Network Security & Cryptography Lecture 9

7/29/2019 Network Security & Cryptography Lecture 9

1/38

Network Security

andCryptographyLecture 9

IDEA, RC5,RC2, Encryption key placement

Uday Prakash Pethakamsetty

[email protected]


2/38

International Data Encryption Algorithm (IDEA)

Developed by James Massey & Xuejia Lai atETH originally in Zurich in 1990, then calledIPES. X Lai, J L Massey, A Proposal for a New Block

Encryption Standard In Advances in cryptology- Eurocrypt 90, Lecture Notes in

computer Science, vol 473, pp 389-404.

X Lai, J L Massey, S Murphy, Markov Ciphers andDifferential Cryptanalysis. In Advances in cryptologyEurocrypt 91, Lecture Notes in

Computer Science, vol 547, pp 17-38.

Name changed to IDEA in 1992.

3/18/2013 2Department of ECE JNTUH


3/38

IDEA

IDEA is patented in Europe & US, however non-commercial use is freely permitted Used in the public domain PGP (with agreement)

Currently no attack against IDEA is known Seem secure against differential cryptanalysis, brute force.

The name IDEA is also a trademark. Thepatents expired in 2010-2011. Today, IDEA islicensed in all the countries where it is patented

by MediaCrypt. IDEA was used in Pretty Good Privacy (PGP)

v2.0.



4/38

IDEA...

Encrypts 64-bit blocks using a 128-bit key

PRINCIPLE: Based on mixing operations fromdifferent (incompatible) algebraic groups

XOR, +mod 216 , *mod 216 + 1 On 16-bit sub-blocks, with no permutations used.

The non-linearity deserved is obtained by threemodulo operations (XOR, addition modulo 216 ,

Multiplication modulo 210 +1); instead of using S-boxes.

Easily implemented both in hardware and software.



5/38

IDEA

Initially, the 64 bit data is divided into 4 sub

blocks (x1,x2,x3,x4) of 16 bit each.

These sub-blocks together undergo 8 rounds

(R1,R2,R3,R4,R5,R6,R7,R8)of transformation

operation, with the sub-keys.

The 128 bit key is divided into 8 sub-keys

(K1,K2,K3,K4,K5,K6,K7,K8) of 16 bits each.


6/38

IDEA



7/38

IDEA(overview)



8/38

IDEA (Middle and Last Rounds)



9/38

IDEA

Round Transformation of each round:

1) Multiply x1 and the first sub-keyx1*k1

2) Add x2 and second sub-key x2+k2

3) Add x3 and third sub-key x3+k3

4) Multiply x4 and fourth sub-key x4*k4

5) XOR the results of step1 and 3

6) XOR the results of step2 and 47) Multiply results of steps 5 with fifth sub-key

8) Add results of steps 6 and 7

9) Multiply the results of steps 8 with the sixth sub-key.

10) Add the results of step 7 and 9

11) XOR the results of steps 1 and 9y1

12) XOR the results of steps 3 and 9 y2

13) XOR the results of steps 2 and 10 y314) XOR the results of steps 4 and 10 y4

15) Y2 and Y3 sub-blocks are swapped.

Y1 ,Y2,Y3,Y4------ end result of each round


10/38

IDEA

Last ROUND doesnt have swap step.

Additionally, it has following transformations:

Multiply Y1 and the 1st subkey

Add Y2 and the second subkey

Add Y3 and the 3rd Sub-key

Multiply Y4 and the 4th sub-key

Finally, the cipher text is the concatenation of

the blocks:::::::Y1,Y2,Y3,Y4


11/38

IDEA

Sub-key Generation

Total needed 52=6 8+4 sub-keys First are directly from the key in order

Left shift of 25 bits, and then next 8 sub-

keys Each sub-key is a sub-block of the

original key.

Decryption

Much more complicated

It needs the inverse of the encryptionkey

For addition, multiplication respectively.


12/38

IDEA

Key Scheduling 128 bit key=8 16 bit sub-keys

First 6 sub-keys are used for 1st round.

Remaining 2 sub-keys for 2nd round

Entire 128 bit key is given a rotation for 25 steps to left and again divided

into 8 blocks (of 16 bit each). First 4 sub-keys are used for the remaining in 2nd round.

Remaining $ sub-keys re used for 3rd round

Entire 128 bit key is left shifted 25 bits and divided into 8 blocks

This process iterates for all the rounds till the end. For Decryption, the sub-keys are reversed and are either the

multiplicative or additive inverse of the corresponding encryption sub-keys.


13/38

IDEA

Decryption Same code can perform either encryption or

decryption given different expanded keys.

The inverses of the encryption keys and use themin the opposite order (use the inverse of the last-used encryption key as the first used when doingencryption).

Since the last encryption round (an odd-round)

used keys K49,K50,K51,K52, The first decryption round uses the inverses of the

keys K49-K52.


14/38

IDEA- Important Feature

The size of the sub-block

Need 216 +1 be prime number

To compute the inverse for each possible subkey

So sub-block size 8 is also possible

28+1=257 is prime number



15/38

IDEA

Cryptanalysis:

Only 4 rounds of cipher makes it immune to

differential cryptanalysis.

Joan Daeman, Rene Govaerts & Joos Vandewalle

showed that the cipher had certain keys which can

be easily discovered in a chosen plaintext attack.


