Symmetric Cipher Model PPT

Symmetric Cipher Model 2 Basic terminology Plaintext: original message to be encrypted Ciphertext: the encrypted message Enciphering or encryption: the process of converting plaintext into ciphertext Encryption algorithm: performs encryption Two inputs: a plaintext and a secret key 3 Deciphering or decryption: recovering plaintext from ciphertext Decryption algorithm: performs decryption Two inputs: ciphertext and secret key Secret key: same key used for encryption and decryption Also referred to as a symmetric key 4 Cipher or cryptographic system : a scheme for encryption and decryption Cryptography: science of studying ciphers Cryptanalysis: science of studying attacks against cryptographic systems Cryptology: cryptography + cryptanalysis 5 Ciphers Symmetric cipher: same key used for encryption and decryption Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits) Stream cipher: encrypts data one bit or one byte at a time Asymmetric cipher: different keys used for encryption and decryption 6 Symmetric Cipher Model 7 Symmetric Encryption or conventional / secret-key / single-key sender and recipient share a common key all classical encryption algorithms are symmetric only type of ciphers prior to the invention of asymmetric-key ciphers in 1970’s by far most widely used 8 Symmetric Encryption Mathematically: Y = EK(X) or Y = E(K, X) X = DK(Y) or X = D(K, Y) X = plaintext Y = ciphertext K = secret key E = encryption algorithm D = decryption algorithm Both E and D are known to public 9 Cryptanalysis Objective: to recover the plaintext of a ciphertext or, more typically, to recover the secret key. Kerkhoff’s principle: the adversary knows all details about a cryptosystem except the secret key. Two general approaches: brute-force attack non-brute-force attack (cryptanalytic attack) 10 Cryptanalysis and Brute-Force Attack Typically, the objective of attacking an encryption system is to recover the key in use rather than simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme: Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. If either type of attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised. Cryptanalytic Attacks May be classified by how much information needed by the attacker: Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack Chosen-ciphertext attack 19 Brute-Force Attack Try every key to decipher the ciphertext. On average, need to try half of all possible keys Key Time needed Size (bits) proportional Number of Alternative toat 1size ofTimekey Time required required at 10 6 space Keys decryption/µs decryptions/µs 32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years 168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years 26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years (permutation) 20 The most difficult problem is presented when all that is available is the ciphertext only. In some cases, not even the encryption algorithm is known, but in general, we can assume that the opponent does know the algorithm used for encryption. One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. To use this approach, the opponent must have some general idea of the type of plaintext that is concealed, such as English or French text, an EXE file, a Java source listing, an accounting file, and so on. Cryptanalytic Attacks The following table summarizes the various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst. 22 The ciphertext-only attack is the easiest to defend against because the opponent has the least amount of information to work with. In many cases, however, the analyst has more information. The analyst may be able to capture one or more plaintext messages as well as their encryptions. Or the analyst may know that certain plaintext patterns will appear in a message. For example, a file that is encoded in the Postscript format always begins with the same pattern, or there may be a standardized header or banner to an electronic funds transfer message, and so on. All these are examples of known plaintext. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Ciphertext-only attack In this attack, the attacker gains access to a collection of ciphertext. Although the attacker cannot access the plaintext, they can successfully determine the ciphertext from the collection. Through this attack technique, the attacker can occasionally determine the key. Ciphertext-only attack Given: a ciphertext c Q: what is the plaintext m? An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks. 25 Ciphertext-Only Attack Ciphertext-only attack 3.26 Known-plaintext attack In this attack technique, the cybercriminal finds or knows the plaintext of some portions of the ciphertext using information gathering techniques. Linear cryptanalysis in block cipher is one such example. Given: (m1,c1), (m2,c2), …, (mk,ck) and a new ciphertext c. Q: what is the plaintext of c? Q: what is the secret key in use? 27 Closely related to the known-plaintext attack is what might be referred to as a probable-word attack. If the opponent is after some very specific information, then parts of the message may be known. For example, if an entire accounting file is being transmitted, the opponent may know the placement of certain key words in the header of the file. As another example, the source code for a program developed by Corporation X might include a copyright statement in some standardized position. Known-Plaintext Attack Known-plaintext attack 3.29 Chosen-Ciphertext Attack Chosen-ciphertext attack 3.30 Classical encryption techniques As opposed to modern cryptography Goals: to introduce basic concepts & terminology of encryption to prepare us for studying modern cryptography 31 Chosen-ciphertext attack In this attack model, the cybercriminal analyzes a chosen ciphertext corresponding to its plaintext. The attacker tries to obtain a secret key or the details about the system. By analyzing the chosen ciphertext and relating it to the plaintext, the attacker attempts to guess the key. Older versions of RSA encryption were prone to this attack. Given: (m1,c1), (m2,c2), …, (mk,ck), where c1, c2, …, ck are chosen by the adversary; and a new ciphertext c. Q: what is the plaintext of c, or what is the secret key? 32

Symmetric Cipher Model PPT

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue