Upcoming SlideShare
×

Iss lecture 2

438 views

Published on

Published in: Technology, Education
1 Like
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

Views
Total views
438
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
27
0
Likes
1
Embeds 0
No embeds

No notes for slide
• Weak keys results in k1=k16, k2=k15, .. (K1,K2) semi weak keys=&gt; k1_1=k2-16, …. For each key of the 4 weak keys there is 2^32 x such that Ek(x)=x (fixed points) 4 of the semi-weak keys, each have 2^32 x such that E(x)=x’ (anti-fixed points)
• Iss lecture 2

1. 1. Information System SecurityInformation System SecurityLecture 2Lecture 2Symmetric cryptographySymmetric cryptography
2. 2. 22ReferencesReferences1.1. Cryptography and Network SecurityCryptography and Network Security , By W., By W.Stallings. Prentice Hall, 2003.Stallings. Prentice Hall, 2003.2.2. Handbook of applied CryptographyHandbook of applied Cryptography by A. Menezes,by A. Menezes,P. Van Oorschot and S. Vanstone. 5P. Van Oorschot and S. Vanstone. 5ththprinting, 2001printing, 2001http://www.cacr.math.uwaterloo.ca/hachttp://www.cacr.math.uwaterloo.ca/hac1.1. Cryptography: A Very Short Introduction (VeryCryptography: A Very Short Introduction (VeryShort Introduction S.)Short Introduction S.) , by, by Fred Piper and SeanFred Piper and SeanMurphy, Oxford University Press, 2002.Murphy, Oxford University Press, 2002.
3. 3. 33OutlineOutline1.1. CryptographyCryptography2.2. Symmetric Cipher systemsSymmetric Cipher systems3.3. Stream CipherStream Cipher– Vernam CipherVernam Cipher– One-time padOne-time pad1.1. Block cipherBlock cipher– DESDES– Triple DESTriple DES– AESAES1.1. Modes of operationModes of operation– ECBECB– CBCCBC
4. 4. 441. Cryptography1. Cryptography Cryptography is a means of providing information security.Cryptography is a means of providing information security. Cryptography is the study of mathematical techniques related toCryptography is the study of mathematical techniques related toaspects of information security such as confidentiality, integrity,aspects of information security such as confidentiality, integrity,authentication, and non-repudiation which form the mainauthentication, and non-repudiation which form the mainobjectives of ISSobjectives of ISS Other ISS objectives are derived upon these four aspectsOther ISS objectives are derived upon these four aspects
5. 5. 55CryptographyCryptography Cryptanalysis: the study of mathematical techniques forCryptanalysis: the study of mathematical techniques forattempting to defeat cryptographic techniques.attempting to defeat cryptographic techniques. Cryptanalyst: is the one who engages in cryptanalysis.Cryptanalyst: is the one who engages in cryptanalysis. Cryptology: the study of cryptanalysis and cryptography.Cryptology: the study of cryptanalysis and cryptography. Cryptosystem (Cryptographic system): is a general termCryptosystem (Cryptographic system): is a general termreferring to a set of cryptographic primitives used to providereferring to a set of cryptographic primitives used to provideinformation security services.information security services.– Also called aAlso called a ciphercipher..
6. 6. 66A cipher modelA cipher model A (Symmetric) cipher model consists of:A (Symmetric) cipher model consists of:– Plaintext,Plaintext, mm: the original intelligible message fed into the encryption algo.: the original intelligible message fed into the encryption algo.– Encryption algo.,Encryption algo., EE: performs various substitutions and transformation on: performs various substitutions and transformation on mm..– Secret key,Secret key, KK: an input to: an input to EE, and a value independent of, and a value independent of mm..– Ciphertext,Ciphertext, CC: scrambled message produced as output of: scrambled message produced as output of EE. it depends on. it depends on mm andandKK..– Decryption algo.,Decryption algo., DD: the reverse of: the reverse of EE. it takes. it takes CC andand KK and producesand produces mm..ciphertextciphertextEncryptionAlgorithm(eg, AES)Decryptionalgorithmsecret key secret keyplaintextplaintextSender Receiver
7. 7. 77Symmetric-key systemsSymmetric-key systems Symmetric cipher– Encryption key and decryption key are exactly the same, or– Decryption key is easily obtained from the encryption key. All practical cipher systems prior to the 1980’s were symmetriccipher systems. The study of symmetric cipher systems is often referred to assymmetric cryptography.– Also referred to as conventional cryptography, single-keycryptography, or secret-key cryptography.
