1 / 26

Lecture IV : Secret Key Cryptography

Lecture IV : Secret Key Cryptography. Internet Security : Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 200 5. Outline. Basic Concepts Cyptanalytic Attacks Information-theoretic vs. Computational-difficult Cryptography Block vs. Stream Ciphers

metea
Download Presentation

Lecture IV : Secret Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture IV : Secret Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 2005 Internet Security - Secret Key Cryptography

  2. Internet Security - Secret Key Cryptography Outline • Basic Concepts • Cyptanalytic Attacks • Information-theoretic vs. Computational-difficult Cryptography • Block vs. Stream Ciphers • Symmetric Block Cipher – Principle • Generic Algorithm • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) • Symmetric Block Cipher – Operation Modes • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Output FeedBack (OFB) • Cipher FeedBack (CFB)

  3. Internet Security - Secret Key Cryptography Ciphertext Attack • Concept • Attempts to discover cipher key(s) or plaintext(s) from known ciphertext(s) • Most common cipher attacks • Definition Given ciphertext of N unknown plaintext under same unknown key ci = Ek (mi ), i = [ 1..N ] Discover or infer key k or some subset(s) of plaintext { mi } • Example • Mono-alphabetic Cipher : encipher English text by mapping the alphabets to a chosen permutation { a, b, c, … x, y, z }  { e, r, p, … h, g, m } • Relatively difficult to break based on exhaustive key search (26! – 1) • Easy to break based on letter frequencies of English alphabets

  4. Internet Security - Secret Key Cryptography Known Plaintext Attack • Concept Attempts to discover cipher key(s) or new plaintext(s) from known plaintext and ciphertext pairs • Definition Given N pairs of known plaintext and ciphertext under same unknown key ( mi , ci = Ek (mi ) ), i = [ 1..N ] Discover or infer key k or some new ciphertext-plaintext pair k or ( cN+1 ,mN+1 ) • Example • Key or plaintext discovery from special control messages • Mono-alphabetic Cipher : • Easy to break if known plaintext-ciphertext pairs contain all alphabets

  5. Internet Security - Secret Key Cryptography Chosen Plaintext Attacks • Concept Attempts to discover cipher key(s) or new plaintext(s) from knowing corresponding plaintexts of chosen ciphertexts • Definition Given ciphertext of N chosen plaintext under same unknown key ( mi (chosen), ci = Ek (mi ) ), i = [ 1..N ] Discover or infer key k or some new ciphertext-plaintext pair ( cN+1 ,mN+1 ) • Example • Mono-alphabetic Cipher : • Easy to break by having the corresponding ciphertext of plaintext abcd…xyz or any sub-string of 25 alphabets • Challenge-Response Attacks • SSL Million Message Attack

  6. Internet Security - Secret Key Cryptography Information Theoretic Cryptography • Basic Cryptography Tenet Proper application of cryptography should make it infeasiblefor cryptanalysis to infer plaintext and/or crypto-keys using ciphertext, known-plaintext or chosen-plaintext attacks • What does it mean by “infeasible” ? • What does it mean by “infer” ? • Information Theoretic Cryptography [Shannon 1949] • Infeasible means • Mathematically impossible (regardless of available resources) • Cryptanalyst does not have enough information to decipher • Infer means • Obtaining partial/probabilistic information about plaintext

  7. Internet Security - Secret Key Cryptography Partial Information and Perfect Secrecy • Gaining Partial / Probabilistic Information of Plaintext • Deducing a posteriori probability of certain plaintext from • a priori probabilityof plaintext and • information obtained from cryptanalysis attacks • Perfect Secrecy • Knowledge of ciphertext yields no partial information of corresponding plaintext (except possibly, length of text) • plaintext : a posterioriprobability = a prioriprobability Example Use of One-Time Pad : plaintext XOR perfectly random key string (equal length with text)

  8. Internet Security - Secret Key Cryptography f(x) x Computational-Difficult Cryptography • Foundation of Modern Cryptography • Infeasible means • Computationally infeasible with existing technology & available resources • Cryptanalyst does have enough information to decipher, but may not have time, machines or energy to crack the codes • Infer means • Obtaining partial/probabilistic information about plaintext • Computationally difficult cryptosystems are based upon One-Way Functions • One-Way Functions are functions that are easy to evaluate but hard to invert

  9. Internet Security - Secret Key Cryptography Outline • Basic Concepts • Cyptanalytic Attacks • Information-theoretic vs. Computational-complex Cryptography • Block vs. Stream Ciphers • Symmetric Block Cipher – Principle • Generic Algorithm • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) • Symmetric Block Cipher – Operation Modes • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Output FeedBack (OFB) • Cipher FeedBack (CFB)

