IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.

IT 221:Conventional Encryption Algorithms and Ensuring Confidentiality

Lecture 3: Conventional Encryption Algorithms and Ensuring

ConfidentialityFor Educational Purposes Only

Revised: September 4, 2002

2August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only

Encryption Question

•Context: You are an IT project manager, overseeing a blended staff of 5 network engineers and administrators. The CIO of your organization recently tasked your group to design a secure platform to support an enterprise wide Content Management solution. It is your responsibility to consider, and account for, the security implications of having financially sensitive documents stored in a common repository.

• Questions: What types of security issues should your team take when designing your solution?

What specific measures would you use/employ to thwart certain types of attacks or vulnerabilities?


• Chapter 2 & 3 Review:Model of Conventional Encryption ProcessCryptography DefinedExample 1: Caesar CipherExample 2: Columnar TranspositionCharacteristics of ‘Good’ CiphersStream and Block CiphersFeistel DES

Chapter 2 & 3 Review


• Chapter 4:Context and ChallengesAlternative and Variant ApproachesDouble DESMeet-in-the-Middle AttacksTriple DESTriple DES with Three KeysOther Symmetric Block Ciphers

Chapter 4 Outline


Context and Challenges

•Context: DES is the most widely used encryption scheme:

-Block cipher that processes plaintext in 64-bit blocks.

-Uses keys of 56-bits in length.

-Achieves its strength from repeated rounds of substitution and permutation.

•Challenges: The size of the key makes the algorithm vulnerable to brute force attacks.

There are methods for increasing the effective length of a DES key, which requires no change to the algorithm itself. [1]


Alternative Approaches

•Alternatives Approaches: Alternative 1: Given DES’ potential vulnerability to brute force attacks, one approach is to design a completely new algorithm, e.g. Blowfish and RC5. [2]

Alternative 2: An alternative approach is to preserve the existing investment in software and equipment, and to use multiple encryption with DES with multiple keys, e.g. Double and Triple DES [2].


Double DES

•Double DES: Driving Logic: A reasonable approach to overcome the security vulnerabilities of using a single 56-bit key, may involve using two keys. If somehow an exhaustive search defeats one key, the second key should double the time required to break [1]

-Given a plaintext P and two keys K1 and K2, ciphertext C can be generated as: C = EK2(EK1(P)) [2]

Pitfalls: Believed to provide the effect of a 112-bit key (or 2^112 trials). But it is believed that the chosen Plaintext can be revealed in 2^57 trials, i.e. the second key providing virtually no security.[1]

-Given any two keys K1 and K2, it would be possible to find a key K3 such that: C = EK2(EK1(P)) = (EK3(P)) [2]

-Susceptible to Meet-in-the-Middle Attacks


Meet-in-the-Middle Attacks

• Meet-in-the-Middle Attacks: Observation: Given a double-encrypted plaintext:

EK2(EK1(P)), then

X = EK1(P) = DK2(C)

Attack Approach: Given a known pair (P, C), the attack proceeds as follows [2]:

-Encrypt P for all 2^56 possible values of K1

-Store results in a table and sort the table by the values of x

-Next, decrypt C using all 2 ^56 possible values of K2

-As each decryption is produced, check the result against the table.

-If two matching keys produce the correct ciphertext, they are to be accepted as the correct keys.


Triple DES

•Triple DES:

(1) Counteracts Meet-in-the-Middle Attacks by using three stages.

