks of size 64 bits each 64 bits of plain text goes as the input to DES, which
produces 64 bits of Cipher Text.

The key length is 56 Bits.
26
How Does DES Works ???
27
DES - Basics
DES uses the two basic techniques of cryptography
Substitution Technique (confusion) and Transposition

Technique (diffusion). DES consists of 16 Steps, each of which is known as round
Each round performs the steps of Substitution and

Transposition
28
DES Encryption Overview
29
Level of steps in DES

1. The 64 bit plain text block is handed over to an Initial Permutation (IP) function 2. The IP is performed on plain text
3.
The IP produces two halves of the permuted block:

LPT (Left Plain Text)
RPT (Right Plain Text)
30
4. Each of LPT and RPT go through 16 rounds of encryption
process
5. In the End, LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the combined block
6. The result produces 64-bit cipher text.
31
32
Triple-DES with Two-Keys

3DES was first standardized for use in financial application. 3DES uses three keys and three execution of the DES algorithm.
33
34

The function follows an encrypt-decrypt- encrypt sequence: Encryption operation
C = E(K3,D(K2,E(K1,P)))
Where
C = ciphertext P = plaintext
35
36

Decryption operation is simply the same operation with the keys reversed
P = D(K1,E(K2,D(K3,C)))
There is no cryptographic significance to the use of decryption for the second stage of 3DES encryption. Its only advantage is that it allows users of 3DES to decrypt data encrypted by the user of the older single DES.
37

Strengths: With 3 distinct keys, 3DES has an effective key length of 168 bits. It overcomes the vulnerability to brute force attack.
38
Random Numbers
A number of network security algorithms based on cryptography make use of random numbers e.g.
Generation of keys for the RSA public key encryption algorithm and other public key algorithms. Generation of a stream key for symmetric stream cipher. Generation of symmetric key for use of a temporary session key. In a number of key distribution scenarios such as Kerberos.
39
Random Number Generators

Pseudorandom numbers: Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and therefore produce sequence of numbers that are not statistically random. However if the algorithm is good, the resulting sequence will pass many reasonable tests of randomness, such numbers are referred to as pseudorandom numbers.
41
Purpose-PRNG: Symmetric Block Cipher

Asymmetric Cipher Hash functions and Message
42
Stream Cipher
Block vs Stream Cipher A stream cipher processes the input elements continuously, producing output one element at a time as it goes along. Block Ciphers process plain text in large blocks Stream ciphers process plain text in small blocks, even bits. Pure Block ciphers are memory less Stream cipher encryption depends not only on the plain text, , key but also on current state.
Stream Cipher
Stream Cipher Structure A typical stream cipher encrypts plain text one bit or byte or some times more at a time
44
Stream Cipher
Stream Cipher Structure A key is input to a pseudorandom bit generator that produces a stream of 8 bit numbers that are apparently random. A pseudorandom stream is one that is unpredictable without the knowledge of input key.
45
Stream Cipher Structure
46
Stream Cipher Properties

some design considerations are:
1.
2. 3. 4.
The encryption sequence should have long period with no repetitions the longer the period of repeat, the more difficult it will be to do cryptanalysis. Keystream should be truly random random depends on large enough key large linear complexity
47
RC4
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
48
RC4
Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100 [ROBS95a]. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards that have been defined for communication between Web browsers and servers.
RC4
It is also used in the WEP (Wired Equivalent Privacy) protocol and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a trade secret by RSA Security. In September 1994, the RC4 algorithm was anonymously posted on the Internet on the Cypherpunks anonymous remailers list.
50
RC4
The RC4 algorithm is remarkably simply and quite easy to explain. A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S, with elements S[0], S[1],..., S[255].
51
RC4
For encryption and decryption, a byte k (see Figure) is generated from S by selecting one of the 255 entries in a systematic fashion. As each value of k is generated, the entries in S are once again permuted.
52
Modes of Operation
A block cipher algorithm is a basic building block for providing data security. To apply a block cipher in a variety of applications, four "modes of operation" have been defined by NIST (FIPS 81). The four modes are intended to cover virtually all the possible applications of encryption for which a block cipher could be used.
53
Modes of Operation
1. 2. 3. 4. Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) /Output Feedback (OFB) Counter (CTR)
54
Electronic Codebook Book (ECB)

In ECB plaintext is handled one block at a time and each block of plaintext is encrypted using the same key.
55
Electronic Codebook Book (ECB)

The term codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext.
56
Advantages and Limitations of ECB The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES key securely, ECB is the appropriate mode to use. The most significant characteristic of ECB is that the same b-bit block of plaintext, if it appears more than once in the message, always produces the same ciphertext.
57
Advantages and Limitations of ECB For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities.
e.g., if it is known that the message always starts out with certain predefined fields, then the cryptanalyst may have a number of known plaintext-ciphertext pairs to work with. If the message has repetitive elements, with a period of repetition a multiple of b bits, then these elements can be identified by the analyst. This may help in the analysis or may provide an opportunity for substituting or rearranging blocks.
Cipher Block Chaining (CBC)

In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block.
59

In effect, we have chained together the processing of the sequence of plaintext blocks. The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed.
60

