1 / 90

SCSC 455 Computer Security

SCSC 455 Computer Security. Chapter 2 Symmetric Encryption and Message Confidentiality Dr. Frank Li. Index. Symmetric encryption principles Symmetric block encryption Random and pseudorandom numbers Stream ciphers and RC4 Cipher block modes of operation. Symmetric encryption principles.

sauda
Download Presentation

SCSC 455 Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SCSC 455 Computer Security Chapter 2 Symmetric Encryption and Message Confidentiality Dr. Frank Li

  2. Index • Symmetric encryption principles • Symmetric block encryption • Random and pseudorandom numbers • Stream ciphers and RC4 • Cipher block modes of operation

  3. Symmetric encryption principles • Five ingredients: • Plaintext • Encryption algorithm • Secret key • Cipher text • Decryption algorithm

  4. Kerckhoff’s Principle • Kerckhoff’s Principle (1883) • the only secrecy involved with a cryptography system should be the key; the algorithm should be publicly known; • Good security assumes an eavesdropper knows the cipher, but the key must be kept secret

  5. Cryptography • Cryptographic systems are classified along three independent dimensions: • The type of operations used for transforming • Substitution vs. transposition • Product systems • The number of keys used • Symmetric vs. asymmetric • The way in which the plaintext is processed • Block cipher vs. stream cipher

  6. Cryptanalysis • The process of attempting to discover the plaintext or key • Types of cryptanalytic attacks (table 2.1) • Cipher text only • Know plaintext • Chosen plaintext • Chosen ciphertext • Chosen key

  7. Computationally Secure • A encryption scheme is computationally secure, if the ciphertext generated by the scheme meets one or both of criteria: • The cost … • The time … • Brute force attack • X different keys  on average ? Tries

  8. Feistel Cipher Structure • Many symmetric block encryption algorithms have a structure … (figure 2.2) • Feistel Structure is a particular example of the more general structure used by all symmetric block ciphers • Parameters and design features • Block size • Key size • Number of rounds • Subkey generation algorithm • Round function • Fast software encryption/decryption • Ease of analysis

  9. Symmetric block encryption algorithms • important symmetric block ciphers • DES • 3DES • AES

  10. DES • Data encryption standard • Issued in1977 FIPS 46 by NIST • The algorithm is Data encryption algorithm (DEA) • What is DES? • The strength of DES • Concerns about the algorithm … • Concerns about key length …

  11. History of DES (1) • In the early 1970s, the National Institute of Standards and Technology (NIST) invited vendors to submit data encryption algorithms to be used as a cryptographic standard. • In 1974, IBM’s 128-bit algorithm Luciferwas submitted and accepted. • The NSA modified Luciferto use a key size of 64 bits instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). • DEA became the algorithm that fulfills the Data Encryption Standard (DES) in 1977.

  12. History of DES (2) • DES has been implemented in a majority of commercial products and in the applications of almost all government agencies • In January 1988, NSA stopped endorsing DES • DES had been so popular for so long, it would surely be targeted for penetration and become useless as an official standard. • NSA wanted to move on to a newer, more secure, and less popular algorithm as the new standard.

  13. History of DES (3) • In 1998, the Electronic Frontier Foundation built a computer system “DES cracker” for $250,000 • DES cracker broke DES in three days • uses a brute force attack against the keyspace

  14. Concerns on DES • Concerns on DES • Design decisions not public -- mysteries S-box • NSA's involvement in the design, S-boxes may have backdoors • key is too short • Eventually, DES was replaced by the Advanced Encryption Standard (AES)by NIST

  15. Breaking Encryption Algorithm • Breaking an encryption algorithm can take place through brute force attacks or by identifying weaknesses in the algorithm • Brute force attacks have increased in potency because of the increased processing capacity of computers. • An encryption algorithm is broken if someone is able to uncover a key used in an encryption process. Q: Is a broken algorithm worthless?

  16. Breaking Encryption Algorithm Ans: • If breaking an encryption algorithm by identifying weakness of the algorithm, the answer is YES; • If breaking an encryption algorithm by brute force attack, the answer depends … • In proper implementations, we should be encrypting data with session keys • A session key is good only for that one session • So even if one session key was uncovered, it may be useless to the attacker

  17. DES steps • DES is a symmetric block encryption algorithm. • 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. • A 64-bit key: 56 bits are the true key, and 8 bits are for parity. • DES steps: • Divides the message into 64-bit blocks and operates on them one at a time. • The blocks are put through 16 rounds of transposition and substitution functions. • The order and type of transposition and substitution functions depend on the value of the key that is used with the algorithm. • The result is 64-bit blocks of ciphertext.

