1 / 41

OVERVIEW OF ENCRYPTION

OVERVIEW OF ENCRYPTION. AUTHOR DETAILS: CHANDRASEKHAR NAIDU MUTTINENI Mail: chandu.saraswathi@gmail.com Blog: https://techpresentations.wordpress.com / https ://hack8d.wordpress.com/. Agenda. Cryptology and its History Types of Ciphers What is Encryption and types of Encryption

lucas-langley
Download Presentation

OVERVIEW OF ENCRYPTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OVERVIEW OF ENCRYPTION AUTHOR DETAILS: CHANDRASEKHAR NAIDU MUTTINENI Mail: chandu.saraswathi@gmail.com Blog: https://techpresentations.wordpress.com/ https://hack8d.wordpress.com/

  2. Agenda • Cryptology and its History • Types of Ciphers • What is Encryption and types of Encryption • Types of Encryption Algorithms • Symmetric and Asymmetric Algorithms • Choosing Encryption algorithms • Complexity Comparison • Hashing explained • Key management • TLS Model • Advanced Encryption System (AES-256) explained • Queries

  3. Cryptology Cryptology Cryptography Cryptanalysis • Symbiotic relation between each disciplines • Each makes the other one better • Each tries to be ahead of the other every time • World war II is the best example. Winning side was more successful in breaking the codes than the losing side. • One cannot prove that an algorithm is secure. But they can prove it is not vulnerable to the known attacks • All algorithms are vulnerable to brute-force attack. If every possible key is tried, one of the keys has to work.

  4. History of Cryptography • Around 5000 years ago, Cryptography was widely used in diplomatic and Military circles • Messengers from kings court takes encrypted messages to other courts • Caeser cipher is a simple substitution cipher used to secure military communications • Thomas Jefferson invented a encryption system when he was serving US during 1790

  5. History of Cryptography (contd.) • Arthur Scherbius invented ‘Enigma’ machine and sold it to Germany. • Britishers cracked German Enigma machine resulting in significant advantages for the allies in World war II • British arguably invented first computer ‘Colossus’ to break the encryption that was used by Enigma machine.

  6. Ciphers • Cipher – Algorithm used to encrypt or decrypt information. • Substitution Cipher - Substitutes on letter to another - Ciphertext depends on the key - Also called as Caesar cipher - Vulnerable to frequency analysis

  7. Ciphers (contd.) • Polyalphabetic ciphers - Counters the early frequency analysis vulnerability - Still vulnerable to frequency analysis - Vigenere cipher is best example (‘BaiseVigenere is a French Cryptographer) - Lets see how it works

  8. Ciphers (contd.) • Transposition: Permutation. - No letters are replaced, they are just rearranged or permuted - If key is to reverse the letters “ATTACK AT DAWN” is transported as “NWADTAKCATTA”. - Rail Fence cipher is good example of Transposition ciphers - DES, 3DES still uses transposition as part of their algorithm

  9. Ciphers (Contd.) • Vernam Cipher - Applying XOR for the plain text with the random key - Most important in the history of Cryptography - RC4 uses OTP (One time pad) OTP (XOR)

  10. Encryption • Encryption is a process of disguising a message in a way as to hide its original contents • Decryption reverses the process • To maintain the confidentiality of the message being transmitted

  11. Encryption (Contd.) • Old encryption is based on the secrecy of the algorithm used • Modern encryption uses public domain algorithms. • Security of the information lies in the secrecy of the keys not on the algorithm • Encryption involves at all layers of OSI Network model. • Encryption is the key to setup VPN (Virtual Private Network)

  12. Cryptanalysis - Breaking of codes to obtain the meaning of encrypted data • Brute-Force attack: Trying every possible key for decryption. On average this succeeds about 50% of the way through the key space. • Linear and Differential Cryptanalysis • Ciphertext-only: Access to cipher texts of several plain texts encrypted using same key. • Known Plaintext: Access to plain text, Cipher text and algorithm. Ultimately uses brute-force attacks by assuming the key space. • Choosen Plaintext: Attacker can choose the plain text and observe the cipher text. • Side Channel Attacks – Attacks based on studying and measuring the actual implementation of the code. • Power Attacks – Watches power consumption by CPU or memory. Pipelining helps • Timing Attacks – Watches movement of data in and out of the CPU or memory