In conclusion, because of the chaining mechanism of CBC, it is an appropriate mode for encrypting messages of length greater than b bits. In addition to its use to achieve confidentiality, the CBC mode can be used for authentication
61
62
Cipher FeedBack (CFB)

The DES scheme is essentially a block cipher technique that uses b-bit blocks. However, it is possible to convert DES into a stream cipher, using either the cipher feedback (CFB) or the output feedback mode. A stream cipher eliminates the need to pad a message to be an integral number of blocks. It also can operate in real time.
63
Cipher FeedBack (CFB)

One desirable property of a stream cipher is that the ciphertext be of the same length as the plaintext. Thus, if 8-bit characters are being transmitted, each character should be encrypted to produce a cipher text output of 8 bits. If more than 8 bits are produced, transmission capacity is wasted.
Let the unit of transmission is s bits; a common value is s = 8. As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a function of all the preceding plaintext. In this case, rather than units of b bits, the plaintext is divided into segments of s bits.
s-bit Cipher FeedBack (CFB-s)
65
Advantages and Limitations of CFB

appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error
Counter (CTR)
Although interest in the counter mode (CTR) has increased recently, with applications to ATM (asynchronous transfer mode) network security and IPSec (IP security), this mode was proposed early on .
67
Counter (CTR)
In CTR mode, A counter, equal to the plaintext block size is used. The only requirement is that the counter value must be different for each plaintext block that is encrypted. Typically, the counter is initialized to some value and then incremented by 1 for each subsequent block (modulo 2b where b is the block size).
68
Counter (CTR)
For encryption, the counter is encrypted and then XORed with the plaintext block to produce the ciphertext block; there is no chaining. For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a ciphertext block to recover the corresponding plaintext block.
69
Counter (CTR)
70
efficiency
Advantages and Limitations of CTR
can do parallel encryptions in h/w or s/w can preprocess in advance of need good for bursty high speed links
random access to encrypted data blocks provable security (good as other modes) but must ensure never reuse key/counter values, otherwise could break (cf OFB)
Questions
1. What are the essential ingredients of a symmetric cipher? 2. What are the two basic functions used in encryption algorithms? 3. What is the difference between a block cipher and a stream cipher? 4. How many keys are required for two people to communicate via a symmetric cipher? 5. What are the two approaches to attacking a cipher? 6. Why do some block cipher modes of operation only use encryption while others uses both encryption and decription? 7. What is triple Encryption? 8. Define Brute force and cryptanalytic attack? 9. How do we classify encryption techniques ----2
72
Questions
10. Write steps for Feistel Cipher Encryption techniques. 11. What are the parameters that are considered for designing a symmetric block cipher? 12. Explain cipher block modes of operation? 13. What are advantages and disadvantages of cipher block modes of operation?
73

CAP361: Security and Privacy of Information Lecture Number 05-08 Bhagat Avinash

Uploaded by

Copyright:

Available Formats

CAP361: Security and Privacy of Information Lecture Number 05-08 Bhagat Avinash

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CAP361: Security and Privacy of Information Lecture Number 05-08 Bhagat Avinash

Uploaded by

Copyright:

Available Formats

CAP361:

SECURITY AND PRIVACY OF INFORMATION Lecture Number 05-08 Bhagat Avinash

School of Computing Applications Lovely Professional University

Email: [email protected] [email protected]

Symmetric Encryption and Message Confidentiality

Network Security Essentials

Some Basic Terminology

ciphertext coded message

encipher (encrypt) converting plaintext to ciphertext

Symmetric Cipher Model

Symmetric Encryption and Message Confidentiality

Encryption depends upon secrecy of key

Cryptography can be classified as :

number of keys used

way in which plaintext is processed

Symmetric Encryption and Message Confidentiality

Symmetric Encryption and Message Confidentiality

Symmetric Encryption and Message Confidentiality

Symmetric Encryption and Message Confidentiality

Brute Force Search

2 1026 s = 6.4 1012 years

Symmetric Encryption and Message Confidentiality

Symmetric Block Encryption Algorithms

Feistel Cipher Structure

Symmetric Encryption and Message Confidentiality

Feistel Cipher Structure

Feistel Cipher Structure

Symmetric Encryption and Message Confidentiality

The Feistel Cipher Structure

Symmetric Encryption and Message Confidentiality

Symmetric Encryption and Message Confidentiality

Feistel Cipher Structure

Symmetric Encryption and Message Confidentiality

Feistel Cipher Design Elements

Feistel Cipher Design Elements

Symmetric Encryption and Message Confidentiality

Feistel Cipher Design Elements

Fast S/W en/decryption

Symmetric Encryption and Message Confidentiality

Data Encryption Standard (DES)

Now NIST (national inst. Of standards and

Symmetric Encryption and Message Confidentiality

by team led by Feistel in late 60s

DES Design Controversy

Was considerable controversy over design

produces 64 bits of Cipher Text.

Symmetric Encryption and Message Confidentiality

How Does DES Works ???

Symmetric Encryption and Message Confidentiality

Substitution Technique (confusion) and Transposition

Each round performs the steps of Substitution and

Symmetric Encryption and Message Confidentiality

DES Encryption Overview

Symmetric Encryption and Message Confidentiality

Level of steps in DES

The IP produces two halves of the permuted block:

RPT (Right Plain Text)

Symmetric Encryption and Message Confidentiality