11002_Lec 05-08

7/29/2019 11002_Lec 05-08

1/73

1Symmetric Encryption and Message Confidentiality

CAP361:

SECURITY AND PRIVACY OF INFORMATION

Lecture Number 05-08

Bhagat AvinashAsst. Prof.Domain:D3School of Computing ApplicationsLovely Professional UniversityEmail:

[email protected]

[email protected]

3/1/2013

7/29/2019 11002_Lec 05-08

2/73


Network Security Essentials

Fourth Edition

by William Stallings

Lecture slides by Lawrie Brown

7/29/2019 11002_Lec 05-08

3/73


Some Basic Terminology plaintext original message

ciphertext coded message

cipher algorithm for transforming plaintext to ciphertext

key

info used in cipher known only to sender/receiver

encipher (encrypt) converting plaintext to ciphertext

decipher (decrypt) recovering ciphertext from plaintext

cryptography

study of encryption principles/methods cryptanalysis (codebreaking) study of principles/ methods of

deciphering ciphertext withoutknowing key

cryptology field of both cryptography and cryptanalysis

7/29/2019 11002_Lec 05-08

4/73


Symmetric Cipher Model

7/29/2019 11002_Lec 05-08

5/73


Requirements

Two requirements for secure use of encryption:

1. a strong encryption algorithm

2. a secret key known only to sender / receiver

mathematically have:

Y= E(K,X)

X= D(K, Y)

Encryption depends upon secrecy of key

7/29/2019 11002_Lec 05-08

6/73


CryptographyCryptography can be classified as :

type of encryption operations used

substitution

transposition

product

number of keys used

single-key or private

two-key or public

way in which plaintext is processed

block

stream

7/29/2019 11002_Lec 05-08

7/737Symmetric Encryption and Message Confidentiality

Cryptanalysis

The process of attempting to discover theplaintext or key

Objective to recover key not just message

general approaches:cryptanalytic attack

brute-force attack

7/29/2019 11002_Lec 05-08


Cryptanalysis

Cryptanalytic Attacks : rely on the nature ofthe algorithm plus perhaps some knowledge

of the general characteristics of the plaintext

or even some sample plaintext-ciphertextpairs. This type of attack exploits the

characteristics of the algorithm to attempt to

deduce a specific plaintext or to deduce the

key being used.

7/29/2019 11002_Lec 05-08


Cryptanalysis

Brute-force attack : The attacker tries everypossible key on a piece of ciphertext until an

intelligible translation into plaintext is

obtained. On average, half of all possible keysmust be tried to achieve success.

7/29/2019 11002_Lec 05-08


Type of Attack Known to Cryptanalyst

Ciphertext only Encryption algorithm

Ciphertext

Known plaintext Encryption algorithm

Ciphertext

One or more plaintext-ciphertextpairs formed with the secret key

Chosen plaintext Encryption algorithm

Ciphertext Plaintext message chosen by

cryptanalyst, together with its

corresponding ciphertext generated

with the secret key

7/29/2019 11002_Lec 05-08


Type of Attack Known to Cryptanalyst

Chosen Ciphertext Encryption algorithm

Ciphertext Purported ciphertext chosen by


corresponding decrypted plaintext

generated with the secret key

Chosen text Encryption algorithm

Ciphertext

Plaintext message chosen by


corresponding ciphertext generated withthe secret key

Purported ciphertext chosen by


corresponding decrypted plaintext

generated with the secret key

7/29/2019 11002_Lec 05-08

12/73


Brute Force Search

always possible to simply try every key

most basic attack, proportional to key size

assume either know / recognise plaintext

Key Size (bits) Number of AlternativeKeys

Time required at 1

decryption/sTime required at 106

decryptions/s

32 232 = 4.3 109 231 s = 35.8 minutes 2.15 milliseconds

56 256 = 7.2 1016 255 s = 1142 years 10.01 hours

128 2128 = 3.4 1038 2127 s = 5.4 1024 years 5.4 1018 years

168 2168 = 3.7 1050 2167 s = 5.9 1036 years 5.9 1030 years

26 characters

(permutation)

26! = 4 1026 2 1026 s = 6.4 1012 years 6.4 106 years

7/29/2019 11002_Lec 05-08

13/73


Symmetric Block Encryption Algorithms The most commonly used symmetric encryption

algorithms are block cipher.