  13. Encryption Algorithms • A good encryption algorithm (Cipher) has the following features - Resist cryptographic attacks - Supports variable and long key lengths - Create an avalanche effects - Do not have import and export restrictions

  14. Encryption Algorithms (Contd.) • Two classes of algorithms based on the usage of keys - Symmetric encryption algorithms - Asymmetric encryption algorithms

  15. Symmetric Encryption Algorithms • Encryption and Decryption keys are same • Security rests in the secrecy of the key • Also called as the Secret-Key encryption algorithm • Typical key length ranges from 40 to 256 bits • DES – 56 bit keys • 3DES – 112 or 168 bit keys • AES – 128, 192 or 256 keys • IDEA – 128 bit keys • RC Series (RC2, RC4, RC5, RC6) – 128, 192 or 256 keys • Blowfish – 32 to 448 bit keys

  16. Symmetric Encryption Algorithms (Contd.) • Techniques: Block ciphers, Stream Ciphers, Message Authentication Codes (MACs) • Symmetric algorithms are quite fast in encryption. • Used for bulk data protection • On the other hand, Key management is a challenge.

  17. Symmetric Encryption Algorithms (Contd.) • Block ciphers - Converts fixed length block of plaintext into same length Cipher text - It refers to how much data can be encrypted at one time - Usually the block size is 128 bits. DES has a block size of 64 bits - Performs padding if data is less than one full block Ex: • DES/3DES (CBC or ECB modes) • AES • IDEA • Blowfish • RSA

  18. Symmetric Encryption Algorithms (Contd.) • Stream ciphers - Operates on smaller units of plain text. - Transformation depends on when they are encountered during encryption - Much faster in operation - No padding of bits Ex: • DES/3DES (OFB or CFB modes) • RC4 • SEAL (Software encryption algorithm)

  19. Asymmetric Encryption Algorithms • Also called as Public key algorithms • Key length ranges from 512 to 4096 bits. • Involves complex mathematical calculations to derive the key set • The decryption key cannot in any reasonable amount of time be calculated using the encryption key • Can be up to 1000 times slower than the symmetric algorithms • Used for Low volume cryptographic mechanisms such as digital signatures and key exchange • The key management is simpler compared to Symmetric algorithms • Rivest, Shamir and Adleman (RSA) algorithm • Diffe-Hellman (DH) Algorithm

  20. Choosing Encryption Algorithms • Algorithm is trusted by cryptographic community • It should adequately protects Brute-force attacks • Throughput and Latency • 3DES: Considered most trustworthy but not so efficient • AES: High throughput and Low latency environments. More efficient. • RSA and DH: Considered trustworthy Asymmetric algorithms

  21. Comparing complexity • In symmetric algorithms, each additional bit doubles the difficulty in finding the key • In asymmetric algorithms, each additional bit nominally increases the difficulty in finding the key • An 80-bit symmetric key is considered equal to 1024 asymmetric key RSA • An 128-bit symmetric key is considered equal to 3027 asymmetric key RSA

  22. Hashing • Method for Data Integrity assurance • Based on one way mathematical functions • Easy to compute but harder to reverse • Ex: Grinding coffee. Easy to grind but it is near to impossible to put all the tiny pieces to rebuild original beans • Digest or Fingerprint • Similar to CRC (Cyclic Redundancy Checksum)

  23. Key Management • Key Generation : Automated random number generators • Key Verification: Finding weak keys • Key Storage: Storing in memory • Key Exchange: Securely over an untrusted medium • Key Revocation and Destruction: Erasing after usage/ after a security breach • Key Space: Set of all possible key values. Key with n bits produces 2^n keys • Weak keys for DES: • Strength of protection depends on the Length of key. This needs to be selected wisely

  24. TLS/SSL explained • Provides secure communication over internet/intranet • Originally developed by Netscape • Universally accepted by the WWW community (e-mail to e-commerce) • TLS 1.0 still used even with the advent of TLS 3.0 • It uses variety of encryption algorithms: Symmetric, Asymmetric, Hashing • VPNs from contractor PC to company network

  25. Data Encryption Standard (DES) • Operates in Block/Stream mode and encrypts data in 64-bit blocks • DES key is always 56 bits long. The remaining 8 bits are used for parity

