Cryptography (Classic) Course Notes PDF

Document Details

LuxuriantMaracas

Uploaded by LuxuriantMaracas

King Khalid University

Okhtar Ben Hmida

Tags

cryptography notes symmetric encryption encryption algorithms computer science

Summary

This document is a course on cryptography, covering symmetric encryption algorithms. It discusses 2DES, 3DES, Blowfish, RC4, and DES. The content is from King Khalid University in Saudi Arabia.

Full Transcript

Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Course Cryptography (Classic & Modern) https://www.tutorialspoint.com/cryptography/ cryptography_need_for_encryption.htm...

Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Course Cryptography (Classic & Modern) https://www.tutorialspoint.com/cryptography/ cryptography_need_for_encryption.htm College of Computer Science, King Khaled University 'KKU', KSA okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA CHAPTER 3-3 : Symmetric Cryptography, 2DES, 3DES, Blowfish, RC4,... DES Needs for Replacement; 2DES, 3DES, Blowfish, RC4  Essential DES Replacements: o 2DES o 3DES o Blowfish o RC4 okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA  Clear replacement for DES was needed: DES Needs  have theoretical attacks that can break it; for  have demonstrated exhaustive key search attacks. Replacement  Alternative: Triple-DES – but slow.  US NIST issued call for ciphers in 1997;  (15) candidates accepted in Jun 98;  (05) were shortlisted in Aug-99;  Rijndael was selected as the AES in Oct-2000 okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA  Clear replacement for DES was needed: DES Needs  Alternative: Multiple Encryption with the Basis of DES for Replacement  Alternative: Double-DES – but slow.  Alternative: Triple-DES – but slow.  Blowfish Block Cipher was also an altenative;  RC4 as a Stream Cipher was also an altenative;  Rijndael was selected as the AES in Oct-2000 okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric encryption algorithms okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric encryption algorithms Algorithm Type Key Size Features DES Block Cipher 56 bits Most Common, Not strong enough DoubleDES Block Cipher 168 bits Multiple of DES, (112 effective) Adequate Security TripleDES Blowfish Block Cipher Variable Excellent Security (Up to 448 bits) RC4 Stream Cipher Variable Fast Stream Cipher, Used in most (40 or 128 bits) SSL implementations AES Block Cipher Variable Replacement for DES, (128, 192, 256 bits) Excellent Security okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric encryption algorithms  DES (Data Encryption Standard) − An older encryption method which is less secure than AES but still used in some legacy systems.  (2DES ; 3DES) − More secure version of DES; applies DES algorithm two ; three times.  Blowfish − Symmetric-key block cipher, known for its fast encryption and flexibility.  (RC4) Rivest Cipher 4 − Previously it was widely used, but now considered insecure because of its vulnerabilities.  AES (Advanced Encryption Standard) − Mainly used for securing sensitive data, like government information. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA CHAPTER 3-3 : Symmetric Cryptography, 2DES, 3DES, Blowfish, RC4,...  Revision : DES Principle in Symmetric Cryptography  DES Needs for Replacement; 2DES, 3DES, Blowfish, RC4  Essential DES Replacements: o 2DES o 3DES o Blowfish o RC4 okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric Encryption algorithms Transition to Multiple DES Encryption algorithms :  Double DES ‘2DES’  Triple DES ‘3DES’  Blowfish okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Transition to Double-DES Double DES uses two keys, k1 and k2. For it to obtain the encrypted text, it can apply DES to the original plaintext using k1. With a different key, k2, it can apply DES to the encrypted text this time. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA ansition to Double-DES Advantages Disadvantages Vulnerable to Meet-in-the-Middle Attack − Enhanced Security − By doubling the length of Attacker intercepting the ciphertext and trying the key, Double DES improves the security of every key for the first encryption and DES and makes it more difficult for attackers to decryption phases... The effective key length decrypt encrypted data via brute-force attacks. decreases to 112 bits, significantly weakening the theoretical 168-bit key length. Compatibility with Current Systems − Double DES can be implemented with current Performance Overhead − Because double DES hardware and software, making it a simple DES encryption takes more time and option for businesses who currently use DES. computing power than single DES encryption, it may have a performance overhead. Widely Studied − Due to the in-depth study and analysis that DES has received over the Limited Key Length − relatively limited key years, double DES can be applied and length (112 effective bits after calculating for understood with the help of a variety of the meet-in-the-middle attack). This may not information and resources. be enough for handling sophisticated attacks. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric Encryption algorithms Transition to Multiple DES Encryption algorithms :  Double DES ‘2DES’  Triple DES ‘3DES’  Blowfish okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA ansition to Triple-DES – 3DES Advances in cryptanalysis and electronics have made key length 56 a problem for DES. The key is found in a few hours from a known plaintext by doing brute force. 3-DES (Triple DES) was launched as a new standard in 1999. Uses 2 or 3 keys. