1 / 149

Lecture 02 Symmetric Cryptography

Lecture 02 Symmetric Cryptography. Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th. Outline. Overview of Cryptography Symmetric Cryptography Classical Cryptographic Techniques Block Ciphers VS Stream Cipher DES and 3DES Advanced Encryption Standard (AES)

zilya
Download Presentation

Lecture 02 Symmetric Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETE0519-ISEC0513 Lecture 02 Symmetric Cryptography Asst.Prof. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th

  2. NETE0519-ISEC0513 Outline • Overview of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers VS Stream Cipher • DES and 3DES • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Random Numbers • Problems of Symmetric Cryptography

  3. NETE0519-ISEC0513 Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis

  4. NETE0519-ISEC0513 How a Cryptosystem Works Plaintext (M) (data file or messages) encryption algorithm (E) + secret key A (KA) Ciphertext (C) (stored or transmitted safely) decryption algorithm (D) + secret key B (KB) Plaintext (M) (original data or messages) EKa(M) = C DKb(C) = M DKb(EKa(M)) = M Note: Key A may be the same as Key B, depending on the algorithm

  5. NETE0519-ISEC0513 Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext

  6. NETE0519-ISEC0513 Types of Cryptography • Symmetric Cryptography • Deploy the same secret key to encrypt and decrypt messages • The secret key is shared between two parties • Encryption algorithm is the same as decryption algorithm • Asymmetric (Public-key) Cryptography • Private key, Public key • The secret key is not shared and two parties can still communicate using their public keys • Encryption alg. is different from decryption alg.

  7. NETE0519-ISEC0513 Symmetric Cryptography

  8. NETE0519-ISEC0513 Public-Key Cryptography

  9. NETE0519-ISEC0513 Outline • Overview of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers VS Stream Ciphers • DES and 3DES • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Random Numbers • Problems of Symmetric Cryptography

  10. NETE0519-ISEC0513 Model of Symmetric Cryptosystem

  11. NETE0519-ISEC0513 What is Symmetric Encryption used for? • Transmitting data over an insecure channel • Secure stored data (encrypt & store) • Provide integrity check

  12. NETE0519-ISEC0513 Properties of Symmetric Cryptography • Message Confidentiality • Message Authentication • Message Integrity

  13. NETE0519-ISEC0513 Cryptanalysis • Depending on what a cryptanalyst has to work with, attacks can be classified into • Ciphertext only attack • Known plaintext attack • Chosen plaintext attack • Chosen ciphertext attack (most severe)

  14. NETE0519-ISEC0513 Ciphertext-only Attack • Collect ciphertexts of several messages encrypted using the same encryption algorithm and try to recover plaintexts or encrypting key(s). Given: C1 = Ek(P1), C2=Ek(P2), ..., Ci=Ek(Pi) Deduce: Either P1, P2, …, Pi; k; or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)

  15. NETE0519-ISEC0513 Known-plaintext Attack • Able to collect ciphertext of several messages and corresponding plaintext, and try to resolve the encrypting key(s). Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi) Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)

  16. NETE0519-ISEC0513 Chosen-plaintext Attack • Able to collect ciphertext of several messages and associated plaintext, and also able to choose the plaintext that gets encrypted. Try to deduce the encrypting key(s). • More powerful than known-plaintext attack Given: P1, C1 = Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi) where the cryptanalyst gets to choose P1,…, Pi Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1=Ek(Pi+1)

  17. NETE0519-ISEC0513 Chosen-ciphertext Attack • Able to choose different ciphertext to be decrypted and has access to the decrypted plaintext. Try to deduce the key • E.g. has access to a tamperproof box that does automatically decryption. Given: C1, P1 = Dk(C1), C2, P2=Dk(C2), ..., Ci, Pi=Dk(Ci) Deduce: k • Primarily applicable to public-key algorithms.

