Computer Security: Computer Security: Principles and Practice Principles and Practice First Edition First Edition by William Stallings and Lawrie Brown by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown Chapter 19 Chapter 19 – – Symmetric Encryption Symmetric Encryption and Message Confidentiality and Message Confidentiality
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Computer Security: Computer Security: Principles and PracticePrinciples and Practice
First EditionFirst Editionby William Stallings and Lawrie Brownby William Stallings and Lawrie Brown
Lecture slides by Lawrie BrownLecture slides by Lawrie Brown
Chapter 19 Chapter 19 –– Symmetric Encryption Symmetric Encryption and Message Confidentialityand Message Confidentiality
Symmetric Encryption and Symmetric Encryption and Message ConfidentialityMessage Confidentiality
also known as: conventional encryption, secretalso known as: conventional encryption, secret--key, or singlekey, or single--key encryptionkey encryption
only alternative before publiconly alternative before public--key crypto in 70key crypto in 70’’ssstill most widely usedstill most widely used alternativealternativehas ingredients: plaintext, encryption algorithm, secret has ingredients: plaintext, encryption algorithm, secret key, key, ciphertextciphertext, and decryption algorithm, and decryption algorithm
generically classified along dimensions of:generically classified along dimensions of:1.1. type of operations usedtype of operations used2.2. number of keys usednumber of keys used3.3. way in which the plaintext is processedway in which the plaintext is processed
CryptanalysisCryptanalysis
attacks:attacks:ciphertextciphertext only only -- least info, hardestleast info, hardestknown plaintext known plaintext -- some plain/cipher pairssome plain/cipher pairschosen plaintext chosen plaintext -- get own plain/cipher pairsget own plain/cipher pairschosen chosen ciphertextciphertext -- rarerrarerchosen text chosen text -- rarerrarer
only weak only weak algsalgs fail a fail a ciphertextciphertext--only attackonly attackusually design usually design algsalgs to withstand a knownto withstand a known--plaintext attackplaintext attack
Computationally Secure Computationally Secure AlgsAlgs
encryption is computationally secure if:encryption is computationally secure if:cost of breaking cipher exceeds info valuecost of breaking cipher exceeds info valuetime required to break cipher exceeds the time required to break cipher exceeds the useful lifetime of the infouseful lifetime of the info
usually very difficult to estimate the usually very difficult to estimate the amount of effort required to breakamount of effort required to breakcan estimate time/cost of a brutecan estimate time/cost of a brute--force force attack (see Ch 2)attack (see Ch 2)
FeistelFeistelCipher Cipher
StructureStructure
Block Cipher StructureBlock Cipher Structurehave a general iterative block cipher structurehave a general iterative block cipher structure
with a sequence of roundswith a sequence of roundswith substitutions / permutations controlled by keywith substitutions / permutations controlled by key
parameters and design features:parameters and design features:block sizeblock sizekey sizekey sizenumber of roundsnumber of roundssubkeysubkey generation algorithmgeneration algorithmround functionround functionalso: fast software en/decrypt, ease of analysisalso: fast software en/decrypt, ease of analysis
Data Encryption Standard Data Encryption Standard (DES)(DES)
Triple DES (3DES)Triple DES (3DES)first used in financial applicationsfirst used in financial applicationsin DES FIPS PUB 46in DES FIPS PUB 46--3 standard of 19993 standard of 1999uses three keys & three DES executions:uses three keys & three DES executions:
CC = E(= E(KK33, D(, D(KK22, E(, E(KK11, , PP))))))decryption same with keys reverseddecryption same with keys reverseduse of decryption in second stage gives use of decryption in second stage gives compatibility with original DES userscompatibility with original DES userseffective 168effective 168--bit key length, slow, securebit key length, slow, secureAES will eventually replace 3DESAES will eventually replace 3DES
Advanced Advanced Encryption Encryption Standard Standard
(AES)(AES)
AES Round StructureAES Round Structure
Substitute BytesSubstitute Bytes
a simple table lookup in Sa simple table lookup in S--boxboxa 16a 16××16 matrix of byte values16 matrix of byte valuesmapping old byte to a new valuemapping old byte to a new value•• e.g. {95} maps to {2A}e.g. {95} maps to {2A}
