1 / 45

Lecture 03 Symmetric Cryptography 2

Lecture 03 Symmetric Cryptography 2. Dr. Supakorn Kungpisdan supakorn@mut.ac.th. Roadmap. Advanced Encryption Standard (AES) Design of Symmetric Cryptosystems Locations of Encryption Devices Key Distribution Problems of Symmetric Cryptography. Origins.

duscha
Télécharger la présentation

Lecture 03 Symmetric Cryptography 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lecture 03 Symmetric Cryptography 2 Dr. Supakorn Kungpisdan supakorn@mut.ac.th

  2. ITEC4621 Network Security Roadmap • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Problems of Symmetric Cryptography

  3. ITEC4621 Network Security Origins • clear a replacement for DES was needed • have theoretical attacks that can break it • have demonstrated exhaustive key search attacks • can use Triple-DES – but slow, has small blocks • US NIST issued call for ciphers in 1997 • 15 candidates accepted in Jun 98 • 5 were shortlisted in Aug-99 • Rijndael was selected as the AES in Oct-2000 • issued as FIPS PUB 197 standard in Nov-2001

  4. ITEC4621 Network Security AES Requirements • private key symmetric block cipher • 128-bit data, 128/192/256-bit keys • stronger & faster than Triple-DES • active life of 20-30 years (+ archival use) • provide full specification & design details • both C & Java implementations • NIST have released all submissions & unclassified analyses

  5. ITEC4621 Network Security AES • 128-bit plaintext block • Key length -> 128, 192, 256 bits • 10 rounds for each encryption and decryption • 128-bit plaintext is divided into 16 8-bit (1-byte) blocks. • 128-bit key is generated to 44 32-bit “words”, and 4 different words will be used in each round • 11 sets of 4-word keys are used in 10-round encryption ! • Decryption algorithm is not identical to encryption algorithm

  6. ITEC4621 Network Security AES Parameters

  7. ITEC4621 Network Security AES Encryption and Decryption XOR XOR

  8. ITEC4621 Network Security AES Encryption • 4 stages in each round: • Substitution bytes -> use S-box for byte-to-byte substitution • Shift rows -> simple row-by-row permutation • Mix columns -> a substitution that alters each byte in a column as a function of all of the bytes in the column • Add round keys -> bitwise XOR of the current block with the key

  9. ITEC4621 Network Security AES Encryption Round 16 bytes

  10. ITEC4621 Network Security SubBytes

  11. ITEC4621 Network Security SubBytes (cont.) S-box

  12. ITEC4621 Network Security SubBytes (cont.) Inverse S-box

  13. ITEC4621 Network Security SubBytes (cont.)

  14. ITEC4621 Network Security ShiftRows

  15. ITEC4621 Network Security MixColumns

  16. ITEC4621 Network Security MixColumns (cont.)

  17. ITEC4621 Network Security MixColumns (cont.)

  18. ITEC4621 Network Security AddRoundKey

  19. ITEC4621 Network Security AddRoundKey (cont.)

  20. ITEC4621 Network Security AES Operations

  21. ITEC4621 Network Security Roadmap • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Problems of Symmetric Cryptography

  22. ITEC4621 Network Security Design of Symmetric Cryptosystems • A Cryptographic algorithm should be efficient for good use • It should be fast and key length should be of the right length – e.g.; not too short • Cryptographic algorithms are not impossible to break without a key • If we try all the combinations, we can get the original message 2-22

  23. ITEC4621 Network Security Design of Symmetric Cryptosystems (cont.) • The security of a cryptographic algorithm depends on how much work it takes for someone to break it • E.g. If it takes 10 mil. years to break a cryptographic algorithm X using all the computers of a state, X can be thought of as a secure one – reason: cluster computers and quantum computers are powerful enough to crack many current cryptographic algorithms.

