Ch02 NetSec5e

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 38

Network Security Essentials

Fifth Edition
by William Stallings
Chapter 2
Symmetric Encryption and
Message Confidentiality
“I have solved other ciphers of an abstruseness ten thousand times
greater. Circumstances, and a certain bias of mind, have led me to
take interest in such riddles, and it may well be doubted whether
human ingenuity can construct an enigma of the kind which
human ingenuity may not, by proper application, resolve.”

—The Gold Bug, Edgar Allen Poe


Amongst the tribes of Central Australia every man, woman, and
child has a secret or sacred name which is bestowed by the older
men upon him or her soon after birth, and which is known to none
but the fully initiated members of the group. This secret name is
never mentioned except upon the most solemn occasions; to utter
it in the hearing of men of another group would be a most serious
breach of tribal custom. When mentioned at all, the name is
spoken only in a whisper, and not until the most elaborate
precautions have been taken that it shall be heard by no one but
members of the group. The native thinks that a stranger knowing
his secret name would have special power to work him ill by means
of magic.

—The Golden Bough, Sir James George Frazer


Some Basic Terminology

• Plaintext - original message


• Ciphertext - coded message
• Cipher - algorithm for transforming plaintext to ciphertext
• Key - info used in cipher known only to sender/receiver
• Encipher (encrypt) - converting plaintext to ciphertext
• Decipher (decrypt) - recovering ciphertext from plaintext
• Cryptography - study of encryption principles/methods
• Cryptanalysis (code breaking) - study of principles/methods of
deciphering ciphertext without knowing key
• Cryptology - field of both cryptography and cryptanalysis
Requirements

• There are two requirements for secure use of symmetric


encryption:
• A strong encryption algorithm
• Sender and receiver must have obtained copies of the secret key in a
secure fashion and must keep the key secure
• The security of symmetric encryption depends on the secrecy of
the key, not the secrecy of the algorithm
• This makes it feasible for widespread use
• Manufacturers can and have developed low-cost chip
implementations of data encryption algorithms
• These chips are widely available and incorporated into a
number of products
Cryptography

• The type of operations used for transforming plaintext to ciphertext


• Substitution
• Each element in the plaintext is mapped into another element
• Transposition
Cryptographic • Elements in the plaintext are rearranged
• Fundamental requirement is that no information be lost
systems are • Product systems
generically • Involve multiple stages of substitutions and transpositions
• The number of keys used
classified along • Referred to as symmetric, single-key, secret-key, or conventional
encryption if both sender and receiver use the same key
three • Referred to as asymmetric, two-key, or public-key encryption if the
independent sender and receiver each use a different key
• The way in which the plaintext is processed
dimensions: • Block cipher processes the input one block of elements at a time,
producing an output block for each input block
• Stream cipher processes the input elements continuously, producing
output one element at a time, as it goes along
Table 2.1
Types of Attacks on Encrypted Messages
cryptanalysis

• An encryption scheme is computationally secure if the ciphertext


generated by the scheme meets one or both of the following criteria:
• The cost of breaking the cipher exceeds the value of the encrypted
information
• The time required to break the cipher exceeds the useful lifetime of the
information
Brute Force attack

• Involves trying every possible key until an intelligible translation of


the ciphertext into plaintext is obtained
• On average, half of all possible keys must be tried to achieve
success
• Unless known plaintext is provided, the analyst must be able to
recognize plaintext as plaintext
• To supplement the brute-force approach
• Some degree of knowledge about the expected plaintext is needed
• Some means of automatically distinguishing plaintext from garble is also
needed
Feistel Cipher Design Elements
Subkey generation
• The essence of a algorithm
• Larger block sizes Key size symmetric block
mean greater cipher is that a • Greater
security but • Larger key size single round offers complexity in this
reduced means greater inadequate security algorithm should
encryption/decry security but may but that multiple lead to greater
ption speed decrease rounds offer difficulty of
encryption/decryptio increasing security cryptanalysis
Block size n speed
Number of rounds