  10. Internet Security - Secret Key Cryptography Generic Block Cipher : Principle • Confusion • Complicate relations between keys and ciphertext toprohibit cryptanalyst from gaining useful information of key from statistical analyses of ciphertext • Insufficient for total protection Due to plaintext redundancy and other characteristics Example: Mono-alphabetic Cipher • Diffusion • Dissipate plaintext redundancy and other characteristics by defusing/masking them within entire ciphertext • Techniques: • Transportation – re-ordering of plaintext fragments • Composition – merging dependency on plaintext fragments • Example: . . . < next slide >

  11. Internet Security - Secret Key Cryptography Confusion Diffusion Generic Block Cipher : Repetitive Round

  12. Internet Security - Secret Key Cryptography Data Encryption Standard (DES) • Published by NIST in 1977 for commercial and unclassified US Government applications • Designed by IBM based on Lucifer Cipher and NSA input • A Symmetric Block Cipher with • 64-bit (8-byte) input and output data blocks • 56-bit (7-byte?) symmetric key = 8  ( 7 key bits + 1 odd-parity bit ) = 64 internal key bits • Too Short ! Insecure !! • Efficient for hardware implementation (with export control) • Inefficient for software implementation • approx. 30KB/s for 500-MIP CPU

  13. Internet Security - Secret Key Cryptography Data Encryption Standard (DES) • Initial / Final Permutation • Shuffle input/output bits by table look-up • NO security effect • Round Key Generation • Produce 16 48-bit keys • Takes different subset of 56-bit master key • DES Internal Rounds • Perform confusion by mangling S-boxes • Perform diffusion by two-part shuffle and XOR

  14. Internet Security - Secret Key Cryptography Initial / Final Permutations • Output Permutation = ( Input Permutation ) -1 • Each permutation is an orderly Bryant-Tree permutation • NO improvement of security

  15. Internet Security - Secret Key Cryptography Generation of Round Keys • Initial Permutation of 56-bit Master Key • Production of 2  28-bit Seed Keys • Generation of 48-bit Round Keysby rotation and selection • Rounds 1, 2, 9, 16 use 1-bit left rotations • Other rounds use 2-bit left rotations

  16. Internet Security - Secret Key Cryptography DES Computation Round • Computation Round consists of • Division of 2  32-bit halves • Mangling of right half

  17. Internet Security - Secret Key Cryptography DES S-Box

  18. Internet Security - Secret Key Cryptography Advanced Encryption Standard – Rijndael • Block Size, Nb: (128), 160, 192, 224, 256 • Key Size, Nk:(128), 160, (192), 224, (256) • Round Number, Nr :Nr = 6 + max (Nb Nk )

  19. Internet Security - Secret Key Cryptography Rijndael : S-Box

  20. Internet Security - Secret Key Cryptography Rijndael : Mix Column C(x) = 03x3 + 01x2+ 01 x + 02

  21. Internet Security - Secret Key Cryptography Outline • Basic Concepts • Cyptanalytic Attacks • Information-theoretic vs. Computational-complex Cryptography • Block vs. Stream Ciphers • Symmetric Block Cipher – Principle • Generic Algorithm • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) • Symmetric Block Cipher – Operation Modes • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Output FeedBack (OFB) • Cipher FeedBack (CFB)

  22. Internet Security - Secret Key Cryptography Electronic Code Book (ECB) Mode • Operation • Break plaintext into blocks • Pad last non-integral block • Encrypt each block separately using Block Cipher • Concatenate ciphered blocks into ciphertext • Decryption is exact inverse of Encryption • Possible Use • Rarely • Possibly applied only to random un-correlated data

  23. Internet Security - Secret Key Cryptography Electronic Code Book (ECB) Mode Example : Salary Database • Pitfalls • Passive : Partial Information Leaking • Ciphertext Only Attackers can guess employee salary ranges • Known / Chosen Plaintext Attackers can infer employee salary • Active : Information Replacement • Active Attackers can replace ciphertext blocks and thus corresponding plaintext blocks

  24. Internet Security - Secret Key Cryptography Cipher Block Chaining (CBC) Mode • Operation • Break plaintext into blocks • Pad last non-integral block • XOR each plaintext block with ciphertext block from last encryption operation • Supply Initial Vector (IV) as input ciphertext block for first encryption operation • Decryption is Encryption inverse – with XOR performed AFTER block decryption

  25. Internet Security - Secret Key Cryptography Output Feedback (OFB) Mode • Operation • Stream Cipher! • Generate “one-time pad” segments using pseudo-random number generator with IV & Key • Combine plaintext & one-time pad using XOR • Advantage • Pre-computation of one-time pad • No synchronization Problem • Disadvantage • Easy to break!

  26. Internet Security - Secret Key Cryptography Cipher Feedback (CFB) Mode • Operation • Revision of OFB • Generate a “one-time pad” segment using previous ciphertext segment • Advantage/ Disadvantage • Eliminate weakness of XOR • Comprimise between OFB and CBC

More Related