Download pptx - Slidecast - Workshop

Transcript
Page 1: Slidecast - Workshop

Network & Application Security (NAS)

A U T H E N T I C AT E D E N CRY P T I O N

S A M A N T K H A J U R I A A S S I S TA N T P R O F E S S O R , C M I

S K H @ C M I . A A U . D K

Page 2: Slidecast - Workshop

Computer security objectives • C o n fi d e n ti a l i t y

• D a t a C o n fi d e nti a l i t y : A s s u r e s t h a t p r i vat e o r c o n fi d e n ti a l i n fo r m ati o n i s n o t m a d e ava i l a b l e o r d i s c l o s e d t o u n a u t h o r i ze d u s e rs .

• P r i v a c y : A s s u r e s t h a t i n d i v i d u a l s c o n t ro l o r i n fl u e n c e w h a t i n fo r m a ti o n r e l a t e d t o t h e m m ay b e c o l l e c te d a n d s to r e d a n d b y w h o m a n d t o w h o m t h at i n fo r m a ti o n m ay b e d i s c l o s e d .

• I n t e g r i t y • D a t a i nt e g r i t y : A s s u r e s t h at i n fo r m ati o n a n d p ro g ra m s a r e c h a n ge d o n l y i n a s p e c i fi e d a n d

a u t h o r i ze d m a n n e r • S y ste m i n te g r i t y : A s s u r e s t h a t a sy s t e m p e r fo r m s i t s i n t e n d e d f u n c ti o n i n a n u n i m p a i r e d

m a n n e r, f r e e f ro m d e l i b e ra te o r i n a d v e r t e n t u n a u t h o r i ze d m a n i p u l ati o n o f t h e sy s t e m

• A v a i l a b i l i t y • A s s u r e s t h at t h e sy s te m w o r k p ro m p t l y a n d s e r v i c e i s n o t d e n i e d t o a u t h o r i ze d u s e rs

Page 3: Slidecast - Workshop

Additional Concepts / Objectives • A u t h e n ti c i t y

• P rope r t y o f be i ng gen u i ne ; ab l e to be ve r i fi e d and t r usted • Co nfi d enc e i n t he va l id i ty o f a m es s age or m e s s age or i g in ato r • M ean in g – Ve r i f y i ng t h at t he us e rs a re w ho t h ey s ay t hey are and e ach t rans m is s i on

ar r i v i ng at t he syste m cam e f rom a t r u ste d par t y.

• A c c o u n t a b i l i t y

• T he s e cur i t y goa l th at gen erate s t he re qu i re m e nt s for acti o ns of an e nti t y to be t rac ed u n i que ly to t hat enti t y

• S u ppo r t s – no nrepu d i ati on , fau l t i s o l ati on , i nt r us io n detec ti on and preve nti o n, and after acti on re cover y and l ega l acti on

Page 4: Slidecast - Workshop

Symmetric Encryption • Also referred to as conventional encryption, secret-key, or single-key

encryption.• Only type of encryption in use prior to the development of public-key

encryption in the late 1970’s. • Symmetric encryption remains by far the most widely used of the two

types of encryption. • All classical encryption algorithms are private-key • Common key is used by sender and recipient

Page 5: Slidecast - Workshop

Simplified Model of Symmetric Encryption

Page 6: Slidecast - Workshop

Requirements • Two requirements for secure use of algorithm

• A STRONG Encryption algorithm • Both the parties i.e., Sender and the receiver have obtained the copy of the secret key in a secure

fashion and must keep the key secure

• IMPORTANT !!! The security of symmetric encryption depends on the secrecy of the key, not the secrecy of the algorithm

• Practical reasons – makes it feasible for widespread use. • Manufacturers can and have developed low-cost chip implementations of data encryption

algorithms.• These chips are widely available and incorporated into a number of products.

