cs 285 network security block cipher modes of operation
Download
Skip this Video
Download Presentation
CS 285 Network Security Block Cipher Modes of Operation

Loading in 2 Seconds...

play fullscreen
1 / 24

CS 285 Network Security Block Cipher Modes of Operation - PowerPoint PPT Presentation


  • 124 Views
  • Uploaded on

CS 285 Network Security Block Cipher Modes of Operation. Fall 2008. Introduction. How to encrypt a message with variable lengths Decompose the message into blocks, padding if necessary. How should the encryption/decryption process of each individual block interact with each other?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' CS 285 Network Security Block Cipher Modes of Operation' - adele-madden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction
Introduction
  • How to encrypt a message with variable lengths
    • Decompose the message into blocks, padding if necessary.
    • How should the encryption/decryption process of each individual block interact with each other?
      • Modes of operation
confidentiality and integrity protection
Confidentiality and Integrity Protection
  • ECB
    • Same plaintext blocks produce same ciphertext blocks. This means that the data pattern is revealed. For example, ECB mode will reveal the image pattern if used to encrypt image files.
    • Rearranging the blocks is undetectable.
  • CBC
    • Random IV gurantees that even if the same message is repeated, the ciphertext is different.
    • Modifying ciphertext blocks and rearranging ciphertext blocks undetected are still possible.
  • CFB
    • No integrity protection; Better in detecting alterations than OFB
  • OFB
    • Able to make controlled changes to recovered plaintext. No integrity protection; not as good as CFB
  • CTR
    • Same as OFB
application
ECB

Block oriented transmission

Not suitable for long messages or highly structured messages. Good for single values (e.g. keys)

CBC

Block-oriented transmission

General-purpose encryption

message authentication code design

CTR

Block-oriented transmission

Able to preprocess to generate one-time pad; Random access; High performance requirement; IPsec

CFB

Stream-oriented transmission,

no need for padding;

ciphertext has the same length of message;

pipeline is possible for encryption, thus good for low-latency real-time transmission encryption.

OFB

Stream-oriented transmission

transmission over noisy channel

Able to preprocess to generate one-time pad

Application
review of symmetric cryptography
Review of Symmetric Cryptography
  • How it works
    • Block cipher
      • Building blocks, design principle
  • How it could be used?
    • Encrypt a message to achieve confidentiality
    • Block cipher + mode of operation
  • Its strength
    • Key size, block size
  • Open issues
    • How to get the keys?
motivation
Motivation
  • Two difficult problem associated with the secret-key crytosystem
    • Key distribution
    • Non-repudiation
public key cryptography
Public-Key Cryptography
  • Diffie and Hellman achieved an important breakthrough in 1976.
  • The proposed scheme was radically different from all previous approaches to cryptography
    • It uses a pair of different keys in contrast to one shared key in symmetric encryption.
    • It is based on mathematical functions instead of substitution and permutation.
  • The proposed scheme is called

pubic-key (asymmetric) cryptography

history
History
  • The scheme proposed by Diffie and Hellman is not a general-purpose encryption algorithm.
    • It can only provide secure secret key exchange.
  • Thus it presents a challenge for the cryptologists to design a general-purpose encryption algorithm that satisfies the public-key encryption requirements.
  • One of the first responses to the challenge was developed in 1977 by Rivest, Shamir, Adleman at MIT, so called RSA.
public key cryptosystem model
Public-Key Cryptosystem Model
  • Public-key cryptosystem uses a pair of different but related keys
    • one for encryption + the other for decryption
    • one is placed in a pubic register (public key) + the other is kept secret (private key).
  • It is required that given only knowledge of the cryptographic algorithm and the public key, it is computationally infeasible to determine the private key.
essential steps
Essential Steps
  • Generate a pair of keys
    • A generates the public key KUA, and the private key KRA.
  • Publish the public key, while keeping the private key secret.
    • Users have the access to a collection of public keys from their communication parties.
  • Use one of the above models to encrypt the message to achieve different security goals and deliver the message.
requirement i
Requirement (I)
  • It is computationally infeasible for an opponent, knowing the public key KU, and the encryption and decryption algorithms E, D, to determine the companion private key KR.
  • It is computationally infeasible for an opponent, knowing the public key KU and the ciphertext C which is encrypted via this key C = E(KU, P), to determine the plaintext P.
  • For practical use, the following features are also preferred in a public-key encryption algorithm.
  • 1) It is computationally easy to generate a pair of keys (public key and private key).
  • 2) It is computationally easy to encrypt a message using either public or private key, and decrypt it
  • via the companion key.
requirement ii
Requirement (II)
  • For practical use, the following features are also preferred in a public-key encryption algorithm.
  • It is computationally easy to generate a pair of keys (public key and private key).
  • It is computationally easy to encrypt a message using either public or private key, and decrypt it via the companion key.
slide24
Next…
  • Design of RSA
  • Design of Diffie-Hellman
  • Distribution of secret keys
  • Distribution of public keys
ad