Sie sind auf Seite 1von 73

CAP361:

SECURITY AND PRIVACY OF INFORMATION Lecture Number 05-08 Bhagat Avinash


Asst. Prof.
Domain:D3

School of Computing Applications Lovely Professional University

Email: avinash.bhagat@lpu.co.in avinash.bhagat@gmail.com

Symmetric Encryption and Message Confidentiality

3/1/2013

Network Security Essentials


Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Symmetric Encryption and Message Confidentiality 2

Some Basic Terminology


plaintext original message

ciphertext coded message


cipher algorithm for transforming plaintext to ciphertext key info used in cipher known only to sender/receiver

encipher (encrypt) converting plaintext to ciphertext


decipher (decrypt) recovering ciphertext from plaintext cryptography study of encryption principles/methods

cryptanalysis (codebreaking) study of principles/ methods of deciphering ciphertext without knowing key
cryptology field of both cryptography and cryptanalysis
Symmetric Encryption and Message Confidentiality 3

Symmetric Cipher Model

Symmetric Encryption and Message Confidentiality

Requirements
Two requirements for secure use of encryption:
1. a strong encryption algorithm 2. a secret key known only to sender / receiver

mathematically have:
Y = E(K, X) X = D(K, Y)

Encryption depends upon secrecy of key


Symmetric Encryption and Message Confidentiality 5

Cryptography can be classified as :


type of encryption operations used
substitution transposition product

Cryptography

number of keys used


single-key or private two-key or public

way in which plaintext is processed


block stream
Symmetric Encryption and Message Confidentiality 6

Cryptanalysis
The process of attempting to discover the plaintext or key Objective to recover key not just message general approaches:
cryptanalytic attack brute-force attack

Symmetric Encryption and Message Confidentiality

Cryptanalysis
Cryptanalytic Attacks : rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Symmetric Encryption and Message Confidentiality

Cryptanalysis
Brute-force attack : The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

Symmetric Encryption and Message Confidentiality

Type of Attack

Known to Cryptanalyst

Ciphertext only

Encryption algorithm
Ciphertext Encryption algorithm Ciphertext One or more plaintext-ciphertext pairs formed with the secret key Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key
10

Known plaintext

Chosen plaintext

Symmetric Encryption and Message Confidentiality

Type of Attack
Chosen Ciphertext

Known to Cryptanalyst
Encryption algorithm
Ciphertext Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Chosen text

Encryption algorithm
Ciphertext Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext Symmetric Encryption and Message generated with the secret key Confidentiality

11

Brute Force Search


always possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext
Key Size (bits) 32 56 128 168 26 characters (permutation) Number of Alternative Keys 232 = 4.3 109 256 = 7.2 1016 2128 = 3.4 1038 2168 = 3.7 1050 26! = 4 1026 Time required at 1 decryption/s 231 s 255 s 2127 s 2167 s = 35.8 minutes = 1142 years = 5.4 1024 years = 5.9 1036 years Time required at 106 decryptions/s 2.15 milliseconds 10.01 hours 5.4 1018 years 5.9 1030 years 6.4 106 years

2 1026 s = 6.4 1012 years

Symmetric Encryption and Message Confidentiality

12

Symmetric Block Encryption Algorithms

The most commonly used symmetric encryption algorithms are block cipher. A block cipher processes the plaintext input in fixed sized blocks and produces a block of ciphertext of equal size Feistel Cipher Structure
Data Encryption Standard Triple DES(3DES) Advanced Encryption Standard.
Symmetric Encryption and Message Confidentiality

13

Feistel Cipher Structure

Feistel Cipher Structure is a particular example of the more general structure used by all symmetric block ciphers. It consists of
Sequence of rounds With each round performing substitutions and permutations conditioned by a secret key value.

Symmetric Encryption and Message Confidentiality

14

Feistel Cipher Structure


Horst Feistel devised the feistel cipher of IBM
The inputs to the encryption algorithm are
Plaintext block of length 2w A key K

The plain text block is divided into two halves, LE0 and RE0. The two halves of the data pass through n rounds of processing and then combine to provide cipher text block.
Symmetric Encryption and Message Confidentiality

15

Feistel Cipher Structure


Each round i has inputs LEi-1 and REi-1 derived from the previous round, as well as a sub key Ki derived the overall K Sub keys are generated from main key K using sub key generation algorithm.

