Encryption - NCATwilliams.comp.ncat.edu/COMP620/Encryption1.pdf · Advanced Encryption Standard •AES is also known as the Rijndael algorithm •Selected in 2000 as the new standard

EncryptionCOMP620 Information Privacy

& Security

“There are two types of encryption: one that will

prevent your sister from reading your diary and

one that will prevent your government.”

Bruce Schneier

Cryptography

• Cryptography in general represents the process of encrypting a plain-text file into unreadable cipher text so that it can be stored and decrypted by the intended recipient

• Plaintext can be any bunch of bits, text, graphics, program, etc.

Plaintext Encryption Decryption Plaintext

Key Key

Historical Encoding• People have been writing secret messages for millennia

• The Caesar cipher (shift cipher) is said to have been used by Julius Caesar

• Computational efficiency was very important before computers

Encryption Media

• Encryption can be used to secure information sent over a network (data in motion)

• Encryption can also be used to secure data stored on a computer (data at rest)

Caesar or Shift Cipher

• The letters of the alphabet are shifted by a fixed amount

• Key is the number of letters to shift

• Can easily be defeated by trying all 26 possible shifts

Decryption by Brute Force

• Frpsxwhuv duh ixq

• Eqorwvgtu ctg hwp

• Dpnqvufst bsf gvo

• Computers are fun

Types of AttacksWe assume that an adversary knows the encryption algorithm and has:

• Ciphertext only – samples of ciphertext without information about the content

• Known plaintext – examples of ciphertext and the corresponding plaintext

• Chosen plaintext – adversary can get ciphertext samples of plaintext of their choosing

Substitution Cipher

• Letters are mapped to symbols or letters

• Key – An alphabetical list of the symbols

• There are 26! = 4x1026 possible keys

A known plaintext attack against asubstitution cipher takes per character

A. O(1)

B. O(n)

C. O(n2)

D. O(2n)

Letter FrequencyThe frequency of the use of a letter in English

The frequency of letter pair, triples, and short words are also available on the web

Cipher Text

What does this say?

welcome to north carolina

agricultural and technical

state university! as you

explore our website, you will have the opportunity to

discover a&t’s rich and storied history and learn about our

award-winning faculty, intensive research programs, and student-led community service

initiatives.

Chancellor Martin

Effectiveness of Frequency Decryption

• Sample substitution cipher text was partially decrypted using only the letter frequency.

Guess what it sayswelrome to nohtu raholina abhirdltdhal anc

teruniral state dnipehsitg! as god ekylohe

odh wevsite, god will uape tue oyyohtdnitg

to cisropeh a&t’s hiru anc stohiec uistohg

anc leahn avodt odh awahc-winninb fardltg,

intensipe heseahru yhobhams, anc stdcent-

lec rommdnitg sehpire initiatipes.

Chancellor Martin

Original Text

welcome to north carolina agricultural and

technical state university! as you explore

our website, you will have the opportunity

to discover a&t’s rich and storied history

and learn about our award-winning faculty,

intensive research programs, and student-

led community service initiatives.

Chancellor Martin

A cipher is a

A. many to one mapping

B. one to one mapping

C. one to many mapping

D. no mapping at all

between plaintext and ciphertext.

Vigenère Cipher

• Originally described by GiovanBattista Bellaso in 1553

• A text key is repeated for the length of plaintext

Ci = (Pi + Ki) mod 26 to encrypt

Pi = (Ci - Ki) mod 26 to decrypt

welcometonorthcarolina plaintext

informationprivacyinfo key

erqqfyemwbbgkpxatmtvso ciphertext

Vigenère Cryptanalysis

• For long text and short keys, character frequency analysis provides a lot of information

• Sometimes the same plaintext letter will be encrypted by the same key character

• Statistical analysis on the frequency and distance between matches gives an indication of the key size

Running key cipher

• The running key cipher is similar to the Vigenèrecipher, but a long, non-repeating key is used

