Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this


  1. 1. Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3)
  2. 2. Topics <ul><li>Problems with Design of Ciphers </li></ul><ul><li>Stream and Block Ciphers </li></ul><ul><li>A Brief Overview of Network Security </li></ul><ul><ul><li> more in Chapter 26 </li></ul></ul><ul><li>Privacy-enhanced E-Mails (PEM) </li></ul><ul><li>Advanced Topics: SSL, IPsec </li></ul><ul><ul><li> next course ( Web Security ) </li></ul></ul>
  3. 3. Context-related Vulnerability <ul><li>Key point: How a crypto system is used will affect its strength. </li></ul><ul><li>Sample Problems </li></ul><ul><ul><li>Pre-computing the possible messages </li></ul></ul><ul><ul><ul><li>Assumption: The plaintext corresponding to intercepted ciphertext is drawn from a relatively small set of possible plaintexts. </li></ul></ul></ul><ul><ul><ul><li>The cryptanalyst can encipher the set of possible plaintexts and simply search that set for the intercepted ciphertext. </li></ul></ul></ul>
  4. 4. Context-related Vulnerability <ul><li>Sample Problems (cont.) </li></ul><ul><ul><li>Polluted Blocks </li></ul></ul><ul><ul><ul><li>Parts of a ciphertext message may be deleted, replayed, or reordered. </li></ul></ul></ul><ul><ul><ul><li>Unless different parts are bound together, their order may be changed by the attacker, without being detected by the receiver. </li></ul></ul></ul><ul><ul><ul><li>Example: Reordered RSA data blocks </li></ul></ul></ul><ul><ul><ul><ul><li>‘LIVE’ can be reordered to ‘EVIL’. </li></ul></ul></ul></ul><ul><ul><ul><li>Source of problem: Each block is independently enciphered, so integrity of each part does not guarantee the integrity of the whole. </li></ul></ul></ul><ul><ul><ul><li>Solution? ‘binding’ of blocks + digital signature </li></ul></ul></ul>
  5. 5. Context-related Vulnerability <ul><li>Sample Problems (cont.) </li></ul><ul><ul><li>Statistical Regularities </li></ul></ul><ul><ul><ul><li>Such regularities may exist when each part of the ciphertext was generated from independent part of the plaintext. </li></ul></ul></ul><ul><ul><ul><li>Example: DES in ECB mode </li></ul></ul></ul><ul><ul><ul><li>Solution? </li></ul></ul></ul>
  6. 6. Stream vs Block Ciphers <ul><li>Block ciphers : Plaintexts are encoded into ciphertexts block-by-block . </li></ul><ul><ul><li>Each block is encrypted by the same key. </li></ul></ul><ul><ul><li>See definition 11-1. </li></ul></ul><ul><ul><li>Example: DES </li></ul></ul><ul><li>Stream ciphers : The plaintext characters are encoded by the sender unit-by-unit , usually with different key for each unit. </li></ul><ul><ul><li>Each letter may be encrypted by different key. (See definition 11-2) </li></ul></ul><ul><ul><ul><li>Example: one-time pad, where a random, infinitely long key is used. </li></ul></ul></ul><ul><ul><ul><li>If the key stream repeats itself  periodic cipher </li></ul></ul></ul><ul><li>Questions: Is Vigen è re cipher a block or stream cipher? How about RSA ? </li></ul>
  7. 7. Stream Ciphers <ul><li>Approaches in simulating a random, infinitely long key </li></ul><ul><ul><li>Synchronous Stream Ciphers </li></ul></ul><ul><ul><li>Generates bits (of the key) from a source other than the message itself. </li></ul></ul><ul><ul><li>See definition 11-3: LFSR ( n-stage linear feedback shift register ) </li></ul></ul><ul><ul><ul><li>Example on p.278 </li></ul></ul></ul><ul><ul><li>Definition 11-4: NLFSR ( n-stage nonlinear feedback shift register ) </li></ul></ul><ul><ul><ul><li>Example on p.279 </li></ul></ul></ul><ul><ul><ul><li>Purpose? To eliminate lineality </li></ul></ul></ul><ul><ul><li>c.f., LFSR vs NLFSR: How the new bit is inserted into the register r. </li></ul></ul>
  8. 8. Stream Ciphers <ul><li>Alternative approaches in eliminating linearity : </li></ul><ul><ul><li>Output Feedback Mode (OFM) </li></ul></ul><ul><ul><ul><li>The register, r, is never shifted. It is repeatedly enciphered. </li></ul></ul></ul><ul><ul><li>Counter Method: a variant of OFM </li></ul></ul>
  9. 9. Stream Ciphers <ul><ul><li>Self-Synchronous Stream Ciphers </li></ul></ul><ul><ul><li>The key is obtained from the message itself. </li></ul></ul><ul><ul><li>Example: autokey cipher (p.280) </li></ul></ul><ul><ul><ul><li>Problems? The selection of the key. </li></ul></ul></ul><ul><ul><ul><li>Statistical regularities in the plaintext show up in the key. </li></ul></ul></ul><ul><ul><li>An alternative: Use the ciphertext as the key stream </li></ul></ul><ul><ul><ul><li>Problems? Weak cipher, because plaintext can be deducted from the ciphertext </li></ul></ul></ul><ul><ul><li>Another alternative: CFM (cipher feedback mode) </li></ul></ul><ul><ul><ul><li>See Fig. 11-1, p.281 </li></ul></ul></ul>
  10. 10. Block Ciphers <ul><ul><li>A block of multiple bits are enciphered each time. </li></ul></ul><ul><ul><li>Faster than stream cipher (?). </li></ul></ul><ul><ul><li>Problem? Encipherment of the same plaintexts result in the same ciphertexts (because the same key is used for each block). </li></ul></ul><ul><ul><li>Solution: Cipher block chaining (CBC) </li></ul></ul><ul><ul><ul><li>IV is needed for the first block encipherment </li></ul></ul></ul>
  11. 11. Block Ciphers <ul><ul><li>Multiple Encryption </li></ul></ul><ul><ul><ul><li>e.g., c = E k’ (E k (m)) </li></ul></ul></ul><ul><ul><ul><li>Suppose the length of k and k’ are both n. </li></ul></ul></ul><ul><ul><ul><li>[Merkle/Hellman, 1981] The effective strenghth of the above encryption is 2 n+1 , not 2 2n . </li></ul></ul></ul><ul><ul><ul><li>EDE </li></ul></ul></ul><ul><ul><ul><li>Triple encryption mode </li></ul></ul></ul>
  12. 12. Next <ul><li>A Brief Overview of Network Security </li></ul><ul><li>Privacy-enhanced E-Mails (PEM) </li></ul>