a permutation of all possible 256 8a permutation of all possible 256 8--bit valuesbit valuesconstructed using finite field propertiesconstructed using finite field properties
designed to be resistant to known designed to be resistant to known cryptanalytic attackscryptanalytic attacks
decrypt uses inverse of Sdecrypt uses inverse of S--boxbox
Shift RowsShift Rows
on encrypt left rotate each row of State by on encrypt left rotate each row of State by 0,1,2,3 bytes respectively0,1,2,3 bytes respectivelydecrypt does reversedecrypt does reverseto move individual bytes from one column to move individual bytes from one column to another and spread bytes over columnsto another and spread bytes over columns
Mix Columns & Add KeyMix Columns & Add KeyMix ColumnsMix Columns
operates on each column individuallyoperates on each column individuallymapping each byte to a new value that is a mapping each byte to a new value that is a function of all four bytes in the columnfunction of all four bytes in the columnuse of equations over finite fieldsuse of equations over finite fieldsto provide good mixing of bytes in columnto provide good mixing of bytes in column
Add Round KeyAdd Round Keysimply XOR State with bits of expanded keysimply XOR State with bits of expanded keysecurity from complexity of round key security from complexity of round key expansion and other stages of AESexpansion and other stages of AES
Stream CiphersStream Ciphers
processes input elements continuouslyprocesses input elements continuouslykey input to a pseudorandom bit generatorkey input to a pseudorandom bit generator
produces stream of random like numbersproduces stream of random like numbersunpredictable without knowing input keyunpredictable without knowing input keyXOR XOR keystreamkeystream output with plaintext bytesoutput with plaintext bytes
are faster and use far less codeare faster and use far less codedesign considerations:design considerations:
encryption sequence should have a large periodencryption sequence should have a large periodkeystreamkeystream approximates random number propertiesapproximates random number propertiesuses a sufficiently long keyuses a sufficiently long key
RC4RC4
Modes of OperationModes of Operation
block ciphers process data in blocksblock ciphers process data in blockse.g. 64e.g. 64--bits (DES, 3DES) or 128bits (DES, 3DES) or 128--bits (AES)bits (AES)
for longer messages must break upfor longer messages must break upand possibly pad end to and possibly pad end to blocksizeblocksize multiplemultiple
have 5 fivehave 5 five modes of operationmodes of operation for thisfor thisdefined in NIST SP 800defined in NIST SP 800--38A38Amodes are: ECB, CBC, CFB, OFB, CTRmodes are: ECB, CBC, CFB, OFB, CTR
Electronic Codebook (ECB)Electronic Codebook (ECB)
simplest modesimplest modesplit plaintext into blockssplit plaintext into blocksencrypt each block using the same keyencrypt each block using the same key““codebookcodebook”” because have unique because have unique ciphertextciphertext value for each plaintext blockvalue for each plaintext block
not secure for long messages since repeated not secure for long messages since repeated plaintext is seen in repeated plaintext is seen in repeated ciphertextciphertext
Cipher Block Chaining (CBC)Cipher Block Chaining (CBC)
Cipher Feedback (CFB)Cipher Feedback (CFB)
Counter (CTR)Counter (CTR)
Location of EncryptionLocation of Encryption
Key DistributionKey Distributionsymmetric crypto needs a shared key:symmetric crypto needs a shared key:two parties A & B can achieve this by:two parties A & B can achieve this by:
A selects key, physically delivers to BA selects key, physically delivers to B3rd party select keys, physically delivers to A, B3rd party select keys, physically delivers to A, B•• reasonable for link crypto, bad for large noreasonable for link crypto, bad for large no’’s userss users
A selects new key, sends encrypted using A selects new key, sends encrypted using previous old key to Bprevious old key to B•• good for either, but security fails if any key discoveredgood for either, but security fails if any key discovered
3rd party C selects key, sends encrypted to 3rd party C selects key, sends encrypted to each of A & B using existing key with eacheach of A & B using existing key with each•• best for endbest for end--toto--end encryptionend encryption
Key DistributionKey Distribution
SummarySummary
introduced symmetric encryption basicsintroduced symmetric encryption basicsDES, 3DES and AESDES, 3DES and AESstream ciphers and RC4stream ciphers and RC4modes of operationmodes of operationlocation of encryptionlocation of encryptionkey distributionkey distribution
Related Documents
