Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Network Security
Conventional Encryption
Selected slides fromCSC290 Hofstra University andVitaly Shmatikov University of Texas
1
Caesar Cipher
cipher: PHHW PH DIWHU WKH WRJD SDUWBplain: MEET ME AFTER THE TOGA PARTY
plain: abcdefghijklmnopqrstuvwxyz
key: defghijklmnopqrstuvwxyzabc
2
Basic Types of Ciphers
Transposition ciphers – rearrange bits or characters in the dataSubstitution ciphers – replace bits, characters, or blocks of characters with substitutes
3
“Rail-Fence” CipherDISGRUNTLED EMPLOYEE
D R L E O
I G U T E M L Y E
S N D P E
DRLEOIGUTE MLYESNDPE
4
Encryption MethodsThe essential technology underlying virtually all automated network and computer security applications is cryptographyTwo fundamental approaches are in use:
Conventional Encryption, also known as symmetric encryptionPublic-key Encryption, also known as asymmetric encryption
5
Conventional Encryption Model
6
Conventional EncryptionThe only form of encryption prior to late 1970sLong historyMost widely used
7
Conventional EncryptionFive components to the algorithm
Plaintext: The original message or dataEncryption algorithm: Performs various substitutions and transformations on the plaintextSecret key: Input to the encryption algorithm. Substitutions and transformations performed depend on this keyCiphertext: Scrambled message produced as output. depends on the plaintext and the secret keyDecryption algorithm: Encryption algorithm run in reverse. Uses ciphertext and the secret key to produce the original plaintext
8
Conventional EncryptionMore rigorous definitionFive components to the algorithm
A Plaintext message space, MA family of enciphering transformations, EK:M → C, where K∈KA key space, KA ciphertext message space, CA family of deciphering transformations, DK: C → M, where K∈K
9
Conventional EncryptionM EK DK MC
EK defined by an encrypting algorithm EDK defined by an decrypting algorithm D
For given K, DK is the inverse of EK, i.e.,DK(EK(M))=Mfor every plain text message M
10
Requirements & Weaknesses
RequirementsA strong encryption algorithmSecure process for sender & receiver to obtain secret keys
Methods of AttackCryptanalysisBrute force
11
CryptanalysisThe process of attempting to discover the plaintext or key
Alan Turing broke the Enigma Code in WWII
12
Cryptanalysis
Security depends on the key......NOT the secrecy of the algorithmLow cost chips are possiblePrincipal security problem is maintaining the secrecy of the key!
13
Cryptographic SystemsType of Transformation – substitution and/or transposition; no information must be lost, i.e., reversibleNumber of Keys Used – symmetric, single key, conventional; asymmetric, two-key, public-key encryptionPlaintext Processing – block or streamcipher
14
Attacks On Encrypted Msgs
15
Computationally Secure
Cost of breaking cipher exceeds value of encrypted informationTime to break cipher exceeds useful lifetime of the information
16
Exhaustive Key Search
Brute Force with massively parallel processors
17
English Redundancy
Delete vowels and double letters
mst ids cn b xprsd n fwr ltrs, bt th xprnc s mst nplsnt
18
Simple Cryptanalysis
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
CIPHERTEXT:
19
Letter Frequency In the English Language
20
Simple Cryptanalysis
IT WAS DISCLOSED YESTERDAY THAT SEVERALINFORMAL BUT DIRECT CONTACTS HAVE BEEN MADEWITH POLITICAL REPRESENTATIVES OF THE VIET CONG IN MOSCOW
PLAINTEXT:
21
20th Century Encryption
20’s & 30’s bootleggers made heavy use of cryptographyFBI create an office for code-breakingJapanese Purple MachineGerman Enigma MachineNavajo Code Talkers - Windtalkers
22
Hedy Lamarr1941, Lamarr and composer George Antheil received a patent for their invention of a classified communication system that was especially useful for submarinesIt was based on radio frequencies changed at irregular periods that were synchronized between the transmitter and receiverSpread Spectrum – wireless devices
23
Feistel Cipher StructureHorst Feistel of IBM, 1973Input is plaintext block of length 2w bits (usually 64) and a key KBlock is divided into two halves, L0 and R0Each round i has inputs Li-1 and Ri-1, derived from the previous round, along with subkey KiSubstitution is performed on the left half of the dataRound function F applied to right half and then XOR’d with left
24
Feistel Cipher Structure
