Summary

This document details symmetric encryption principles, including various algorithms like DES, Triple DES (3DES), and Advanced Encryption Standard (AES). It also covers concepts such as cryptography, cryptanalysis, Feistel ciphers, and key distribution. 

Full Transcript

Welcome! Security Principles and Practice—ITBP301 Fall 2024 Symmetric Encryption and Message Confidentiality Ali Ismail Awad & Norziana Jamil Associate Professor College of Information Technology—UAEU...

Welcome! Security Principles and Practice—ITBP301 Fall 2024 Symmetric Encryption and Message Confidentiality Ali Ismail Awad & Norziana Jamil Associate Professor College of Information Technology—UAEU [email protected] 1 At the end of this chapter, the students should be able to: ◆ Explain the basic principles of symmetric encryption. ◆ Understand the significance of the Feistel cipher structure. ◆ Describe the structure and function of DES. ◆ Distinguish between two-key and three-key triple DES. ◆ Describe the structure and function of AES. ◆ Compare and contrast stream encryption and block cipher encryption. ◆ Distinguish among the major block cipher modes of operation. ◆ Discuss the issues involved in key distribution. 2 Symmetric Encryption Also referred to as: Conventional encryption Secret-key or single-key encryption Only alternative before public-key encryption in 1970’s Still most widely used alternative Has five ingredients: Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm 3 Cryptography Classified along three independent dimensions: The type of operations The number of keys The way in which the used for transforming used plaintext is processed plaintext to ciphertext Sender and receiver use Block cipher – processes Substitution – each element same key – symmetric input one block of elements in the plaintext is mapped at a time Sender and receiver each into another element use a different key - Stream cipher – processes Transposition – elements in asymmetric the input elements plaintext are rearranged continuously 4 Cryptanalysis The process of attempting to discover the plaintext or key is known as cryptanalysis. The strategy used by the cryptanalyst depends on the nature of the encryption scheme and the information available to the cryptanalyst. 5 Computationally Secure Encryption Encryption is computationally secure if: Cost of breaking cipher exceeds value of information Time required to break cipher exceeds the useful lifetime of the information Usually very difficult to estimate the amount of effort required to break Can estimate time/cost of a brute-force attack 6 Feistel Cipher Structure F is an applied round function (+) is an exclusive –OR (XOR) function 7 Block Cipher Structure Symmetric block cipher consists of: A sequence of rounds With substitutions and permutations controlled by key Parameters and design features: Subkey Fast software Number of Round encryption/de Ease of Block size Key size generation rounds function cryption analysis algorithm 8 Most widely used encryption scheme Data Adopted in 1977 by National Now NIST Bureau of Encryption Standards FIPS PUB 46 Algorithm is referred to Standard as the Data Encryption Algorithm (DEA) (DES) Minor variation of the Feistel network 9 Triple DES (3DES) First used in financial applications In DES FIPS PUB 46-3 standard of 1999 Uses three keys and three DES executions: C = E(K3, D(K2, E(K1, P))) Decryption same with keys reversed Use of decryption in second stage gives compatibility with original DES users Effective 168-bit key length, slow, secure AES will eventually replace 3DES 10 Advanced Encryption Standard (AES) Symmetric block cipher Provides stronger encryption 128 bit block size 128, 192, 256 bit key length Longer key provides stronger security 128 bit key Number o f blocks (Nb = 4) Number of rounds (Nr = 10) Key expansion = Nb (Nr + 1) = 44 Four key blocks for each round 11 AES Encryption and Decryption Consider 128 bits text and 128 bits key Key contains 4 words (32 bits each) Key expansion to 44 words Nb * (Nr + 1) Number of blocks = 4 Number of round = 10 Four words for each round w{0,3} , etc. 12 Visualization of AES Animation: https://formaestudio.com/portfolio/aes-animation/ 13 AES Substitute Byte Mapping individual byte of State into a new byte. Using row and column as indexes of S-Box rows and columns. 14 S-Box 15 Inverse S-box 16 Shift Rows Operation To move individual bytes from one column to another and spread bytes over columns First row is not altered Decrypti on does reverse Second row is shifted left by 1-byte On encryption left rotate each row of State by Third row is shifted left by 2-byte 0,1,2,3 bytes respectively Forth row is shifted left by 3-bytes 17 Mix Columns and Add Key Mix columns Operates on each column individually Mapping each byte to a new value that is a function of all four bytes in the column Use of equations over finite fields To provide good mixing of bytes in column Add round key Simply XOR State with bits of expanded key Security from complexity of round key expansion and other stages of AES 18 Stream Ciphers Processes input elements continuously Key input to a pseudorandom bit generator Produces stream of random like numbers Unpredictable without knowing input key XOR keystream output with plaintext bytes Are faster and use far less code Design considerations: Encryption sequence should have a large period Keystream approximates random number properties Uses a sufficiently long key 19 The RC4 Algorithm Encrypt XOR k with the first byte of plaintext Decrypt XOR k with the first byte of the ciphertext 20 The RC4 Algorithm Designed in 1987 by Ron Rivest for RSA Security. RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards that have been defined for communication between Web browsers and servers. Also used in the WEP (Wired Equivalent Privacy) protocol and the WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a trade secret by RSA Security. In September 1994, the RC4 algorithm was anonymously posted on the Internet on the Cypherpunks anonymous remailers list. The use of RC4 in TLS is prohibited by RFC 7465 published in February 2015. 21 Modes of Operation 22 Electronic Codebook (ECB) Simplest mode Plaintext is handled b bits at a time and each block is encrypted using the same key “codebook” because have unique ciphertext value for each plaintext block Not secure for long messages since repeated plaintext is seen in repeated ciphertext To overcome security deficiencies, you need a technique where the same plaintext block, if repeated, produces different ciphertext blocks 23 Cipher Block Chaining (CBC) Initialization Vector (IV) is used It must be known by sender and receiver IV must be protected as a key P1 is the first block of plaintext (+) XOR function 24 Counter (CTR) Parallel processing More efficient Secure as the other modes 25 Location of Encryption Link encryption Must be decrypted before the switch End-to-end encryption User data is secure, but not the traffic Combination of both is the best 26 Key Distribution The means of delivering a key to two parties that wish to exchange data without allowing others to see the key Two parties (A and B) can achieve this by: A key could be selected by A and physically delivered to B 1 A third party could select the key and physically deliver it to A and B 2 If A and B have previously and recently used a key, one party could 3 transmit the new key to the other, encrypted using the old key If A and B each have an encrypted connection to a third party C, 4 C could deliver a key on the encrypted links to A and B 27 Key Distribution 28 Summary Stream ciphers and RC4 Symmetric encryption principles Stream cipher structure Cryptography RC4 algorithm Cryptanalysis Cipher block modes Feistel cipher structure of operation Data encryption Electronic codebook mode standard Cipher block chaining mode Triple DES Cipher feedback mode Advanced Counter mode encryption standard Algorithm details Location of symmetric encryption devices Key distribution 29

Use Quizgecko on...
Browser
Browser