Applied Cryptography (Symmetric) - PowerPoint PPT Presentation

About This Presentation
Title:

Applied Cryptography (Symmetric)

Description:

Applied Cryptography (Symmetric) Part I – PowerPoint PPT presentation

Number of Views:213
Avg rating:3.0/5.0
Slides: 35
Provided by: uae89
Learn more at: http://feihu.eng.ua.edu
Category:

less

Transcript and Presenter's Notes

Title: Applied Cryptography (Symmetric)


1
Applied Cryptography(Symmetric)
  • Part I

2
  • Many savages at the present day regard their
    names as vital parts of themselves, and therefore
    take great pains to conceal their real names,
    lest these should give to evil-disposed persons a
    handle by which to injure their owners.
  • The Golden Bough, Sir James George Frazer

3
Symmetric Encryption
  • or conventional / private-key / single-key
  • sender and recipient share a common key
  • all classical encryption algorithms are
    private-key
  • was only type prior to invention of public-key in
    1970s
  • and by far most widely used

4
Some Basic Terminology
  • plaintext - original message
  • ciphertext - coded message
  • cipher - algorithm for transforming plaintext to
    ciphertext
  • key - info used in cipher known only to
    sender/receiver
  • encipher (encrypt) - converting plaintext to
    ciphertext
  • decipher (decrypt) - recovering ciphertext from
    plaintext
  • cryptography - study of encryption
    principles/methods
  • cryptanalysis (codebreaking) - study of
    principles/ methods of deciphering ciphertext
    without knowing key
  • cryptology - field of both cryptography and
    cryptanalysis

5
Symmetric Cipher Model
6
Requirements
  • two requirements for secure use of symmetric
    encryption
  • a strong encryption algorithm
  • a secret key known only to sender / receiver
  • mathematically have
  • Y EK(X)
  • X DK(Y)
  • assume encryption algorithm is known
  • implies a secure channel to distribute key

7
Cryptography
  • Classify cryptographic system by
  • type of encryption operations used
  • substitution / transposition / product
  • number of keys used
  • single-key or private / two-key or public
  • way in which plaintext is processed
  • block / stream

8
Cryptanalysis
  • objective to recover key not just message
  • general approaches
  • cryptanalytic attack
  • brute-force attack

9
More Definitions
  • unconditional security
  • no matter how much computer power or time is
    available, the cipher cannot be broken since the
    ciphertext provides insufficient information to
    uniquely determine the corresponding plaintext
  • computational security
  • given limited computing resources (eg time needed
    for calculations is greater than age of
    universe), the cipher cannot be broken

10
Brute Force Search
  • always possible to simply try every key
  • most basic attack, proportional to key size
  • assume either know / recognise plaintext

Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs
32 232 4.3 ? 109 231 µs 35.8 minutes 2.15 milliseconds
56 256 7.2 ? 1016 255 µs 1142 years 10.01 hours
128 2128 3.4 ? 1038 2127 µs 5.4 ? 1024 years 5.4 ? 1018 years
168 2168 3.7 ? 1050 2167 µs 5.9 ? 1036 years 5.9 ? 1030 years
26 characters (permutation) 26! 4 ? 1026 2 ? 1026 µs 6.4 ? 1012 years 6.4 ? 106 years
11
Modern Block Ciphers
  • now look at modern block ciphers
  • one of the most widely used types of
    cryptographic algorithms
  • provide secrecy /authentication services
  • focus on DES (Data Encryption Standard)
  • to illustrate block cipher design principles

12
Block vs Stream Ciphers
  • block ciphers process messages in blocks, each of
    which is then en/decrypted
  • like a substitution on very big characters
  • 64-bits or more
  • stream ciphers process messages a bit or byte at
    a time when en/decrypting
  • many current ciphers are block ciphers
  • broader range of applications

13
Block Cipher Principles
  • most symmetric block ciphers are based on a
    Feistel Cipher Structure
  • block ciphers look like an extremely large
    substitution
  • would need table of 264 entries for a 64-bit
    block
  • instead create from smaller building blocks
  • using idea of a product cipher

14
Ideal Block Cipher
15
Claude Shannon and Substitution-Permutation
Ciphers
  • Claude Shannon introduced idea of
    substitution-permutation (S-P) networks in 1949
    paper
  • form basis of modern block ciphers
  • S-P nets are based on the two primitive
    cryptographic operations seen before
  • substitution (S-box)
  • permutation (P-box)
  • provide confusion diffusion of message key