16/38

RC 5

Developed by R. Rivest Suitable for hardware or software Fast, simple Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations (circular bit shifts)

Fast, simple, low memory, data-dependent rotations

Adaptable to processors of different word length A family of algorithms determined by word length, number of rounds, size of

secret key

Decryption and encryption are not the same With little variations

Primitive operations Addition, XOR, left circular rotation

3/18/2013 Department of ECE JNTUH 16


17/38

Stream Ciphers

Decryption requires use of same pseudo

random sequence:

Ex: Cipher text : 10100000

key stream : 01101100 XOR operation

Plain Text : 11001100

One Time Pad uses genuine random numbergenerator , whereas stream cipher uses a

pseudorandom number stream.


18/38

Properties of Stream Cipher

1) Encryption sequence should have a large period, i.e., repetition

period of pseudo-random sequence must be large.

2) Key stream should approximate the properties of a true random

number stream. i.e., probability of occurrence of 1s and 0s must

be equal.

3) Pseudo-random stream is conditional on value of input key. To

prevent brute-force attacks, the key needs to be longer. With

current technology, a key length of at-least 128 bits is desirable.


19/38

Stream Cipher vs. Block Cipher

Stream ciphers are faster than block ciphers

Block ciphers can reuse the keys.

But, if two plaintexts are encrypted with thesame key using a stream cipher, then

cryptanalysis becomes simple.

If two cipher text streams are XORed together,the result is the XOR of the original plaintexts.


20/38

Stream Ciphers

Encrypts plaintext one byte at a time.

Can even operate on one bit at a time, or on unitslarger than 1 byte.

Pseudorandom number stream should beunpredictable without the knowledge of the inputkey.

PR generator output is called key stream.

Ex: plain text : 11001100 key stream : 01101100 XOR operation

Cipher text: 10100000


21/38

RC4

Ron Rivest (of the famous RCA) is the inventor

A long random string is called a one-time pad.

A stream cipher generates a one-time pad and

applies it to a stream of plain text with .

RC4 is a stream cipher designed by Ron Rivest.



22/38

RC 4


23/38

C code for

RC4 one-time pad generator



24/38

Key features ofadvanced symmetric block ciphers



25/38

Dept. of ECE Network Security & Cryptography25

Confidentialityusing Symmetric Encryption

Have two major placement alternatives

Link encryption encryption occurs independently on every link

implies must decrypt traffic between links

requires many devices, but paired keys

End-to-end encryption encryption occurs between original source and final

destination

need devices at each end with shared keys

3/18/2013


26/38


Placement of Encryption

Can place encryption function at various layers

in OSI Reference Model

link encryption occurs at layers 1 or 2

end-to-end can occur at layers 3, 4, 6, 7

as move higher less information is encrypted but it

is more secure though more complex with more

entities and keys

3/18/2013


27/38

27

Location of Encryption Device

Link encryption:

A lot of encryption devices

High level of security

Decrypt each packet at every switch

End-to-end encryption

The source encrypt and the receiver decrypts

Payload encrypted

Header in the clear High Security: Both link and end-to-end encryption

are needed

3/18/2013 Department of ECE JNTUH


28/38



29/38

29

Key Distribution

1. A key could be selected by A and physicallydelivered to B.

2. A third party could select the key and physicallydeliver it to A and B.

3. If A and B have previously used a key, one partycould transmit the new key to the other, encryptedusing the old key.

4. If A and B each have an encrypted connection to athird party C, C could deliver a key on theencrypted links to A and B.



30/38

30

Key Distribution

Session key:

Data encrypted with a one-time session key. At the

conclusion of the session the key is destroyed

Permanent key:

Used between entities for the purpose of

distributing session keys



31/38


Key Distribution

Symmetric schemes require both parties to

share a common secret key

Issue is how to securely distribute this key

Often secure system failure due to a break inthe key distribution scheme

3/18/2013


32/38



33/38

Dept. of ECE Network Security & Cryptography 33

Key Distribution

Given parties A and B have various keydistribution alternatives:1.A can select key and physically deliver to B

2.third party can select & deliver key to A & B

3. if A & B have communicated previously can useprevious key to encrypt a new key

4.if A & B have secure communications with a thirdparty C, C can relay key between A & B

3/18/2013


34/38


Key Distribution Scenario

3/18/2013


35/38


Key Distribution Issues

hierarchies of KDCs required for large networks, butmust trust each other

session key lifetimes should be limited for greatersecurity

use of automatic key distribution on behalf of users, butmust trust system

use of decentralized key distribution

controlling purposes keys are used for

3/18/2013


36/38


Random Numbers

many uses ofrandom numbers in cryptography nonces in authentication protocols to prevent replay

session keys

public key generation

keystream for a one-time pad

in all cases its critical that these values be statistically random with uniform distribution, independent

unpredictable cannot infer future sequence on previous values

3/18/2013


37/38


Private-Key Cryptography

traditional private/secret/single key cryptographyuses one key

shared by both sender and receiver

if this key is disclosed communications are

compromised also is symmetric, parties are equal

hence does not protect sender from receiver forging amessage & claiming is sent by sender

3/18/2013


38/38

References

Behrouz A. Forouzan, Debdeep Mukhopadhyay,Cryptography and Network Security 2e, McGraw HillPublications, ISBN 978-0-07-070208-0.

William Stallings, Cryptography and Network Security-

Principles and Practices, 4e, Pearson-Printice Hallpublications, ISBN 81-7758-774-9.

Stallings, W. Cryptography and Network Security: Principlesand Practice, 2nd edition. Prentice Hall, 1999

Scneier, B. Applied Cryptography, New York: Wiley, 1996

Mel, H.X. Baker, D. Cryptography Decrypted. AddisonWesley, 2001.

Cyberspace.org


Network Security & Cryptography Lecture 9

Documents