Page 7: Slidecast - Workshop

Cryptography • Cryptographic systems are generically classified along three independent dimensions:

• The type of operations used for transforming plaintext to ciphertext• Substitution - Each element in the plaintext is mapped into another element• Transposition - Elements in the plaintext are rearranged ; Fundamental requirement is that no information be lost• Product systems - Involve multiple stages of substitutions and transpositions

• The number of keys used• Referred to as symmetric, single-key, secret-key, or conventional encryption if both sender and receiver use the same key• Referred to as asymmetric, two-key, or public-key encryption if the sender and receiver each use a different key

• The way in which the plaintext is processed• Block cipher processes the input one block of elements at a time, producing an output block for each input block• Stream cipher processes the input elements continuously, producing output one element at a time, as it goes along

Page 8: Slidecast - Workshop

Advanced Encryption Standard (AES)

Page 9: Slidecast - Workshop

AES • Symmetric, block cipher• Key size: 128, 192, or 256 bits• Block size: 128

• Processed as 4 groups of 4 bytes (state)• Operates on the entire block in every round

• Number of rounds depending on key size:• Key=128 -> 9 rounds• Key=192 -> 11 rounds• Key=256 -> 13 rounds

Page 10: Slidecast - Workshop
Page 11: Slidecast - Workshop

Cipher Block Modes of Operation

Page 12: Slidecast - Workshop

Cipher block Modes of Operation• A symmetric block cipher processes one block of data at a time

• In the case of DES and 3DES, the block length is b=64 bits• For AES, the block length is b=128• For longer amounts of plaintext, it is necessary to break the plaintext into b-

bit blocks, padding the last block if necessary

• Five modes of operation have been defined by NIST• Intended to cover virtually all of the possible applications of encryption for

which a block cipher could be used• Intended for use with any symmetric block cipher, including triple DES and

AES

Page 13: Slidecast - Workshop

Cipher Feedback (CFB) Block Cipher Block Cipher Block Cipher

Plaintext 1 Plaintext 2 Plaintext n

Ciphertext 1 Ciphertext 2 Ciphertext n

Initialization Vector (IV)

Block Cipher Block Cipher Block Cipher

Plaintext 1

Ciphertext 2Ciphertext 1

Plaintext 2 Plaintext n

Initialization Vector (IV)

Ciphertext n

DECRYPTENCRYPT

Page 14: Slidecast - Workshop

ASC-1 : An Authenticated Encryption Stream Cipher

Page 15: Slidecast - Workshop

Algorithm Analysis & Development• Authenticated Encryption

• Generic Composition• Two Pass Combined mode • One pass Combined mode

• Cryptographic schemes that provide both confidentiality and authenticity are called authenticated encryption schemes.

• AE consists of a key generation, an encryption and a decryption algorithm.

Page 16: Slidecast - Workshop

Generic Composition• Traditional approach to solve both privacy and authenticity problems has been to combine them

in a straightforward manner. • Results – Not very efficient, twice as slow as either encryption or authentication. • Pitfalls –

• Use of non-cryptographic non-keyed hash function and good encryption scheme• Use of same key for encryption scheme and the MAC scheme .

• To analyze the security of the Authenticated Encryption Scheme three “Generic Composition” methods are considered.

• Black Box use of a given symmetric encryption scheme and a given MAC• Each case uses two different keys i.e., K1 and K2

Page 17: Slidecast - Workshop

ASC-1 : An Authenticated Encryption Stream Cipher • To achieve faster encryption and message authentication by performing both

in a single pass as opposed to the traditional encrypt-then-mac approach

• Similar to LEX (Leak EXtraction) stream cipher selected to phase 3 of the eSTREAM competition, ASC-1 uses leak extraction

• Bits are extracted from intermediate rounds to generate the key that is XOR-ed with the message to compute the ciphertext.

• Operates in a Cipher Feedback (CFB) fashion

Page 18: Slidecast - Workshop

Leak Positions in ASC-1• Crucial part – location of the four bytes of the internal state

• Frequency of outputs (every round, every second round etc.)

b0,0 b0,1 b0,2 b0,3

b1,0 b1,1 b1,2 b1,3

b2,0 b2,1 b2,2 b2,3

b3,0 b3,1 b3,2 b3,3

b0,0 b0,1 b0,2 b0,3

b1,0 b1,1 b1,2 b1,3

b2,0 b2,1 b2,2 b2,3

b3,0 b3,1 b3,2 b3,3

b0,0 b0,1 b0,2 b0,3

b1,0 b1,1 b1,2 b1,3

b2,0 b2,1 b2,2 b2,3

b3,0 b3,1 b3,2 b3,3

Odd Rounds Even Rounds

Page 19: Slidecast - Workshop

ASC-1 Specification (2/4)

ASC-1 DecryptionASC-1 Encryption

),100(

),010(

),000(

700,2

700,1

700

CntrEK

CntrEK

CntrEX

K

K

K

)110))(( 60,3 CntrMlEK K

Page 20: Slidecast - Workshop

ASC-

1 Sp

ecifi

catio

n(4/

4)