16
Confusion and Diffusion
  • cipher needs to completely obscure statistical
    properties of original message
  • a one-time pad does this
  • more practically Shannon suggested combining S
    P elements to obtain
  • diffusion dissipates statistical structure of
    plaintext over bulk of ciphertext
  • confusion makes relationship between ciphertext
    and key as complex as possible

17
Feistel Cipher Structure
  • Horst Feistel devised the feistel cipher
  • based on concept of invertible product cipher
  • partitions input block into two halves
  • process through multiple rounds which
  • perform a substitution on left data half
  • based on round function of right half subkey
  • then have permutation swapping halves
  • implements Shannons S-P net concept

18
Feistel Cipher Structure
19
Feistel Cipher Design Elements
  • block size
  • key size
  • number of rounds
  • subkey generation algorithm
  • round function
  • fast software en/decryption
  • ease of analysis

20
Feistel Cipher Decryption
21
Data Encryption Standard (DES)
  • most widely used block cipher in world
  • adopted in 1977 by NIST
  • as FIPS PUB 46
  • encrypts 64-bit data using 56-bit key
  • has widespread use
  • has been considerable controversy over its
    security

22
DES Encryption Overview
23
DES Round Structure
  • uses two 32-bit L R halves
  • as for any Feistel cipher can describe as
  • Li Ri1
  • Ri Li1 ? F(Ri1, Ki)
  • Function F takes 32-bit R half and 48-bit subkey
  • expands R to 48-bits using permutation E
  • adds to subkey using XOR
  • passes through 8 S-boxes to get 32-bit result
  • finally permutes using 32-bit perm P

24
DES Round Structure
25
Substitution Boxes S
  • have eight S-boxes which map 6 to 4 bits
  • each S-box is actually 4 little 4 bit boxes
  • outer bits 1 6 (row bits) select one row of 4
  • inner bits 2-5 (col bits) are substituted
  • result is 8 groups of 4 bits, or 32 bits
  • row selection depends on both data key
  • feature known as autoclaving (autokeying)
  • example
  • S(18 09 12 3d 11 17 38 39) 5fd25e03

s1
26
DES Key Schedule
  • forms subkeys used in each round
  • initial permutation of the key (PC1) which
    selects 56-bits in two 28-bit halves
  • 16 stages consisting of
  • rotating each half separately either 1 or 2
    places depending on the key rotation schedule K
  • selecting 24-bits from each half permuting them
    by PC2 for use in round function F
  • note practical use issues in h/w vs s/w

27
Avalanche Effect
  • key desirable property of encryption algorithms
  • where a change of one input or key bit results in
    changing approx half output bits
  • making attempts to home-in by guessing keys
    impossible
  • DES exhibits strong avalanche

28
Stream Ciphers
  • process message bit by bit (as a stream)
  • have a pseudo random keystream
  • combined (XOR) with plaintext bit by bit
  • randomness of stream key completely destroys
    statistically properties in message
  • Ci Mi XOR StreamKeyi
  • but must never reuse stream key
  • otherwise can recover messages (cf book cipher)

29
Stream Cipher Structure
30
Stream Cipher Properties
  • some design considerations are
  • long period with no repetitions
  • statistically random
  • depends on large enough key
  • large linear complexity
  • properly designed, can be as secure as a block
    cipher with same size key
  • but usually simpler faster

31
RC4
  • a proprietary cipher owned by RSA DSI
  • another Ron Rivest design, simple but effective
  • variable key size, byte-oriented stream cipher
  • widely used (web SSL/TLS, wireless WEP)
  • key forms random permutation of all 8-bit values
  • uses that permutation to scramble input info
    processed a byte at a time

32
RC4 Encryption
  • encryption continues shuffling array values
  • sum of shuffled pair selects "stream key" value
    from permutation
  • XOR St with next byte of message to en/decrypt
  • i j 0
  • for each message byte Mi
  • i (i 1) (mod 256)
  • j (j Si) (mod 256)
  • swap(Si, Sj)
  • t (Si Sj) (mod 256)
  • Ci Mi XOR St

33
RC4 Overview
34
RC4 Security
  • claimed secure against known attacks
  • have some analyses, none practical
  • result is very non-linear
  • since RC4 is a stream cipher, must never reuse a
    key
  • have a concern with WEP, but due to key handling
    rather than RC4 itself
Write a Comment
User Comments (0)
About PowerShow.com