Unit V network management and security

Chapter 2Symmetric Encryption and Message

Confidentiality

Overview

• Conventional Encryption Principles

• Conventional Encryption Algorithms

• Cipher Block Modes of Operation

• Location of Encryption Devices

• Key Distribution

Encryption

• The most important automated tool for network and communication security is encryption.

• The most common forms of encryption are: conventional or symmetric encryption and public-key or asymmetric encryption.

Conventional Encryption principles

• An encryption scheme has five ingredientso Plain texto Encryption algorithmso Public and private keyso Cipher texto Decryption algorithm

• Agents possess their private keys• Access other public keys from a central repository• Security depends on the secrecy of the key, not the secrecy of

the algorithm

Conventional Encryption

Algorithm Components• Plain Text- original data or input• Encryption Algorithm- performs substitutions or transformations on

the plaintext • Public and Private Keys- also input determines the

substitutions/transpositions• Cipher Text- scrambled message or output• Decryption Algorithm- encryption algorithm run backward, tking the

cipher text and producing the plain text.

Conventional Encryption Principles

Cryptography• Classified according to three independent dimensions:

o The type of operations used for transforming plaintext to cipher text

o The number of keys used symmetric (single key or secret- key or private-key) asymmetric (two-keys, or public-key encryption)

o The way in which the plaintext is processed

Cryptanalysis• Process of attempting to discover the plaintext or key• An encryption scheme is computationally secure if the ciphertext

meets one of these criteriao cost of breaking the cipher exceeds the value of the

informationo time requires to break the cipher exceeds the useful lifetime of

the information

Cryptanalysis• The process of attempting to discover the plaintext or key

Cryptanalysis• A brute force approach involves trying every possible key until the

translation is obtained.• Some new low cost chips have made this approach more

reasonable.• Greatest security problem is maintaining the security of the key.

Types of Attacks

Computationally Secure

An encryption scheme is said to be computationally secure if:• The cost of breaking the cipher exceeds the value of the

encrypted information or • The time required to break the cipher exceeds the useful

lifetime of the information.

Average time required for exhaustive key search

2.15 milliseconds232 = 4.3 x 10932

5.9 x 1030 years2168 = 3.7 x 1050168

5.4 x 1018 years2128 = 3.4 x 1038128

10 hours256 = 7.2 x 101656

Time required at 106 Decryption/µs

Number of Alternative Keys

Key Size (bits)

Classical ciphers

• Substitution- “units” of plain text are replaced with cipher text o Polyalphabetic substitution- different for each character

• Transposition- “unit” of plaintext are rearranged, usually in complex order

Feistel Cipher Structure

• Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973

• The realization of a Feistel Network depends on the choice of the following parameters and design features:

Feistel Cipher Structure• Block size: larger block sizes mean greater security

• Key Size: larger key size means greater security

• Number of rounds: multiple rounds offer increasing security

• Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis.

• Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern

Conventional Symmetric Encryption Algorithms

• Data Encryption Standard (DES)o The most widely used encryption schemeo The algorithm is reffered to the Data Encryption

Algorithm (DEA)o DES is a block ciphero The plaintext is processed in 64-bit blockso The key is 56-bits in lengtho No longer used for government transmissions

DES• Concerns about:

o The algorithm and the key length (56-bits)

Time to break a code (106 decryptions/µs)

Triple DEA

• Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)

C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K

• Effective key length of 168 bits

C = EK3[DK2[EK1[P]]]

Triple DEA

• Replacement for DES was neededo Theoretical attacks that can break ito Demonstrated exhaustive key search attacks

• Can use Triple DES – but slow, small block size• NIST issued a call for a new AES in 1997• 15 candidates accepted in Jun 1998 • 5 candidates were short-listed in Aug 1999 • Rijndael was selected as the AES in Oct 2000• Published as FIPS PUB 197 standard in Dec 2001

Advanced Encryption Standard

• Symmetric block cipher • 128-bit data, 128/192/256-bit keys • Stronger & faster than triple DES • Active life of 20-30 years (+ archival use) • Provide full specification & design details • Both C & Java implementations• NIST have released all submissions & unclassified analyses

AES Requirements

• Initial criteria:o Security – effort for practical cryptanalysiso Cost – in terms of computational efficiency (speed, memory)o Algorithm & implementation characteristics

flexibility, algorithm simplicity• Final criteria

o General securityo Ease of software & hardware implementationo Restricted-space environmentso Attacks on implementations

timing attack, power analysiso Flexibility (in en/decrypt, keying, other factors)

AES Evaluation Criteria

Overall AES Structure

• Data block of 4 columns of 4 bytes is “state”• Key is expanded to array of words• Has 9/11/13 rounds in which state undergoes:

o Substitute bytes (1 S-box used on every byte) o Shift rows (permute bytes between columns) o Mix columns (substitute using matrix multiplication of

columns) o Add round key (XOR state with key material)o View as alternating XOR key & scramble data bytes

• Initial XOR key material & incomplete last round• With fast XOR & table lookup implementation

The AES Cipher - Rijndael

• Designed by Rijmen-Daemen in Belgium • Block length: 128 bits • Key length: 128/192/256 bits• Number of Rounds: 10/12/14 rounds• An iterated cipher (rather than Feistel cipher)

o Processes data as block of 4 columns of 4 byteso Operates on entire data block in every round

• Designed to be:o Resistance against all known attackso Speed and code compactness on a wide range of platforms o Design simplicity

AES Parameters

AES Encryption & Decryption

AES Data Structures

AES Encryption Round

Substitute Bytes (SubBytes)

• Simple substitution on each byte of state independently• Use an S-box of 16x16 bytes containing a permutation of all

256 8-bit values• Each byte of state is replaced by a new byte indexed by row

(left 4-bits) & column (right 4-bits)o eg. byte {95} is replaced by {2A} in row 9 column 5

• S-box constructed using defined transformation of values in GF(28)

• Designed to be resistant to all known attacks

Substitute Bytes

S-Box

Inverse S-Box

Substitution of Bytes

Shift Rows

• A circular byte shift in eacho 1st row is unchangedo 2nd row does 1 byte circular shift to lefto 3rd row does 2 byte circular shift to lefto 4th row does 3 byte circular shift to left

• Decrypt inverts using shifts to right• Since state is processed by columns, this step permutes bytes

between the columns

Shift Rows

Shifting of rows

Mix Columns

• Each column is processed separately• Each byte is replaced by a value dependent on all 4 bytes in the

column

Mix Columns

• XOR state with 128-bits of the round key• Again processed by column (though effectively a series of byte

operations)• Inverse for decryption identical

o Since XOR own inverse, with reversed keys• Designed to be as simple as possible

o A form of Vernam cipher on expanded keyo Complexity of other stages ensures security

Add Round Key

Add Round Key

Stream Cipher Diagram

Stream Ciphers

Stream Ciphers

Location of Encryption Device

• Link encryption:o A lot of encryption deviceso High level of securityo Decrypt each packet at every switch

• End-to-end encryptiono The source encrypt and the receiver decryptso Payload encryptedo Header in the clear

• High Security: Both link and end-to-end encryption are needed

Key Distribution

• A key could be selected by A and physically delivered to B.• A third party could select the key and physically deliver it to A

and B.• If A and B have previously used a key, one party could transmit

the new key to the other, encrypted using the old key.• If A and B each have an encrypted connection to a third party

C, C could deliver a key on the encrypted links to A and B.

Key Distribution

• Session key:o Data encrypted with a one-time session key.At the

conclusion of the session the key is destroyed• Permanent key:

o Used between entities for the purpose of distributing session keys