8. 8. 88Public-key systemsPublic-key systems In public-key cipher systems– Computationally infeasible (in other words, practically impossible)to determine the decryption key from the encryption key. In this case the encryption key and the decryption keymust be different. For this reason, public key ciphersystems are sometimes referred to as asymmetric ciphersystems. The study of public key cipher systems is often referred toas public-key or asymmetric cryptography.
9. 9. 99CryptographyCryptography Cryptographic techniques are divided into 2 types:Cryptographic techniques are divided into 2 types:– Symmetric-key CryptographySymmetric-key Cryptography Symmetric-key ciphersSymmetric-key ciphers– Block cipherBlock cipher– Stream cipherStream cipher Arbitrary length Hash functions (MACs)Arbitrary length Hash functions (MACs) SignaturesSignatures IdentificationIdentification Pseudorandom sequencesPseudorandom sequences– Public-key CryptographyPublic-key Cryptography Asymmetric-key ciphersAsymmetric-key ciphers– Integer Factorization– Discrete logarithmDiscrete logarithm SignaturesSignatures IdentificationIdentification
10. 10. 10102. Symmetric ciphers2. Symmetric ciphers There are two classes: Block cipher and Stream cipher.There are two classes: Block cipher and Stream cipher.1 …… 1 …… 0 ……0 ……0E1……...1……..1…….0…….1100110110100010111010010110010011101010010001001E E E E100110110100010111010010110010011101010010001001100110 110100 010111 010010E E E E110010 011101 010010 001001… … … …Stream cipher Block cipher
11. 11. 11113. Stream Ciphers3. Stream Ciphers AA stream cipherstream cipher is an encryption scheme which treats theis an encryption scheme which treats theplaintext symbol-by-symbol (e.g., bit or character)plaintext symbol-by-symbol (e.g., bit or character)– AA keystreamkeystream is a sequence of symbolsis a sequence of symbols ee11ee22ee33….…. ∈∈ KK (the key space for a(the key space for aset of encryption transformations)set of encryption transformations)– AA an alphabet of definition ofan alphabet of definition of qq symbolssymbols– Encryption:Encryption: EEee is a simple substitution cipher with block length 1, where eis a simple substitution cipher with block length 1, where e∈∈ KK EEee == EEee11(m(m11)) EEee22(m(m22) …= c) …= c11cc22…… PlaintextPlaintext m= mm= m11 mm22.... and ciphertextand ciphertext c = cc = c11cc22……– Decryption:Decryption: DDdd == DDdd11(c(c11) D) Ddd22(c(c22) …= m) …= m11mm22…… ,, ddii=e=eii-1-1 The security stream ciphers depends on the changing keysteamThe security stream ciphers depends on the changing keysteamrather than the encryption function (may be simple, e.g., XOR).rather than the encryption function (may be simple, e.g., XOR).
12. 12. 1212Vernam CipherVernam Cipherrandom key bits k1, k2,…, knplaintext bits p1, p2,…, pn+p1 ⊕ k1 p2 ⊕ k2…pn ⊕ Knciphertext bits A stream cipher defined on the alphabet A={0,1} The keystream is a binary string (k=k1…kt) of the same length asthe plaintext m (=m1 … mt) Encryption ccii=mi ⊕ ki , Decryption mmii=ci ⊕ ki
13. 13. 1313One-time padOne-time pad If the key string is randomly chosen and never used again thenVernam cipher is called a one-time pad One-time pad’s drawback: The keystream must be as long as theOne-time pad’s drawback: The keystream must be as long as theplaintext.plaintext.– This increases the difficulty of key distribution and key managementThis increases the difficulty of key distribution and key management Solution: generate the key stream pseudorandomly (Solution: generate the key stream pseudorandomly (i.e.i.e., keystream, keystreamgenerated from a smaller secret key).generated from a smaller secret key).Keystreamgeneratorkey random key bitsk1 k2… knplaintext bitsp1 p2… pn+p1 ⊕ k1,…, pn ⊕ knciphertext bitsModelof astreamcipher
14. 14. 1414Properties of stream ciphersProperties of stream ciphers Advantages:Advantages:– No error propagation: a ciphertext digit is modified during transmissionNo error propagation: a ciphertext digit is modified during transmissiondoesn’t affect the decryption of other ciphertext digitsdoesn’t affect the decryption of other ciphertext digits– Easy for implementationEasy for implementation– FastFast Drawbacks:Drawbacks:– Requirement for synchronization: sender and receiver must beRequirement for synchronization: sender and receiver must besynchronizedsynchronized (ie, they must use the same key and operate on the same(ie, they must use the same key and operate on the sameposition (digit)). If synchronization is lost due to digit insertion orposition (digit)). If synchronization is lost due to digit insertion ordeletion then re-synchronization is required.deletion then re-synchronization is required. They are suitable for applications where errors are intolerable.They are suitable for applications where errors are intolerable.– GSM and phone networks.GSM and phone networks. A Modern Stream cipher: RC4 (1987).A Modern Stream cipher: RC4 (1987).