  24. ITEC4621 Network Security Design of Symmetric Cryptosystems (cont.) • Encryption Algorithm Design • Should the block size of messages be small or large? • Should the keyspace be large? • Should we consider other search rather than brute-force search? 2-24

  25. ITEC4621 Network Security Roadmap • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Problems of Symmetric Cryptography

  26. ITEC4621 Network Security Placement of Encryption • have two major placement alternatives • link encryption • encryption occurs independently on every link • implies must decrypt traffic between links • requires many devices, but paired keys • end-to-end encryption • encryption occurs between original source and final destination • need devices at each end with shared keys

  27. ITEC4621 Network Security Locations of Encryption Devices

  28. ITEC4621 Network Security Placement of Encryption (cont.) • when using end-to-end encryption must leave headers in clear • so network can correctly route information • hence although contents protected, traffic pattern flows are not • ideally want both at once • end-to-end protects data contents over entire path and provides authentication • link protects traffic flows from monitoring

  29. ITEC4621 Network Security Placement of Encryption (cont.) • can place encryption function at various layers in OSI Reference Model • link encryption occurs at layers 1 or 2 • end-to-end can occur at layers 3, 4, 6, 7 • as move higher less information is encrypted but it is more secure though more complex with more entities and keys

  30. ITEC4621 Network Security Link Encryption VS End-to-end Encryption

  31. ITEC4621 Network Security Encryption VS Protocol Level

  32. ITEC4621 Network Security Traffic Padding

  33. ITEC4621 Network Security Roadmap • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Problems of Symmetric Cryptography

  34. ITEC4621 Network Security Key Distribution • The security of symmetric cryptosystem is based on the security of key distribution. • Important process  two hosts need a shared key before transmitting a message securely. • Secret key must be securely distributed between hosts, and need to be updated frequently. • But, HOW can we securely distribute the shared key?

  35. ITEC4621 Network Security Key Exchange with Symmetric Cryptography • Two kinds of keys: • Session key • temporary key • used for encryption of data between users • for one logical session then discarded • Master key • used to encrypt and distribute session keys • shared by user & key distribution center • Key Distribution Center (KDC) • Shares permanent key with hosts • Distributes session keys upon the requests of hosts

  36. ITEC4621 Network Security Key Distribution Scenario

  37. ITEC4621 Network Security Steps • Alice sends a request (IDA, IDB) for a session key and a nonce (N1) to KDC. • Nonce may be a random number. • What is nonce for? • KDC sends an encrypted message to A containing: • Session key KS • Encrypted session key for Bob EKb(KS, IDA) • Alice forwards EKb(KS, IDA) to Bob. Bob can decrypt it. (anyone else?) • Bob confirms that he has received KS by sending Alice EKs[N2]. • Alice responses by sending f(N2) encrypted with KS.

  38. ITEC4621 Network Security Hierarchical Key Control • In a very large network, a single KDC is not enough -> a hierarchy of KDCs can be established. • Local KDCs and a global KDC • Local KDC is responsible for parties in the same domain, whereas global KDC is taking care of communications of parties in different domains.

  39. ITEC4621 Network Security Session Key Lifetime • The more frequently session keys are exchanged, the more secure they are. • However, each session key distribution causes delays. • In connection-oriented protocols, a new session key is issued for each connection. • However, if the connection is open for a long time, it may be needed to retransmit a new session key. • In connectionless protocols, not obvious how often the new session key is exchanged. • A better strategy is to use a given session key for a certain fixed period only or for a certain number of transaction.

  40. ITEC4621 Network Security A Transparent Key Control Scheme

  41. ITEC4621 Network Security Decentralized Key Control • Centralized Key Control -> KDC is normally assumed to be trusted and secured from attacks. • However, attacks may occur. -> try decentralized approach • Decentralization is suitable for local connection. • Involved parties need a master key between pairs of parties as many as [n(n-1)]/2 keys among n users.

  42. ITEC4621 Network Security Decentralized Key Distribution

  43. ITEC4621 Network Security Decentralized Key Distribution (cont.) • Alice and Bob share a master key MKm. • Alice sends a request for a session key with a nonce N1 to Bob. • Bob sends KS encrypted with shared master key MKm. The message contains a nonce N2. • Alice responses with f(N2) encrypted with the session key.

  44. ITEC4621 Network Security Problems of Symmetric Cryptography • Keys must be distributed in secret. • Keys are valuable as all the messages theyencrypt. • If a key is compromised, then so the security of the entire system. • Not scalable -> assume that each pair of total n users shares different secrets. Number of keys needed is n(n-1)/2 keys • Algorithms are easy to break compared to public-key cryptographic algorithms • However symmetric one can be performed faster -> less time -> less power consumption -> suitable for being implemented in mobile devices • Lack of necessary security services e.g. non repudiation, provide low-level of integrity check

  45. Questions? Next week Public-key Cryptography and Applications 1

More Related