Fast software • If the algorithm can be


• Greater encryption/decrypt
complexity concisely and clearly
ion
generally means explained, it is easier to
greater resistance • In many cases, encryption is analyze that algorithm for
to cryptanalysis embedded in applications or cryptanalytic
utility functions in such a way as vulnerabilities and
to preclude a hardware therefore develop a higher
Round function implementation; accordingly, level of assurance as to its
the seed of execution of the strength
algorithm becomes a concern
Ease of analysis
Symmetric Block encryption algorithms

• Block cipher
• The most commonly used Data
symmetric encryption Encryption
algorithms Standard
(DES)
• Processes the plaintext input
in fixed-sized blocks and
produces a block of ciphertext The three most
of equal size for each plaintext
block
important
symmetric
Advanced block ciphers
Encryption Triple DES
Standard (3DES)
(AES)
Data Encryption Standard (DES)

• Most widely used encryption scheme


• Issued in 1977 as Federal Information Processing Standard 46 (FIPS
46) by the National Institute of Standards and Technology (NIST)
• The algorithm itself is referred to as the Data Encryption Algorithm
(DEA)
DES algorithm

• Description of the algorithm:


• Plaintext is 64 bits in length
• Key is 56 bits in length
• Structure is a minor variation of the Feistel network
• There are 16 rounds of processing
• Process of decryption is essentially the same as the encryption process
• The strength of DES:
• Concerns fall into two categories
• The algorithm itself
• Refers to the possibility that cryptanalysis is possible by exploiting the characteristics of
the algorithm
• The use of a 56-bit key
• Speed of commercial, off-the-shelf processors threatens the
security
Table 2.2
Average Time Required for Exhaustive Key Search
3DES guidelines

• FIPS 46-3 includes the following guidelines for 3DES:


• 3DES is the FIPS-approved symmetric encryption algorithm of choice
• The original DES, which uses a single 56-bit key, is permitted under the
standard for legacy systems only; new procurements should support 3DES
• Government organizations with legacy DES systems are encouraged to
transition to 3DES
• It is anticipated that 3DES and the Advanced Encryption Standard (AES) will
coexist as FIPS-approved algorithms, allowing for a gradual transition to AES
Advanced encryption standard (AES)

• In 1997 NIST issued a call for proposals for a new AES:


• Should have a security strength equal to or better than 3DES and significantly
improved efficiency
• Must be a symmetric block cipher with a block length of 128 bits and support
for key lengths of 128, 192, and 256 bits
• Evaluation criteria included security, computational efficiency, memory
requirements, hardware and software suitability, and flexibility
• NIST selected Rijndael as the proposed AES algorithm
• FIPS PUB 197
• Developers were two cryptographers from Belgium: Dr. Joan Daemen and Dr.
Vincent Rijmen
Random and pseudorandom Numbers

• A number of network security algorithms based on cryptography


make use of random numbers
• Examples:
• Generation of keys for the RSA public-key encryption algorithm and other public-key
algorithms
• Generation of a symmetric key for use as a temporary session key; used in a number
of networking applications such as Transport Layer Security, Wi-Fi, e-mail security,
and IP security
• In a number of key distribution scenarios, such as Kerberos, random numbers are
used for handshaking to prevent replay attacks

• Two distinct and not necessarily compatible


requirements for a sequence of random numbers are:
• Randomness
• Unpredictability
Randomness
• The following criteria are used to validate that a sequence of
numbers is random:

• The distribution of bits in the sequence


should be uniform
Uniform • Frequency of occurrence of ones and
zeros should be approximately the same
distribution

• No one subsequence in the sequence can be


inferred from the others
• There is no test to “prove” independence
Independence • The general strategy is to apply a number of
tests until the confidence that independence
exists is sufficiently strong
unpredictability

• In applications such as reciprocal authentication and session key


generation, the requirement is not so much that the sequence of
numbers be statistically random but that the successive members of
the sequence are unpredictable
• With “true” random sequences, each number is statistically
independent of other numbers in the sequence and therefore
unpredictable
• Care must be taken that an opponent not be able to predict future
elements of the sequence on the basis of earlier elements
Algorithm design

