Symmetric-Key Encryption PDF

Summary

This document provides an overview of symmetric-key encryption concepts. Sections include symmetric encryption principles, cryptography, cryptanalysis, Feistel cipher structure, data encryption standard (DES), triple DES (3DES), advanced encryption standard (AES), and key distribution.

Full Transcript

Welcome!

Security Principles and Practice—ITBP301

Fall 2024

Symmetric Encryption and Message Confidentiality

Ali Ismail Awad & Norziana Jamil
Associate Professor
College of Information Technology—UAEU
[email protected]

1
At the end of this chapter, the students should be able to:

◆ Explain the basic principles of symmetric encryption.
◆ Understand the significance of the Feistel cipher
structure.
◆ Describe the structure and function of DES.
◆ Distinguish between two-key and three-key triple DES.
◆ Describe the structure and function of AES.
◆ Compare and contrast stream encryption and block
cipher encryption.
◆ Distinguish among the major block cipher modes of
operation.
◆ Discuss the issues involved in key distribution.

2
 Symmetric Encryption
Also referred to as:
Conventional encryption
Secret-key or single-key encryption
Only alternative before public-key encryption in
1970’s
Still most widely used alternative

Has five ingredients:
Plaintext
Encryption algorithm
Secret key
Ciphertext
Decryption algorithm

3
 Cryptography

Classified along three independent
dimensions:
The type of operations The number of keys The way in which the
used for transforming used plaintext is processed
plaintext to ciphertext Sender and receiver use Block cipher – processes
Substitution – each element same key – symmetric input one block of elements
in the plaintext is mapped at a time
Sender and receiver each
into another element use a different key - Stream cipher – processes
Transposition – elements in asymmetric the input elements
plaintext are rearranged continuously

4
 Cryptanalysis

The process of
attempting to
discover the
plaintext or key is
known as
cryptanalysis.
The strategy used
by the cryptanalyst
depends on the
nature of the
encryption scheme
and the information
available to the
cryptanalyst.

5
 Computationally Secure
Encryption
Encryption is computationally secure if:
Cost of breaking cipher exceeds value of information
Time required to break cipher exceeds the useful
lifetime of the information

Usually very difficult to estimate the amount of
effort required to break

Can estimate time/cost of a brute-force attack

6
 Feistel Cipher Structure
F is an applied round function
(+) is an exclusive –OR
(XOR) function

7
 Block Cipher Structure

Symmetric block cipher consists of:
A sequence of rounds
With substitutions and permutations controlled
by key

Parameters and design features:

Subkey Fast software
Number of Round encryption/de Ease of
Block size Key size generation
rounds function cryption analysis
algorithm

8
 Most widely used
encryption
scheme Data
Adopted in 1977 by
National
Now NIST
Bureau of Encryption
Standards
FIPS PUB 46

Algorithm is referred to
Standard
as the Data Encryption
Algorithm (DEA) (DES)
Minor variation of
the Feistel network

9
 Triple DES (3DES)
First used in
financial
applications
In DES FIPS PUB 46-3
standard of 1999
Uses three keys and three
DES executions:
C = E(K3, D(K2, E(K1,
P)))

Decryption same with
keys reversed
Use of decryption in
second stage gives
compatibility with original
DES users
Effective 168-bit key
length, slow, secure
AES will eventually
replace 3DES 10
 Advanced Encryption Standard
(AES)
Symmetric block cipher
Provides stronger encryption
128 bit block size
128, 192, 256 bit key length
Longer key provides stronger security
128 bit key
Number o f blocks (Nb = 4)
Number of rounds (Nr = 10)
Key expansion = Nb (Nr + 1) = 44
Four key blocks for each round

11
AES Encryption and Decryption

Consider 128 bits text and
128 bits key
Key contains 4 words (32
bits each)
Key expansion to 44 words

Nb * (Nr + 1)

Number of blocks = 4

Number of round = 10

Four words for each round
w{0,3} , etc.