A block cipher processes the plaintext input in

fixed sized blocks and produces a block of

ciphertext of equal size

Feistel Cipher Structure

Data Encryption Standard

Triple DES(3DES)

Advanced Encryption Standard.

7/29/2019 11002_Lec 05-08

14/73

7/29/2019 11002_Lec 05-08

15/73


Feistel Cipher StructureHorst Feistel devised the feistel cipher of IBM

The inputs to the encryption algorithm are

Plaintext block of length 2w

A key K

The plain text block is divided into two halves,LE0 and RE0.

The two halves of the data pass through n

rounds of processing and then combine toprovide cipher text block.

7/29/2019 11002_Lec 05-08

16/73


Feistel Cipher Structure Each round i has inputs LEi-1 and REi-1 derived

from the previous round, as well as a sub key Ki

derived the overall K

Sub keys are generated from main key K using

sub key generation algorithm.

7/29/2019 11002_Lec 05-08

17/73


The Feistel

Cipher Structure

i

7/29/2019 11002_Lec 05-08

18/73


Round i

+

f

Li-1 Ri-1

ki

Li Ri

7/29/2019 11002_Lec 05-08

19/73


Feistel Cipher Structure

7/29/2019 11002_Lec 05-08

20/73


Feistel Cipher Design

ElementsExact realization of a symmetric block cipher dependson following parameters and design features:

block size

key size

number of rounds

subkey generation algorithm

round function

fast software en/decryption

ease of analysis

7/29/2019 11002_Lec 05-08

21/73


Feistel Cipher Design Elements

Block size Larger block size means greater security but it reduces encryption /

decryption speed typical size 128 bits.

Key size Larger key size means greater security but it reduces encryption /

decryption speed typical size 128 bits

Number of rounds Single round offers inadequate security. Multiple rounds offers greater

security. Generally 16 rounds

7/29/2019 11002_Lec 05-08

22/73


Feistel Cipher Design Elements

Subkey Generation Algorithm Greater complexity in algorithm should lead greater difficulty of

cryptanalysis.

Round function Grater complexity generally means greater resistance to cryptanalysis.

Fast S/W en/decryption Encryption is embedded in application or utility functions accordingly

speed of the execution of the algorithm becomes convern.

7/29/2019 11002_Lec 05-08

23/73


Data Encryption Standard (DES)

Most widely used block cipher in world

Adopted in 1977 by NBS (national bureau of

standards )

Now NIST (national inst. Of standards and

technology)

Encrypts 64-bit data using 56-bit key

Has widespread use

7/29/2019 11002_Lec 05-08

24/73


DES History

IBM developed Lucifer cipher

by team led by Feistel in late 60s

used then redeveloped as a commercial cipher with input from

NSA and others

in 1973 NBS issued request for proposals for a national cipher

standard

IBM submitted their revised Lucifer which was eventually

accepted as the DES

64-bit data blocks with 128-bit key

7/29/2019 11002_Lec 05-08

25/73


DES Design Controversy

Although DES standard is public

Was considerable controversy over design

In choice of 56-bit key (vs lucifer 128-bit)

And because design criteria were classified

Subsequent events and public analysis show in fact design

was appropriate

Use of DES has flourished

Especially in financial applications

Still standardised for legacy application use

7/29/2019 11002_Lec 05-08

26/73


DES : Basic Principles

DES is a Block Cipher.

It Encrypts data in blocks of size 64 bits each

64 bits of plain text goes as the input to DES, which

produces 64 bits of Cipher Text.

The key length is 56 Bits.

7/29/2019 11002_Lec 05-08

27/73


How Does DES Works ???