• Designed specifically and solely for the purpose of


Purpose-built algorithms generating pseudorandom bit streams

Algorithms based on • Cryptographic algorithms have the effect of


existing cryptographic randomizing input
algorithms • Can serve as the core of PRNGs

Three broad categories of • Symmetric block ciphers


cryptographic algorithms • Asymmetric ciphers
are commonly used to • Hash functions and message authentication codes
create PRNGs:
Stream Cipher design considerations

• The encryption sequence should have a large period


• The longer the period of repeat, the more difficult it will be to
do cryptanalysis
• The keystream should approximate the properties of a true random
number stream as close as possible
• The more random-appearing the keystream is, the more randomized the
ciphertext is, making cryptanalysis more difficult
• The pseudorandom number generator is conditioned on the value of
the input key
• To guard against brute-force attacks, the key needs to be sufficiently long
• With current technology, a key length of at least 128 bits is desirable
RC4 algorithm

• A stream cipher designed in 1987 by Ron Rivest for RSA Security


• It is a variable key-size stream cipher with byte-oriented
operations
• The algorithm is based on the use of a random permutation
• Is used in the Secure Sockets Layer/Transport Layer Security
(SSL/TLS) standards that have been defined for communication
between Web browsers and servers
• Also used in the Wired Equivalent Privacy (WEP) protocol and the
newer WiFi Protected Access (WPA) protocol that are part of the
IEEE 802.11 wireless LAN standard
Cipher block Modes of Operation

• A symmetric block cipher processes one block of data at a time


• In the case of DES and 3DES, the block length is b=64 bits
• For AES, the block length is b=128
• For longer amounts of plaintext, it is necessary to break the plaintext into
b-bit blocks, padding the last block if necessary
• Five modes of operation have been defined by NIST
• Intended to cover virtually all of the possible applications of encryption
for which a block cipher could be used
• Intended for use with any symmetric block cipher, including triple DES and
AES
Electronic Codebook Mode (ECB)

• Plaintext is handled b bits at a time and each block of plaintext is


encrypted using the same key
• The term “codebook” is used because, for a given key, there is a
unique ciphertext for every b-bit block of plaintext
• One can imagine a gigantic codebook in which there is an entry for every
possible b-bit plaintext pattern showing its corresponding ciphertext
• With ECB, if the same b-bit block of plaintext appears more than
once in the message, it always produces the same ciphertext
• Because of this, for lengthy messages, the ECB mode may not be secure
• If the message is highly structured, it may be possible for a cryptanalyst to
exploit these regularities
Advantages of CTR mode

• Hardware efficiency
• Encryption/decryption can be done in parallel on multiple blocks of plaintext or ciphertext
• Throughput is only limited by the amount of parallelism that is achieved
• Software efficiency
• Because of the opportunities for parallel execution, processors that support parallel features can be
effectively utilized
• Preprocessing
• The execution of the underlying encryption algorithm does not depend on input
of the plaintext or ciphertext --- when the plaintext or ciphertext input is
presented, the only computation is a series of XORs, greatly enhancing
throughput
• Random access
• The ith block of plaintext or ciphertext can be processed in random-access fashion
• Provable security
• It can be shown that CTR is at least as secure as the other modes discussed in this
section
• Simplicity
• Requires only the implementation of the encryption algorithm and not the
decryption algorithm
summary

• Symmetric encryption • Random and pseudorandom


principles numbers
• Cryptography • The use of random numbers
• Cryptanalysis • TRNGs, PRNGs, PRFs
• Feistel cipher structure • Algorithm design
• Symmetric block encryption • Stream ciphers and RC4
algorithms • Stream cipher structure
• Data encryption standard • RC4 algorithm
• Triple DES • Cipher block modes of
• Advanced encryption operation
standard
• ECB
• CBC
• CFB
• CTR

You might also like