1 / 34

Applied Cryptography (Symmetric)

Applied Cryptography (Symmetric). Part I. Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names , lest these should give to evil-disposed persons a handle by which to injure their owners.

Download Presentation

Applied Cryptography (Symmetric)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Applied Cryptography(Symmetric) Part I

  2. Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer

  3. Symmetric Encryption • or conventional / private-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key • was the only type prior to the invention of public-key in 1970’s • and by far most widely used

  4. Some Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis

  5. Symmetric Cipher Model

  6. Requirements • two requirements for secure use of symmetric encryption: • a strong encryption algorithm • a secret key known only to sender / receiver • mathematically have: Y = EK(X) X = DK(Y) • assume encryption algorithm is known • implies a secure channel to distribute key

  7. Cryptography • Classify cryptographic system by: • type of encryption operations used • substitution / transposition / product • number of keys used • single-key or private / two-key or public • way in which plaintext is processed • block / stream

  8. Cryptanalysis • objective to recover key not just message • general approaches: • cryptanalytic attack • brute-force attack

  9. More Definitions • unconditional security • no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security • given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

  10. Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext

  11. Modern Block Ciphers • now look at modern block ciphers • one of the most widely used types of cryptographic algorithms • provide secrecy /authentication services • focus on DES (Data Encryption Standard) • to illustrate block cipher design principles

  12. Block vs Stream Ciphers • block ciphers process messages in blocks, each of which is then en/decrypted • like a substitution on very big characters • 64-bits or more • stream ciphers process messages a bit or byte at a time when en/decrypting • many current ciphers are block ciphers • broader range of applications

  13. Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • block ciphers look like an extremely large substitution • would need table of 264 entries for a 64-bit block • Instead, create from smaller building blocks • using idea of a product cipher

  14. Ideal Block Cipher

  15. Claude Shannon and Substitution-Permutation Ciphers • Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paper • form basis of modern block ciphers • S-P nets are based on the two primitive cryptographic operations seen before: • substitution (S-box) • permutation (P-box) • provide confusion & diffusion of message & key

  16. Confusion and Diffusion • cipher needs to completely obscure statistical properties of original message • a one-time pad does this • more practically Shannon suggested combining S & P elements to obtain: • diffusion– dissipates statistical structure of plaintext over bulk of ciphertext • confusion – makes relationship between ciphertext and key as complex as possible

  17. Feistel Cipher Structure • Horst Feistel devised the feistel cipher • based on concept of invertible product cipher • partitions input block into two halves • process through multiple rounds which • perform a substitution on left data half • based on round function of right half & subkey • then have permutation swapping halves • implements Shannon’s S-P net concept

  18. Feistel Cipher Structure

  19. Feistel Cipher Design Elements • block size • key size • number of rounds • subkey generation algorithm • round function • fast software en/decryption • ease of analysis

  20. Feistel Cipher Decryption

  21. Data Encryption Standard (DES) • most widely used block cipher in world • adopted in 1977 by NIST • as FIPS PUB 46 • encrypts 64-bit data using 56-bit key • has widespread use • has been considerable controversy over its security

  22. DES Encryption Overview

  23. DES Round Structure • uses two 32-bit L & R halves • as for any Feistel cipher can describe as: Li= Ri–1 Ri= Li–1F(Ri–1, Ki) • Function Ftakes 32-bit R half and 48-bit subkey: • expands R to 48-bits using permutation E • adds to subkey using XOR • passes through 8 S-boxes to get 32-bit result • finally permutes using 32-bit perm P

  24. DES Round Structure

  25. Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes • outer bits 1 & 6 (row bits) select one row of 4 • inner bits 2-5 (colbits) are substituted • result is 8 groups of 4 bits, or 32 bits • row selection depends on both data & key • feature known as autoclaving (autokeying) • example: • S(18 09 12 3d 11 17 38 39) = 5fd25e03 s1

  26. DES Key Schedule • forms subkeys used in each round • initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves • 16 stages consisting of: • rotating each half separately either 1 or 2 places depending on the key rotation schedule K • selecting 24-bits from each half & permuting them by PC2 for use in round function F • note practical use issues in h/w vs s/w

  27. Avalanche Effect • key desirable property of encryption algorithms • where a change of one input or key bit results in changing approx half output bits • making attempts to “home-in” by guessing keys impossible • DES exhibits strong avalanche

  28. Stream Ciphers • process message bit by bit (as a stream) • have a pseudo random keystream • combined (XOR) with plaintext bit by bit • randomness of stream key completely destroys statistically properties in message • Ci = Mi XOR StreamKeyi • but must never reuse stream key • otherwise can recover messages (cf book cipher)

  29. Stream Cipher Structure

  30. Stream Cipher Properties • some design considerations are: • long period with no repetitions • statistically random • depends on large enough key • large linear complexity • properly designed, can be as secure as a block cipher with same size key • but usually simpler & faster

  31. RC4 • a proprietary cipher owned by RSA DSI • another Ron Rivest design, simple but effective • variable key size, byte-orientedstream cipher • widely used (web SSL/TLS, wireless WEP) • key forms random permutation of all 8-bit values • uses that permutation to scramble input info processed a byte at a time

  32. RC4 Encryption • encryption continues shuffling array values • sum of shuffled pair selects "stream key" value from permutation • XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte Mi i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Ci = Mi XOR S[t]

  33. RC4 Overview

  34. RC4 Security • claimed secure against known attacks • have some analyses, none practical • result is very non-linear • since RC4 is a stream cipher, must never reuse a key • have a concern with WEP, but due to key handling rather than RC4 itself

More Related