Symmetric Encryption and Message Confidentiality

16

The Feistel Cipher Structure

Symmetric Encryption and Message Confidentiality

17

Round i
Li-1 Ri-1

f +

ki

Li

Ri
18

Symmetric Encryption and Message Confidentiality

Feistel Cipher Structure

Symmetric Encryption and Message Confidentiality

19

Feistel Cipher Design Elements


Exact realization of a symmetric block cipher depends on following parameters and design features:
block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis
Symmetric Encryption and Message Confidentiality 20

Feistel Cipher Design Elements


Block size
Larger block size means greater security but it reduces encryption / decryption speed typical size 128 bits.

Key size
Larger key size means greater security but it reduces encryption / decryption speed typical size 128 bits

Number of rounds
Single round offers inadequate security. Multiple rounds offers greater security. Generally 16 rounds

Symmetric Encryption and Message Confidentiality

21

Feistel Cipher Design Elements


Subkey Generation Algorithm
Greater complexity in algorithm should lead greater difficulty of cryptanalysis.

Round function
Grater complexity generally means greater resistance to cryptanalysis.

Fast S/W en/decryption


Encryption is embedded in application or utility functions accordingly speed of the execution of the algorithm becomes convern.

Symmetric Encryption and Message Confidentiality

22

Data Encryption Standard (DES)


Most widely used block cipher in world Adopted in 1977 by NBS (national bureau of standards )

Now NIST (national inst. Of standards and


technology) Encrypts 64-bit data using 56-bit key Has widespread use

Symmetric Encryption and Message Confidentiality

23

DES History
IBM developed Lucifer cipher

by team led by Feistel in late 60s


used then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES 64-bit data blocks with 128-bit key
Symmetric Encryption and Message Confidentiality 24

DES Design Controversy


Although DES standard is public

Was considerable controversy over design


In choice of 56-bit key (vs lucifer 128-bit) And because design criteria were classified Subsequent events and public analysis show in fact design was appropriate Use of DES has flourished Especially in financial applications Still standardised for legacy application use
Symmetric Encryption and Message Confidentiality 25

DES : Basic Principles DES is a Block Cipher. It Encrypts data in blocks of size 64 bits each 64 bits of plain text goes as the input to DES, which

produces 64 bits of Cipher Text.


The key length is 56 Bits.

Symmetric Encryption and Message Confidentiality

26

How Does DES Works ???

Symmetric Encryption and Message Confidentiality

27

DES - Basics
DES uses the two basic techniques of cryptography

Substitution Technique (confusion) and Transposition


Technique (diffusion). DES consists of 16 Steps, each of which is known as round

Each round performs the steps of Substitution and


Transposition

Symmetric Encryption and Message Confidentiality

28

DES Encryption Overview

Symmetric Encryption and Message Confidentiality

29

Level of steps in DES


1. The 64 bit plain text block is handed over to an Initial Permutation (IP) function 2. The IP is performed on plain text

3.

The IP produces two halves of the permuted block:


LPT (Left Plain Text)

RPT (Right Plain Text)

Symmetric Encryption and Message Confidentiality

30

4. Each of LPT and RPT go through 16 rounds of encryption

process

5. In the End, LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the combined block

6. The result produces 64-bit cipher text.

Symmetric Encryption and Message Confidentiality

31

Symmetric Encryption and Message Confidentiality

32

Triple-DES with Two-Keys


3DES was first standardized for use in financial application. 3DES uses three keys and three execution of the DES algorithm.

Symmetric Encryption and Message Confidentiality

33

Triple-DES with Two-Keys

Symmetric Encryption and Message Confidentiality

34

Triple-DES with Two-Keys


The function follows an encrypt-decrypt- encrypt sequence: Encryption operation
C = E(K3,D(K2,E(K1,P)))

Where
C = ciphertext P = plaintext

Symmetric Encryption and Message Confidentiality

35

Triple-DES with Two-Keys

Symmetric Encryption and Message Confidentiality

36

Triple-DES with Two-Keys


Decryption operation is simply the same operation with the keys reversed
P = D(K1,E(K2,D(K3,C)))

There is no cryptographic significance to the use of decryption for the second stage of 3DES encryption. Its only advantage is that it allows users of 3DES to decrypt data encrypted by the user of the older single DES.