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA ansition to Triple-DES – 3DES There are several types of triple DES encryptions: DES-EEE3 (03) three different keys for Encryption, Data are Encrypted, Encrypted, Encrypted. DES-EDE3 (03) three different keys for Encryption, Data are Encrypted, Decrypted, and Encrypted. DES-EEE2 The same as DES-EEE3 but uses only two keys, 1st and 3rd Encryption processes; the same key. DES-EDE2 The same as DES-EDE3 but uses only two keys, 1st and 3rd Encryption processes; the same key. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA ansition to Triple-DES – 3DES There are several types of triple DES encryptions: DES-EEE3 : (03) different keys for Encryption, C = EK3(EK2(EK1(P))) DES-EDE3 : (03) different keys for Encryption, C = EK3(DK2(EK1(P))) DES-EEE2 : uses only two keys, C = EK1(DK2(EK1(P))) DES-EDE2 : only two keys, C = EK1(DK2(EK1(P))) okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA ransition to Triple-DES Disadvantages Advantages  The slower speed of 3DES compared to  As compared to the triple-layered recent encryption methods like AES encryption to the original DES, security decreases processing efficiency. is enhanced.  Even while 3DES is more powerful than  3DES allows for smooth migrations DES, its efficient key length is limited, through preserving connectivity with especially if three 56-bit keys are used. current DES implementations.  By setting each of all three keys to the  In scenarios with limited resources, same value, 3DES can be used for a triple encryption reduces performance single DES with respect to backward because it needs more computing compatibility. power.  3DES is widely used and integrated with  3DES has a lower security margin than a wide range of hardware, protocols, and more recent encryption methods like applications. AES, but being more secure than DES. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric Encryption algorithms Transition to Multiple DES Encryption algorithms :  Double DES ‘2DES’  Triple DES ‘3DES’  Blowfish okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Blowfish Symmetric-key Block Cipher Frequently used for password hashing, VPNs, and file encryption. Since its introduction in 1993, this encryption method has gained popularity due to its effective encryption and decryption operations. However, more recent, more secure algorithms like AES are gradually taking the place of Blowfish. Blowfish is a 64-bit block cipher that uses symmetric encryption and a key that can be up to 448 bits long. It was created in 1993 by Bruce Schneier to replace the outdated Data Encryption Standard (DES) and International Data Encryption Algorithm (IDEA) encryption methods. Though its popularity has decreased recently, blowfish is well known for its ease of use and efficiency. It is being replaced by more recent, stronger encryption methods like the Advanced Encryption Standard (AES). okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Features of Blowfish Some of the main features of the Blowfish algorithm are as follows −  Block Cipher − Data in Blowfish is encrypted using a block cipher technique using symmetric keys, resulting in 64-bit blocks of encryption.  Symmetric key algorithm − The Blowfish approach encrypts and decrypts data with the same symmetric encryption key.  Different length keys − Blowfish offers key lengths ranging from 32 bits to 448 bits. The longer the key, more secure the data. However, processing longer keys usually requires more resources and time.  Feistel Code − The Feistel cipher development divides the plaintext in half and jumbles each half independently using a sequence of mathematical operations. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA An x (S firs h an bo rted eac Blowfish sta tries SP -bo t. T d e en Symmetric-key ne x) a her ight tw Block Cipher or nd p are P-ar k is erm fou rays us e ed utat r 32 with by ion -bit 32 Blo bo S-b -bit wfi x ( ox su sh P-b es bke ;t he x ) su mu 256 o bs s t tit wi ut b e t h ys. ion okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Steps of Blowfish  Step 1 − Dividing the 64-bit plaintext into two equal blocks, L and R, each containing 32 bits.  Step 2 − The following actions are taken in each of the 16 encryption cycles that we begin in the following step − o Now, the L and the first member of the P-array (P1) are XORed. o Then XOR R with F, where F is a function of L and uses the four blocks that make up the S- box. Below is a summary of function F in entirety. o The next iteration of the loop starts once L and R are switched.  Step 3 − L and R are switched again after the loop is completed.  Step 4 − XOR R with P17 and L with P18 to get the final two unused P-box entries (P17 & P18).  Step 5: The cipher text is obtained by combining L and R in the final step. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Here, an in-depth Description of Blowfish Encryption technique −  Key expansion − Initial component that Blowfish uses is a secret key, which can be between 32 and 448 bits long. The encryption key is then generated and extended using the P-array and S-boxes precomputation to generate several subkeys.  Subkeys Generation − The 64-bit blocks that define the stretched-out key are divided into two 32-bit chunks. These components are joined with a few predetermined values to create a new set of subkeys.  Data Encryption − This is when the exciting part starts. These two 32-bit segments are sixteen times encrypted. Every round involves a set of transpositions and replacements (XOR operations, additions, and lookups in the S-boxes).  After processing − The 32-bit scrambled bits are reconstructed to form 64-bit ciphertext blocks after 16 rounds. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Example: Suppose that the words "Hi world" will be encrypted using Blowfish. Steps are :  Input "Hi world" is initially made up of 64 bits (8bytes), seven letters plus one space.  The Left 32 bits, or "Hi w," are XORed with P1 to produce P1, the product of key expansion.  