bishop chapter 11 an overview of cipher techniques in the context of networks 11 1 11 3 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3) PowerPoint Presentation
Download Presentation
Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3)

Loading in 2 Seconds...

play fullscreen
1 / 12

Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3) - PowerPoint PPT Presentation


  • 92 Views
  • Uploaded on

Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3). Topics. Problems with Design of Ciphers Stream and Block Ciphers A Brief Overview of Network Security  more in Chapter 26 Privacy-enhanced E-Mails (PEM) Advanced Topics: SSL, IPsec

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3)' - vicki


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
bishop chapter 11 an overview of cipher techniques in the context of networks 11 1 11 3

Bishop: Chapter 11An Overview ofCipher Techniques (in the context of networks) (11.1-11.3)

csci5233 Computer Security

topics
Topics
  • Problems with Design of Ciphers
  • Stream and Block Ciphers
  • A Brief Overview of Network Security

 more in Chapter 26

  • Privacy-enhanced E-Mails (PEM)
  • Advanced Topics: SSL, IPsec

 next course (Web Security)

csci5233 Computer Security

context related vulnerability
Context-related Vulnerability
  • Key point: How a crypto system is used will affect its strength.
  • Sample Problems
    • Pre-computing the possible messages

Assumption: The plaintext corresponding to intercepted ciphertext is drawn from a relatively small set of possible plaintexts.

The cryptanalyst can encipher the set of possible plaintexts and simply search that set for the intercepted ciphertext.

csci5233 Computer Security

context related vulnerability1
Context-related Vulnerability
  • Sample Problems (cont.)
    • Polluted Blocks

Parts of a ciphertext message may be deleted, replayed, or reordered.

Unless different parts are bound together, their order may be changed by the attacker, without being detected by the receiver.

      • Example: Reordered RSA data blocks

‘LIVE’ can be reordered to ‘EVIL’.

      • Source of problem: Each block is independently enciphered, so integrity of each part does not guarantee the integrity of the whole.
      • Solution? ‘binding’ of blocks + digital signature

csci5233 Computer Security

context related vulnerability2
Context-related Vulnerability
  • Sample Problems (cont.)
    • Statistical Regularities

Such regularities may exist when each part of the ciphertext was generated from independent part of the plaintext.

      • Example: DES in ECB mode
      • Solution?

csci5233 Computer Security

stream vs block ciphers
Stream vs Block Ciphers
  • Block ciphers: Plaintexts are encoded into ciphertexts block-by-block.
    • Each block is encrypted by the same key.
    • See definition 11-1.
    • Example: DES
  • Stream ciphers: The plaintext characters are encoded by the sender unit-by-unit, usually with different key for each unit.
    • Each letter may be encrypted by different key. (See definition 11-2)
      • Example: one-time pad, where a random, infinitely long key is used.
      • If the key stream repeats itself  periodic cipher
  • Questions: Is Vigenère cipher a block or stream cipher? How about RSA?

csci5233 Computer Security

stream ciphers
Stream Ciphers
  • Approaches in simulating a random, infinitely long key
    • Synchronous Stream Ciphers

Generates bits (of the key) from a source other than the message itself.

See definition 11-3: LFSR (n-stage linear feedback shift register)

Example on p.278

Definition 11-4: NLFSR (n-stage nonlinear feedback shift register)

Example on p.279

Purpose? To eliminate lineality

c.f., LFSR vs NLFSR: How the new bit is inserted into the register r.

csci5233 Computer Security

stream ciphers1
Stream Ciphers
  • Alternative approaches in eliminating linearity:
    • Output Feedback Mode (OFM)

The register, r, is never shifted. It is repeatedly enciphered.

    • Counter Method: a variant of OFM

csci5233 Computer Security

stream ciphers2
Stream Ciphers
  • Self-Synchronous Stream Ciphers

The key is obtained from the message itself.

Example: autokey cipher (p.280)

Problems? The selection of the key.

Statistical regularities in the plaintext show up in the key.

An alternative: Use the ciphertext as the key stream

Problems? Weak cipher, because plaintext can be deducted from the ciphertext

Another alternative: CFM (cipher feedback mode)

See Fig. 11-1, p.281

csci5233 Computer Security

block ciphers
Block Ciphers

A block of multiple bits are enciphered each time.

Faster than stream cipher (?).

Problem? Encipherment of the same plaintexts result in the same ciphertexts (because the same key is used for each block).

Solution: Cipher block chaining (CBC)

IV is needed for the first block encipherment

csci5233 Computer Security

block ciphers1
Block Ciphers
  • Multiple Encryption

e.g., c = Ek’ (Ek(m))

Suppose the length of k and k’ are both n.

[Merkle/Hellman, 1981] The effective strenghth of the above encryption is 2n+1, not 22n.

EDE

Triple encryption mode

csci5233 Computer Security

slide12
Next
  • A Brief Overview of Network Security
  • Privacy-enhanced E-Mails (PEM)

csci5233 Computer Security