Symmetric Encryption and Message Confidentiality

37

Triple-DES with Two-Keys


Strengths: With 3 distinct keys, 3DES has an effective key length of 168 bits. It overcomes the vulnerability to brute force attack.

Symmetric Encryption and Message Confidentiality

38

Random Numbers
A number of network security algorithms based on cryptography make use of random numbers e.g.
Generation of keys for the RSA public key encryption algorithm and other public key algorithms. Generation of a stream key for symmetric stream cipher. Generation of symmetric key for use of a temporary session key. In a number of key distribution scenarios such as Kerberos.

Symmetric Encryption and Message Confidentiality

39

Random Number Generators


Pseudorandom numbers: Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and therefore produce sequence of numbers that are not statistically random. However if the algorithm is good, the resulting sequence will pass many reasonable tests of randomness, such numbers are referred to as pseudorandom numbers.
Symmetric Encryption and Message Confidentiality 40

Symmetric Encryption and Message Confidentiality

41

Purpose-PRNG: Symmetric Block Cipher


Asymmetric Cipher Hash functions and Message

Symmetric Encryption and Message Confidentiality

42

Stream Cipher
Block vs Stream Cipher A stream cipher processes the input elements continuously, producing output one element at a time as it goes along. Block Ciphers process plain text in large blocks Stream ciphers process plain text in small blocks, even bits. Pure Block ciphers are memory less Stream cipher encryption depends not only on the plain text, , key but also on current state.
Symmetric Encryption and Message Confidentiality 43

Stream Cipher
Stream Cipher Structure A typical stream cipher encrypts plain text one bit or byte or some times more at a time

Symmetric Encryption and Message Confidentiality

44

Stream Cipher
Stream Cipher Structure A key is input to a pseudorandom bit generator that produces a stream of 8 bit numbers that are apparently random. A pseudorandom stream is one that is unpredictable without the knowledge of input key.

Symmetric Encryption and Message Confidentiality

45

Stream Cipher Structure

Symmetric Encryption and Message Confidentiality

46

Stream Cipher Properties


some design considerations are:
1.

2. 3. 4.

The encryption sequence should have long period with no repetitions the longer the period of repeat, the more difficult it will be to do cryptanalysis. Keystream should be truly random random depends on large enough key large linear complexity

Symmetric Encryption and Message Confidentiality

47

RC4
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.

Symmetric Encryption and Message Confidentiality

48

RC4
Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100 [ROBS95a]. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards that have been defined for communication between Web browsers and servers.
Symmetric Encryption and Message Confidentiality 49

RC4
It is also used in the WEP (Wired Equivalent Privacy) protocol and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a trade secret by RSA Security. In September 1994, the RC4 algorithm was anonymously posted on the Internet on the Cypherpunks anonymous remailers list.

Symmetric Encryption and Message Confidentiality

50

RC4
The RC4 algorithm is remarkably simply and quite easy to explain. A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S, with elements S[0], S[1],..., S[255].

Symmetric Encryption and Message Confidentiality

51

RC4
For encryption and decryption, a byte k (see Figure) is generated from S by selecting one of the 255 entries in a systematic fashion. As each value of k is generated, the entries in S are once again permuted.

Symmetric Encryption and Message Confidentiality

52

Modes of Operation
A block cipher algorithm is a basic building block for providing data security. To apply a block cipher in a variety of applications, four "modes of operation" have been defined by NIST (FIPS 81). The four modes are intended to cover virtually all the possible applications of encryption for which a block cipher could be used.

Symmetric Encryption and Message Confidentiality

53

Modes of Operation
1. 2. 3. 4. Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) /Output Feedback (OFB) Counter (CTR)

Symmetric Encryption and Message Confidentiality

54

Electronic Codebook Book (ECB)


In ECB plaintext is handled one block at a time and each block of plaintext is encrypted using the same key.

Symmetric Encryption and Message Confidentiality

55

Electronic Codebook Book (ECB)


The term codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext.

Symmetric Encryption and Message Confidentiality

56

Advantages and Limitations of ECB The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES key securely, ECB is the appropriate mode to use. The most significant characteristic of ECB is that the same b-bit block of plaintext, if it appears more than once in the message, always produces the same ciphertext.