Things to consider:-Block size (64)-Key Size (128)-# of rounds (16)-SubKey Generation-Round function
25
Data Encryption Standard (DES)
Adopted in 1977, reaffirmed for 5 years in 1994, by NBS(NIST)Plaintext is 64 bits (or blocks of 64 bits), key is 56 bitsPlaintext goes through 16 iterations, each producing an intermediate value that is used in the next iterationDES is now too easy to crack to be a useful encryption method
26
Strength of DES
Concerns about the algorithm itself
Concerns about 56-bit key – this is the biggest worry
27
Strength of DESDES is the most studied encryption algorithm in existenceNo one has succeeded in discovering a fatal weakness1998, DES Cracker from Electronic Frontier Foundation, built for $250,000Solution: Use a bigger key
28
Triple DESC = EK3
[DK2[EK1
[P ]]]
29
Triple DESAlternative to DES, uses multiple encryption with DES and multiple keysWith three distinct keys, 3DES has an effective key length of 168 bits, so it is essentially immune to brute force attacksBackward compatible with DESPrincipal drawback of DES is that the algorithm is relatively sluggish in software
30
Advanced Encryption Standard
NIST call for proposals in 1997Nov, 2001 – Rijndael [rain´ dow]Symmetric block cipher (128 bits) and key lengths 128, 192, 256Two Flemish cryptographers: Joan Daeman and Vincent Rijmen
31
Overview of AES
4Transformations:Substitute BytesShift RowsMix ColumnsAdd Round Key
32
AES URLS
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/ -NIST AES
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ - Rijndael Home Page
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/Rijndael_Anim.zip - Great Animation
33
IDEAInternational Data Encryption Algorithm
1991 by Swiss Federal Institute of TechnologyUses 128-bit keyComplex functions replace S-boxesHighly resistant to cryptanalysisUsed in PGP
34
Blowfish
1993 by Bruce SchneierEasy to implement; high execution speedVariable key length up to 448 bitsUsed in a number of commercial applications
35
RC5
1994 by Ron Rivest, one of the inventors of RSA algorithmDefined in RFC2040Suitable for hardware and softwareSimple, fast, variable length key, low memory requirementsHigh security
36
CAST-128
1997, Entrust TechnologiesRFC 2144Extensively reviewedVariable key length, 40-128 bitsUsed in PGP
37
Conventional Encryption Algorithms
38
Encrypting a Large MessageSo, we’ve got a good block cipher, but our plaintext is larger than 128-bit block sizeElectronic Code Book (ECB) mode
Split plaintext into blocks, encrypt each one separately using the block cipher
Cipher Block Chaining (CBC) modeSplit plaintext into blocks, XOR each block with the result of encrypting previous blocks
Also various counter modes, feedback modes, etc.
ECB Mode
Identical blocks of plaintext produce identical blocks of ciphertextNo integrity checks: can mix and match blocks
plaintext
ciphertext
blockcipher
blockcipher
blockcipher
blockcipher
blockcipher
CBC Mode: Encryption
Identical blocks of plaintext encrypted differentlyLast cipherblock depends on entire plaintext
plaintext
ciphertext
blockcipher
blockcipher
blockcipher
blockcipher
⊕Initializationvector(random) ⊕ ⊕ ⊕
Sent with ciphertext(preferably encrypted)
CBC Mode: Decryptionplaintext
ciphertext
decrypt decrypt decrypt decrypt
⊕Initializationvector ⊕ ⊕ ⊕
Cipher Block Chaining Mode
Input to algorithm is the XOR of current plaintext block and preceding ciphertext blockRepeating patterns are not exposed
43
ECB vs. CBC (due to Bart Preneel)
AES in ECB mode AES in CBC mode
Similar plaintextblocks producesimilar ciphertextblocks (not good!)
Location of Encryption Devices
Link EncryptionEach vulnerable communications link is equipped on both ends with an encryption deviceAll traffic over all communications links is securedVulnerable at each switch
45
Location of Encryption Devices
End-to-end EncryptionThe encryption process is carried out at the two end systemsEncrypted data are transmitted unaltered across the network to the destination, which shares a key with the source to decrypt the dataPacket headers cannot be secured
46
Location of Encryption Devices
47
Key DistributionBoth parties must have the secret keyKey is changed frequentlyRequires either manual delivery of keys, or a third-party encrypted channelMost effective method is a Key Distribution Center (e.g. Kerberos)
48
Key Distribution
49