Beruflich Dokumente
Kultur Dokumente
Security
Essen1als
Chapter
2
Fourth
Edi1on
by
William
Stallings
Outline
Symmetric
encryp1on
Block
encryp1on
algorithms
Stream
ciphers
Block
cipher
modes
of
opera1ons
Symmetric
Encryp1on
or
conven1onal
/
private-key
/
single-key
sender
and
recipient
share
a
common
key
all
classical
encryp1on
algorithms
are
private-
key
was
only
type
prior
to
inven1on
of
public-key
in
1970s
and
by
far
most
widely
used
Some
Basic
Terminology
plaintext
-
original
message
ciphertext
-
coded
message
cipher
-
algorithm
for
transforming
plaintext
to
ciphertext
key
-
info
used
in
cipher
known
only
to
sender/receiver
encipher
(encrypt)
-
conver1ng
plaintext
to
ciphertext
decipher
(decrypt)
-
recovering
ciphertext
from
plaintext
cryptography
-
study
of
encryp1on
principles/methods
cryptanalysis
(codebreaking)
-
study
of
principles/
methods
of
deciphering
ciphertext
without
knowing
key
cryptology
-
eld
of
both
cryptography
and
cryptanalysis
Symmetric
Cipher
Model
Requirements
two
requirements
for
secure
use
of
symmetric
encryp1on:
a
strong
encryp1on
algorithm
a
secret
key
known
only
to
sender
/
receiver
mathema1cally
have:
Y
=
E(K,
X)
X
=
D(K,
Y)
assume
encryp1on
algorithm
is
known
implies
a
secure
channel
to
distribute
key
Cryptography
can
characterize
cryptographic
system
by:
type
of
encryp1on
opera1ons
used
subs1tu1on
transposi1on
product
number
of
keys
used
single-key
or
private
two-key
or
public
way
in
which
plaintext
is
processed
block
stream
Cryptanalysis
objec1ve
to
recover
key
not
just
message
general
approaches:
cryptanaly1c
aXack
brute-force
aXack
if
either
succeed
all
key
use
compromised
Cryptanaly1c
AXacks
ciphertext
only
lonly
know
algorithm
&
ciphertext,
is
sta1s1cal,
know
or
can
iden1fy
plaintext
known
plaintext
lknow/suspect
plaintext
&
ciphertext
chosen
plaintext
lselect
plaintext
and
obtain
ciphertext
chosen
ciphertext
lselect
ciphertext
and
obtain
plaintext
chosen
text
lselect
plaintext
or
ciphertext
to
en/decrypt
Important
Requirement
An
encryp1on
scheme:
computa1onally
secure
if
The
cost
of
breaking
the
cipher
exceeds
the
value
of
informa1on
The
1me
required
to
break
the
cipher
exceeds
the
life1me
of
informa1on
Brute
Force
Search
always
possible
to
simply
try
every
key
most
basic
aXack,
propor1onal
to
key
size
assume
either
know
/
recognise
plaintext
Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/s decryptions/s
32 232 = 4.3 109 231 s
= 35.8 minutes 2.15 milliseconds
128
56 256 = 7.2 1016 255 s
= 1142 years 10.01 hours
2128 = 3.4 1038 2127 s
= 5.4 1024 years 5.4 1018 years
RC6
Modes
of
Opera1on
block
ciphers
encrypt
xed
size
blocks
eg.
DES
encrypts
64-bit
blocks
with
56-bit
key
need
some
way
to
en/decrypt
arbitrary
amounts
of
data
in
prac1se
NIST
SP
800-38A
denes
5
modes
have
block
and
stream
modes
to
cover
a
wide
variety
of
applica1ons
can
be
used
with
any
block
cipher
The
Most
Important
Modes
Electronic
Codebook
Mode
(ECB)
Cipher
Block
Chaining
Mode
(CBC)
Cipher
Feedback
Mode
(CFB)
Counter
Mode
(CTR)
Output
Feedback
Mode
(OFB)
Electronic
Codebook
(ECB)
message
is
broken
into
independent
blocks
which
are
encrypted
each
block
is
a
value
which
is
subs1tuted,
like
a
codebook,
hence
name
each
block
is
encoded
independently
of
the
other
blocks
Ci = EK(Pi)
uses:
secure
transmission
of
single
values
Advantages
and
Limita1ons
of
ECB
Original
Encrypted
using
ECB
mode
Modes
other
than
ECB
result
in
pseudo-randomness
Cipher
Block
Chaining
(CBC)
message
is
broken
into
blocks
linked
together
in
encryp1on
opera1on
each
previous
cipher
blocks
is
chained
with
current
plaintext
block,
hence
name
use
Ini1al
Vector
(IV)
to
start
process
Ci = EK(Pi XOR Ci-1)
C0 = IV
uses:
bulk
data
encryp1on,
authen1ca1on
an
ini8aliza8on
vector
(IV)
is
a
xed-size
input
to
a
cryptographic
that
is
typically
required
to
be
random
or
pseudorandom
Cipher
Block
Chaining
(CBC)
Cipher
FeedBack
(CFB)
message
is
treated
as
a
stream
of
bits
added
to
the
output
of
the
block
cipher
result
is
feed
back
for
next
stage
(hence
name)
standard
allows
any
number
of
bit
(1,8,
64
or
128
etc)
to
be
fed
back
denoted
CFB-1,
CFB-8,
CFB-64,
CFB-128
etc
most
ecient
to
use
all
bits
in
block
(64
or
128)
Ci = Pi XOR EK(Ci-1)
C0 = IV
uses:
stream
data
encryp1on,
authen1ca1on
s-bit
Cipher
FeedBack
(CFB-s)
CFB
Advantages
and
Limita1ons
of
CFB
appropriate
when
data
arrives
in
bits/bytes
most
common
stream
mode
Limita1on:
need
to
stall
while
doing
block
encryp1on
a]er
every
n-bits
note
that
the
block
cipher
is
used
in
encryp8on
mode
at
both
ends
errors
propagate
for
several
blocks
OFB
Counter
(CTR)
a
new
mode,
though
proposed
early
on
similar
to
OFB
but
encrypts
counter
value
rather
than
any
feedback
value
must
have
a
dierent
key
&
counter
value
for
every
plaintext
block
(never
reused)
Oi = EK(i)
Ci = Pi XOR Oi
uses:
high-speed
network
encryp1ons
Counter
(CTR)
Advantages
and
Limita1ons
of
CTR
eciency
can
do
parallel
encryp1ons
in
h/w
or
s/w
can
preprocess
in
advance
of
need
good
for
bursty
high
speed
links
random
access
to
encrypted
data
blocks
provable
security
(good
as
other
modes)
but
must
ensure
never
reuse
key/counter
values,
otherwise
could
break
(cf
OFB)