Symmetric Encryption and Message Confidentiality

57

Advantages and Limitations of ECB For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities.
e.g., if it is known that the message always starts out with certain predefined fields, then the cryptanalyst may have a number of known plaintext-ciphertext pairs to work with. If the message has repetitive elements, with a period of repetition a multiple of b bits, then these elements can be identified by the analyst. This may help in the analysis or may provide an opportunity for substituting or rearranging blocks.
Symmetric Encryption and Message Confidentiality 58

Cipher Block Chaining (CBC)


In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block.

Symmetric Encryption and Message Confidentiality

59

Cipher Block Chaining (CBC)


In effect, we have chained together the processing of the sequence of plaintext blocks. The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed.

Symmetric Encryption and Message Confidentiality

60

Cipher Block Chaining (CBC)


In conclusion, because of the chaining mechanism of CBC, it is an appropriate mode for encrypting messages of length greater than b bits. In addition to its use to achieve confidentiality, the CBC mode can be used for authentication

Symmetric Encryption and Message Confidentiality

61

Cipher Block Chaining (CBC)

Symmetric Encryption and Message Confidentiality

62

Cipher FeedBack (CFB)


The DES scheme is essentially a block cipher technique that uses b-bit blocks. However, it is possible to convert DES into a stream cipher, using either the cipher feedback (CFB) or the output feedback mode. A stream cipher eliminates the need to pad a message to be an integral number of blocks. It also can operate in real time.

Symmetric Encryption and Message Confidentiality

63

Cipher FeedBack (CFB)


One desirable property of a stream cipher is that the ciphertext be of the same length as the plaintext. Thus, if 8-bit characters are being transmitted, each character should be encrypted to produce a cipher text output of 8 bits. If more than 8 bits are produced, transmission capacity is wasted.
Let the unit of transmission is s bits; a common value is s = 8. As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a function of all the preceding plaintext. In this case, rather than units of b bits, the plaintext is divided into segments of s bits.
Symmetric Encryption and Message Confidentiality 64

s-bit Cipher FeedBack (CFB-s)

Symmetric Encryption and Message Confidentiality

65

Advantages and Limitations of CFB


appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error
Symmetric Encryption and Message Confidentiality 66

Counter (CTR)
Although interest in the counter mode (CTR) has increased recently, with applications to ATM (asynchronous transfer mode) network security and IPSec (IP security), this mode was proposed early on .

Symmetric Encryption and Message Confidentiality

67

Counter (CTR)
In CTR mode, A counter, equal to the plaintext block size is used. The only requirement is that the counter value must be different for each plaintext block that is encrypted. Typically, the counter is initialized to some value and then incremented by 1 for each subsequent block (modulo 2b where b is the block size).

Symmetric Encryption and Message Confidentiality

68

Counter (CTR)
For encryption, the counter is encrypted and then XORed with the plaintext block to produce the ciphertext block; there is no chaining. For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a ciphertext block to recover the corresponding plaintext block.

Symmetric Encryption and Message Confidentiality

69

Counter (CTR)

Symmetric Encryption and Message Confidentiality

70

efficiency

Advantages and Limitations of CTR

can do parallel encryptions in h/w or s/w can preprocess in advance of need good for bursty high speed links

random access to encrypted data blocks provable security (good as other modes) but must ensure never reuse key/counter values, otherwise could break (cf OFB)
Symmetric Encryption and Message Confidentiality 71

Questions
1. What are the essential ingredients of a symmetric cipher? 2. What are the two basic functions used in encryption algorithms? 3. What is the difference between a block cipher and a stream cipher? 4. How many keys are required for two people to communicate via a symmetric cipher? 5. What are the two approaches to attacking a cipher? 6. Why do some block cipher modes of operation only use encryption while others uses both encryption and decription? 7. What is triple Encryption? 8. Define Brute force and cryptanalytic attack? 9. How do we classify encryption techniques ----2

Symmetric Encryption and Message Confidentiality

72

Questions
10. Write steps for Feistel Cipher Encryption techniques. 11. What are the parameters that are considered for designing a symmetric block cipher? 12. Explain cipher block modes of operation? 13. What are advantages and disadvantages of cipher block modes of operation?

Symmetric Encryption and Message Confidentiality

73