  18. NETE0519-ISEC0513 More Definitions • unconditional security • no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security • given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

  19. NETE0519-ISEC0513 Outline • Overview of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers VS Stream Ciphers • DES and 3DES • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Random Numbers • Problems of Symmetric Cryptography

  20. NETE0519-ISEC0513 Substitution Ciphers • Character in plaintext is substituted for another character in ciphertext • Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. E.g. AD, BE, XA • ROT13: commonly found in UNIX systems. Every plaintext character is rotated 13 places.

  21. NETE0519-ISEC0513 Caesar Cipher • earliest known substitution cipher • by Julius Caesar • first attested use in military affairs • replaces each letter by 3rd letter on • example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB

  22. NETE0519-ISEC0513 Caesar Cipher (cont.) K=3 Outer: plaintext Inner: ciphertext

  23. NETE0519-ISEC0513 Caesar Cipher (cont.) • can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26)

  24. NETE0519-ISEC0513 Cryptanalysis of Caesar Cipher • only have 26 possible ciphers • A maps to A,B,..Z • could simply try each in turn • a brute force search • given ciphertext, just try all shifts of letters • do need to recognize when have plaintext • eg. break ciphertext "GCUA VQ DTGCM"

  25. NETE0519-ISEC0513 Monoalphabetic Cipher • rather than just shifting the alphabet • could shuffle (jumble) the letters arbitrarily • each plaintext letter maps to a different random ciphertext letter • hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

  26. NETE0519-ISEC0513 Monoalphabetic Cipher Security • now have a total of 26! = 4 x 1026 keys • with so many keys, might think is secure • but would be !!!WRONG!!! • problem is language characteristics

  27. NETE0519-ISEC0513 Language Redundancy and Cryptanalysis • human languages are redundant • eg "th lrd s m shphrd shll nt wnt" • letters are not equally commonly used • in English E is by far the most common letter • followed by T,R,N,I,O,A,S • other letters like Z,J,K,Q,X are fairly rare • have tables of single, double & triple letter frequencies for various languages

  28. NETE0519-ISEC0513 English Letter Frequencies

  29. NETE0519-ISEC0513 Use in Cryptanalysis • key concept - monoalphabetic substitution ciphers do not change relative letter frequencies • discovered by Arabian scientists in 9th century • calculate letter frequencies for ciphertext • compare counts/plots against known values • if caesar cipher look for common peaks/troughs • peaks at: A-E-I triple, NO pair, RST triple • troughs at: JK, X-Z • for monoalphabetic must identify each letter • tables of common double/triple letters help

  30. NETE0519-ISEC0513 Example Cryptanalysis • given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ • count relative letter frequencies (see text) • guess P & Z are e and t • guess ZW is th and hence ZWP is the • proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow

  31. NETE0519-ISEC0513 Vigenère Cipher • simplest polyalphabetic substitution cipher • effectively multiple caesar ciphers • key is multiple letters long K = k1 k2 ... kd • ith letter specifies ith alphabet to use • use each alphabet in turn • repeat from start after d letters in message • decryption simply works in reverse

  32. NETE0519-ISEC0513 Example of Vigenère Cipher • write the plaintext out • write the keyword repeated above it • use each key letter as a caesar cipher key • encrypt the corresponding plaintext letter • eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

  33. NETE0519-ISEC0513 Transposition Ciphers • now consider classical transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used • can recognise these since have the same frequency distribution as the original text

  34. NETE0519-ISEC0513 Rail Fence cipher • write message letters out diagonally over a number of rows • then read off cipher row by row • eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t • giving ciphertext MEMATRHTGPRYETEFETEOAAT

  35. NETE0519-ISEC0513 Row Transposition Ciphers • a more complex transposition • write letters of message out in rows over a specified number of columns • then reorder the columns according to some key before reading off the rows Key: 3 4 2 1 5 6 7 Plaintext: attack p ostpon e duntil t woamxy z Ciphertext: APTMTTNAAODWTSUOCOIXKNLYPETZ

