Beruflich Dokumente
Kultur Dokumente
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 1 / 76
Outline
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 2 / 76
Classification of the field of Cryptology
Cryptology
Cryptography Cryptanalysis
Stream Block
Ciphers Ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 3 / 76
Basics of Symmetric Cryptology
Trudy
(bad)
y y
Alice x Encryption Unsecured channel Decryption x Bob
(good) e() d() (good)
K K
Secured Channel
Key generator
Encryption: y = eK (x)
Decryption: x = dK (y )
If same keys are used for encryption and decryption:
dK (y ) = dK (eK (x)) = x
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 5 / 76
Cryptanalysis
Cryptanalysis
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 6 / 76
Cryptanalysis
Cryptanalysis Classification
Cryptanalysis
Mathematical Brute-Force
Analysis Attack
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 8 / 76
Cryptanalysis
Substitution cipher
Historical cipher
Example for understanding Brute-force and analytical attacks
Encrypts letter rather than bits
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 9 / 76
Cryptanalysis
Example
Ciphertext:
Brute-forte Attack?
Analytical attack?
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 10 / 76
Cryptanalysis
Example
Brute-forte attack: 240 per seconds − > How much time to break the
code?
Analytical: frequency counts
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 11 / 76
Historical cipher system
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 12 / 76
Historical cipher system
plaintext = ictlab
ciphertext = lfwode
What is the rule?
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 13 / 76
Historical cipher system
Let k, x, y ∈ 0, 1, ..., 25
Encryption: y = ek (x) ≡ (x + k) mod 26
Decryption: x = dk (x) ≡ (y − k) mod 26
Question:
Keyspace = ?
Is it secure? (Any attack is possible?)
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 14 / 76
Historical cipher system
Affine Cipher
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 15 / 76
Symmetric ciphers
Symmetric ciphers
? cipher
b b
x1 x2... xb y1 y2... yb
? cipher
1 1
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 16 / 76
Symmetric ciphers
StreamCipher (K ) = S
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 17 / 76
Symmetric ciphers Stream ciphers
Stream ciphers
C =P ⊕S
P =C ⊕S
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 18 / 76
Symmetric ciphers Stream ciphers
A5/1 cipher
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 19 / 76
Symmetric ciphers Stream ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 20 / 76
Symmetric ciphers Stream ciphers
LFSR steps:
X steps then:
xi = xi−1
x0 = x13 ⊕ x16 ⊕ x17 ⊕ x18
Y steps then: ?
Z steps then: ?
A single keystream bit: s = ?
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 21 / 76
Symmetric ciphers Stream ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 22 / 76
Symmetric ciphers Stream ciphers
RC4 algorithm
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 23 / 76
Symmetric ciphers Stream ciphers
1: for i = 1 to 255 do
2: S[i] = i
K [i] = key [i mod N]
3: end for
j=0
4: for i = 0 to 255 do
5: j = (j + S[i] + K [i]) mod 256
Swap(S[i], S[j])
6: end for
i=j=0
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 24 / 76
Symmetric ciphers Stream ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 25 / 76
Symmetric ciphers Block ciphers
Block ciphers
General idea:
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 26 / 76
Symmetric ciphers Block ciphers
Block ciphers
General idea:
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 26 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 27 / 76
Symmetric ciphers Block ciphers
Feistel Cipher
DES
AES
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 28 / 76
Symmetric ciphers Block ciphers
Feistel Cipher
???
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 29 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 30 / 76
Symmetric ciphers Block ciphers
DES overview:
Developed by IBM, based on Lucifer cipher
Standardized in 1977 by the National Bureau of Standards (NBS)
today called National Institute of Standards and Technology (NIST)
Features:
Key length: ?
Block length?
how many rounds?
Subkey length?
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 31 / 76
Symmetric ciphers Block ciphers
DES Algorithm
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 32 / 76
Symmetric ciphers Block ciphers
F-funtion
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 33 / 76
Symmetric ciphers Block ciphers
S-box substitution
Eight substitution tables
6 bits of input, 4 bits of output
Non-linear, crucial element for DES security
S(x1 ) ⊕ S(x2 ) 6= S(x1 ⊕ x2 )
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 34 / 76
Symmetric ciphers Block ciphers
Key schedule
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 35 / 76
Symmetric ciphers Block ciphers
Decryption
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 36 / 76
Symmetric ciphers Block ciphers
Summary of DES
From above description of DES algorithm and key schedule, what we can
summarize?
