Chapter 3 Symmetric-Key Encryption (1).pptx

Full Transcript

Symmetric
Encryption
 Also referred to as:
 Conventional encryption
 Secret-key or single-key encryption
 Only alternative before public-key
encryption in 1970’s
 Still most widely used alternative

 Has five ingredients:
 Plaintext
 Encryption algorithm
 Secret key
 Ciphertext
 Decryption algorithm

2
 Cryptography
Classified along three
independent
The type of dimensions:
The number of The way in
operations used keys used which the
for transforming Sender and plaintext is
plaintext to receiver use same processed
ciphertext key – symmetric Block cipher –
Sender and processes input one
Substitution – each receiver each use block of elements at
element in the a different key - a time
plaintext is mapped asymmetric
into another Stream cipher –
element processes the input
elements
Transposition –
continuously
elements in
plaintext are
rearranged
3
 Cryptanalysis
 The process of
attempting to
discover the
plaintext or key is
known as
cryptanalysis.
 The strategy used
by the
cryptanalyst
depends on the
nature of the
encryption
scheme and the
information
available to the
cryptanalyst. 4
 Computationally Secure
Encryption
 Encryption is computationally secure if:
 Cost of breaking cipher exceeds value of
information
 Time required to break cipher exceeds the
useful lifetime of the information
 Usually very difficult to estimate the
amount of effort required to break
 Can estimate time/cost of a brute-force
attack

5
 Feistel Cipher
Structure
 F is an applied round
function
 (+) is an exclusive –
OR (XOR) function

6
 Block Cipher
Structure
 Symmetric block cipher consists of:
 A sequence of rounds
 With substitutions and permutations
controlled by key
 Parameters and design features:

Subkey Fast
Number Round software Ease
Block Key generati
of functi encryption of
size size rounds on on
algorith /de analy
m cryption sis

7
 Most widely
used
encryption Data
scheme
 Adopted in 1977 by
 Now NIST Encrypti
National Bureau of
 FIPS PUB 46
Standards
 Algorithm is
on
referred to as the
Data Encryption
Standar
d (DES)
Algorithm (DEA)
 Minor variation
of the Feistel
network

8
 Triple DES
financial
applications
(3DES)
 First used in

 In DES FIPS PUB 46-3
standard of 1999
 Uses three keys and
three DES executions:
 C = E(K3, D(K2,
E(K1, P)))
 Decryption same
with keys reversed
 Use of decryption in
second stage gives
compatibility with
original DES users
 Effective 168-bit key
length, slow, secure
 AES will eventually 9
replace 3DES
 Advanced Encryption
Standard
 Symmetric block (AES)
cipher
 Provides stronger
encryption
 128 bit block size
 128, 192, 256 bit key
length
 Longer key provides
stronger security
 128 bit key
 Number o f blocks (Nb = 4)
 Number of rounds (Nr = 10)
 Key expansion = Nb (Nr +
1
1) = 44 0
AES Encryption and
Decryption
Consider 128 bits
text and 128 bits
key
 Key contains 4
words (32 bits
each)
 Key expansion to
44 words
 Nb * (Nr + 1)

 Number of
blocks = 4
 Number of
round = 10 1
1
 AES Substitute

Byte
Mapping individual
byte of State into a
new byte.
 Using row and
column as indexes
of S-Box rows and
columns.

1
3
S-Box

1
4
Inverse S-box

1
5
 Shift Rows
Operation

To move
individual
bytes from
one column
to another
and spread
bytes over
columns
 First row is not
Decry
pti on altered
does
 Second row is shifted left
On
revers
encryption
by 1-byte
e  Third row is shifted left
left rotate
each row of by 2-byte
State by  Forth row is shifted left
0,1,2,3
bytes by 3-bytes
respectivel
y 1
6
 Mix Columns and Add
Key
 Mix columns
 Operates on each column individually
 Mapping each byte to a new value that is a
function of all four bytes in the column
 Use of equations over finite fields
 To provide good mixing of bytes in column

 Add round key
 Simply XOR State with bits of expanded
key
 Security from complexity of round key
expansion and other stages of AES

1
7
 Stream
Ciphers
 Processes input elements
continuously
 Key input to a pseudorandom bit
generator
 Produces stream of random like
numbers
 Unpredictable without knowing input
key
 XOR keystream output with plaintext
bytes
 Are faster and use far less code
1
 Design considerations:
8
 The RC4 Algorithm

 Encrypt

 XOR k with the
first byte of
plaintext
 Decrypt

 XOR k with the first
byte of the
ciphertext

1
9
 The RC4 Algorithm
 Designed in 1987 by Ron Rivest for
RSA Security.
 RC4 is used in the SSL/TLS (Secure
Sockets Layer/Transport Layer
Security) standards that have been
defined for communication between
Web browsers and servers.
 Also used in the WEP (Wired Equivalent
Privacy) protocol and the WiFi
Protected Access (WPA) protocol that
are part of the IEEE 802.11 wireless
LAN standard.
 RC4 was kept as a trade secret by RSA
Security. In September 1994, the RC4
algorithm was anonymously posted on
the Internet on the Cypherpunks
anonymous remailers list.
 The use of RC4 in TLS is prohibited by RFC
7465 published in February 2015.

1
9
Modes of Operation

2
0
 Electronic Codebook
(ECB)
 Simplest mode

 Plaintext is handled b bits at a time
and each block is encrypted using the
same key
 “codebook” because have unique
ciphertext value for each plaintext block
 Not secure for long messages since repeated
plaintext is seen in repeated ciphertext
 To overcome security deficiencies, you
need a technique where the same
plaintext block, if repeated, produces
different ciphertext blocks
2
1
 Cipher Block Chaining
(CBC)
 Initialization Vector
(IV) is used
 It must be known by
sender and receiver
 IV must be
protected as a key
 P1 is the first block
of plaintext
 (+) XOR function

2
2
 Counter (CTR)

 Parallel processing

 More efficient

 Secure as the other
modes

2
3
 Location of
Encryption
 Link encryption

 Must be decrypted
before the switch
 End-to-end encryption

 User data is secure,
but not the traffic
 Combination of both is
the best

2
4
 Key Distribution
 The means of delivering a key to two
parties that wish to exchange data
without allowing others to see the key
 Two parties (A and B) can achieve this by:
A key could be selected by A and physically
1 delivered to B

A third party could select the key and physically
2 deliver it to A and B
If A and B have previously and recently used a key,
3 one party could transmit the new key to the other,
encrypted using the old key
If A and B each have an encrypted connection to a
4 third party C, C could deliver a key on the
encrypted links to A and B

2
5
Key Distribution

2
6