360 likes | 518 Views
Chapter 4. Encryption. Objectives. In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms Recognize popular asymmetric encryption algorithms Understand a variety of hash encryption algorithms
E N D
Chapter 4 Encryption
Objectives In this chapter, you will: • Learn the basics of encryption technology • Recognize popular symmetric encryption algorithms • Recognize popular asymmetric encryption algorithms • Understand a variety of hash encryption algorithms • Identify a variety of cryptanalytic attacks
Encryption Basics • Transposition vs. substitution • With transposition ciphers, data is rearranged • With substitution ciphers, data is replaced • Block vs. stream • With block ciphers, data is broken into chunks • The encryption algorithm and key are then applied to each chunk • With stream ciphers, the encryption algorithm and key are applied to each piece of data continuously until the entire message is transformed into ciphertext
Encryption Basics • General Problems • Algorithm privacy • Randomness • Performance • Processing power • Key security
Symmetric Encryption • A symmetric encryption algorithm is generally defined as a system that uses the same key for both encryption and decryption
Symmetric Encryption • Digital Encryption Standard (DES) • Consists of both an algorithm and a key • 56-bit key • 16-bit blocks • 16 rounds • Four operating modes • ECB (Electronic Codebook) • CBC (Cipher Block Chaining) • CFB (Cipher Feedback) • OFB (Output Feedback)
Symmetric Encryption • DES • Electronic Codebook (ECB) • Block cipher • 64-bit blocks • 48-bit key • Each 48-bit block XORed with 48-bit key
Symmetric Encryption • DES • Cipher Block Chaining (CBC) • Block cipher • 64-bit blocks • 48-bit key • First block XORed with random block of data then encrypted • Each block XORed with previous 64-bit encrypted block
Symmetric Encryption • DES • Cipher Feedback (CFB) • Block cipher • 64-bit blocks • 48-bit key • Random block of 64-bit data encrypted by DES • First block of data then XORed with encrypted random data then encrypted using DES • Each block XORed with previous 64-bit encrypted block
Symmetric Encryption • DES • Output Feedback (OFB) • Block cipher • 64-bit blocks • 48-bit key • Similar to CFB, but does not chain ciphertext • Previous DES output is used as input
Symmetric Encryption • 3DES • 168-bit key (effective length) • 16-bit blocks • 16 rounds • Four operation modes • DES-EEE3 • DES-EDE3 • DES-EEE2 • DES-EDE2
Symmetric Encryption • 3DES • DES-EEE3 • Data encrypted with 3 different keys
Symmetric Encryption • 3DES • DES-EDE3 • Data encrypted with Key 1 • Data decrypted with Key 2 • Data encrypted with Key 3
Symmetric Encryption • 3DES • DES-EEE2 • Data encrypted with Key 1 • Data encrypted with Key 2 • Data encrypted with Key 1
Symmetric Encryption • 3DES • DES-EDE2 • Data encrypted with Key 1 • Data decrypted with Key 2 • Data encrypted with Key 1
Symmetric Encryption • Advanced Encryption Standard (AES) • Rijndael algorithm • Variable length key • Variable length blocks
Symmetric Encryption • Commercial algorithms • RC2 • RC4 • RC5 • RC6 • IDEA • Blowfish • Twofish
Symmetric Encryption • Key Management • Password-based encryption (PBE) • Hardware-based keys • Smart cards • Biometrics
Asymmetric Encryption • RSA • Computes the product of two large primary numbers of equal length: (n = p * q). The length is usually 154-bit or 512-bit. • Chooses a random public key, e, so that e < n and relatively prime to the product of (p-1)(q-1). • Chooses a random public key component, e, so that e < n and relatively prime to the product of (p-1)(q-1). • Computes the private key component, d, using the equation: d = e-1 mod [(p-1)(q-1)]. • The private key is then expressed as (d,n) and the public key is expressed as (e,n). • To encrypt a message, p, the formula is c = pe mod n where c is the final ciphertext. To decrypt a message, the formula is p = cd mod n.
Asymmetric Encryption • Digital Signature Standard (DSS) • RSA • DSA • ECDSA
Asymmetric Encryption • Public-key Infrastructure (PKI) • Digital certificate
Asymmetric Encryption • Public-key Infrastructure (PKI) • Certificate authority (CA) • Registration authority (RA) • Certificate directory • Key backup and recovery server
Hash Algorithms • Message Digest algorithms • MD • MD2 • MD3 • MD4 • MD5
Hash Algorithms • Secure Hash Algorithm (SHA-1) • NIST standard • 160-bit digest
Cryptanalytic Attacks • Ciphertext-only • Known-plaintext • Chosen-plaintext • Chosen-ciphertext • Brute force • Dictionary
Cryptanalytic Attacks • Man-in-the-middle • Meet-in-the-middle • Recreate the key • Rubber hose
Summary • Encryption algorithms produce ciphertext through transposition or substitution. • There are two major categories of encryption algorithms: block and stream. • Four major problems apply to encryption algorithms: algorithms are not tested sufficiently when kept private, computers do not adequately produce random numbers by default, encryption results in reduced performance, and increased processing power can ultimately break encryption.
Summary • Symmetric encryption uses the same key for both the encryption and decryption processes. DES, 3DES, AES, RC, IDEA, Blowfish, and Twofish are popular symmetric encryption algorithms. • PBE, tokens, smart cards, and biometrics offer a number of ways to protect symmetric keys. • Asymmetric encryption uses two keys, one key to encrypt the plaintext and the other to decrypt. • The Diffie-Hellman Key Exchange, RSA algorithm, and DSS are robust foundations for public-key encryption.
Summary • PKI is designed to manage the keys necessary to perform public-key encryption. • PKI consists of digital certificates, a certificate authority (CA), a registration authority (RA), certificate directory, and a key backup and recovery server. • Hash algorithms take a variable plaintext input and produce a fixed length output. • The most popular hash algorithms are the MD series and SHA-1 algorithms. • Many cryptanalytic attacks pose threats to today’s encryption systems.