• Typically the key is some common publication, such as a book or periodical

• Example using well known C bookPlaintext: f l e e a t o n c e w e a r e d i s c o v e r e d

Running key: E R R O R S C A N O C C U R I N S E V E R A L P L

Ciphertext: J C V S R L Q N P S Y G U I M Q A W X S M E C T O

One-Time Pad

• With one-time pad encryption, the bit stream of the message is XOR with a random key

• The key must be at least as long as the message so it is not repeated

• The key must be truly random, not just pseudo-random

Perfect Encryption

• One-time pad is a perfect encryption technique that cannot be broken

• A given cipher text can be decrypted into any possible plain text by using the appropriate key

011001010 cipher text

010101010 with key 001100000

000011111 with key 011010101

Running Key Analysis

• If the key text for the running key is perfectly random, then it is the same as one-time pad

• Usually human text is far from random making it a relatively poor key

• If you know part of the plaintext, you can subtract it along the whole string and look for readable text, which is probably part of the key

Diffusion and Confusion

• Diffusion – spread the plain text data across the cipher text. A byte of plain text should impact many bytes of cipher text

– With DES and AES, if you change one bit on the plaintext, it will change about half the ciphertext bits

• Confusion – change the bits of the plain text according to some rule

Types of Encryption

• Symmetric Key or Secret Key

– The encryption key is the same as the decryption key

– Sender and receiver have to securely share a key

• Asymmetric Key or Public Key

– The key to decrypt is different, but related to, the key to encrypt

– The encryption key can be made public while the decryption key is kept secret

Symmetric Key Cryptography• Keys exchanged prior to communications

• Key to encrypt message is the same as key to decrypt

• DES and AES are examples of Symmetric Key Cryptography

Plaintext

D

Secret Key Same Secret Key

E

Plaintext Ciphertext

Network

Ciphertext

User1 User2

Asymmetric Key Cryptography

• Public key different from private key

• RSA encryption is an example of Asymmetric Key Cryptography

Plaintext

D

Private Key

E

Plaintext Ciphertext

Network

Ciphertext

User1User2

Remote Public Key Directory:

User2

Why Publish a Standard?

• The Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms are published and well known

• Why not keep the algorithm secret?

• To be useful, others have to implement it

• A good encryption algorithm will allow only those with a key to access the data. Knowing the algorithm does not give you access.

Encryption Performance

• RSA asymmetric key encryption is slower than DES or AES

• DES and AES are easy to implement in hardware

• AES can be efficiently implemented in software

• Hybrid encryption uses both asymmetric and symmetric key systems

Key Strength

• The longer they key, the harder it is to defeat the encryption by brute force

• If the key is n bits, it requires 2n guesses to try all possible keys. You are likely to guess correctly in 2n-1 tries.

• Asymmetric key algorithms require a mathematical relation between the keys so not every bit string can be a key

Key Lengths

• DES uses a 56 bit key

• Triple DES or DES3 uses two DES keys for a total of 112 bits

• AES uses 128, 192 or 256 bit keys

• RSA uses variable length keys, frequently 512, 1024 or 2K bits in length

Substitution Permutation Ciphers

• A Substitution Permutation encryption algorithm typically involves three phases, which are often repeated

• Substitution – the substitution of a bit pattern with another

• Permutation – the rearrangement of the bits

• Exclusive OR with a key

• DES and AES are forms of Substitution Permutation ciphers

Substitution Permutation stages

• The K box XORs the input with the key for that round

• The S box performs a substitution

diagram from “Cryptography Theory and Practice”, 3rd ed. by Douglas Stinson

S Box

• An S box performs a substitution.

