700 likes | 923 Views
Lecture 02 Symmetric Cryptography 1. Dr. Supakorn Kungpisdan supakorn@mut.ac.th. Roadmap. Overview of Cryptography Types of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Block Ciphers Modern Cryptographic Techniques. Basic Terminology.
E N D
Lecture 02 Symmetric Cryptography 1 Dr. Supakorn Kungpisdan supakorn@mut.ac.th
ITEC4621 Network Security Roadmap • Overview of Cryptography • Types of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers • Modern Cryptographic Techniques
ITEC4621 Network Security Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis
ITEC4621 Network Security How a Cryptosystem Works Plaintext (M) (data file or messages) encryption algorithm (E) + secret key A (KA) Ciphertext (C) (stored or transmitted safely) decryption algorithm (D) + secret key B (KB) Plaintext (M) (original data or messages) E(M) = C D(C) = M D(E(M)) = M Note: Key A may be the same as Key B, depending on the algorithm
ITEC4621 Network Security Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext
ITEC4621 Network Security Roadmap • Overview of Cryptography • Types of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers • Modern Cryptographic Techniques
ITEC4621 Network Security Types of Cryptography • Symmetric Cryptography • Deploy the same secret key to encrypt and decrypt messages • The secret key is shared between two parties • Encryption algorithm is the same as decryption algorithm • Asymmetric (Public-key) Cryptography • Private key, Public key • The secret key is not shared and two parties can still communicate using their public keys • Encryption alg. is different from decryption alg.
ITEC4621 Network Security Symmetric Cryptography
ITEC4621 Network Security Public-Key Cryptography
ITEC4621 Network Security Roadmap • Overview of Cryptography • Types of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers • Modern Cryptographic Techniques
ITEC4621 Network Security Model of Symmetric Cryptosystem
ITEC4621 Network Security What is Symmetric Encryption used for? • Transmitting data over an insecure channel • Secure stored data (encrypt & store) • Provide integrity check:
ITEC4621 Network Security Properties of Symmetric Cryptography • Message Confidentiality • Message Authentication • Message Integrity
ITEC4621 Network Security Concept • A private key cipher is composed of two algorithms • encryption algorithm E • decryption algorithm D • The same key K is used for encryption & decryption • K has to be distributed beforehand
ITEC4621 Network Security Concept (cont.) • Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) • Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) • Note: P = D(K,C) = D(K, E(K,P))
ITEC4621 Network Security Cryptanalysis • Depending on what a cryptanalyst has to work with, attacks can be classified into • Ciphertext only attack • Known plaintext attack • Chosen plaintext attack • Chosen ciphertext attack (most severe)
ITEC4621 Network Security Ciphertext-only Attack • Collect ciphertexts of several messages encrypted using the same encryption algorithm and try to recover plaintexts or encrypting key(s). Given: C1 = Ek(P1), C2=Ek(P2), ..., Ci=Ek(Pi) Deduce: Either P1, P2, …, Pi; k; or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)
ITEC4621 Network Security Known-plaintext Attack • Able to collect ciphertext of several messages and corresponding plaintext, and try to resolve the encrypting key(s). Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi) Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)
ITEC4621 Network Security Chosen-plaintext Attack • Able to collect ciphertext of several messages and associated plaintext, and also able to choose the plaintext that gets encrypted. Try to deduce the encrypting key(s). • More powerful than known-plaintext attack Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi) where the cryptanalyst gets to choose P1,…, Pi Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)
ITEC4621 Network Security Chosen-ciphertext Attack • Able to choose different ciphertext to be decrypted and has access to the decrypted plaintext. Try to deduce the key • E.g. has access to a tamperproof box that does automatically decryption. Given: C1, P1 = Dk(C1), C2, P2=Dk(C2), ..., Ci, Pi=Dk(Ci) Deduce: k • Primarily applicable to public-key algorithms.
ITEC4621 Network Security Classification of Cryptosystems • Based on operations to transform plaintext into ciphertext • Substitution Ciphers • Transposition Ciphers • Based on the number of keys used • Symmetric encryption • Asymmetric (Public-key) encryption • Based on the way in which the plaintext is processed • Block Cipher • Stream Cipher
ITEC4621 Network Security Roadmap • Overview of Cryptography • Types of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Modern Cryptographic Techniques
ITEC4621 Network Security Classical Cryptographic Techniques • Substitution Ciphers • Transposition Ciphers
ITEC4621 Network Security Substitution Ciphers • Character in plaintext is substituted for another character in ciphertext • Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. E.g. AD, BE, XA • ROT13: commonly found in UNIX systems. Every plaintext character is rotated 13 places.