  18. DES Modes of operation (section 2.5) • DES has several distinct modes of operation • Each mode specifies how a block cipher will operate • Each mode are used in different situations for different results • Modes • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) – the most common • Cipher Feedback (CFB) • Output Feedback (OFB) • Counter Mode (CM)

  19. Cipher Block Chaining Mode (CBC) In CBC, each block of plaintext, the key, and the ciphertext from the previous block are processed in the Algorithm Chaining IV

  20. Cipher Block Chaining Mode (CBC) • Dependence (Chaining) among the blocks • Ciphertext is extracted and used from the previous block of text; • For the first block, we use a 64-bit initialization vector (IV) to add randomness • This chaining effect means that a particular ciphertext block is dependent upon all blocks before it, not just the previous block. • CBC produces different ciphertext when encrypting the same plaintext in different block • More random ciphertext  less pattern can be revealed from ciphertext

  21. Initialization vectors (IVs) • Initialization vectors (IVs) are random values that are used with algorithms to ensure that patterns are not created during the encryption process. • IVs are used with keys • IVs do not need to be encrypted when being sent to the destination. • If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext. • In CBC, if we choose a different IV each time we encrypt a message, even if it is the same message, the ciphertext will always be unique.

  22. 2DES and 3DES • Double-DES has a key length of 112 bits A specific attack against Double-DES that reduces its work factor to about the same as DES • Triple-DES is a quick fix to provide more protection for sensitive data. • uses 48 rounds in its computation, which makes it highly resistant to differential cryptanalysis • take up to three times longer than DES to perform encryption and decryption

  23. 2DES • There has been interest to provide another algorithm during the transition to AES -- preserve the existing investment in software and hardware, increasing the security • Double DES • C=E_K2(E_K1(M)) • M=D_K1(D_K2(C)) Q: Is double DES more secure than DES?

  24. Meet-in-the-Middle attack on 2DES • Proposed by Diffie, Hellman (1977) • Main observation: if C=E_K2(E_K1(M)), then X=E_K1(M)=D_K2(C) • Assume we have two pairs of plaintext-ciphertext, • Encrypt P for all 2^56 possible keys K1 • Store the results in a table and sort the table by the values of X • Decrypt C using all possible 2^56 possible keys K2 • For each decryption check the result in the table • In case of match, test the two keys with the second pair of plaintext-ciphertext. If they match, the correct keys were found

  25. 2DES Q : Is double DES more secure than DES? Ans: through analysis, 2DES is broken in 2^56 steps with probability larger than 1-2^-16. The effort is not much bigger than the 2^55 required to break DES

  26. 3DES • 3DES is incorporated in 1999 with FIPS 46-3 • Formula • FIPS 46-3 guidelines • AES is intended to replace 3DES

  27. 3DES • Counter to the meet-in-the-middle attack: use three stages of encryption • 3DES can work in different modes: • DES-EEE3 E_K3( E_K2 ( E_k1(M) ) ) • DES-EDE3 E_K3( D_K2( E_K1(M) ) ) • DES-EEE2 E_K1( E_K2 ( E_k1(M) ) ) • DES-EDE2E_K1( D_K2( E_K1(M) ) )

  28. Advanced Encryption Standard (AES) • NIST sponsored a competition in 1997 to create a replacement for DES. • The following five algorithms were the finalists: • MARS • RC6 • Serpent • Twofish • Rijndael • The winner is the Rijndael algorithm by two Belgians • Use three different key lengths: 128 bits, 192 bits, 256 bits • was approved for use by U.S. government agencies in May 2002

  29. AES Features • Not a Feistel structure Process the entire data block in parallel using substitutions and permutation • The key is expanded into an array of 44 32-bit words w[i]. Four distinct words (128 bits) serve as a round key. • Four different stages • One permutation and three of substitution • Substitute bytes • Shift rows • Mix columns • Add round key

  30. History of cryptography • The first encryption methods date back to 4000 years ago. • Some Egyptian hieroglyphics were encrypted • Atbash Cipher a Hebrew cryptographic method • the alphabet to be flipped so that each letter in the original alphabet was mapped to a different letter in the flipped, alphabet. ABCDEFGHIJKLMNOPQRSTUVWXYZ ZYXWVUTSRQPONMLKJIHGFEDCBA e.g.: Encypt “atbash”  ? Decrpt “hvxfirgb”  ?

  31. Scytale Cipher (review) • Scytale cipher400 B.C. the Spartans • Write a message on a sheet of papyrus that was wrapped around a staff; • The papyrus was delivered and wrapped around a different staff by the recipient; • The message was only readable if it was wrapped around the correct size staff, which would make the letters properly match up

  32. Caesar Cipher (review) Julius Caesar (100–44 B.C.) developed a simple encryption method -- shifted the alphabet by three positions Standard Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cryptographic Alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC Example: Encypt “caesar”  ? Decrpt “vhfxulwb”  ?

  33. Substitution Cipher (review) • Both Atbash cipher and Caesar Cipher are substitution cipher, because each character is replaced with another character. • Monoalphabetic substitution cipher: uses only one alphabet, • Polyalphabetic substitution cipher: uses multiple alphabets Q1. Can you formulate them use mathematically? Hint: integers 0 – 25 represent 26 characters; m: message / plaintext, c: cipher text; encryption: c = E(m) = ? decryption: m = D(c) = ? Q2. Is Scytale cipher a substitution cipher?

