1 / 35

Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7. Fifth Edition by William Stallings . Chapter 7 – Pseudorandom Number Generation and Stream Ciphers.

zarita
Télécharger la présentation

Cryptography and Network Security Chapter 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography and Network SecurityChapter 7 Fifth Edition by William Stallings

  2. Chapter 7 – Pseudorandom Number Generation and Stream Ciphers John wrote the letters of the alphabet under the letters in its first lines and tried it against the message. Immediately he knew that once more he had broken the code. It was extraordinary the feeling of triumph he had. He felt on top of the world. For not only had he done it, had he broken the July code, but he now had the key to every future coded message, since instructions as to the source of the next one must of necessity appear in the current one at the end of each month. —Talking to Strange Men, Ruth Rendell

  3. Random Numbers • many uses of random numbers in cryptography • nonces in authentication protocols to prevent replay • session keys • public key generation • keystream for a one-time pad • in all cases its critical that these values be • statistically random, uniform distribution, independent • unpredictability of future values from previous values

  4. Nonce – Fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  5. Nonce – Fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  6. Diffie-Hellman key exchange (production of a session key) need Fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  7. Salt – Fresh randomness coming from Cryptographically Strong (pseudo)Random Source (Block cipher in this case)

  8. RSA – Fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  9. Skype and other VoIP applications that encrypt the communication One-time-pad fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  10. Skype and other VoIP applications that encrypt the communication One-time-pad fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  11. Skype and other VoIP applications that encrypt the communication One-time-pad fresh randomness coming from Cryptographically Strong (pseudo)Random Source

  12. Slot machines for gambling need fresh randomness coming from Cryptographically Strong (pseudo)Random Source BIG money – STRONG LEGISLATIVE, STRONG CONTROLS

  13. Online gambling needs fresh randomness coming from Cryptographically Strong (pseudo)Random Source BIG money – STRONG LEGISLATIVE, STRONG CONTROLS

  14. Sources of Randomness • True Random Number Generator • Entropy source (physical source – keystroke timings, disk activity, mouse movements, …) • Pseudo Random Number Generators • Seed and then the output is coming from a deterministic algorithm • Pseudo Random Functions • Seed + Context specific values and then the output is coming from a deterministic algorithm

  15. Requirements • Must pass the NIST SP 800-22 (A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Algorithms) • 15 separate tests • Unpredictability • Forward unpredictability • Backward unpredictability • Seed should come from secure source (TRNG or else – like huge pool of randomness)

  16. Design methodologies for cryptographic sources of randomness • Designed specifically to be PRNGs (PRFs) • Using the existing cryptographic algorithms • Symmetric block ciphers • Asymmetric ciphers • Hash functions and message authentication codes

  17. Pseudorandom Number Generators (PRNGs) • often use deterministic algorithmic techniques to create “random numbers” • although are not truly random • can pass many tests of “randomness” • known as “pseudorandom numbers” • created by “Pseudorandom Number Generators (PRNGs)”

  18. Pseudorandom Number Generators (PRNGs) • The following two criteria are used to validate that a sequence of numbers is random: • Uniform distribution: The distribution of numbers in the sequence should be uniform; that is, the frequency of occurrence of each of the numbers should be approximately the same. • Independence: No one value in the sequence can be inferred from the others.

  19. Linear CongruentialGenerator • common iterative technique using: Xn+1 = (aXn + c) mod m • given suitable values of parameters can produce a long random-like sequence • suitable criteria to have are: • function generates a full-period • generated sequence should appear random • efficient implementation with 32-bit arithmetic • note that an attacker can reconstruct sequence given a small number of values • have possibilities for making this harder

  20. Blum Blum Shub Generator • based on public key algorithms • use least significant bit from iterative equation: • xi = xi-12 mod n • where n=p.q, and primes p,q=3 mod 4 • unpredictable, passes next-bit test • security rests on difficulty of factoring N • is unpredictable given any run of bits • slow, since very large numbers must be used • too slow for cipher use, good for key generation • Example: n=192649=383x503, s=101355

  21. Using Block Ciphers as PRNGs • for cryptographic applications, can use a block cipher to generate random numbers • often for creating session keys from master key • Counter Mode Xi = EKm[i] • Output Feedback Mode Xi = EKm[Xi-1]

  22. ANSI X9.17 PRG

  23. Published Sources • a few published collections of random numbers • Rand Co, in 1955, published 1 million numbers • generated using an electronic roulette wheel • has been used in some cipher designs cf Khafre • earlier Tippett in 1927 published a collection • issues are that: • these are limited • too well-known for most uses

  24. Stream Ciphers • process message bit by bit (as a stream) • have a pseudo random keystream • combined (XOR) with plaintext bit by bit • randomness of stream key completely destroys statistically properties in message • Ci = Mi XOR StreamKeyi • but must never reuse stream key • otherwise can recover messages (cf book cipher)

  25. Stream Cipher Structure

  26. Stream Cipher Properties • some design considerations are: • long period with no repetitions • statistically random • depends on large enough key • large non-linear complexity • properly designed, can be as secure as a block cipher with same size key • but usually simpler & faster

  27. RC4 • a proprietary cipher owned by RSA DSI • another Ron Rivest design, simple but effective • variable key size, byte-oriented stream cipher • widely used (web SSL/TLS, wireless WEP) • key forms random permutation of all 8-bit values • uses that permutation to scramble input info processed a byte at a time

  28. RC4 Key Schedule • starts with an array S of numbers: 0..255 • use key to well and truly shuffle • S forms internal state of the cipher for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j])

  29. RC4 Encryption • encryption continues shuffling array values • sum of shuffled pair selects "stream key" value from permutation • XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte Mi i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Ci = Mi XOR S[t]

  30. RC4 Overview

  31. RC4 Security • claimed secure against known attacks • have some analyses, none practical • result is very non-linear • since RC4 is a stream cipher, must never reuse a key • have a concern with WEP, but due to key handling rather than RC4 itself • RC4 is theoretically considered as broken but practically it is not

  32. True Random Number Generators • best source is natural randomness in real world • find a regular but random event and monitor • do generally need special h/w to do this • eg. radiation counters, radio noise, audio noise, thermal noise in diodes, leaky capacitors, mercury discharge tubes etc • starting to see such h/w in new CPU's • problems of bias (skew) or uneven distribution in signal • have to compensate for this when sample and use • only use a few noisiest bits from each sample • Hash the output of the biased source by cryptographic hash function (MD5, SHA-1, SHA-2, ...) • RFC 4086 – recommends collecting input from multiple sources and then hashing

  33. Summary • have considered: • Random Number Generation issues • Stream Ciphers

More Related