˘ˇ ˘ ˆ ˇ - ccs.neu.edu · .ˇ ’ Message source Encryption Algorithm Decryption Algorithm Encryption Key Decryption Key Message Destination Plaintext Ciphertext PPllaaiintext

��

��

��

�� !��!��

��

� �� !"#

��

��

��"#$��%�&' �� (

)��

n *��+��

n ��,��n -.��*-.��.�

n '�� )��n .�/��/��)�/��/��0&

n '��1'��2

n 3��'��-��

n ��,��

��"#$��%�&' �� 4

%��+3�56

n %��6n *��.7��-��7�� 8

n ��n �� *��7��

n ��n ��1-.��*-.��.�2

n 3��

n ��'��13'��2

n ��1&��.7��2

��"#$��%�&' �� 9

0��

n ��n �� 7��:��

n ��:��n ��

n ��n ��1��:��2��1��:��2

n ��n ��;� ��:��5��;��;��;��;�

��"#$��%�&' �� <

��

n ��n ��

n ��n ��=��

n �� n ��=��

n *��n ��

n ��7��n ��+��+��

n ��n ��5��5��

n ��n :��:�� 1��82

n ,��n ��5��:��5��

��"#$��%�&' �� "

��:

n ��:�n *��1�� 2

n *��1��2

n '�� 1��2

n ��1��2

n ,��>�� n ��:�

n &��

n 0��

n ��:�n '�?��

n &��

n '��

n -��

��"#$��%�&' �� @

,�� > ��

n 0��5��:��5�� ;�� :��

n A��Bn .;�� 5�� 6

��"#$��%�&' �� C

��:��.��'��

n ��;� ��n ��;� ��

n ,��5��;��n ��;� �� 1��;��;�2

n ��;��n ��;� ��;��1��2�D��;�

n ��;��n ��;� ��;� 1��2�D��;�

n ��;��n ��;� ��;��D��;� 1��:��2

��"#$��%�&' �� E

.��'��

n ��1��2n .��,��F�-��,��

n .!�!��.��-.��.�G��*-.��/G)%�*�3

n ��n .��,��≠ -��:��n .!�!��&��-� ��73��.��

Message Message sourcesource

Encryption Encryption AlgorithmAlgorithm

Decryption Decryption AlgorithmAlgorithm

Encryption Encryption KeyKey

Decryption Decryption KeyKey

Message Message DestinationDestination

PlaintextPlaintext CiphertextCiphertext PlaintextPlaintext

CryptanalystCryptanalyst

��"#$��%�&' �� #$

.��'��

Message Message sourcesource

Encryption Encryption AlgorithmAlgorithm

Decryption Decryption AlgorithmAlgorithm

Encryption Encryption KeyKey

Decryption Decryption KeyKey

Message Message DestinationDestination

PlaintextPlaintext CiphertextCiphertext PlaintextPlaintext

Symmetric encryption:

Asymmetric encryption:

Public keyPublic key

Shared keyShared key Shared keyShared key

Private keyPrivate key

��"#$��%�&' �� ##

��/��/��:�� +��

n .��

n )��75�� 1F��:��:��!2

n *��n )�� ;��1��2��n -��

n 3��7��1��2��

n )��75�� n � F� 1;2��n ; F� 7#1�2��1��5��:�� 2n .;��

n �� (�� n ��;��+��

n ��n ��:��!

��"#$��%�&' �� #(

��5��:

n %��:6

n ��n .��

n �� )�

Link Layer

(IEEE802.1x/IEEE802.10)

Physical Layer

(spread-Spectrum, quantum crypto, etc.)