7/29/2019 11002_Lec 05-08

28/73

7/29/2019 11002_Lec 05-08

29/73


DES Encryption Overview

7/29/2019 11002_Lec 05-08

30/73


Level of steps in DES

1. The 64 bit plain text block is handed over to an Initial

Permutation (IP) function

2. The IP is performed on plain text

3. The IP produces two halves of the permuted block:

LPT (Left Plain Text)

RPT (Right Plain Text)

7/29/2019 11002_Lec 05-08

31/73

7/29/2019 11002_Lec 05-08

32/73


7/29/2019 11002_Lec 05-08

33/73


Triple-DES with Two-Keys 3DES was first standardized for use in financial

application. 3DES uses three keys and three execution of the

DES algorithm.

7/29/2019 11002_Lec 05-08

34/73


Triple-DES with Two-Keys

7/29/2019 11002_Lec 05-08

35/73


Triple-DES with Two-Keys The function follows an encrypt-decrypt- encrypt

sequence: Encryption operation

C = E(K3,D(K

2,E(K

1,P)))

Where

C = ciphertext

P = plaintext

7/29/2019 11002_Lec 05-08

36/73


Triple-DES with Two-Keys

7/29/2019 11002_Lec 05-08

37/73

T i l DES ith T K

7/29/2019 11002_Lec 05-08

38/73


Triple-DES with Two-Keys Strengths:

With 3 distinct keys, 3DES has an effective keylength of 168 bits.

It overcomes the vulnerability to brute force

attack.

R d N b

7/29/2019 11002_Lec 05-08

39/73


Random NumbersA number of network security algorithms based on

cryptography make use of random numbers e.g.Generation of keys for the RSA public key encryption

algorithm and other public key algorithms.

Generation of a stream key for symmetric stream cipher.

Generation of symmetric key for use of a temporary sessionkey.

In a number of key distribution scenarios such as Kerberos.

7/29/2019 11002_Lec 05-08

40/73


Random Number Generators

Pseudorandom numbers:

Cryptographic applications typically make use of

algorithmic techniques for random number

generation. These algorithms are deterministic and

therefore produce sequence of numbers that are

not statistically random. However if the algorithm

is good, the resulting sequence will pass many

reasonable tests of randomness, such numbers arereferred to as pseudorandom numbers.

7/29/2019 11002_Lec 05-08

41/73

7/29/2019 11002_Lec 05-08

42/73


Purpose-PRNG:

Symmetric Block CipherAsymmetric Cipher

Hash functions and Message

Stream Cipher

7/29/2019 11002_Lec 05-08

43/73


Stream Cipher

Block vs Stream Cipher

A stream cipher processes the input elements

continuously, producing output one element at

a time as it goes along.

Block Ciphers process plain text in large blocks

Stream ciphers process plain text in small

blocks, even bits.

Pure Block ciphers are memory less

Stream cipher encryption depends not only on

the plain text, , key but also on current state.

Stream Cipher

7/29/2019 11002_Lec 05-08

44/73


Stream Cipher

Stream Cipher Structure

A typical stream cipher encrypts plain text onebit or byte or some times more at a time

Stream Cipher

7/29/2019 11002_Lec 05-08

45/73


Stream Cipher


A key is input to a pseudorandom bit generatorthat produces a stream of 8 bit numbers that

are apparently random.

A pseudorandom stream is one that isunpredictable without the knowledge of input

key.


7/29/2019 11002_Lec 05-08

46/73



Stream Cipher Properties

7/29/2019 11002_Lec 05-08

47/73


Stream Cipher Propertiessome design considerations are:

1. The encryption sequence should have long periodwith no repetitions the longer the period of repeat,

the more difficult it will be to do cryptanalysis.

2. Keystream should be truly random random

3. depends on large enough key

4. large linear complexity

RC4

7/29/2019 11002_Lec 05-08

48/73


RC4RC4 is a stream cipher designed in 1987 by

Ron Rivest for RSA Security.It is a variable key-size stream cipher with

byte-oriented operations. The algorithm is

based on the use of a random permutation.