  36. NETE0519-ISEC0513 Steganography • Plaintext can be hidden by two ways: • Steganography: conceal the existence of the message • Cryptography: render the message unintelligible to outsiders using various kinds of transformation of the text • Examples of Steganography • Character marking: overwrite text with pencil • Invisible ink: use special substance • Pin punctures: pin puncture on selected letters

  37. NETE0519-ISEC0513 One-Time Pad • One-time pad is a large non-repeating set of truly random key letters • Encryption is a additional modulo 26 of plaintext character • Pad length must be equal to the message length !!! • For example: • Message:ONETIMEPAD • Pad Sequence:TBFRGFARFM • Ciphertext: IPKLPSFHGQ Because O+T mod 26 = I  15+20 mod 26 = 9 N+B mod 26 = P  14+2 mod 26 = 16 E+F mod 26 = K, etc. Decryption P+K mod 26 = C P = C-K mod 26 I-T mod 26 = 9-20 mod 26 = -11 mod 26 = -11+26 mod 26 = 15 mod 26 = O

  38. NETE0519-ISEC0513 One-Time Pad (cont.) • if a truly random key as long as the message is used, the cipher will be secure • called a One-Time pad • is unbreakable since ciphertext bears no statistical relationship to the plaintext • since for any plaintext & any ciphertext there exists a key mapping one to other • can only use the key once though • problems in generation & safe distribution of key

  39. NETE0519-ISEC0513 Outline • Overview of Cryptography • Symmetric Cryptography • Classical Cryptographic Techniques • Block Ciphers VS Stream Ciphers • DES and 3DES • Advanced Encryption Standard (AES) • Design of Symmetric Cryptosystems • Locations of Encryption Devices • Key Distribution • Random Numbers • Problems of Symmetric Cryptography

  40. NETE0519-ISEC0513 Cryptographic Process Message Message m1 m2 mn m1 m2 mn Encryption Decryption c1 c2 cn c1 c2 cn Ciphertext Ciphertext

  41. NETE0519-ISEC0513 Block Cipher VS Stream Cipher • Block cipher: divides entire message in to blocks used to produce ciphertext. • Stream cipher: encrypts a data stream one bit or one byte at a time.

  42. NETE0519-ISEC0513 Stream Ciphers • process message bit by bit (as a stream) • have a pseudo random keystream • combined (XOR) with plaintext bit by bit • randomness of stream key completely destroys statistically properties in message • Ci = Mi XOR StreamKeyi • but must never reuse stream key • otherwise can recover messages (cf book cipher)

  43. NETE0519-ISEC0513 Stream Cipher Structure

  44. NETE0519-ISEC0513 Stream Cipher Properties • some design considerations are: • long period with no repetitions • statistically random • depends on large enough key • large linear complexity • properly designed, can be as secure as a block cipher with same size key • but usually simpler & faster

  45. NETE0519-ISEC0513 RC4 • a proprietary cipher owned by RSA DSI • another Ron Rivest design, simple but effective • variable key size, byte-oriented stream cipher • widely used (web SSL/TLS, wireless WEP) • key forms random permutation of all 8-bit values • uses that permutation to scramble input info processed a byte at a time

  46. NETE0519-ISEC0513 RC4 Key Schedule • starts with an array S of numbers: 0..255 • use key to well and truly shuffle • S forms internal state of the cipher for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j])

  47. NETE0519-ISEC0513 RC4 Encryption • encryption continues shuffling array values • sum of shuffled pair selects "stream key" value from permutation • XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte Mi i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Ci = Mi XOR S[t]

  48. NETE0519-ISEC0513 RC4 Overview

  49. NETE0519-ISEC0513 RC4 Security • claimed secure against known attacks • have some analyses, none practical • result is very non-linear • since RC4 is a stream cipher, must never reuse a key • have a concern with WEP, but due to key handling rather than RC4 itself

  50. NETE0519-ISEC0513 Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • needed since must be able to decrypt ciphertext to recover messages efficiently • block ciphers look like an extremely large substitution • would need table of 264 entries for a 64-bit block • instead create from smaller building blocks • using idea of a product cipher

More Related