1 / 27

254542 Networks Management and Security

254542 Networks Management and Security. Lecture 2 June 25 th & 30 th 2005. Cryptography. E = Encryption, D = Decryption K 1 and K 2 = Encryption and Decryption keys m = message or plaintext E(m, K 1 ) = ciphertext D(E(m, K 1 ), K 2 ) = m. Ciphertext. Plaintext. D. Plaintext. E.

penelope-lyons
Download Presentation

254542 Networks Management and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 254542 Networks Management and Security Lecture 2 June 25th & 30th 2005

  2. Cryptography • E = Encryption, D = Decryption • K1 and K2 = Encryption and Decryption keys • m = message or plaintext • E(m, K1) = ciphertext • D(E(m, K1), K2) = m Ciphertext Plaintext D Plaintext E K1 K2

  3. Secret-Key Cryptography • Both parties share the same key, K1 = K2 • a.k.a. Symmetric Cryptography • Secrecy can be achieved by • Information theory e.g. One time pad • Computational complexity e.g. DES, AES, etc

  4. Information Theoretical Secrecy • A key is … • known to both parties • as long as the message • used only once for each message being sent • Theoretically unbreakable

  5. One Time Pad • Let’s • A = Alice, B = Bob • m = message/plaintext, c = ciphertext, k = key • L = length of text, = bitwise exclusive-or • L(m) = L(k) • Then • c = m k • c k = (m k) k = m

  6. Advantages of One Time Pad • Perfect secrecy • If the pad is never used again, no more knowledge about m can be gained • If c is known, any message can be derived using an arbitrary k (i.e. m = c k) • Note: two time pad allows some knowledge of messages • c1 c2 = (m1 k) (m2 k) = m1 m2

  7. Disadvantages of One Time Pad • More keys are used up as more messages are sent • Keys are too long • Key management is difficult • An alternative to achieve secrecy is by computation complexity

  8. Computation Complexity • Assumption “It is too hard and would take to long to decrypt a message” • Unproven but generally known to be true • Easier to manage and implement

  9. Computational Security • Block cipher • Data Encryption Standard (DES) • Triple DES • Advanced Encryption Standard (AES) • Rijndael encryption • Stream cipher • RC4

  10. Stream cipher • Operate on small units of plaintext (bits) • c1 may not be equal to c2 even if m1 = m2 and k1 = k2 • Encryption time is also important • Faster than block cipher • Approximation of the one time pad • Mostly synchronous stream cipher • K (keystream) is independent of m and c

  11. DES • Most widely used block cipher (e.g. in banking, government, etc) • Both parties share a 64-bit key • Every 8th bit in the key is unused (making only 56 bits effective) • 64-bit blocks • 16 rounds (iterative encryption)

  12. First step of DES • M = 0000 0001 0010 0011 0100 0101 0110 0111 (L) 1000 1001 1010 1011 1100 1101 1110 1111 (R) (L and R are both 32 bits long) • K64 = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001 after the PC-1 permutation PC-1 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 9 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 K56 = 1111000 0110011 0010101 0101111 (C0) 0101010 1011001 1001111 0001111 (D0) * note: example from http://www.aci.net/kalliste/des.htm

  13. Find Cn & Dn round #Left Shifts 1 1 2 1 3 2 4 2 5 2 6 2 7 2 8 2 9 1 10 2 11 2 12 2 13 2 14 2 15 2 16 1 Cn = Cn-1 << # of ith left shifts Dn = Dn-1 << # of ith left shifts 1 <= n <= 16 C0 and D0 are known

  14. Find Kn • PC-2 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 • Kn = CnDn with PC-2 permutation • Each Kn is 48 bits long

  15. Initial Permutation (IP) • Perform IP permutation on M IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 • Get L0 and R0 (32 bits each)

  16. Encoding • For n = 1 to 16 do • Ln = Rn-1 • Rn = Ln-1 + f(Rn-1, Kn) • This will result in L16R16 • Reverse to R16L16 • Apply final permutation IP-1

  17. + + + Modes of Operation • Electronic Code Block (ECB) • Each block is encrypted independently • Shortcoming??? • Chain Block Coding (CBC) • Most widely used • Avoid some problems in ECB (how?) • Cipher Feedback (CFB) • Allow shorter keys c1 m1 k c2 m2 k c3 k m3 IV m1 k c1 c2 m2 k m3 m3 k c3

  18. Using DES securely • Avoid using weak and semi-weak keys • 4 weak keys Ek(Ek(m)) = m • 12 semi-weak keys: Ek1 (Ek2 (m)) = m • Thus, 252 probability of picking weak and semi-weak keys • Change DES key frequently • But is it practical? (e.g. in encrypting harddisk files) • Possible solutions?

  19. Cracking DES • Brute force – using exhaustive search in 256 key space • Differential cryptanalysis • Chosen plaintext is encrypted • Reduce the number of keys to 247 • Linear cryptanalysis • Linear approximation of encryption key • 243 keys

  20. Ek1(m) m Ek2(Ek1(m)) 64 64 64 56 56 k2 k1 Decrypt with all possible K2s Encrypt with all possible K1s Double DES • Encrypt twice using two 56-bit keys = Regular DES with 112-bit key? • No, it is vulnerable to meet-in-the-middle attack • Effective search space = O(256)

  21. Triple DES • C = Ek1 (Dk2 (Ek1 (m))) • Backward compatible • If k1 = k2, it is a regular DES • Key space = 2112

  22. Authentication in Secret-key Cryptography • Message Authentication Code (MAC) is computed (a.k.a. checksum) • Digital signature is for public-key cryptography • Unconditionally secure MAC • MAC(M, K’) where k’ = authentication key • k’ cannot be reused message, M MAC(M, K’)

  23. Hash function-based MAC • Hash function, H • Input can be of any length • Output is fix sized (smaller than m) • Output string is called hash value (or message digest), h = H(m) • H is relatively easy to compute • One-way (When h = H(x), x is hard to find) • Collision free i.e. given x, y is hard to find such that H(x) = H(y) • Well known hash functions are MD2, MD5, SHA

  24. ANSI X9.17 • Key management standard for secret-key cryptography • Primarily designed for financial institutions • Large amount of transactions • Frequently updated keys • Use three-level hierarchy of keys • Master key (KKM) is manually distributed • Key-encrypting keys (KEK) are distributed online • Data keys (KDs) are also distributed online • X9.42 (for Diffie-Hellman), X9.44 (for RSA)

  25. Public-Key Cryptography • K1 ≠ K2, asymmetric cryptography • Increase security and convenience • No key transmission • Slower than secret-key cryptography • Provide digital signature that cannot be repudiated (unlike secret-key cryptography, why?) Ep(m) m M = Ds(Ep(m)) Private key, s Public key, p

  26. Questions • Which cryptography is suitable for a computer lab? • Password file in unix? • Large system? • Hybrid scheme • Use public-key cryptography to establish a secret key

  27. Reading • Michael j. Wiener, “Efficient DES key search,” 1993 • Phillip Rogaway, “The Security of DESX,” 1996

More Related