15. 15. 15154. Block ciphers4. Block ciphers AA block cipherblock cipher is an encryption scheme which breaks up theis an encryption scheme which breaks up theplaintext message into blocks of a fixed length and producesplaintext message into blocks of a fixed length and producesciphertext blocks of the same length.ciphertext blocks of the same length. Block ciphers encrypt one block at a time, using a complexBlock ciphers encrypt one block at a time, using a complexencryption functionencryption function ExamplesExamples– DES: operates on blocks of 64 bitsDES: operates on blocks of 64 bits– AES: operates on blocks of 128 bitsAES: operates on blocks of 128 bits Block ciphers can be used in various modes (Block ciphers can be used in various modes (modes ofmodes ofoperationoperation).).
16. 16. 1616Data Encryption Standard (DES)Data Encryption Standard (DES) DES design is based on two general concepts:DES design is based on two general concepts:– product cipher: combination of two or more operationsproduct cipher: combination of two or more operations(transposition, translation (e.g., XOR), arithmetic operations,(transposition, translation (e.g., XOR), arithmetic operations,modular multiplication, simple substitutions.)modular multiplication, simple substitutions.)– Feistel Concept:Feistel Concept:Block of ciphertextBlock of ciphertextEncryptionAlgorithm(DES)Encryption keyBlock of plaintext645664
17. 17. 1717Feistel principleFeistel principle AnAn iterated block cipheriterated block cipher is a block cipher involving theis a block cipher involving thesequential repetition of an internal function calledsequential repetition of an internal function called roundroundfunctionfunction. Parameters include:. Parameters include:rr, number of rounds,, number of rounds,nn block sizeblock sizeandand kk, the input key from which, the input key from which rr subkeyssubkeys kkii ((round keysround keys) are) arederived.derived. AA Feistel CipherFeistel Cipher is an iterated cipher mapping a 2is an iterated cipher mapping a 2tt-bit plaintext-bit plaintext((LL00, R, R00), for), for tt-bit blocks-bit blocks LL00 andand RR00, to a ciphertext (, to a ciphertext (RRrr, L, L rr),),through anthrough an rr-round process (-round process (rr ≥≥ 11) for each) for each 11 ≤≤ ii ≤≤ rr, round, round iimaps (maps (LLi-1i-1,R,Ri-1i-1))→→((LLii,R,Rii) as follows:) as follows:– LLii = R= Ri-1i-1– RRii = L= Li-1i-1 + f(R+ f(Ri-1i-1,k,kii)) Decryption is achieved by the same r-round process but withDecryption is achieved by the same r-round process but withsubkeys in reverse order.subkeys in reverse order.
18. 18. 1818Feistel principleFeistel principleL0 R0fL1=R0 R1 = L0 ⊕ f (R0, k1)fL2= R1Key k1Key k2R2 = L1⊕ f (R1,k2)plaintext⊕⊕1345672round 1round 2
19. 19. 1919DES EncryptionDES Encryption (ch 7 ,[2])(ch 7 ,[2])L0 R0fL1=R0R1 = L0 ⊕ f (R0, k1)Key k1Plaintext⊕IPL16 = R15IP-1R16 = L15 ⊕ f (R15, k16)Ciphertext6432324832 32643232
20. 20. 2020DES’sDES’s ff functionfunctionRi-1 (32 bits)ExpansionPermutationRi-1 (48 bits)Ki (48 bits)⊕S1 S2 S3 S4 S5 S6 S7 S86 bits into eachP32 bits4 bits out of each
21. 21. 2121DES propertiesDES properties DES has 4 weak keys and six pairs of semi-weak keysDES has 4 weak keys and six pairs of semi-weak keys– A DES weak key is a keyA DES weak key is a key kk such thatsuch that EEkk(E(Ekk(x))=x(x))=x for allfor all xx– A pair of DES semi weak keys is a pair (A pair of DES semi weak keys is a pair (KK11,K,K22) with) with EEkk11(E(Ekk22(x))=x(x))=x Tables 7.5Tables 7.5and 7.6, of weak and semi-weak keys on pp. 258 of [2].and 7.6, of weak and semi-weak keys on pp. 258 of [2]. DES TodayDES Today– A DES key can be found by anyone determined enough.A DES key can be found by anyone determined enough. In 1998 Electronic Frontier Foundation managed to break DES (using DESIn 1998 Electronic Frontier Foundation managed to break DES (using DESCracker, costing < \$250,000 ) in less than 3 days.Cracker, costing < \$250,000 ) in less than 3 days.– Differential and linear cryptanalysis provide academic attacks on DES.Differential and linear cryptanalysis provide academic attacks on DES.– However, DES is still in use in many applications.However, DES is still in use in many applications.– Triple DES or AES are commonly recommended instead of DES.Triple DES or AES are commonly recommended instead of DES.
22. 22. 2222Triple DESTriple DESciphertextciphertextEncryptUsing DESplaintextKey K1DecryptUsing DESEncryptUsing DESKey K2Key K3324• Key =k1 k2k3• Key are longer (192 bits)• Three times slower thanDES