12
 Visualization of AES

Animation: https://formaestudio.com/portfolio/aes-animation/

13
 AES Substitute Byte

Mapping individual byte of
State into a new byte.
Using row and column as
indexes of S-Box rows and
columns.

14
S-Box

15
Inverse S-box

16
 Shift Rows Operation

To move individual
bytes from one
column to another
and spread bytes
over columns

First row is not altered
Decrypti
on does
reverse Second row is shifted left by 1-byte
On encryption
left rotate each
row of State by Third row is shifted left by 2-byte
0,1,2,3 bytes
respectively Forth row is shifted left by 3-bytes

17
 Mix Columns and Add Key
Mix columns
Operates on each column individually
Mapping each byte to a new value that is a function
of all four bytes in the column
Use of equations over finite fields
To provide good mixing of bytes in column

Add round key
Simply XOR State with bits of expanded key
Security from complexity of round key expansion and
other stages of AES

18
 Stream Ciphers
Processes input elements continuously

Key input to a pseudorandom bit generator
Produces stream of random like numbers
Unpredictable without knowing input key
XOR keystream output with plaintext bytes

Are faster and use far less code

Design considerations:
Encryption sequence should have a large period
Keystream approximates random number
properties
Uses a sufficiently long key

19
 The RC4 Algorithm

Encrypt

XOR k with the first byte
of plaintext

Decrypt

XOR k with the first byte of
the ciphertext

20
 The RC4 Algorithm

Designed in 1987 by Ron Rivest for RSA
Security.
RC4 is used in the SSL/TLS (Secure Sockets
Layer/Transport Layer Security) standards
that have been defined for communication
between Web browsers and servers.
Also used in the WEP (Wired Equivalent
Privacy) protocol and the WiFi Protected
Access (WPA) protocol that are part of the
IEEE 802.11 wireless LAN standard.
RC4 was kept as a trade secret by RSA
Security. In September 1994, the RC4
algorithm was anonymously posted on the
Internet on the Cypherpunks anonymous
remailers list.
The use of RC4 in TLS is prohibited by RFC
7465 published in February 2015.

21
Modes of Operation

22
 Electronic Codebook (ECB)

Simplest mode

Plaintext is handled b bits at a time and each
block is encrypted using the same key
“codebook” because have unique ciphertext
value for each plaintext block
Not secure for long messages since repeated plaintext is
seen in repeated ciphertext

To overcome security deficiencies, you need a
technique where the same plaintext block, if
repeated, produces different ciphertext blocks

23
 Cipher Block Chaining (CBC)

Initialization Vector (IV) is used

It must be known by sender
and receiver
IV must be protected as a key

P1 is the first block of plaintext

(+) XOR function

24
 Counter (CTR)

Parallel processing

More efficient

Secure as the other modes

25
 Location of Encryption

Link encryption

Must be decrypted before the
switch
End-to-end encryption

User data is secure, but not the
traffic
Combination of both is the best

26
 Key Distribution
The means of delivering a key to two parties that
wish to exchange data without allowing others to
see the key
Two parties (A and B) can achieve this by:
A key could be selected by A and physically delivered to B
1

A third party could select the key and physically deliver it to A and B
2

If A and B have previously and recently used a key, one party could
3 transmit the new key to the other, encrypted using the old key

If A and B each have an encrypted connection to a third party C,
4 C could deliver a key on the encrypted links to A and B

27
Key Distribution

28
 Summary
Stream ciphers and RC4
Symmetric
encryption principles Stream cipher structure
Cryptography
RC4 algorithm
Cryptanalysis
Cipher block modes
Feistel cipher structure of operation
Data encryption Electronic codebook mode
standard Cipher block chaining
mode
Triple DES
Cipher feedback mode
Advanced Counter mode
encryption standard
Algorithm details Location of symmetric
encryption devices
Key distribution

29