1 / 63

EE579T / CS525T Network Security 3: Symmetric Block Ciphers

EE579T / CS525T Network Security 3: Symmetric Block Ciphers. Prof. Richard A. Stanley. Overview of Tonight’s Class. Class list issues Review of last week’s class Network security in the news An overview of block ciphers Introduction to key distribution. Last Week.

yitro
Télécharger la présentation

EE579T / CS525T Network Security 3: Symmetric Block Ciphers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EE579T / CS525TNetwork Security3:Symmetric Block Ciphers Prof. Richard A. Stanley WPI

  2. Overview of Tonight’s Class • Class list issues • Review of last week’s class • Network security in the news • An overview of block ciphers • Introduction to key distribution WPI

  3. Last Week... • Networks and internetworks have become ubiquitous • Networking allows interconnection of computers without much concern for the local OS or machine architecture • Networking raises many serious security issues, which must be solved • The pace of network security problem development is exceeding the pace of their solution WPI

  4. Security in the News • Complexity is the enemy of security • You have heard this tune before! • Recently discovered that all (with one partial exception) products designed to perform secure file erasure fail in this task • Leave NTFS alternate data streams, master file table • NTFS is a very complex file system • Complete analysis difficult, often not done • Complexity level often beyond our control WPI

  5. Network Security This Week • Have you been to MyParty? • Worm, written in Visual C++, looks like link to web • Set to spread between 1/24 and 1/29 • Mails itself to everyone in your address book who is not infected (avoids tip-off) • Leaves behind backdoor Trojan Horse, Troj/Msstake-A, which could allow unauthorized access • Sends message to napster@gala.net (to track progress?) • Caught by Norton Antivirus 2002 (if up-to-date) • Forced filtering on WPI network to block it WPI

  6. Encryption Primer • Cryptography = “secret writing” • Input = plaintext • Output = ciphertext • Ciphertext = plaintext + key (in general) • Intention is that the cipher text be unintelligible to an eavesdropper • Two basic types of cipher • Symmetric • Asymmetric WPI

  7. Definitions • Encryption • The process of turning plaintext into ciphertext • Decryption • The process of turning ciphertext into plaintext • Cryptanalysis • The process of analyzing ciphertext with the goal of recovering the plaintext, without the key WPI

  8. Attacks on Cryptosystems • Ciphertext-only attack • Known-plaintext attack • Chosen-plaintext attack • Adaptive-chosen-plaintext attack • Chosen ciphertext attack • Chosen-key attack (rare, difficult) • Rubber-hose cryptanalysis (common, easy) Source: Bruce Schneier, Applied Cryptography--Second Edition, pp, 5-7 WPI

  9. Crypto Algorithm Security • Unconditionally secure if, no matter how much ciphertext a cryptanalysis has, there is not enough information to recover the plaintext • Computationally secure if it cannot be broken with available resources, either current or future Source: Bruce Schneier, Applied Cryptography--Second Edition, pg. 8 WPI

  10. Encryption • There are many ways to render plaintext into ciphertext • Only ONE provably secure cryptosystem • One-time pad • Secure even if pad or operator captured • BUT…errors can lead to decryption • http://www.cia.gov/csi/books/venona/preface.htm WPI

  11. One Time Pad WPI

  12. Why Use Anything Except One-time Pads? • Speed of encipherment • Letters vs. numbers • Logistics • Usability • Error rates WPI

  13. Other Crypto Systems • Substitution ciphers • Most famous is the Caesar cipher: monoalphabetic substitution with offset = 3 • Children’s decoders usually in this category • Book ciphers • Codebooks WPI

  14. Problem Areas • Languages have well-known statistics • E.g., “e” is most common letter in English • This can be exploited for cryptanalysis • Thus, substitution ciphers are not very secure • Similar problems plague book ciphers, etc. • The only way to achieve true security is to make the ciphertext appear as random as possible WPI

  15. Modern Cryptography Uses Electronic Digital Systems • Advantages: • Speed • Accuracy • Ability of using complex mathematics • Disadvantages • Complex equipment • Electronic vulnerabilities • Key management WPI

  16. Kerckhoffs’ Assumption • Secrecy must reside solely in the key • It is assumed that the attacker knows the complete details of the cryptographic algorithm and implementation • A. Kerckhoffs was a 19th century Dutch cryptographer • Ergo, Security by obscurity doesn’t work! WPI

  17. Symmetric Cryptography Alice’s message Bob Kryptos + Grafos algorithm Shared private key Alice’s message Shared private key WPI

  18. Encipher Plain: 001 010 011 100 +key: 111 011 010 101 Cipher: 110 001 001 001 Decipher Cipher: 110 001 001 001 +key: 111 011 010 101 Plain: 001 010 011 100 Cipher Example (Vernam) The ciphertext is simply the plain text added to the key, modulo 2. This is a reversible process, as seen above. WPI

  19. Why Does This Work? • Cleartext is a function with known statistics, or even a deterministic function • Key is a truly random data stream • Sum of a random function and a non-random function is a random function • So...crucial that the key be truly random • This is not easy! WPI

  20. Vernam Cipher Weaknesses • Two-way function • If any two of the inputs to the cryptographic algorithm are known, the third can be calculated • This allows recovery of the key if the attacker can obtain a plaintext and a ciphertext copy of the same message -- not often a hard task WPI

