1 / 33

Conventional Encryption & Message Confidentiality

King Mongkut’s Univerity of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv. Conventional Encryption & Message Confidentiality. Acknowledgements for slides Henric Johnson Blekinge Institute of Technology, Sweden. Outline.

Télécharger la présentation

Conventional Encryption & Message Confidentiality

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. King Mongkut’sUniverity of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge Institute of Technology, Sweden Conventional Encryption

  2. Outline • Conventional Encryption Principles • Conventional Encryption Algorithms • Cipher Block Modes of Operation • Key Distribution Conventional Encryption

  3. Conventional Encryption Principles • An encryption scheme has five ingredients: • Plaintext • Encryption algorithm • Secret Key • Ciphertext • Decryption algorithm • Security depends on the secrecy of the key, not the secrecy of the algorithm Conventional Encryption

  4. Conventional Encryption Process What do we require from the algorithm? Conventional Encryption

  5. Requirements • The Encryption algorithm should be strong • Opponent who knows the algorithm & ciphertexts would be unable to reveal the plaintext or the key • The key is to be distributed in a secure way • Low cost chip implementation why? • Important for wide spread use • Secrecy of algorithm NOT required why? Conventional Encryption

  6. Classification of Cryptographic Systems • The type of operations used for transforming plaintext to ciphertextexamples? • The number of keys used • symmetric (single key) • asymmetric (two-keys, - public-key encryption) • The way in which the plaintext is processed • Block cipher, stream cipher Conventional Encryption

  7. A model for Encryptionalgorithm • Horst Feistel of IBM in 1973 • Input – • block of plaintext in two halves: (L0, R0) • Secret Key K • Encryption: N rounds of “processing” • Li-1, Ri-1, Ki Li, Ri,Ki+1 • Sub-keysKi derived from K • One round of encryption: • Ri = apply special F(Ki, Ri-1), XOR with Li-1 • Li = Ri-1 what is XOR? Conventional Encryption

  8. Conventional Encryption

  9. Transmission and Decryption • Transmission: Two halves of ciphertext • Decryption at the receiver (receiver knows K) • Input: • Two halves of Ciphertext (Ln+1, Rn+1) • Last sub-key: KnHow receiver knows this? • Receiver uses same algorithm as encryption • Each step: create Ki , (Li, Ri ) in reverse order • Output: plaintext (L0, R0) • how to make the algorithm stronger? Conventional Encryption

  10. Increasing the strength of the algorithm • Larger Block size • Larger Key Size • Increasing Number of rounds • Output bits depend on more input bits • Complex Subkey generation algorithm • More complex F() • What’s the price of all this? • All of the above reduce speed • why is that important? Conventional Encryption

  11. Conventional Encryption Algorithms • Data Encryption Standard (DES) • The most widely used encryption scheme • DES encrypts block after block (block cypher) • The plaintext is processed in 64-bit blocks • The key K is 56-bits in length • Triple DES (TDES) • 3 keys, three executions of DES • Advanced Encryption Standard (AES) Conventional Encryption

  12. DES • Encryption: • Initial permutation of the input 64-bit block ?? • 16 rounds ( using a special F function) • Swap two halves • Inverse of initial permutation •  ciphertext • Decryption • Initial permutation of ciphertext 64-bit block • 16 rounds (use sub-keys in reverse order) • Swap  plaintext Conventional Encryption

  13. Conventional Encryption

  14. Concerns about DES • algorithm vulnerable? (easy way to break?) • No vulnerability found, but • The function F is very complex • Key length • DES cracker built • less $250,000, three days work to break (find key) • Much faster cracking done using internet • DES is not considered a strong algorithm • What a cracker want? What does he do? Conventional Encryption

  15. Cracking methods • If plaintext is really text • Use statistical distribution of letters, syllables • Use existence of structure: headers, … • In conjunction with brute force • If plaintext is not text but a general binary file • Use structure if known • Brute force • Note most files have some structure • E.g. program files • Otherwise attacker would not know if he succeeded Conventional Encryption