23. 23. 2323Advanced EncryptionAdvanced EncryptionStandardStandard In November 2001 the USA NIST announcedIn November 2001 the USA NIST announced RijndaelRijndael algorithm asalgorithm asthe AES to replace DES as a FIPS 197the AES to replace DES as a FIPS 197 Became effective in May 2002Became effective in May 2002 AES is a symmetric encryption algorithmAES is a symmetric encryption algorithm Block size 128, rounds 10, 12, or 14 depending on the key size (128,Block size 128, rounds 10, 12, or 14 depending on the key size (128,192, or 256)192, or 256) AES will probably be worldwide used very soonAES will probably be worldwide used very soon It’s security not proved yetIt’s security not proved yetBlock of ciphertextBlock of ciphertextAESEncryption keyBlock of plaintext128128, 196, or 256128
24. 24. 2424Other Block ciphersOther Block ciphers IDEA (International Data Encryption Algorithm)IDEA (International Data Encryption Algorithm)– Published in 1991Published in 1991– Operates on 64-bit blocks, and 128-bit key and produces blocks ofOperates on 64-bit blocks, and 128-bit key and produces blocks of64 bits64 bits Other ciphers: FEAL, SAFER, RC5, …Other ciphers: FEAL, SAFER, RC5, …Block of ciphertextBlock of ciphertextIDEAEncryption keyBlock of plaintext6412864
25. 25. 25255. Modes of operation5. Modes of operation1.1. Electronic CodeBookElectronic CodeBook(ECB):(ECB): Identical plaintext blocks (under the sameIdentical plaintext blocks (under the samekey) result in identical ciphertext.key) result in identical ciphertext. Chaining dependency: blocks areChaining dependency: blocks areenciphered independently of other blocks.enciphered independently of other blocks. Error propagation: one or more bit errorsError propagation: one or more bit errorsin a single ciphertext affect deciphermentin a single ciphertext affect deciphermentof that block only.of that block only. ECB is not recommended for messagesECB is not recommended for messageslonger than one block, or if keys arelonger than one block, or if keys arereused for more than one-block message.reused for more than one-block message. Security of ECB may be improved bySecurity of ECB may be improved byinclusion of random padding bits in eachinclusion of random padding bits in eachblock.block.E Ekeyxjn-1ncjEncryption DecryptionElectronic CodeBookElectronic CodeBook(ECB)(ECB)keyxj
26. 26. 26266. Modes of operation6. Modes of operation2.2. Cipher-Block ChainingCipher-Block Chaining(CBC):(CBC):E Ekeyn-1nEncryption decryption+keyc0=IV+Cipher-Block ChainingCipher-Block Chaining(CBC)(CBC)cj-1xjxjcjcj-1 Identical plaintexts: identical ciphertextblocks result when the same plaintext isenciphered under the key and IV. Chaining dependency: a ciphertext cjdepends on xj and all preceding plaintextblocks ⇒ rearranging the order ofciphertext blocks affects decryption. Error propagation: a single bit error inciphertext block cj affects decipherment of cjand cj+1. Error recovery: CBC is self-synchronizingin the sense that if an error occurs in blockcj, cj+2 is correctly recovered. IV is not secret but needs integrity.
27. 27. 2727Properties of block ciphersProperties of block ciphers Block ciphers do propagate errors (to a limited extent), but areBlock ciphers do propagate errors (to a limited extent), but arequite flexible and can be used in different ways in order toquite flexible and can be used in different ways in order toprovide different security properties.provide different security properties. The properties of cryptographic algorithms are not only affectedThe properties of cryptographic algorithms are not only affectedby algorithm design, but also by the ways in which theby algorithm design, but also by the ways in which thealgorithms are used. Different modes of operation canalgorithms are used. Different modes of operation cansignificantly change the properties of a block cipher.significantly change the properties of a block cipher. The security of block ciphers mainly depends on the complexityThe security of block ciphers mainly depends on the complexityof the encryption function whereas thus of stream ciphersof the encryption function whereas thus of stream ciphersdepend on the keystream randomness.depend on the keystream randomness. They can be used to provide confidentiality, data integrity, orThey can be used to provide confidentiality, data integrity, oruser authentication, and can even be used to provide theuser authentication, and can even be used to provide thekeystream generator for stream cipherskeystream generator for stream ciphers