(IPSec, IKE)

Network Layer (IP)

(SSL/TLS, ssh)

Transport Layer (TCP)

Applications Layer

telnet/ftp, http: shttp, mail: PGP

Con

trol

/Man

agem

ent (

conf

igur

atio

n)

Net

wor

k Se

curi

ty T

ools

:

Mon

itor

ing/

Log

ging

/Int

rusi

on D

etec

tion

��"#$��%�&' �� #4

��,��

F

��

F

��

��"#$��%�&' �� #9

��1��2

n ��?��n ��

n &��5��;��

n .;��1;�F�42n �� meet me after the toga party

n �� phhw ph diwhu wkh wrjd sduwb

n ,��(<

n /�� :��(<��

n '�� n ��

n ,��("H�I�9;#$("�I�:��7��1-.�2

n ��:�� ;��:��5��1�!�!��.��;�2�n �� ?�� .��1�!�!��.�#(!@��0�E��!2

n �� ?�� (7��1�!�!��032�

��"#$��%�&' �� #<

.��G��?��

��"#$��%�&' �� #"

��1��2

n '��7G��.��1�� 2n ��;��5�7��

n /��<;<��;

n *�� 1(";("��2

n �� 5�� ;� ��5�� ;��1��:��2

n ��%��%��*�J�**

n �� 1K��L�� 2n ("��:��

n :�� deceptivedeceptivedeceptive

n �� wearediscoveredsaveyourself

n �� ZICVTWQNGRZGVTWAVZHCQYGLMGJ

n .��7:��1:��F��MM��;�2

n &��7�� n ��%%**��1.�*�'�2��N��1��2

��"#$��%�&' �� #@

)��70��

n *��!�K�� 1�0J0��#E#C2��N!�'��

n ��n .�� F�� ⊕ :�n ��

�� ;��;��:��:��n -�� F�� ⊕ :�n ,��?�� ;�

n )��70��:��n ��5��;� ��;�

n .;��1K��L�� )��70��2�n �� ANKYODKYUREPFJBYOJDSPLREYIUN

n ��7#�15��:#2� MR MUSTARD WITH THE CANDLE

n ��7(�15��:(2�� MISS SCARLET WITH THE KNIFE

n ��:��5��J��

��"#$��%�&' �� #C

0��+��0��?��

n /��;��

n .;�� ?��mematrhtgpry

etefeteoaat

n ��;��n ,�� 4312567

n �� attackp

ostponeduntilt

woamxyz

n �� TTNAAPTMTSUOAODWCOIXKNLYPETZ

n ��:��+�� ?��

n *��7��

��"#$��%�&' �� #E

0��>�/��:�.��

n ,��=��n 0��FI��

n /��:��=��n 0��:��1��;��;�2

n '��=��"9��

n ��n )��7��7��

n '��:��5��>��:��

n . ��+��

n 3�5��n ��1��:2�J��1��:2

n '��

� ��1��5��:2��

��"#$��%�&' �� ($

-��.��1-.�2

n -��*/'� ��

n /��G�� 1"97��#(C7��:��#E@#2

n 0��/�� n '�� 15�� 2�

n "97��:��=��<"��:��

n ��:��=��; ��

n ��#E@@��-.��1�*��/�9"��*�O4!E(2�� #EE9� ��<��

n &��.�

L0 R0

Plaintext: 64

IP

f K1

R2 = L1 ⊕ f(R1, K2)

R1 = L0 ⊕ f(R0, K1)L1 = R0

f K2

L2 = R1

R15 = L14 ⊕ f(R14, K15)L15 = R14

f K16

IP-1

Ciphertext

L16 = R15R16 = L15 ⊕ f(R15, K16)

3232

48

Li = Ri-1

Ri = Li-1 ⊕ f(Ri-1, Ki)

-.��

��"#$��%�&' �� ((

Li-1 Ri-1

Ri = Li-1 ⊕ f(Ri-1, Ki)Li = Ri-1

Expansion Permutation

S-Box Substitution

P-Box Permutation

Key (56 bits)

Shift Shift

Compression Permutation

Key (56 bits)