  16. Cryptanalysis: Average time required for exhaustive key search Conventional Encryption

  17. Triple DES • Encryption: Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt) • P = Plaintext • C = ciphertext • EK[X] = encryption of X using key K • DK[Y] = decryption of Y using key K • Effective key length of 168 bits • We use decryption in the middle. Why? C = EK3[DK2[EK1[P]]] Conventional Encryption

  18. Triple DES Conventional Encryption

  19. TDES: Decryption C = EK3[DK2[EK1[P]]] DK3[C] = DK2[EK1[P]] EK2[DK3[C] = EK1[P] P = Dk1[EK2[DK3[C]]] Conventional Encryption

  20. Encryption of Messages How a long message is encrypted? Conventional Encryption

  21. Cipher Block Operation: ECB mode • “Electronic Code Book” • Divide message into blocks; encrypt each block • For every block  a ciphertext block • Like a gigantic table: plaintext, ciphertext • plaintext blocks repeats? sameciphertext block • cracker identifies blocks, easier to crack • Improvement: design method so that repeat plaintext blocks  differentciphertext blocks! • How? Conventional Encryption

  22. Cipher Block Chaining Mode (CBC) • Ciphertext block i , Ci: • Do XOR of the current plaintext block Pi and the preceding ciphertext block, Ci-1 • Then encrypt Conventional Encryption

  23. CBC Encryption • Create “initial value” block • XOR with first Plaintext block • Encrypt  first ciphertext block • XOR with second plaintext block,… Conventional Encryption

  24. Decryption in CBC mode • Decrypt first ciphertext block • XOR result with Initial Value Block •  first Plaintext block • Decrypt second ciphertext block • XOR with first ciphertext block •  second plaintext block. … Conventional Encryption

  25. The Initial Value block IV • First ciphertext block C1 = EK (IVP1) • First Plaintext block P1 = IVDK(C1) • IV should be sent to receiver for decryption Conventional Encryption

  26. Intitial value attcak • Consider bit j of P1 : • P1[j] = IV[j]DK(C1)[j] • If IV[j] is inverted, so is P1[j] • If attacker gets IV on the way, change it and re-send it to receiver, he can predictably change bits of P1 • What can we do to avoid this attack? • Better encrypt IV on its way • IV can be encrypted as a single block, with no chaining Conventional Encryption

  27. Key Distribution Conventional Encryption

  28. Types and Usages of Keys • Session key: • Data encrypted with a short lived session key • At the end of the session the key is destroyed • Permanent (or Master) key: • Used for distributing a (first/new) session key • session key encrypted by master key, sent • A (or B) can do this, • or 3’rd party C with shared master keys Ka, Kb • C is Key Distribution Center (KDC) • How Ka, Kb, are created / distributed? Conventional Encryption

  29. Using KDC: 1. A  KDC • A sends non encrypted Request for a session Key for communicating with B • Contents: { A id, B id, N1 Nonce} • Identifier of sender (A) (e.g. Address | port) • Identifier of intended party (B) • A random string (Nonce) what’s that for? • A expects that the nonce will be echoed by the receiver of this message (the KDC) • It will be encrypted so that A will know that it was echoed by KDC and not by an imposter Conventional Encryption

  30. Using KDC: 2. KDC  A • 2 parts reply encryptedby master key Ka: • Part I – to be used by A: • One time (first/new) session key • Original request (including the nonce) • A now knows session key came from KDC • A knows it’s not a replay of old reply why? • Part II - encrypted by Kb, will be sent later to B: • Session key and A id Conventional Encryption

  31. Key Distribution Scenario Conventional Encryption

  32. Using KDC: 3. A B • A stores the session key, forwarding Part II to B • Both A and B now know the session key • B knows that session key was created by KDC • But B is not sure whether A is not an imposter • May be it is D, who stole part II, sends to B • B checks if sender knows the session key how • 4. B  A: nonce N2, encrypted by the session key • 5. A  B: some predefined function of N2 f(N2) • B checks result, if OK, A knows the session key • This is Challenge response authentication Conventional Encryption

  33. Key Distribution Scenario Conventional Encryption

More Related