RC4

7/29/2019 11002_Lec 05-08

49/73


RC4Analysis shows that the period of the cipher is

overwhelmingly likely to be greater than 10100

[ROBS95a]. Eight to sixteen machine

operations are required per output byte, and

the cipher can be expected to run very quickly

in software.

RC4 is used in the SSL/TLS (Secure Sockets

Layer/Transport Layer Security) standards that

have been defined for communication

between Web browsers and servers.

RC4

7/29/2019 11002_Lec 05-08

50/73


RC4It is also used in the WEP (Wired Equivalent

Privacy) protocol and the newer WiFiProtected Access (WPA) protocol that are part

of the IEEE 802.11 wireless LAN standard.

RC4 was kept as a trade secret by RSASecurity. In September 1994, the RC4

algorithm was anonymously posted on the

Internet on the Cypherpunks anonymous

remailers list.

RC4

7/29/2019 11002_Lec 05-08

51/73


RC4The RC4 algorithm is remarkably simply and

quite easy to explain. A variable-length key offrom 1 to 256 bytes (8 to 2048 bits) is used to

initialize a 256-byte state vector S, with

elements S[0], S[1],..., S[255].

RC4

7/29/2019 11002_Lec 05-08

52/73


RC4For encryption and decryption, a byte k (see

Figure) is generated from S by selecting one ofthe 255 entries in a systematic fashion. As

each value of k is generated, the entries in S

are once again permuted.

Modes of Operation

7/29/2019 11002_Lec 05-08

53/73


Modes of OperationA block cipher algorithm is a basic building block

for providing data security. To apply a blockcipher in a variety of applications, four "modes of

operation" have been defined by NIST (FIPS 81).

The four modes are intended to cover virtually all

the possible applications of encryption for which

a block cipher could be used.

Modes of Operation

7/29/2019 11002_Lec 05-08

54/73


Modes of Operation1. Electronic Codebook (ECB)

2. Cipher Block Chaining (CBC)3. Cipher Feedback (CFB) /Output Feedback (OFB)

4. Counter (CTR)

Electronic Codebook Book (ECB)

7/29/2019 11002_Lec 05-08

55/73



In ECB plaintext is handled one block at a time and each

block of plaintext is encrypted using the same key.


7/29/2019 11002_Lec 05-08

56/73



The term codebook is used because, for a given key,

there is a unique ciphertext for every b-bit block ofplaintext.

7/29/2019 11002_Lec 05-08

57/73


Advantages and Limitations of ECB

The ECB method is ideal for a short amount of

data, such as an encryption key. Thus, if youwant to transmit a DES key securely, ECB is the

appropriate mode to use.

The most significant characteristic of ECB is thatthe same b-bit block of plaintext, if it appears

more than once in the message, always

produces the same ciphertext.

7/29/2019 11002_Lec 05-08

58/73


Advantages and Limitations of ECB

For lengthy messages, the ECB mode may not be

secure. If the message is highly structured, itmay be possible for a cryptanalyst to exploit

these regularities.

e.g., if it is known that the message always starts outwith certain predefined fields, then the cryptanalyst

may have a number of known plaintext-ciphertext pairs

to work with. If the message has repetitive elements,

with a period of repetition a multiple of b bits, thenthese elements can be identified by the analyst. This

may help in the analysis or may provide an opportunity

for substituting or rearranging blocks.

Cipher Block Chaining (CBC)

7/29/2019 11002_Lec 05-08

59/73


Cipher Block Chaining (CBC)In this scheme, the input to the encryption

algorithm is the XOR of the current plaintextblock and the preceding ciphertext block; the

same key is used for each block.


7/29/2019 11002_Lec 05-08

60/73


Cipher Block Chaining (CBC)In effect, we have chained together the

processing of the sequence of plaintext blocks.The input to the encryption function for each

plaintext block bears no fixed relationship to the

plaintext block. Therefore, repeating patterns of

b bits are not exposed.


7/29/2019 11002_Lec 05-08

61/73


Cipher Block Chaining (CBC)In conclusion, because of the chaining

mechanism of CBC, it is an appropriate mode forencrypting messages of length greater than b

bits.