  21. Enigma • Probably history’s most famous cipher machine • Even today, a good cipher machine • Capable of billions of billions of text permutations • Codes broken! • Depended on security by obscurity--a failure WPI

  22. How to Achieve Good Cryptography? • Well-reviewed algorithms • So weaknesses cannot “hide” until after implementation • Excellent key generation & management • To maintain secrecy of the key • Algorithms that are sufficiently complex so as to not permit feasible exhaustive attacks WPI

  23. More Definitions • Block cipher • Data is broken into fixed-size blocks, and encrypted a block at a time • Blocks are padded out if necessary • Stream cipher • Data is encrypted a bit at a time, as it is presented to the encryption engine • Most algorithms in use today are block ciphers WPI

  24. Feistel Ciphers: Characteristics • Special class of iterated block ciphers • Ciphertext calculated from plaintext by repeated application of the same transformation or round function • Encryption and decryption are structurally identical (subkey order reversed for decryption) • Fast, even in software implementation • Easily analyzed (i.e., deficiencies more readily found by analysis) WPI

  25. Feistel Ciphers: Step by Step • Plaintext split into two halves • Round function f is applied to one half using a subkey • Output of f is XOR’d with the other half of the plaintext • Two halves are swapped • Process repeated for n rounds • No swap after last round WPI

  26. Subkey Generation • Creating the subkeys in a Feistel cipher has a major effect on the overall security of the algorithm • Possible to create weak keys • Changes in the subkey algorithm can result in effectively different realizations of the algorithm • DES is based on Feistel rounds, and uses a complex method of subkey generation WPI

  27. Importance of Feistel Ciphers • Basis of DES, other important algorithms • Horst Feistel worked for IBM in 1973 • IBM’s Lucifer algorithm, based on Feistel rounds, became the DES standard in 1977 • Many other algorithm authors have used Feistel rounds, or variants thereof, to realize block ciphers • Feistel ciphers are not the only kind of iterative block cipher WPI

  28. DES: Feistel Applied • DES: Data Encryption Standard • Formal specification -- FIPS PUB 46-3, last affirmed 25 October 1999 http://www.csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf • Describes two cryptographic algorithms • DES • TDEA (commonly referred to as 3DES) • DES based on IBM Lucifer cipher of 1974 WPI

  29. DES Characteristics • 64-bit block cipher • 56-bit key, with additional 8 bits used for error checking (odd parity on each byte) • Four operating modes • Electronic Codebook (ECB) • Cipher Block Chaining (CBC) • Cipher Feedback (CFB) • Output Feedback (OFB) WPI

  30. DES Enciphering Computation Feistel round WPI

  31. Initial Permutation WPI

  32. Cipher Function, f(Rn,Kn) WPI

  33. How Can This Happen? • Turn 32-bit plaintext into 48-bit output • Add to 48-bit key • Get 32-bit output ? WPI

  34. Crypto Function Details • E-function takes the input to the Feistel round and expands it to 48 bits • S-boxes (for selection, usually referred to as substitution) permute bits to produce the proper output • P-function permutes 32-bit output of the S-boxes • Inverse permutation (IP-1) restores bit order after the 16 Feistel rounds WPI

  35. E-function WPI

  36. P-Function WPI

  37. S-box Example Result over 8 S-boxes: 48 bits 32 bits WPI

  38. Key Scheduling WPI

  39. Permuted Choice 1 C( ) D( ) WPI

  40. Left Shift Schedule NB: These are circular left shifts WPI

  41. Permuted Choice 2 WPI

  42. DES Decryption • As DES is a Feistel cipher, decryption uses the same engine as does encryption • For decryption: • The DES engine is precisely the same as the encryption engine -- it is not run in reverse (e.g. with the input coming in the “bottom”) • Instead, the key scheduleis run in reverse; i.e. the first subkey used is K16, then K15, etc., finishing with K1 WPI

  43. Principal DES Operating Modes-1(FIPS PUB 81) • Electronic Code Book (ECB) • Encrypts one block at a time with selected key • Simplest implementation of DES • Vulnerability: repeated plaintext can reveal key, and then all cipher blocks can be decrypted WPI

  44. ECB WPI

  45. Principal DES Operating Modes-2(FIPS PUB 81) • Cipher Block Chaining (CBC) • Input to each block is the output of the previous block next plaintext block • Initial block XOR’d with an Initialization Vector (IV) • This approach greatly improves the security of DES against key searches WPI

  46. CBC WPI

  47. Additional DES Modes -1(FIPS PUB 81) • Cipher Feedback Mode • previous ciphertext block encrypted and output XOR’d with plaintext block to produce current ciphertext block • can use feedback that is less than one full data block • initialization vector used as “seed” for the process. WPI

  48. CFB WPI

  49. Additional DES Modes -2 (FIPS PUB 81) • Output Feedback Mode (OFB) • similar to CFB mode except data XOR’d with each plaintext block is generated independently of both the plaintext and ciphertext • initialization vector s0 used as “seed” for a sequence of data blocks si • each data block si derived from encryption of the previous data block si-1 WPI

  50. OFB WPI

More Related