Click here to load reader

View

59Download

0

Embed Size (px)

PowerPoint Presentation

Network & Application Security (NAS)

Authenticated Encryption

Samant Khajuria assistant Professor, [email protected]

1

Computer security objectives Confidentiality Data Confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized users. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Integrity Data integrity: Assures that information and programs are changed only in a specified and authorized manner System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

Availability Assures that the system work promptly and service is not denied to authorized users

Additional Concepts / Objectives Authenticity

Property of being genuine ; able to be verified and trusted Confidence in the validity of a message or message originator Meaning Verifying that the users are who they say they are and each transmission arriving at the system came from a trusted party.

Accountability

The security goal that generates the requirements for actions of an entity to be traced uniquely to that entity Supports nonrepudiation, fault isolation, intrusion detection and prevention, and after action recovery and legal action

Symmetric Encryption Also referred to as conventional encryption, secret-key, or single-key encryption.Only type of encryption in use prior to the development of public-key encryption in the late 1970s. Symmetric encryption remains by far the most widely used of the two types of encryption. All classical encryption algorithms are private-key Common key is used by sender and recipient

Simplified Model of Symmetric Encryption

Requirements Two requirements for secure use of algorithmA STRONG Encryption algorithm Both the parties i.e., Sender and the receiver have obtained the copy of the secret key in a secure fashion and must keep the key secure

IMPORTANT !!! The security of symmetric encryption depends on the secrecy of the key, not the secrecy of the algorithm Practical reasons makes it feasible for widespread use. Manufacturers can and have developed low-cost chip implementations of data encryption algorithms.These chips are widely available and incorporated into a number of products.

6

Cryptography Cryptographic systems are generically classified along three independent dimensions:

The type of operations used for transforming plaintext to ciphertextSubstitution - Each element in the plaintext is mapped into another elementTransposition - Elements in the plaintext are rearranged ; Fundamental requirement is that no information be lostProduct systems - Involve multiple stages of substitutions and transpositionsThe number of keys usedReferred to as symmetric, single-key, secret-key, or conventional encryption if both sender and receiver use the same keyReferred to as asymmetric, two-key, or public-key encryption if the sender and receiver each use a different keyThe way in which the plaintext is processedBlock cipher processes the input one block of elements at a time, producing an output block for each input blockStream cipher processes the input elements continuously, producing output one element at a time, as it goes along

7

Advanced Encryption Standard (AES)

AES Symmetric, block cipherKey size: 128, 192, or 256 bits Block size: 128 Processed as 4 groups of 4 bytes (state)Operates on the entire block in every roundNumber of rounds depending on key size:Key=128 -> 9 roundsKey=192 -> 11 roundsKey=256 -> 13 rounds

Cipher Block Modes of Operation

Cipher block Modes of OperationA symmetric block cipher processes one block of data at a timeIn the case of DES and 3DES, the block length is b=64 bitsFor AES, the block length is b=128For longer amounts of plaintext, it is necessary to break the plaintext into b-bit blocks, padding the last block if necessaryFive modes of operation have been defined by NISTIntended to cover virtually all of the possible applications of encryption for which a block cipher could be usedIntended for use with any symmetric block cipher, including triple DES and AES

12

Cipher Feedback (CFB)

13

ASC-1 : An Authenticated Encryption Stream Cipher

Algorithm Analysis & DevelopmentAuthenticated EncryptionGeneric CompositionTwo Pass Combined mode One pass Combined mode

Cryptographic schemes that provide both confidentiality and authenticity are called authenticated encryption schemes.

AE consists of a key generation, an encryption and a decryption algorithm.

15

Generic CompositionTraditional approach to solve both privacy and authenticity problems has been to combine them in a straightforward manner. Results Not very efficient, twice as slow as either encryption or authentication. Pitfalls Use of non-cryptographic non-keyed hash function and good encryption schemeUse of same key for encryption scheme and the MAC scheme .

To analyze the security of the Authenticated Encryption Scheme three Generic Composition methods are considered. Black Box use of a given symmetric encryption scheme and a given MACEach case uses two different keys i.e., K1 and K2

16

ASC-1 : An Authenticated Encryption Stream Cipher To achieve faster encryption and message authentication by performing both in a single pass as opposed to the traditional encrypt-then-mac approach

Similar to LEX (Leak EXtraction) stream cipher selected to phase 3 of the eSTREAM competition, ASC-1 uses leak extraction

Bits are extracted from intermediate rounds to generate the key that is XOR-ed with the message to compute the ciphertext.

Operates in a Cipher Feedback (CFB) fashion

17

Leak Positions in ASC-1Crucial part location of the four bytes of the internal stateFrequency of outputs (every round, every second round etc.)

18

ASC-1 Specification (2/4)

ASC-1 DecryptionASC-1 Encryption

19

ASC-1 Specification(4/4)

20

Ciphertext n

Block Cipher

Block Cipher

Block Cipher

DECRYPT

ENCRYPT

Plaintext 1

Ciphertext 2

Ciphertext 1

Plaintext 2

Block Cipher

Block Cipher

Block Cipher

Plaintext 1

Plaintext 2

Plaintext n

Ciphertext 1

Ciphertext 2

Ciphertext n

Initialization Vector (IV)

Plaintext n

Initialization Vector (IV)

b0,0

b0,1

b0,2

b0,3

b1,0

b1,1

b1,2

b1,3

b2,0

b2,1

b2,2

b2,3

b3,0

b3,1

b3,2

b3,3

b0,0

b0,1

b0,2

b0,3

b1,0

b1,1

b1,2

b1,3

b2,0

b2,1

b2,2

b2,3

b3,0

b3,1

b3,2

b3,3

b0,0

b0,1

b0,2

b0,3

b1,0

b1,1

b1,2

b1,3

b2,0

b2,1

b2,2

b2,3

b3,0

b3,1

b3,2

b3,3

Odd Rounds

Even Rounds