1 / 0

Chapter 20

Chapter 20. Symmetric Encryption and Message Confidentiality. Symmetric Encryption . also referred to as: conventional encryption secret-key or single-key encryption only alternative before public-key encryption in 1970’s still most widely used alternative has five ingredients:

skah
Télécharger la présentation

Chapter 20

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 20

    Symmetric Encryption and Message Confidentiality
  2. Symmetric Encryption also referred to as: conventional encryption secret-key or single-key encryption only alternative before public-key encryption in 1970’s still most widely used alternative has five ingredients: plaintext encryption algorithm secret key ciphertext decryption algorithm
  3. Cryptography
  4. Cryptanalysis type of attack known to cryptanalyst
  5. Computationally Secure Encryption Schemes encryption is computationally secure if: cost of breaking cipher exceeds value of information time required to break cipher exceeds the useful lifetime of the information usually very difficult to estimate the amount of effort required to break can estimate time/cost of a brute-force attack
  6. Feistel Cipher Structure
  7. Block Cipher Structure symmetric block cipher consists of: a sequence of rounds with substitutions and permutations controlled by key parameters and design features:
  8. Data Encryption Standard (DES) most widely used encryption scheme adopted in 1977 by National Bureau of Standards now NIST FIPS PUB 46 algorithm is referred to as the Data Encryption Algorithm (DEA) minor variation of the Feistel network
  9. DES & AES See 6b supplementary notes for good explanation of both algorithms from Brett Tjaden book.
  10. first used in financial applications in DES FIPS PUB 46-3 standard of 1999 uses three keys and three DES executions: C = E(K3, D(K2, E(K1, P))) decryption same with keys reversed use of decryption in second stage gives compatibility with original DES users effective 168-bit key length, slow, secure AES will eventually replace 3DES Triple DES (3DES)
  11. Advanced Encryption Standard (AES)
  12. AES Round Structure
  13. Table 20.2 (a) S-box
  14. Table 20.2(b) Inverse S-box
  15. ShiftRows
  16. Mix Columns and Add Key mix columns operates on each column individually mapping each byte to a new value that is a function of all four bytes in the column use of equations over finite fields to provide good mixing of bytes in column add round key simply XOR State with bits of expanded key security from complexity of round key expansion and other stages of AES
  17. Stream Ciphers processes input elements continuously key input to a pseudorandom bit generator produces stream of random like numbers unpredictable without knowing input key XOR keystream output with plaintext bytes are faster and use far less code design considerations: encryption sequence should have a large period keystream approximates random number properties uses a sufficiently long key
  18. Table 20.3 Speed Comparisons of Symmetric Ciphers on a Pentium 4 Source: http://www.cryptopp.com/benchmarks.html
  19. The RC4 Algorithm
  20. Modes of Operation
  21. Electronic Codebook (ECB) simplest mode plaintext is handled b bits at a time and each block is encrypted using the same key “codebook” because have unique ciphertext value for each plaintext block not secure for long messages since repeated plaintext is seen in repeated ciphertext to overcome security deficiencies you need a technique where the same plaintext block, if repeated, produces different ciphertext blocks
  22. Cipher Block Chaining (CBC) A block cipher method called chaining can be used to make a much more secure ciphertext message. The basic idea behind chaining is to use the ciphertext of the previous block to encrypt the current block. Although there may be different ways to do this, almost all ciphers that use chaining follow the rules outlined on this page. Before we dig into the concepts of cipher block chaining (CBC), two other concepts need to be understood: the exclusive or and keys. The exclusive or (XOR) is a logical test that checks if exactly one of two conditions is true. A condition is simply something that is true or false. In binary, true is represented by a 1, and false is represented by a 0. Since the exclusive is a type of test, it will also return a true (1) or a false (0). A true will be returned if exactly one condition of the test is true, and a false will be returned if no conditions are true or both conditions are true. Here is a list of the four possible XOR tests: 1 XOR 1 = 01 XOR 0 = 10 XOR 1 = 10 XOR 0 = 0
  23. Cipher Block Chaining (CBC) Virtually all modern encryption algorithms use a key to ensure that the sender's message can not be deciphered by anyone but the intended receiver. A key is simply a unique number or string that is used to encrypt and decrypt messages. The use of a key to encrypt a message makes it much more difficult for a cryptanalysist to decipher the message. If the encryption algorithm is secure, then the only feasible way to decipher the message is to know the key, even if the exact decryption algorithm is known. There are two general types of encryption methods that use keys: symmetric algorithms and public-key algorithms. When a symmetric algorithm is used, both the encryption key and decryption key are the same. The same key is used to encrypt as is used to decrypt. A public-key algorithm, on the other hand, uses different keys to encrypt and decrypt. The encryption key is called a public-key because it does not matter who has the key. The public-key can only be used to encrypt the message, not decrypt. The decryption key is called a private-key. Only the intended receiver should know this key.