ITEC4621 Network Security Caesar Cipher • earliest known substitution cipher • by Julius Caesar • first attested use in military affairs • replaces each letter by 3rd letter on • example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB
ITEC4621 Network Security Caesar Cipher K=3 Outer: plaintext Inner: ciphertext
ITEC4621 Network Security Caesar Cipher (cont’d) • can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26)
ITEC4621 Network Security Cryptanalysis of Caesar Cipher • only have 26 possible ciphers • A maps to A,B,..Z • could simply try each in turn • a brute force search • given ciphertext, just try all shifts of letters • do need to recognize when have plaintext • eg. break ciphertext "GCUA VQ DTGCM"
ITEC4621 Network Security Transposition Ciphers • Plaintext remains the same, but the order of characters is shuffled around. • E.G. “Columnar Transposition Cipher” Plaintext: COMPUTER GRAPHICS MAY BE SLOW BUT AT LEAST IT’S EXPENSIVE COMPUTERGR APHICSMAYB ESLOWBUTAT LEASTITSEX PENSIVE Ciphertext: CAELSOPSEEMHLAN…
ITEC4621 Network Security Steganography • Plaintext can be hidden by two ways: • Steganography: conceal the existence of the message • Cryptography: render the message unintelligible to outsiders using various kinds of transformation of the text • Examples of Steganography • Character marking: overwrite text with pencil • Invisible ink: use special substance • Pin punctures: pin puncture on selected letters
ITEC4621 Network Security One-time Pads • One-time pad is a large non-repeating set of truly random key letters • Encryption is a additional modulo 26 of plaintext character • For example: • Message:ONETIMEPAD • Pad Sequence:TBFRGFARFM • Ciphertext: IPKLPSFHGQ Because O+T mod 26 = I 15+20 mod 26 = 9 N+B mod 26 = P 14+2 mod 26 = 16 E+F mod 26 = K, etc. Decryption P+K mod 26 = C P = C-K mod 26 I-T mod 26 = 9-20 mod 26 = -11 mod 26 = -11+26 mod 26 = 15 mod 26 = O
ITEC4621 Network Security Roadmap • Overview of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Modern Cryptographic Techniques
ITEC4621 Network Security Message Message m1 m2 mn m1 m2 mn Encryption Decryption c1 c2 cn c1 c2 cn Ciphertext Ciphertext Cryptographic Process
ITEC4621 Network Security Block Cipher and Stream Cipher • Block cipher: divides entire message in to blocks used to produce ciphertext. • Stream cipher: encrypts a data stream one bit or one byte at a time.
ITEC4621 Network Security Keystream generator Keystream generator ki ki keystream keystream Ciphertext pi pi ci Decrypt Encrypt Stream Cipher • Converts plaintext to ciphertext 1 bit at a time. • Simple stream cipher ci = pi ki pi = ci ki because pi = pi ki ki
ITEC4621 Network Security Stream Ciphers • Message mod one-time pad (previously discussed) • Message XOR () one-time pad Message Pad = Ciphertext e.g. message = 101011011 pad = 111001100 Ciphertext = 010010111
ITEC4621 Network Security Block Cipher • Divide a message M into m1, …, mn • Add padding to last block • Use Ek to produce (ciphertext blocks) x1, …, xn • Use Dk to recover M from m1, …, mn • Modes of Block Ciphers: • Electronic Cookbook • Cipher Block Chaining • Cipher Feedback • Output Feedback
ITEC4621 Network Security Electronic Cookbook
ITEC4621 Network Security Electronic Cookbook (cont’d) • Ideal for short amount of data transfer e.g. encryption key • ECB produces the same message pattern if using the same input. • Not secure for lengthy message, easy for cryptanalysis.
ITEC4621 Network Security Cipher Block Chaining
ITEC4621 Network Security Cipher Block Chaining(cont’d) • Passing IV using ECB • What’s the purpose of using IV? • The same input pattern will not produce the same output. • Suitable for lengthy message • Suitable for general-purpose block oriented applications
ITEC4621 Network Security Cipher Feedback
ITEC4621 Network Security Output Feedback
ITEC4621 Network Security Diffusion and Confusion • Confusion: hard to find any relationship between ciphertext and key. • Diffusion: spreads influence of individual plaintext or key bits over as much of the ciphertext as possible. • In particular, one bit change of plaintext or key must increase the difficulty of cryptanalysis.
ITEC4621 Network Security Feistel Cipher Structure Round function
ITEC4621 Network Security Important Factors • Block size • Larger block provides higher security, but reduce encryption/decryption speed. • A block size of 64 bits is reasonable tradeoff. • Key size • Larger key size means higher security, but reduce speed. • 64 bits are not enough, 128 bits preferable.
ITEC4621 Network Security Important Factors (cont.) • Number of rounds • Multiple rounds offer increasing security • Typical size is 16 rounds • Subkey generation algorithm • Greater complexity is better, difficult for cryptanalysis • Round function (F) • Greater complexity is better, resistance to cryptanalysis
ITEC4621 Network Security Feistel Encryption and Decryption
ITEC4621 Network Security Proof: LD1 = RE15 Encryption side: LE16 = RE15 RE16 = LE15 F(RE15, K16) Decryption side: LD1 = RD0 = LE16 = RE15 RD1 = LD0 F(RD0, K16) = RE16 F(RE15, K16) = [LE15 F(RE15, K16)] F(RE15, K16) = LE15 [F(RE15, K16) F(RE15, K16)] = LE15 0 = LE15
ITEC4621 Network Security Data Encryption Standard (DES) • A block of 64-bit data is encrypted using 56-bit key to produce a 64-bit block of ciphertext. • Decryption can be done by encrypting the ciphertext using the same key.