  26. ECB and CBC explained • ECB (Electronic Code Book) : Same plain text -> Same Cipher text • CBC (Cipher Block Chaining) : Same plain text -> Different Cipher text. • Here Plain text XOR’ed with previous cipher text before encryption. • First block is XOR’ed with a IV (Initialization Vector) • It still cannot help against sophisticated crypt analysis attack ECB Mode CBC Mode

  27. 3DES (Triple DES) • The technique of applying DES 3 times in a row to a plain text is called 3DES • It uses a method called 3DES – EDE (Encrypt – Decrypt – Encrypt) • Message is encrypted using first 56-bit key ‘k1’ then is decrypted using second 56-bit key ‘k2’ and then is encrypted using third 56-bit key ‘k3’ • Message is decrypted using third 56-bit key ‘k3’ then is encrypted using second 56-bit key ‘k2’ and then is decrypted using first 56-bit key ‘k1’ • Encrypting data three times using 56-bit keys is equals to encrypting with a 58-bit key. So we use 3DES-EDE here.

  28. Advanced Encryption Standard (AES) • AES is an encryption specification of NIST, US. • Uses Rijndael algorithm which has variable block length and key length. • Credits to Vincent Rijmen and Joan Daemen • Key length is much stronger than DES • More efficient algorithm • Suitable for high throughput and low latency environments • Stronger than 3DES in 192 or 256 bit key lengths • Relatively young algorithm • AES standard is a variant of Rijndael where the block size is restricted to 128 bits

  29. AES explained • AES has a fixed block size of 128 bits called a state Ex input string: “ABCDEFGHIJKLMNOP” A E I M 41 45 49 4D B F J N 42 46 4A 4E C G K O 43 47 4B 4F D H L P 44 48 4C 50 ASCII

  30. AES explained (Contd.) • AES key is either 128 bits, 192 bits or 256 bits 128 bits (4 words): 11223344556677889900AABBCCDDEEFF 11 22 33 44 55 66 77 88 99 00 AA BB CC DD EE FF

  31. AES explained (Contd.) • AddRoundKey : Addition is XOR Expanded Key w[0]  w[4] State After AddRoundKey XOR’ed

  32. AES explained (Contd.) • SubBytes is the SBOX for AES • This make AES a non-linear cryptographic system. • For every value of b there is a unique value for b’x • It is faster to use a substitution table (and easier). = + x is the inverse value of the byte b

  33. AES explained (Contd.) Rijndael’s SBOX:

  34. AES explained (Contd.) State State after SubBytes

  35. AES explained (Contd.) • ShiftRows Simple routine which performs a left shift rows 1, 2 and 3 by 1, 2 and 3 bytes respectively Before Shift Rows After Shift Rows

  36. AES explained (Contd.) MixColumns : = a’0 = 2a0 3a1 a2 a3 a’1 = a0 2a1 3a2 a3 a’2 = a0 a1 2a2 3a3 a’3 = 3a0 a1 a2 2a3 MixColumns: With ShiftRows, this provides Diffusion

  37. AES explained (Contd.) Encryption Examples:

  38. AES 256 CBC explained Decryption Encryption Cipher Text PlainText RoundKey AddRoundKey RoundKey* AddRoundKey 1st Round 1st Round SubBytes InvShiftRows Repeat Nr -1 Round Repeat Nr -1 Round ShiftRows InvSubBytes MixColumns AddRoundKey RoundKey* RoundKey AddRoundKey InvMixColumns SubBytes InvShiftRows Last Round Last Round ShiftRows InvSubBytes RoundKey RoundKey* AddRoundKey AddRoundKey Plain Text CipherText

  39. Hashing Message Digest 5 (MD5) with 128-bit digests Secure Hash Algorithm 1 (SHA-1) with 160-bit digests

  40. Hashing HMACs Keyed MD5, based on the MD5 hashing algorithm Keyed SHA-1, based on the SHA-1 hashing algorithm

  41. Thank You. For any queries, please find contact details below: • CHANDRASEKHAR NAIDU MUTTINENI • Mail: chandu.saraswathi@gmail.com • Blog: https://techpresentations.wordpress.com/ • https://hack8d.wordpress.com/

More Related