32 32

28 28

48

)��-.��&��

��"#$��%�&' �� (4

�7/�;��

48-Bit Input

S-Box 1 S-Box 2 S-Box 3 S-Box 4 S-Box 5 S-Box 6 S-Box 7 S-Box 8

32-Bit Output

n �7/�;�� -.��

n �7/�;��9;#"��

n *��"��

n (��1#+92

n 9��

n )��9��

n �7/�;��=��-� ��

��"#$��%�&' �� (9

-��+0��-.�

n -��-.�n K��'��7��7��7'��:�P-3@@Q

n 0��-.�n ��5��:��,# ��,(

n ��5��-.��1,#F,(2

n ��*�)�C@4(��.'��OE!#@

E EX C

K1 K2

P

D DX P

K2 K1

C

E DA B

K1 K2

P E

K1

C

D EA B

K1 K2

C D

K1

E

��"#$��%�&' �� (<

G��+-� ��

n -� ��n A&��B ��.!�/�� J��!�� #EE$

n /��7��;��:�n ��=�� 5��;�� 5��;� 5��:��5�� ;��

n 0�� :��

n C7��-.��:��5��(#9��;�

n #"7��-.��?��(9@��;�

n -.��:��:�� :

n G��n ��;�� -.��1'!�'��#EE42

n *-.�� 1�.�2�5�� :�� :

n ��'��4��:�� :n �*'��:�� FI��'��

��"#$��%�&' �� ("

/��:��-.�

n .��A-.��:��'��B P#EECQn ��:��

n *��5��;�

n ��n ��

n �� -.��(9��+��;�"9��+��;�(@��

n ��5��n ��E(��:��

n ��:��9!<�� :��

n ��n R#4$>$$$�1��!2

n RC$>$$$�1�� 2�

��"#$��%�&' �� (@

*��-��.��1*-.�2

n -��O� G��J�N��'��1.03�S��5��=��2

n ��n "97��:��

n #(C7��:��

n ��O)&��D��(#"��;��(#"D#

n #@��1��C��2

n �� 5��(�� -.�

n ��

n ��1�;��($##2

��"#$��%�&' �� (C

0��.��1�.�2��7 &�T��

n -��&�T��7-�� 1/��2�

n ,��=��#(C+#E(+(<"��

n /��:��=��#(C��

n �� n 0��9�� 9��

n )��:��

n -��n &��:��5��:

n ��

n -��

��"#$��%�&' �� (E

�.�

n ��#"��

n .�� (CF��1(C2

n �(C� �� (<"��n )��

n .�� (C ��5�� @�5�� U$��#V

n �� O)&

n '��;CD�;9D�;4D;D#

�4�4�4�(�4�#�4�$

�(�4�(�(�(�#�(�$

�#�4�#�(�#�#�#�$

�$�4�$�(�$�#�$�$

��"#$��%�&' �� 4$

�.��)��

#!*��=� �� ← ;�⊕ &��,��W�

(! �� 7#��#!��/��1��2W(!�� &�51��2W4!'�;��1��2W9!��&��,��1��2W

4! G��#!��/��1��2W(!�� &�51��2W4!��&��,��1��2W

9!)�� ← ��

��"#$��%�&' �� 4#

*��

n �� C7��n ��5��:�� (<"��

n �� 5��

n ��:��5��:��O)&

n ��;��?��;��1(C2�5��5��:�� :��

��"#$��%�&' �� 4(

*��

n �� 4(7��n �� 4(7��5��

n ��7��9�� (<"75��

n ��9��:��D�9�O)&

n �� #",��

n -�� 5��:�� .��

��"#$��%�&' �� 44

.��'��

.��:�1.�/2

encrypt

P1

C1

Kencrypt

P2

C2

Kencrypt

PN

CN

K...

decrypt

C1

P1

Kdecrypt

C2

P2

Kdecrypt

CN

PN

K...

��"#$��%�&' �� 49

.��'��/��:��1�/�2

Encrypt

P1

C1

K

IV

Encrypt

C2

K ...

P2

Encrypt

CN

K

PNCN-1

Decrypt

C1

P1

IV

Decrypt

C2

P2

K KDecrypt

CN

K

PN

CN-1

...