DES Features:
Key length: 56 bits
Block lenghth: 64 bits
Subkey length: 48 bits
Number of rounds: 16
56-bit key is susceptible to an exhaustive key search
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 37 / 76
Symmetric ciphers Block ciphers
AES overview:
The most widely used symmetric cipher today
Approved by US NIST in 2001 after years of
byte-oriented cipher
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 38 / 76
Symmetric ciphers Block ciphers
Features:
block size: 128 bits
3 key lengths: 128/192/ 256
bits (subkey length =?)
Number of rounds: 10/12/14
Each round: 3 layers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 39 / 76
Symmetric ciphers Block ciphers
3 layers:
Key addition layer
Byte substitution layer
Diffusion layer
Data path (state): 128 bits = 16
bytes
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 40 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 41 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 42 / 76
Symmetric ciphers Block ciphers
Consist of 16 S-boxes
S-boxes are:
identical
non-linear
one-to-one mapping of input and output
In implementation, S-boxes are realized as a look up table (mapping)
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 43 / 76
Symmetric ciphers Block ciphers
provides diffusion
consist of two sublayers:
ShiftRows sublayer: permutation
MixColumn sublayer: mixes block of 4 bytes
perform linear operation on state matrices A and B (input matrices)
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 44 / 76
Symmetric ciphers Block ciphers
ShiftRows sublayer
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 45 / 76
Symmetric ciphers Block ciphers
MixColumn sublayer
MixColumn(B) = C
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 46 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 47 / 76
Symmetric ciphers Block ciphers
1 word = 32 bits
In each round i, subkey ki = 4 words W [4i + j], j = 0..3
Different key schedule for different key size
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 48 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 49 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 50 / 76
Symmetric ciphers Block ciphers
g function:
S-box substitution: adds nonlinearity to the schedule
RC[i]: a round coefficient, 8-bit value, vary from round to round
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 51 / 76
Symmetric ciphers Block ciphers
AES Decryption
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 52 / 76
Symmetric ciphers Block ciphers
Implementation in Software
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 53 / 76
Symmetric ciphers Block ciphers
AES Security
Brute-force attack: ?
Analytical attack: There is currently no analytical attack against AES
known which has a complexity less than a brute-force attack
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 54 / 76
Symmetric ciphers Block ciphers
Mode of Operation
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 55 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 56 / 76
Symmetric ciphers Block ciphers
ECB Mode
Let e() be a block cipher of block size b, and let xi and yi be bit strings of
length b.
Encryption: yi = ek (xi ), i ≥ 1
Decryption: xi = ek−1 (ek (xi )), i ≥ 1
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 57 / 76
Symmetric ciphers Block ciphers
ECB security
Substitution Attack:
Example: electronic bank transfer: Block #1.Sending Bank A
#2.Sending Account #3.Receiving Bank B #4.Receiving Account
#5. Amount
Attacker: transfers repeatedly from his account in bank A to his
account in bank B
He obtains ciphertext for block 1,3,4
replaces block 4 of other transfers with his block 4 then all transfers
are redirected to his account
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 58 / 76
Symmetric ciphers Block ciphers
ECB security
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 59 / 76
Symmetric ciphers Block ciphers
Advantages:
no block synchronization between sender and receiver is required
bit errors caused by noisy channels only affect the corresponding
block but not succeeding blocks
Block cipher operating can be parallelized, then advantage for
high-speed implementations
Disadvantages: ECB encrypts highly deterministically
identical plaintexts result in identical ciphertexts
an attacker recognizes if the same message has been sent twice
plaintext blocks are encrypted independently of previous blocks
an attacker may reorder ciphertext blocks which results in valid
plaintext
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 60 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 61 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 62 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 63 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 64 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 65 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 66 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 67 / 76
Symmetric ciphers Block ciphers
Counter Mode
Uses a block cipher as a stream cipher
Key stream is generated in blockwise fashion
The counter assumes a different value everytime a new key stream
block is computed
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 68 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 69 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 70 / 76
Symmetric ciphers Block ciphers
Given a block cipher with a key length of bits and block size of n bits, as
well as t plaintext–ciphertext pairs (x1 , y1 ), ..., (xt , yt ), the likelihood of
false keys which encrypt all plaintexts to the corresponding ciphertexts is:
2k−t∗n
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 71 / 76
Symmetric ciphers Block ciphers
Multiple Encryption
Key whitening
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 72 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 73 / 76
Symmetric ciphers Block ciphers
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 74 / 76
Symmetric ciphers Block ciphers
Triple Encryption
Encrypt a block three times:
Meet-in-the-middle attack:
Key whitening
Nguyen Minh Huong (ICT Department, USTH) ICT Course: Information Security September 17, 2019 76 / 76