(2) Plaintext gets encrypted, decrypted, and then encrypted – using a total of two keys:

C= EK1(DK2 (EK1(P)))

(3) No significance in using decryption for the 2nd stage; it only allows users of triple DES to decrypt data encrypted by users of the older single DES:

C= EK1(DK2 (EK1(P))) = EK1(P)


Triple DES with Three Keys

• Triple DES with Three Keys: Some researchers feel that three distinct key triple DES is a preferred approach:

-Has an effective key length of 168 Bits

-Express as:

C= EK3(DK2 (EK1(P)))

A number of Internet-based apps have adopted this approach: PGP, S/MIME


Other Symmetric Block Ciphers

• Other Symmetric Block Ciphers:

International Data Encryption Algorithm (IDEA)

-128-bit key

-Used in PGP

Blowfish -Easy to implement

-High execution speed

-Run in less than 5K of memory

RC5-Suitable for hardware and software–Fast, simple-Variable number of rounds–Variable-length key–Low memory requirement


• Chapter 5:BackgroundPotential Locations for Confidentiality AttacksActive and Passive AttacksLink versus End-to-End AttacksTraffic ConfidentialityLink Encryption ApproachEnd-to-End Encryption ApproachKey DistributionAutomatic Key DistributionResources

Chapter 5 Outline


Background

•Background: The focus of cryptography has historically been the use of encryption to provide confidentiality. [2]

The last couple of decades have introduced other considerations, such as authentication, digital signatures, and the use of public key encryption. [2]


Potential Locations for Confidentiality Attacks

•Potential Locations for Confidentiality Attacks: Workstations: In most organizations, workstations are attached to LANs. Users can typically reach other workstations, hosts, and servers directly on the LAN or on other LANs that are interconnect via routers and/or bridges. [2].

LAN: Intruders may gain access to a communications server or host on a LAN, and may potentially gain access to wiring closets, routers, packet switching networks, etc. [2].


Active and Passive Attacks

•Active and Passive Attacks: Active Attacks: Attackers need to gain physical access control of a portion of the communications link and be able to insert and capture transmissions [2]

Passive Attacks: Attackers merely need to be able to observe transmissions.[2]


Link versus End-to-End Encryption

•Link and E2E Encryption:(1) Link encryption:

–A lot of encryption devices–High level of security–Decrypt each packet at every switch

(2) End-to-end encryption–The source encrypt and the receiver decrypts–Payload encrypted–Header in the clear

(3) High Security: Both link and

E2E encrypion are needed


Traffic Confidentiality

•Traffic Confidentiality:

Knoweldge about the length and number of messages between nodes may enable an Outsider to determine who is talking to whom [2].

Various types of information can be derived from a traffic analysis attack [2]:

-Identities of Sender, Receiver, and associated parties-How frequently Sender and Receiver are communicating-Message pattern, message length, or quantity of messages-Events that correlate with special conversations

Traffic patterns could also reveal elements of the Covert Channel being used between Sender and Receivers.


Link Encryption Approach

•Link Encryption Approach [2]:

Packet Headers are encrypted

Still possible for Outsiders to assess the amount of traffic entering and leaving each end system

When input plaintext is not present, random data are encrypted, making it possible for an attacker to distinguish true data flow from padding, and thereby deduce the amount of traffic.


End-to-End Encryption Approach

•End-to-End Encryption Approach [2]:

One technique is to pad out data units to a uniform length at either the transport of application level.

Additionally, null values can be inserted randomly into the stream.

These tactics are designed to deny an Outsider knowledge about the amount of data exchanged between users, and obsure underlying traffic patterns.


Key Distribution

• Key Distribution: For encryption to work over a network, the two parties (Sender and Receiver) must exchange and share the same keys, while protecting access to the keys from others [2].

A key could be selected by A and physically delivered to B.

A third party could select the key and physically deliver it to A and B.

If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key.

If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.


Automatic Key Distribution

•Auto Key Distribution [2]:(1) Host sends packet requesting connection.

(2) Front end buffers packet; asks KDC for sess key

(3) KDC distributes keys to both front-ends.

(4) Buffer packet transmitted.

(5) Terminology:

-FEP: Front-End Processor

-KDC: Key Distribution Center-Session Key: Data encrypted with a one-time sess key. At the conclusion of the sess, key is destroyed-Permanent key: Used between entities for the purpose of distributing sess keys


•[1] Pfleeger, Charles. Security In Computing, Prentice Hall, 1997. Chapter 4.

•[2] Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Chapter 4-5

Resources

IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.

Documents