• The substitution can be efficiently implemented by a look up table

• Example of a 3 bit to 3 bit substitution

input 000 001 010 011 100 101 110 111output 101 010 110 000 111 001 011 100

S Box Expansion or Contraction

• The number of bits on the input of an S box does not have to match the number of bits on the output

• Example of a 3 bit input with 2 bit output

input 000 001 010 011 100 101 110 111output 10 01 11 01 11 00 10 00

An S-Box uses

A. Substitution cipher

B. XOR

C. Shift

D. Magic

Permutation Expansion

• The number of bits on the output of a permutation does not need to match the input

• Some input bits can go to multiple output bits

Key Stages

• The key used at each stage is a function of the original key

• Before each stage the key is modified to produce a unique key for that stage

• Some stages might use only some of the key bits

Data Encryption Standard

• Originally developed by IBM

• Adopted as a standard in 1977

• Was the most widely used cryptosystem in the world

• DES uses a 56 bit key

• 64 bit blocks of data are encrypted

DES Algorithm

• DES is a substitution permutation cipher

• There are 16 stages

• The data is split into the left and right half. Each 32 bit half is handled differently

• The 56 bit key is divided into two 28 bit halves which are used to create unique 48 bit keys for each stage

DES Stage

DES Key Schedule

• The 56 bit key is split into two 28 bit halves

• Each half is rotated 1 or 2 bits to the left

• 48 of the 56 bits are selected for the stage key

• Each bit is used in 14 of the 16 stages

Brute Force Decryption

• Brute force tries all possible keys

• In 1998 the Electronic Frontier Foundation built a device that could brute-force a DES key in a little more than 2 days

DES Effectiveness

• Analysis has found a few weaknesses in DES

• Differential cryptanalysis can find the key with 247

chosen plaintext/ciphertext pairs

• The DES key is too short

• Brute force attacks can defeat DES

Brute Force Time Estimate

If you can try 1 million keys a second, how long does it take to try 247 keys?

A. 10 hours

B. 4 months

C. 4 ½ years

D. 47 years

Triple DES

• To improve security while still using DES, triple DES is usually used.

ciphertext = EKey3(DKey2(EKey1(plaintext)))

• The three keys can be:

– All different – best security using 168 bit keys

– Key1 = Key3, Key2 different – Good with 112 bit keys

– All identical – same as single DES

Advanced Encryption Standard

• AES is also known as the Rijndael algorithm

• Selected in 2000 as the new standard after an open international competition

• Created by Belgian researchers Rijmen and Daemen

• Available world-wide royalty free

• AES encrypts blocks of 128 bits

• Keys can be either 128 bits, 194 bits or 256 bits

• AES operates on a 4×4 array of bytes, termed the state

Multiple Rounds or Stages

• 10 rounds for 128-bit keys

• 12 rounds for 192-bit keys

• 14 rounds for 256-bit keys

AES Algorithm

Initial Stage

• AddRoundKey

Each Stage

• SubBytes—a substitution step

• ShiftRows—rows are shifted cyclically

• MixColumns—each column of the state is multiplied with a fixed polynomial

• AddRoundKey—each byte is XOR with the stage key

Final Stage(no MixColumns)

• SubBytes

• ShiftRows

• AddRoundKey

AddRoundKey Step

• Each byte of the data is XOR with the key for that stage

SubBytes Step

• Each byte in the array is updated using an 8 bit substitution box, the Rijndael S-box.

ShiftRows Step

• This cyclically shifts the bytes in each row by a certain offset.

MixColumns Step

• Each column is multiplied by a fixed polynomial. All four input bytes determine the four output bytes.

AES Implementation• It is possible to speed up execution of this cipher by

combining SubBytes and ShiftRows with MixColumns, and transforming them into a sequence of table lookups

• This requires 4KB of lookup tables

• A stage can now be done with 16 table lookups and 12 XOR, followed by four XOR in the AddRoundKey step

• Intel and AMD have added instructions to their processors to perform an AES stage

AES Security

• There have been no published methods that practically defeat AES better than brute force

• An attack was found that allows an attacker to defeat the encryption 4 times faster than brute force

• The Snowden documents claim the NSA is looking into techniques to defeat AES

What is one fourth of 2256?

A. 264

B. 0.5256

C. 2252

D. 2254