1 / 24

Security course

Security course. Jean-Roland Schuler jroland.schuler@eif.ch. Symmetric cipher. The same key is used for the encryption and decryption. Examples: DES, 3-DES, IDEA, Blowfish, RC2, RC4, RC5, RC6, AES. Block cipher: ECB Mode.

pearl-brock
Télécharger la présentation

Security course

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security course Jean-Roland Schuler jroland.schuler@eif.ch

  2. Symmetric cipher The same key is used for the encryption and decryption • Examples: DES, 3-DES, IDEA, Blowfish, RC2, RC4, RC5, RC6, AES

  3. Block cipher: ECB Mode • Block cipher: the message is divided in block with same length (64 bits) • ECB (Electronic Code Book) mode Main default: the same block always gives the same crypted value

  4. Block cipher: CBC Mode CBC (Cipher Block Chaining) mode For the first block, we need an IV (Initial Vector)

  5. Block cipher: CFB Mode CFB (Cipher Feedback) Mode For the first block, we need an IV (Initial Vector)

  6. Block cipher: OFB Mode OFB (Output Feedback) Mode For the first block, we need an IV (Initial Vector)

  7. Symmetric cipher: DES • IBM developped the DES in 1973 • DES is a symmetric block cipher • The key length is 56 bits (64 bits but 1bit/byte is for parity) • The algorithm for the encryption and for the decryption is the same • DES uses only standard operations (shift, xor, …) • DES uses different modes: ECB, CBC, CFB, OFB

  8. Symmetric cipher: DES • IP, Initial permutation • 16 rounds where the key (Ki) is used with ‘f’ function

  9. Symmetric cipher: DES • Details of a DES round

  10. Symmetric cipher: DES • For each round, we have a new sub key obtained with a shift • Shift  weak keys • 0000000 0000000 • 0000000 FFFFFFF • FFFFFFF 0000000 • FFFFFFF FFFFFFF

  11. Stream cipher: RC4 • RC4 is a stream cipher designed by Ron Rivest (RSA Security firm) in 1987. • It was kept as a trade secret until it leaked out in 1994. • It is a variable key-size stream cipher with byte-oriented operations • RC4 is 10 time faster than DES.

  12. Stream cipher: RC4 • RC4 has two parts: • A key scheduling algorithm (KSA) which combines a random key (whose typical size is 40-256 bits) and an initial vector S0 (S0 = {0, …, N-1}) which generate an initial permutation vector S • An output generation part (PRGA) which uses the initial permutation vector S, two indices i and j and the clear text. The PRGA generates a pseudo-random output sequence which is the cipher text

  13. Stream cipher: RC4, KSA KSA (K): K = Key; len = Key’s length, N=256 Initialization: For i = 0 … N-1 S[ i ] = i j = 0 KSA generation: For i = 0 … N-1 j = j + S[ i ] +K[ i mod len] Swap (S[ i ], S[ j ])

  14. Stream cipher: RC4, PRGA PRGA; p = clear text, c = cipher text, N = 256 Initialization: i = 0 j = 0 Loop: i = i + 1 j = j +S[ i ] Swap (S[ i ], S[ j ]) z = (S[ S[ i ] + S[ j ]]) mod N

  15. Stream cipher: RC4, encryption Encryption: Ci = Zi  Pi Decryption: Pi = Ci  Zi = Zi Pi  Zi = Pi

  16. Stream cipher: Code, KSA www.openssl.org void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) { .. d= &(key->data[0]); for (i=0; i<256; i++) d[i]=i; key->x = 0; key->y = 0; id1=id2=0; #define SK_LOOP(n) { \ tmp=d[(n)]; \ id2 = (data[id1] + tmp + id2) & 0xff; \ if (++id1 == len) id1=0; \ d[(n)]=d[id2]; \ d[id2]=tmp; } for (i=0; i < 256; i+=4) { SK_LOOP(i+0); SK_LOOP(i+1); SK_LOOP(i+2); SK_LOOP(i+3); } }

  17. Stream cipher: Code, PRGA Code example: Main part void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata) { .. #define LOOP(in,out) \ x=((x+1)&0xff); \ tx=d[x]; \ y=(tx+y)&0xff; \ d[x]=ty=d[y]; \ d[y]=tx; \ (out) = d[(tx+ty)&0xff]^ (in); #define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) if (i) { for (;;) { RC4_LOOP(indata,outdata,0); …. } }

  18. Stream cipher: Encryption Class definition class CRC4 {public: CRC4(); void init (unsigned char *pKey, int keyLength); void crypt (unsigned char *pIn, int lengthIn, unsigned char *pOut); private: RC4_KEY key; }; CRC4::CRC4(){}; void CRC4::init(unsigned char *pKey, int keyLength){ RC4_set_key(&key, keyLength, pKey); } void CRC4::crypt(unsigned char *pIn, int lengthIn, unsigned char *pOut){ RC4(&key,lengthIn,pIn,pOut); }

  19. Stream cipher: Encryption Program ... rc4.init (&keyRC4[0], sizeof(keyRC4)); for (length = sizeBuf; length == sizeBuf;) { length = fread (pBufIn, 1, sizeBuf, pSource); rc4.crypt (pBufIn, length, pBufOut); fwrite (pBufOut, 1, length, pDest); } ..

  20. Asymmetric cipher Public keys exchange between Bob and Alice • Examples: RSA, DSS, Diffie-Hellman

  21. Asymmetric cipher: RSA • We must choose 2 great prime numbers: p and q • We compute: n = p*q • We choose a numberewhich is prime with (p-1)(q-1)no common denominator • We compute a number d with this property: • (e * d) modulo {(p-1)(q-1)} = 1 • Example: • p = 47, q = 71 • n = p*q = 3337 • (n-1)(p-1) = 46 * 70 = 3220  e = 79 • d = 1019: (79 * 1019) modulo(3220)=1 (Euclide algorithm)

  22. Asymmetric cipher: RSA • d and nare prime • e and n are used for the public key • d is the private key • p and q can be deleted Encrypt: ci = mie modulo n Decrypt: mi = cid modulo n

  23. Example: We will crypt this message: • m = 6882326879666683 • We divide this message in 6 parts: • m1 = 688 • m2 = 232 • m3 = 687 • m4 = 966 • m5 = 668 • m6 = 3 • c1 = mie modulo n = 68879 modulo 3337 = 1570 • c = 1570 2756 2091 2276 2423 158 • For the decryption: m1 = 15701019 modulo 3337 = 688 Asymmetric cipher: RSA

  24. References • Cryptographie appliquée, Bruce Schneier, 2e edition, WILEY, 1997, 2-84180-036-9 • Cryptographie, Théorie et Pratique, Douglas Stinson, 1996, 2-84180-013-X • Développement d’applications sécurisées, Daniel Bruegger, 2001, Ecole d’Ingénieurs et d’architectes de Fribourg

More Related