.��'��:�1��/2

Encrypt

P1

K

64-j bits | j bits

j bits | 64- j bits

64

64

jj j C1

Encrypt

P2

K

j bits | 64- j bits

64

64

jj C2

...

PNj

j j CN

CN-1Shift register64-j bits | j bits

SR

EncryptK

j bits | 64- j bits

64

64

64-j bits | j bitsSR

j

Encrypt

P1

K

64-j bits | j bits

j bits | 64- j bits

64

64

jj j C1

Encrypt

P2

K

j bits | 64- j bits

64

64

jj C2

...

PNj

j j CN

CN-1Shift register64-j bits | j bits

SR

EncryptK

j bits | 64- j bits

64

64


j

.��'��)��:�1)�/2

Encrypt

P1

K

64-j bits | j bits

j bits | 64- j bits

64

64

jj j C1

Encrypt

P2

K

j bits | 64- j bits

64

64

jj C2

...

PNj

j j CN

ON-1Shift register64-j bits | j bits

SR

EncryptK

j bits | 64- j bits

64

64


j

Encrypt

C1

K

64-j bits | j bits

j bits | 64- j bits

64

64

jj j P1

Encrypt

C2

K

j bits | 64- j bits

64

64

jj P2

...

CNj

j j PN

ON-1Shift register64-j bits | j bits

SR

EncryptK

j bits | 64- j bits

64

64


j

��"#$��%�&' �� 4@

��1�0&2

n ��)�/�� :��

n '�� :��J�� ;��:�1��2Ci = Pi XOR OiOi = DESK1(i)

n ��7��5��:��

��"#$��%�&' �� 4C

*��!�)��/�74-.�

n %�� 4-.��5��/��!��6

��"#$��%�&' �� 4E

'��1'��2��.��

n ��'��*��1'*�2

n ��n -�� :��

n ��?��n ��/��:�1��2��5��;��

n �� D��

n ��5��:��1�� /�� /��2

n �� /��

n ��5��?��'��?��3'��

��"#$��%�&' �� 9$

3��'��-��

n ��n *��n )��:�1�� 2n ��

n .;��++555!�� !��+?��:��+��:!��n ��3��1�3�7#��3�7(2��*�0n '-(��'-9��'-<��&��&�� P&��#4#E��#4($��#4(#Qn �3�7#��#"$��n �3�7(��(<"74C97<#(��

n ��n '��3�56��6�8 3'��n ��56n .��56

��"#$��%�&' �� 9#

3'��

n 3'��,1;2�F��3�7#11,⊕��2�M��3�7#11,⊕��2M;22n �� F�4"4"84"W�� F�<�<�8<�

n ��n �3�7#��'��

��"#$��%�&' �� 9(

'��-��<�1'-<2��&!�&�� P&��#4(#Q

n *��

n )��#(C7��

n '��:�� <#(��1�� 2

n ��n -��/��:

n ��5�� '-<��3�7$�� 3�7#

n ��7�� 3�7$��.��/��&� � �� ($$9

n ��++555!�!��!��!�+X��+��!��

n �� 3��'-9��'-<��3�K�G7#(C��&*�.'-

n O�� %��-�� O��T�� G��3�� Y�

n ��++��!��!��+($$9+#EE!��

��"#$��%�&' �� 94

/��:

n *��"97��6n /�� #��FI�#$#4 ��4$$��

n /�� n .;��5��5�� (4��6��I�$!<

n �� n ��(

�+( �� 5��

n ��(�+( ��

n �5�� 5��1��I�$!<��;2

n �� 5��5��

n ��'��

��"#$��%�&' �� 99

��,��

��"#$��%�&' �� 9<

��

n *��-� �� 3�� P-3@"Qn %��-.��5�� =��

n ��5��1X#$$$��2

n ��n ��?��:��

n ��1��7��2

Public KeyPublic Key Encrypted MessageEncrypted Message Private KeyPrivate Key

��"#$��%�&' �� 9"