  24. Cipher Block Chaining (CBC)
  25. Cipher Block Chaining (CBC) Cipher Block Chaining (CBC) makes use of both the exclusive or and the key. Let's take the following plaintext and key, and encrypt the plaintext step-by-step with CBC: Plaintext: The buck stops here      Key: yeah The first step with CBC is to convert the data and keys to binary. We will use five bits for each number in this example - just enough to cover the alphabet. The six remaining binary numbers (27-32) will represent the characters '0' through '5'. Here is the binary equivalent of our plaintext and key: Plaintext: 10011 00111 00100 00001 10100 00010 01010 10010 10011 01110 01111 10010 00111 00100 10001 00100Key: 11000 00100 00000 00111
  26. Cipher Block Chaining (CBC) Next, we will break the plaintext up into some larger (12 bit) blocks and remove whitespace from the key: Plaintext: 100110011100 100000011010 000010010101 001010011011 100111110010 001110010010 00100100Key: 11000001000000000111 Notice that there isn't a full 12 bits in the last block of plaintext. To resolve this problem, we will use padding. We will alternate 1's and 0's until a complete block is made. Then, we will add an additional block that tells us how many bits were added. Since four bits need to be added, the final block will be '000000000100', or the binary equivalent of four. This additional block is used to assist in deciphering the message. Without it, there is no way to determine how many extra bits were added. Here is our padded plaintext string: Plaintext: 100110011100 100000011010 000010010101 001010011011 100111110010 001110010010 001001001010 000000000100
  27. Cipher Block Chaining (CBC) Next, each block is encrypted, one by one. Our basic encryption method for this example will be to reverse the block, and XOR each bit with the corresponding bit of the key. Here is how the first block is encrypted: Plaintext: 100110011100   Reversed: 001110011001First 12 bits of key: 110000010000 Ciphertext: 001110011001 (Exclusive or [XOR]) Now, the standard method of cipher block chaining uses the ciphertext of one block to assist in encrypting the next block. This is done by XORing the ciphertext of the previous block with the plaintext of the next block, before the normal encryption technique is executed on the plaintext.
  28. Cipher Block Chaining (CBC) Here is how we would XOR the plaintext of block 2 with the ciphertext of block 1: Ciphertext (Block 1): 111110001001 Plaintext (Block 2): 100000011010  Exclusive or (XOR): 011110010011 The result of the exclusive or is now treated as the plaintext, and encrypted normally with the technique we came up with earlier: reverse the plaintext (the result of the XOR) and XOR the result with the first 12 bits of the key: Result of XOR (New Plaintext): 011110010011                     Reversed: 110010011110         First 12 bits of key: 110000010000 Ciphertext (by XOR): 000010001110
  29. Cipher Block Chaining (CBC) This process repeats until the last block is encrypted. Here is the result of encrypting all 8 blocks using this method: Ciphertext: 111110001001 000010001110 000110010000 000100011100 101101100001 000011100001 000101000100 110000111000 Since each of these blocks (except the first one) was encrypted using the ciphertext of the previous block and the key, it becomes very difficult to decrypt without knowing the key. So how is this message decrypted with the key? First, we XOR the first block with the first 12 bits of the key, and reverse the block. This will give us the original first block: Ciphertext (First block): 111110001001    First 12 bits of key: 110000010000      Exclusive or (XOR): 001110011001Reversed: 100110011100 (plaintext, block 1)
  30. Cipher Block Chaining (CBC) Next, the second block is XOR'd with the key and reversed, and XOR'd with the ciphertext of block 1: Ciphertext (Second block): 000010001110     First 12 bits of key: 110000010000       Exclusive or (XOR): 110010011110                 Reversed: 011110010011 Ciphertext (First block): 111110001001    Exclusive or (XOR): 100000011010 (plaintext, block 2)
  31. Cipher Block Chaining (CBC) Each block can now be deciphered using this method. Once the complete plaintext is found, the padding can easily be removed (the last block will tell us how many bits to remove), and the message can easily be converted back from binary to character form. Although this technique is tedious to do out by hand, it is also one of the most secure methods of using block ciphers. Please keep in mind, the examples used on this page are not secure. Since this algorithm only looks at the first 12 bits of the key, there are only 2^12 unique possible keys (4096). A cryptanalysist can easily write a program to try and decrypt a message with each one of these possible keys. Most secure algorithms use at least 64-bit keys and 64-bit blocks. With the current technology, it is not feasible to "find" a 64-bit key.
  32. Cipher Feedback (CFB)
  33. Counter (CTR)
  34. Location of Encryption
  35. Key Distribution the means of delivering a key to two parties that wish to exchange data without allowing others to see the key two parties (A and B) can achieve this by:
  36. Key Distribution
  37. Chapter 20 Summary symmetric encryption principles cryptography cryptanalysis Feistel cipher structure data encryption standard triple DES advanced encryption standard algorithm details key distribution stream ciphers and RC4 stream cipher structure RC4 algorithm cipher block modes of operation electronic codebook mode cipher block chaining mode cipher feedback mode counter mode location of symmetric encryption devices
More Related