The document discusses authenticated encryption and the ASC-1 authenticated encryption stream cipher. It describes how authenticated encryption provides both confidentiality and authenticity. Generic composition methods for combining encryption and authentication are analyzed, but are not very efficient. ASC-1 performs encryption and authentication in a single pass using leak extraction from intermediate cipher rounds. Bits are leaked and XORed with the plaintext to generate the ciphertext. ASC-1 specification and decryption/encryption processes are also outlined.

1. Network & Application Security
(NAS)
AUTHENTICATED ENCRYPTION
S AM A N T K H AJ U R I A
A S S I S T A N T P R O F E S S O R , C M I
S K H @ C M I . A A U . D K

2. Computer security objectives
• Confidentiality
• Data Confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized users.
• Privacy: Assures that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may be disclosed.
• Integrity
• Data integrity: Assures that information and programs are changed only in a specified and
authorized manner
• System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system
• Availability
• Assures that the system work promptly and service is not denied to authorized users

3. Additional Concepts / Objectives
• Authenticity
• Property of being genuine ; able to be verified and trusted
• Confidence in the validity of a message or message originator
• Meaning – Verifying that the users are who they say they are and each
transmission arriving at the system came from a trusted party.
• Accountability
• The security goal that generates the requirements for actions of an entity to be
traced uniquely to that entity
• Supports – nonrepudiation, fault isolation, intrusion detection and prevention,
and after action recovery and legal action

4. Symmetric Encryption
• Also referred to as conventional encryption, secret-key, or single-key
encryption.
• Only type of encryption in use prior to the development of public-key
encryption in the late 1970’s.
• Symmetric encryption remains by far the most widely used of the two
types of encryption.
• All classical encryption algorithms are private-key
• Common key is used by sender and recipient

5. Simplified Model of Symmetric Encryption

6. Requirements
• Two requirements for secure use of algorithm
• A STRONG Encryption algorithm
• Both the parties i.e., Sender and the receiver have obtained the copy of the secret key in a secure
fashion and must keep the key secure
• IMPORTANT !!! The security of symmetric encryption depends on the secrecy of
the key, not the secrecy of the algorithm
• Practical reasons – makes it feasible for widespread use.
• Manufacturers can and have developed low-cost chip implementations of data encryption
algorithms.
• These chips are widely available and incorporated into a number of products.

7. Cryptography
• Cryptographic systems are generically classified along three independent dimensions:
• The type of operations used for transforming plaintext to ciphertext
• Substitution - Each element in the plaintext is mapped into another element
• Transposition - Elements in the plaintext are rearranged ; Fundamental requirement is that no information be lost
• Product systems - Involve multiple stages of substitutions and transpositions
• The number of keys used
• Referred to as symmetric, single-key, secret-key, or conventional encryption if both sender and receiver use the same
key
• Referred to as asymmetric, two-key, or public-key encryption if the sender and receiver each use a different key
• The way in which the plaintext is processed
• Block cipher processes the input one block of elements at a time, producing an output block for each input block
• Stream cipher processes the input elements continuously, producing output one element at a time, as it goes along

8. Advanced Encryption Standard (AES)

9. AES
• Symmetric, block cipher
• Key size: 128, 192, or 256 bits
• Block size: 128
• Processed as 4 groups of 4 bytes (state)
• Operates on the entire block in every round
• Number of rounds depending on key size:
• Key=128 -> 9 rounds
• Key=192 -> 11 rounds
• Key=256 -> 13 rounds

11. Cipher Block Modes of Operation

12. Cipher block Modes of Operation
• A symmetric block cipher processes one block of data at a time
• In the case of DES and 3DES, the block length is b=64 bits
• For AES, the block length is b=128
• For longer amounts of plaintext, it is necessary to break the plaintext into b-
bit blocks, padding the last block if necessary
• Five modes of operation have been defined by NIST
• Intended to cover virtually all of the possible applications of encryption for
which a block cipher could be used
• Intended for use with any symmetric block cipher, including triple DES and
AES

13. Cipher Feedback (CFB)
Block Cipher Block Cipher Block Cipher
Plaintext 1 Plaintext 2 Plaintext n
Ciphertext 1 Ciphertext 2 Ciphertext n
Initialization Vector (IV)
Block Cipher Block Cipher Block Cipher
Plaintext 1
Ciphertext 2Ciphertext 1
Plaintext 2 Plaintext n
Initialization Vector (IV)
Ciphertext n
DECRYPTENCRYPT

14. ASC-1 : An Authenticated Encryption Stream
Cipher

15. Algorithm Analysis & Development
• Authenticated Encryption
• Generic Composition
• Two Pass Combined mode
• One pass Combined mode
• Cryptographic schemes that provide both confidentiality and
authenticity are called authenticated encryption schemes.
• AE consists of a key generation, an encryption and a decryption
algorithm.

16. Generic Composition
• Traditional approach to solve both privacy and authenticity problems has been to combine them
in a straightforward manner.
• Results – Not very efficient, twice as slow as either encryption or authentication.
• Pitfalls –
• Use of non-cryptographic non-keyed hash function and good encryption scheme
• Use of same key for encryption scheme and the MAC scheme .
• To analyze the security of the Authenticated Encryption Scheme three “Generic Composition”
methods are considered.
• Black Box use of a given symmetric encryption scheme and a given MAC
• Each case uses two different keys i.e., K1 and K2

17. ASC-1 : An Authenticated Encryption Stream
Cipher
• To achieve faster encryption and message authentication by performing
both in a single pass as opposed to the traditional encrypt-then-mac
approach
• Similar to LEX (Leak EXtraction) stream cipher selected to phase 3 of the
eSTREAM competition, ASC-1 uses leak extraction
• Bits are extracted from intermediate rounds to generate the key that is
XOR-ed with the message to compute the ciphertext.
• Operates in a Cipher Feedback (CFB) fashion

18. Leak Positions in ASC-1
• Crucial part – location of the four bytes of the internal state
• Frequency of outputs (every round, every second round etc.)
b0,0 b0,1 b0,2 b0,3
b1,0 b1,1 b1,2 b1,3
b2,0 b2,1 b2,2 b2,3
b3,0 b3,1 b3,2 b3,3
b0,0 b0,1 b0,2 b0,3
b1,0 b1,1 b1,2 b1,3
b2,0 b2,1 b2,2 b2,3
b3,0 b3,1 b3,2 b3,3
b0,0 b0,1 b0,2 b0,3
b1,0 b1,1 b1,2 b1,3
b2,0 b2,1 b2,2 b2,3
b3,0 b3,1 b3,2 b3,3
Odd Rounds Even Rounds

19. ASC-1 Specification (2/4)
ASC-1 DecryptionASC-1 Encryption
),100(
),010(
),000(
70
0,2
70
0,1
70
0
CntrEK
CntrEK
CntrEX
K
K
K



)110))(( 6
0,3 CntrMlEK K

20. ASC-1Specification(4/4)