'��

n '��n .!�!��4�D�<�F�#��@

n '��n .!�!��4�Z�9�F�<��@

n '��;��n .!�!��44 F�"��@

n ��&��+��8

��"#$��%�&' �� 9@

&��P&��@CQ

n ��

n ��

n &��

n � �� !��"�#��"��

n �� φφφφ��$%��$%� ��"��

n � �!��#��φφφφ�� % �%&�&φφφφ�� "��

n ��$%��φφφφ��

n -1.1'22�F�'�� F�':φ1�2D#�F�' ��'��

��"#$��%�&' �� 9C

��

n -�� 1��2�

n π1;2�X�;+�1;2n �� .��L��

n 0�� [&01�2��

n ��>�G��0��

n ��7# F�#��

n ��7��

n * �� <$\�� 5��n �1�7#2+( F�N1��2��

n &��7'��

n * �� @<\�� ]��n �� 7#�F�(��F�±#�� ()��(� F�7#�� ]�

n �� =��&��3��

n -�� P��5��,��;��>($$(Q

��"#$��%�&' �� 9E

�� &��

n .��1��5��/2�n � ��:�� / ��' 1�!�!��./1'22

n ��/ ��:��/ ��'�1�!�!��' F�-/1'2�

n -��1��5��/2�n /�� .�1-�1'22�F�-�1.�1'22

n � ��' ��:��1�!�!��-�1'22��/

n / ��:��.�1-�1'22��F�'

n �� :��

��"#$��%�&' �� <$

-� ��73�� ,��.;��Private: APrivate: A

n /��

n %��:��;�� 1�?2

Private: BPrivate: BPublicPublic

xx

compute:compute:aaxx mod pmod p

receive:receive:aayy mod pmod p

Compute shared key:Compute shared key:(a(ay y )) xx mod pmod p

yy

compute:compute:aayy mod pmod p

receive:receive:aaxx mod pmod p

Compute shared key:Compute shared key:(a(ax x )) yy mod pmod p

p: prime number,p: prime number,a: primitive element of GF(p)a: primitive element of GF(p)

��"#$��%�&' �� <#

��:��-� ��73�� ,��*��

n �� n ��*��:��1&�� J�� #EC92

Ax

By

I (intruder)z

ax

az

az

ay

Shared key: KAI=axz Shared key: KBI=ayz

Message encrypted using KAI

Decrypt using KAI +Decrypt using KBI

Man-in-the-Middle Attack

��"#$��%�&' �� <(

.�� n ��

n �� 1��2n �]�� 1��2n ;]�� 1��2n � F�; �� 1��2�

n .�� '�n ��: ]��7#n ��F��: ��n ��F��:' ��

n -��n ' F��+�: ��F��+�;: ��F��+�;

n '��n ��: ��5��7#n ��' F�1;� D�:�2��1�7#2 1�;��.��2n ��1'2 F�1��2n �� F��' ��

��"#$��%�&' �� <4

,��:

n *��&!�'��:�

n /�� ,��:��1,��:��7��2n �� F�1�#��(��8��2 1�?!�*��2�

n ��;�� ; F�1;#��;(��8��;�2 1�?!�/��2

n ��;�� F��#;#D�(;(D8D��;�n ��F�5�>� ��>�I�>#D8D�>�7#��I�>#D8D�>�n 5 ��5��

n )��7��,��:�5��:��!�� #EC(

n �� ,��:�5��:��

��"#$��%�&' �� <9

)��

n .��1.��2

n S��,��5��

��"#$��%�&' �� <<

��

n �� n ��

n ��

n *��n '��

n ��n ��

n ��n ��

n ��7��

��"#$��%�&' �� <"

[��

n 3�5��:��-.�6

n 3�5��:��=��.�6

n *��;�� -.�6��.�6

n * �� ;� ��C7��/��5� ��6

˘ˇ ˘ ˆ ˇ - ccs.neu.edu · .ˇ ’ Message source Encryption Algorithm Decryption Algorithm Encryption Key Decryption Key Message Destination Plaintext Ciphertext PPllaaiintext

Documents