  34. Transposition Cipher (review) Transposition Cipher: rearrange letters in plaintext to produce cipher text • Scytale cipher is a transposition cipher • Rail-Fence cipher is another transposition cipher • Plaintext is HELLO WORLD • Encryption: c = E(m) HLOOL ELWRD  HLOOLELWRD • Describe decryption process: m = D(c) = ?

  35. Vigenère Cipher • The Vigenère cipher is a method of encryption that uses a series of different Caesar ciphers based on the letters of a keyword. • Appears to be unbreakable. The Vigenère cipher has been reinvented many times. • The method was originally described by Giovan Batista Belaso in his 1553 book La cifra del. Sig. Giovan Batista Belaso • However, the scheme was later misattributed to Blaise de Vigenère in the 19th century, and is now widely known as the "Vigenère cipher".

  36. Terms in Vigènere Cipher • Vigènere table: a table used to encipher and decipher Vigènere cipher has key letters on top, plaintext letters on the left. • There are 27 shift alphabets • Vigènere cipher is a polyalphabetic substitution cipher. In contrary, Caesar cipher is a monoalphabetic substitution cipher • Key is used with Vigènere table in encryption / decryption

  37. G I V A G I V B H J W E L M Z H N P C L R T G O U W J S Y A N T Z B O Y E H T The Vigènere Table A mini example Encryption: A key letter V, and a plaintext letter T  follow V column down to T row  “O” Decryptioin: A key letter V, and a ciphertext letter O  “T”

  38. Vigènere Cipher Example • If the message is longer than the key, the key repeats itself • E.g. 1: Key: LEMON Encrypt plaintext: ATTACKATDAWN • E.g.2, Decrypt ciphertext: P R U U Z L Q: How to represent Vigènere Cipher in formula? (Hint: encryption / decryption is done character by character)

  39. Exercise 1) Encrypt a plaintext with the key “lucky” c o m p u t i n g g i v e s i n s i g h t 2) Decrypt a ciphertext with the key “vector” o l k l w j v r g q o d k p g h t k c i x b u v i i t x q z k l g k

  40. Cryptanalysis • Cryptanalysisis the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse-engineering protocols. • All previously introduced ciphers have been broken. • Basic methods: • Statistical analysis • Exhaustive search key space

  41. Statistical analysis • Each character has a certain frequency. A.k.a. 1-gram model of English

  42. Statistical Analysis (1) • f(c) frequency of character c in ciphertext • p(x) is frequency of character x in English • (i) correlation of frequency of letters in ciphertext with corresponding letters in English, assuming key is i (i) = 0 ≤ c ≤ 25f(c)p(c – i)

  43. Statistical Attack (2) • E.g., a Caesar cipher : KHOOR ZRUOG step 1: Compute frequency of each letter in ciphertext: G 0.1 H 0.1 K 0.1 O 0.3 R 0.2 U 0.1 Z 0.1 Step 2: Compute correlation  for key i (i) = 0.1p(6 – i) + 0.1p(7 – i) + 0.1p(10 – i) + 0.3p(14 – i) + 0.2p(17 – i) + 0.1p(20 – i) + 0.1p(25 – i)

  44. Correlation: (i) for 0 ≤ i ≤ 25

  45. The Result Step 3: find the most probable keys, based on : • i = 6, (i) = 0.0660 • plaintext EBIIL TLOLA • i = 10, (i) = 0.0635 • plaintext AXEEH PHKEW • i = 3, (i) = 0.0575 • plaintext HELLO WORLD • i = 14, (i) = 0.0535 • plaintext WTAAD LDGAS • The only valid English phrase is for i = 3. That’s the key (3 or ‘D’)

  46. Exhaustive search • Exhaustive search • If the key space is small enough, try all possible keys until you find the right one Q 1: How large is the key space in Caesar cipher ? Q2: If we use exhaustive search, what is the expected number of trials when breaking Caesar cipher? Q3: How about the key space of Vigènere Cipher? Q4: How to break Vigènere Cipher?

  47. Attacking Vigènere Cipher • Vigenere ciphers were regarded by many as practically unbreakable for 300 years. • In 1863, a Prussian major named Kasiski proposed a method for breaking it. • This method was not in fact invented by Kasiski but instead by Charles Babbage; • Babbage's discovery was used to aid English military campaigns, and was not published until several years later; as a result credit for the development was instead given to Friedrich Kasiski

  48. Statistical analysis of Vigènere Cipher • Establish period n (the length of key) • Break cipher into n parts, each part being enciphered using the same key letter • Solve each part  leverage one part from another We want to break this cipher: ADQYS MIUSB OXKKT MIBHK IZOOO EQOOG IFBAG KAUMF VVTAA CIDTW MOCIO EQOOG BMBFV ZGGWP CIEKQ HSNEW VECNE DLAAV RWKXS VNSVP HCEUT QOIOF MEGJS WTPCH AJMOC HIUIX

  49. Step 1. Establish Period n • Important observation: Repetitions in the ciphertext • occur when characters of the key appear over the same characters in the plaintext e.g. Key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG

More Related