Following that, P1 separates the 32 bits into 4 bytes and sends them to each of the four S- boxes using a transformative F-function (F In).  The third value from the third S-box is XORed with the first two values from the first two S- boxes added to each other.  32 bits are produced as the output when this result is added to the fourth S-box's output.  To create output F1', the output of F In is XORed with the correct 32 bits of the input message, "orld".  The left half of the message is then replaced with F1', and the right half with P1'.  For a total of 16 rounds, the same process will be carried out for each of the P-array members that follow.  The final two elements of the P-array, P17 and P18, are XORed with the outputs P16' and F16' following 16 rounds. After that, they are once again combined to create the input message's 64-bit ciphertext. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Advantages of Blowfish Disadvantages of Blowfish One of the fastest block ciphers currently in There are a few disadvantages to using use, still in high demand over thirty years Blowfish for encryption, including: −  Considerably less time-consuming and  Changing the key will change the speed. more effective than the DES and IDEA.  Unpatented and open to be utilised by  It takes a long time to complete the anybody, even without authorization. primary routine.  Microprocessors handle data encryption process efficiently, even with its intricate  Due to its short 64-bit block size, the initialization step prior to encryption. technique is vulnerable to birthday attacks, a kind of brute-force attack.  Offers a high level of security for Java- developed programmes and apps. Preprocessing for each new key requires 4  Allows for safe user authentication for KB of text, which slows it down and makes it remote access and secure access for unusable for various purposes. backup tools. AlMokhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at Kin Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Symmetric Encryption algorithms Transition to RC4 Encryption algorithms : Now, one Stream Cipher Encryption okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Rivest Cypher 4 (Stream Cipher)  Referred to as RC4, Stream cipher was created in 1987 by Ron Rivest.  RC4 encrypts data bit by bit because it is a stream cipher.  From all the stream ciphers, RC4 is the one that is used the most because of its simplicity and speed.  Although RC4 is renowned for its speed and ease of use in software, it has been discovered to have a number of vulnerabilities that make it insecure.  It is highly vulnerable if the output keystream's beginning is not removed or if linked or non-random keys are used.  Use of RC4 has resulted to the creation of somewhat insecure protocols like WEP.  In 2015, there were rumours circulating that certain state cryptologic organisations may break RC4, if it was used in the TLS protocol.  The Internet Engineering Task Force's RFC 7465 forbids using RC4 in TLS, and Mozilla and Microsoft have made recommendations along these lines. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Rivest Cypher 4 (Stream Cipher STRUCTURE) Process message bit by bit (as a stream) Have a pseudo random keystream Combined (XOR) with plaintext bit by bit Randomness of stream key completely destroys statistically properties in message Ci = Mi XOR StreamKeyi But must never reuse stream key otherwise can recover messages (cf book cipher) okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA Advantages of RC4 Disadvantages of RC4  RC4 is a very fast and efficient encryption  Not appropriate for new applications because method, making it appropriate for use in of a number of tracked vulnerabilities. Key scenarios where these qualities are can be recovered by taking advantage of a important. bias present in first few bytes of keystream.  As RC4 is a somewhat basic algorithm, it  Unlike to other encryption algorithms like AES can be simply implemented in hardware or ChaCha20, RC4 is less secure because of or software. some built-in vulnerabilities…  RC4 is dynamic and adaptive to meet a  The 2048 bit maximum key length for RC4 range of security needs because it allows may not be enough for some applications different key sizes. that demand a higher level of encryption.  RC4 is widely used in many different  It is no longer suggested to use RC4 in new applications, like file encryption, virtual apps because of its vulnerabilities and flaws. private networks (VPN), secure sockets Instead, AES-CTR or ChaCha20, two more layer (SSL), and wireless networks. secure stream cipher algorithms… okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA RC4 and WEP To protect wireless networks, a security mechanism known as WEP (Wired Equivalent Privacy) is used. It was developed with privacy and security features similar to those of a wired network. WEP was fully used in the early days of Wi-Fi, but it has several known vulnerabilities that make it incredibly easy to compromise. These weaknesses include a weak key scheduling mechanism (based on RC4), short initialization vectors (IVs), and a lack of key management tools. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA RC4 and WEP, the continuation… Data is first encrypted using the RC4 technique in WEP before being sent over a wireless network. Because of weaknesses in the WEP protocol, network security can be compromised by many kinds of attacks, like the Fluhrer-Mantin- Shamir (FMS) and KoreK attacks, which can retrieve the WEP key. WEP was a robust stream cipher, but implementation of RC4 introduced issues. For this reason, more secure encryption protocols like WPA (Wi-Fi Protected Access) and WPA2 eventually took the place of WEP. okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh

Use Quizgecko on...
Browser
Browser