In addition to its use to achieve confidentiality,

the CBC mode can be used for authentication

7/29/2019 11002_Lec 05-08

62/73


Cipher Block Chaining

(CBC)

Cipher FeedBack (CFB)

7/29/2019 11002_Lec 05-08

63/73


Cipher FeedBack (CFB) The DES scheme is essentially a block cipher

technique that uses b-bit blocks. However, it ispossible to convert DES into a stream cipher, using

either the cipher feedback (CFB) or the output

feedback mode.

A stream cipher eliminates the need to pad a

message to be an integral number of blocks. It also

can operate in real time.

Cipher FeedBack (CFB)

7/29/2019 11002_Lec 05-08

64/73


Cipher FeedBack (CFB)One desirable property of a stream cipher is that the

ciphertext be of the same length as the plaintext.Thus, if 8-bit characters are being transmitted, each

character should be encrypted to produce a cipher

text output of 8 bits. If more than 8 bits are

produced, transmission capacity is wasted.

Let the unit of transmission is s bits; a common value is s = 8.

As with CBC, the units of plaintext are chained together, so

that the ciphertext of any plaintext unit is a function of all the

preceding plaintext. In this case, rather than units of b bits,

the plaintext is divided into segments of s bits.

s-bit Cipher FeedBack (CFB-s)

7/29/2019 11002_Lec 05-08

65/73


s bit Cipher FeedBack (CFB s)

7/29/2019 11002_Lec 05-08

66/73


Advantages and

Limitations of CFBappropriate when data arrives in bits/bytes

most common stream mode

limitation is need to stall while do blockencryption after every n-bits

note that the block cipher is used in

encryption mode at both endserrors propogate for several blocks after the

error

Counter (CTR)

7/29/2019 11002_Lec 05-08

67/73


Counter (CTR)Although interest in the counter mode (CTR) has

increased recently, with applications to ATM(asynchronous transfer mode) network security

and IPSec (IP security), this mode was proposed

early on .

Counter (CTR)

7/29/2019 11002_Lec 05-08

68/73


Counter (CTR)In CTR mode, A counter, equal to the plaintext

block size is used. The only requirement is thatthe counter value must be different for each

plaintext block that is encrypted.

Typically, the counter is initialized to some valueand then incremented by 1 for each subsequent

block (modulo 2b where b is the block size).

Counter (CTR)

7/29/2019 11002_Lec 05-08

69/73


Counter (CTR)For encryption, the counter is encrypted and then

XORed with the plaintext block to produce theciphertext block; there is no chaining.

For decryption, the same sequence of counter

values is used, with each encrypted counterXORed with a ciphertext block to recover the

corresponding plaintext block.

Counter (CTR)

7/29/2019 11002_Lec 05-08

70/73


Counter (CTR)

7/29/2019 11002_Lec 05-08

71/73


Advantages and

Limitations of CTRefficiency can do parallel encryptions in h/w or s/w

can preprocess in advance of need good for bursty high speed links

random access to encrypted data blocks

provable security (good as other modes)but must ensure never reuse key/counter

values, otherwise could break (cf OFB)

Questions

7/29/2019 11002_Lec 05-08

72/73


Questions1. What are the essential ingredients of a symmetric cipher?

2. What are the two basic functions used in encryption algorithms?

3. What is the difference between a block cipher and a stream

cipher?

4. How many keys are required for two people to communicate via a

symmetric cipher?

5. What are the two approaches to attacking a cipher?

6. Why do some block cipher modes of operation only use

encryption while others uses both encryption and decription?

7. What is triple Encryption?

8. Define Brute force and cryptanalytic attack?

9. How do we classify encryption techniques ----2

Questions

7/29/2019 11002_Lec 05-08

73/73

Q10. Write steps for Feistel Cipher Encryption techniques.

11. What are the parameters that are considered for designing a

symmetric block cipher?12. Explain cipher block modes of operation?

13. What are advantages and disadvantages of cipher block modes of

operation?

Documents

11002_Lec 05-08