The document discusses symmetric encryption principles and algorithms. It covers the basic components of conventional encryption including plain text, encryption algorithms, keys, cipher text and decryption algorithms. It then describes common symmetric encryption algorithms like the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) which replaced DES. The document also discusses concepts like cryptanalysis, key distribution and the location of encryption devices.

1. Chapter 2 Symmetric Encryption and Message Confidentiality

2. Overview Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

3. Encryption The most important automated tool for network and communication security is encryption. The most common forms of encryption are: conventional or symmetric encryption and public-key or asymmetric encryption.

4. Conventional Encryption principles An encryption scheme has five ingredients Plain text Encryption algorithms Public and private keys Cipher text Decryption algorithm Agents possess their private keys Access other public keys from a central repository Security depends on the secrecy of the key , not the secrecy of the algorithm

5. Conventional Encryption Algorithm Components Plain Text- original data or input Encryption Algorithm- performs substitutions or transformations on the plaintext Public and Private Keys- also input determines the substitutions/transpositions Cipher Text- scrambled message or output Decryption Algorithm- encryption algorithm run backward, tking the cipher text and producing the plain text.

6. Conventional Encryption Principles

7. Cryptography Classified according to three independent dimensions: The type of operations used for transforming plaintext to cipher text The number of keys used symmetric (single key or secret- key or private-key) asymmetric (two-keys, or public-key encryption) The way in which the plaintext is processed

8. Cryptanalysis Process of attempting to discover the plaintext or key An encryption scheme is computationally secure if the ciphertext meets one of these criteria cost of breaking the cipher exceeds the value of the information time requires to break the cipher exceeds the useful lifetime of the information

9. Cryptanalysis The process of attempting to discover the plaintext or key

10. Cryptanalysis A brute force approach involves trying every possible key until the translation is obtained. Some new low cost chips have made this approach more reasonable. Greatest security problem is maintaining the security of the key .

11. Types of Attacks

12. Computationally Secure An encryption scheme is said to be computationally secure if: The cost of breaking the cipher exceeds the value of the encrypted information or The time required to break the cipher exceeds the useful lifetime of the information.

13. Average time required for exhaustive key search 2.15 milliseconds 232 = 4.3 x 109 32 5.9 x 1030 years 2168 = 3.7 x 1050 168 5.4 x 1018 years 2128 = 3.4 x 1038 128 10 hours 256 = 7.2 x 1016 56 Time required at 106 Decryption/µs Number of Alternative Keys Key Size (bits)

14. Classical ciphers Substitution - “units” of plain text are replaced with cipher text Polyalphabetic substitution- different for each character Transposition - “unit” of plaintext are rearranged, usually in complex order

15. Feistel Cipher Structure Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973 The realization of a Feistel Network depends on the choice of the following parameters and design features:

16. Feistel Cipher Structure Block size: larger block sizes mean greater security Key Size: larger key size means greater security Number of rounds: multiple rounds offer increasing security Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis. Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern

18. Conventional Symmetric Encryption Algorithms Data Encryption Standard (DES) The most widely used encryption scheme The algorithm is reffered to the Data Encryption Algorithm (DEA) DES is a block cipher The plaintext is processed in 64-bit blocks The key is 56-bits in length No longer used for government transmissions

20. DES Concerns about: The algorithm and the key length (56-bits)

21. Time to break a code (106 decryptions/µs)

22. Triple DEA Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt) C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K Effective key length of 168 bits C = E K3 [D K2 [E K1 [P]]]

23. Triple DEA

24. Replacement for DES was needed Theoretical attacks that can break it Demonstrated exhaustive key search attacks Can use Triple DES – but slow, small block size NIST issued a call for a new AES in 1997 15 candidates accepted in Jun 1998 5 candidates were short-listed in Aug 1999 Rijndael was selected as the AES in Oct 2000 Published as FIPS PUB 197 standard in Dec 2001 Advanced Encryption Standard

25. Symmetric block cipher 128-bit data, 128/192/256-bit keys Stronger & faster than triple DES Active life of 20-30 years (+ archival use) Provide full specification & design details Both C & Java implementations NIST have released all submissions & unclassified analyses AES Requirements

26. Initial criteria: Security – effort for practical cryptanalysis Cost – in terms of computational efficiency (speed, memory) Algorithm & implementation characteristics flexibility, algorithm simplicity Final criteria General security Ease of software & hardware implementation Restricted-space environments Attacks on implementations timing attack, power analysis Flexibility (in en/decrypt, keying, other factors) AES Evaluation Criteria

27. Overall AES Structure Data block of 4 columns of 4 bytes is “ state ” Key is expanded to array of words Has 9/11/13 rounds in which state undergoes: Substitute bytes (1 S-box used on every byte) Shift rows (permute bytes between columns) Mix columns (substitute using matrix multiplication of columns) Add round key (XOR state with key material) View as alternating XOR key & scramble data bytes Initial XOR key material & incomplete last round With fast XOR & table lookup implementation

28. The AES Cipher - Rijndael Designed by Rijmen-Daemen in Belgium Block length: 128 bits Key length: 128/192/256 bits Number of Rounds: 10/12/14 rounds An iterated cipher (rather than Feistel cipher) Processes data as block of 4 columns of 4 bytes Operates on entire data block in every round Designed to be: Resistance against all known attacks Speed and code compactness on a wide range of platforms Design simplicity

29. AES Parameters

30. AES Encryption & Decryption

31. AES Data Structures

32. AES Encryption Round

33. Substitute Bytes (SubBytes) Simple substitution on each byte of state independently Use an S-box of 16x16 bytes containing a permutation of all 256 8-bit values Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by {2A} in row 9 column 5 S-box constructed using defined transformation of values in GF(28) Designed to be resistant to all known attacks

34. Substitute Bytes

35. S-Box

36. Inverse S-Box

37. Substitution of Bytes

38. Shift Rows A circular byte shift in each 1st row is unchanged 2nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left Decrypt inverts using shifts to right Since state is processed by columns, this step permutes bytes between the columns

39. Shift Rows

40. Shifting of rows

41. Mix Columns Each column is processed separately Each byte is replaced by a value dependent on all 4 bytes in the column

42. Mix Columns

43. XOR state with 128-bits of the round key Again processed by column (though effectively a series of byte operations) Inverse for decryption identical Since XOR own inverse, with reversed keys Designed to be as simple as possible A form of Vernam cipher on expanded key Complexity of other stages ensures security Add Round Key

44. Add Round Key

46. Stream Cipher Diagram

47. Stream Ciphers

48. Stream Ciphers

58. Location of Encryption Device Link encryption: A lot of encryption devices High level of security Decrypt each packet at every switch End-to-end encryption The source encrypt and the receiver decrypts Payload encrypted Header in the clear High Security: Both link and end-to-end encryption are needed

60. Key Distribution A key could be selected by A and physically delivered to B. A third party could select the key and physically deliver it to A and B. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

61. Key Distribution Session key: Data encrypted with a one-time session key.At the conclusion of the session the key is destroyed Permanent key: Used between entities for the purpose of distributing session keys