CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Computer Security Set of slides 4 Dr Alexei Vernitski.
Cryptography, Attacks and Countermeasures Lecture 3 - Stream Ciphers
“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
8.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.
Block Ciphers and the Data Encryption Standard
Cryptography and Network Security
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Announcements: Matlab: tutorial available at Matlab: tutorial available at
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #10-1 Chapter 10: Cipher Techniques Some Problems Types of Ciphers Networks Examples.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.
Network Security Chapter
Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
EE5552 Network Security and Encryption block 4 Dr. T.J. Owens CEng MIET Dr T. Itagaki MIET, MIEEE, MAES.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Códigos y Criptografía Francisco Rodríguez Henríquez A Short Introduction to Stream Ciphers.
Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.
1 Symmetric Cryptography CS461/ECE422 Fall Outline Overview of Cryptosystem design Commercial Symmetric systems –DES –AES Modes of block and stream.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.
Stream Cipher. A stream cipher breaks the message M into successive characters or bits m 1, m 2,..., and enciphers each m i with the ith element k i of.
Stream Ciphers Making the one-time pad practical.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Part 9, Basic Cryptography 1. Introduction A cryptosystem is a tuple: ( M,K,C, E,D) where M is the set of plaintexts K the set of keys C the set of ciphertexts.
Elementary Cryptography  Concepts of encryption  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public key) Encryption (RSA)(RSA)
Slide #10-1 Chapter 10: Cipher Techniques Some Problems Types of Ciphers Networks Examples.
Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
Encryption Types & Modes Chapter 9 Encryption Types –Stream Ciphers –Block Ciphers Encryption Modes –ECB - Electronic Codebook –CBC - Cipher Block Chaining.
Part 9, Basic Cryptography 1. Introduction A cryptosystem is a tuple: ( M,K,C, E,D) where M is the set of plaintexts K the set of keys C the set of ciphertexts.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Classical &ontemporyryptology 1 Block Cipher Today’s most widely used ciphers are in the class of Block Ciphers Today’s most widely used ciphers are in.
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
September 10, 2009Introduction to Computer Security ©2004 Matt Bishop Slide #8-1 Chapter 8: Basic Cryptography Classical Cryptography Public Key Cryptography.
Introduction to Modern Symmetric-key Ciphers
Vigenere Cipher For example, choose a word “GOLD” for a key. And, add “GOLDGOLDGOLD….” to your plaintext Plaintext: t o o m u c h h y p e Key : GOLDGOLDGOLD.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management.
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Message Authentication Codes CSCI 5857: Encoding and Encryption.
Slide 1 Vitaly Shmatikov CS 378 Stream Ciphers. slide 2 Stream Ciphers uRemember one-time pad? Ciphertext(Key,Message)=Message  Key Key must be a random.
Substitution Ciphers Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.
Information and Network Security Lecture 2 Dr. Hadi AL Saadi.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography.
1 Introduction to Cryptography Chapter-4. Definitions  Cryptography = the science (art) of encryption  Cryptanalysis = the science (art) of breaking.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Computer Security Chap.10 Cipher Techniques
Attacks on Public Key Encryption Algorithms
Cryptography: Basics (2)
Presentation transcript:

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set2 Problems Using cipher requires knowledge of environment, and threats in the environment, in which cipher will be used –Is the set of possible messages small? –Do the messages exhibit regularities that remain after encipherment? –Can an active wiretapper rearrange or change parts of the message?

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set3 Attack #1: Precomputation Set of possible messages M small Public key cipher f used Idea: precompute set of possible ciphertexts f(M), build table (m, f(m)) When ciphertext f(m) appears, use table to find m Also called forward searches

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set4 Example Cathy knows Alice will send Bob one of two messages: enciphered BUY, or enciphered SELL Using public key e Bob, Cathy precomputes m 1 = { BUY } e Bob, m 2 = { SELL } e Bob Cathy sees Alice send Bob m 2 Cathy knows Alice sent SELL

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set5 May Not Be Obvious Digitized sound –Seems like far too many possible plaintexts –Initial calculations suggest 2 32 such plaintexts –Analysis of redundancy in human speech reduced this to about 100,000 (≈ 2 17 ) –This is small enough to worry about precomputation attacks

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set6 Misordered Blocks Alice sends Bob message –n Bob = 77, e Bob = 17, d Bob = 53 –Message is LIVE ( ) –Enciphered message is Eve intercepts it, rearranges blocks –Now enciphered message is Bob gets enciphered message, deciphers it –He sees EVIL

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set7 Notes Digitally signing each block won’t stop this attack Two approaches: –Cryptographically hash the entire message and sign it –Place sequence numbers in each block of message, so recipient can tell intended order –Then you sign each block

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set8 Statistical Regularities If plaintext repeats, ciphertext may too Example using DES: –input (in hex): –corresponding output (in hex): ef7c 4bb2 b4ce 6f3b Fix: cascade blocks together (chaining) –More details later

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set9 What These Mean Use of strong cryptosystems, well-chosen (or random) keys not enough to be secure Other factors: –Protocols directing use of cryptosystems –Ancillary information added by protocols –Implementation (not discussed here) –Maintenance and operation (not discussed here)

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set10 Stream, Block Ciphers E encipherment function –E k (b) encipherment of message b with key k –In what follows, m = b 1 b 2 …, each b i of fixed length Block cipher –E k (m) = E k (b 1 )E k (b 2 ) … Stream cipher –k = k 1 k 2 … –E k (m) = E k1 (b 1 )E k2 (b 2 ) … –If k 1 k 2 … repeats itself, cipher is periodic and the length of its period is one cycle of k 1 k 2 …

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set11 Stream Ciphers Often (try to) implement one-time pad by xor’ing each bit of key with one bit of message –Example: m = k = c = But how to generate a good key?

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set12 Synchronous Stream Ciphers n-stage Linear Feedback Shift Register: consists of –n bit register r = r 0 …r n–1 –n bit tap sequence t = t 0 …t n–1 –Use: Use r n–1 as key bit Compute x = r 0 t 0  …  r n–1 t n–1 Shift r one bit to right, dropping r n–1, x becomes r 0

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set13 Operation r0r0 r n–1 … bibi … …  cici r0´r0´ r n–1 ´ … r i ´ = r i–1, 0 < i ≤ n r 0 t 0 + … + r n–1 t n–1

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set14 Example 4-stage LFSR; t = 1001 rk i new bit computationnew r  00  10  01 =  00  00  11 =  00  00  01 =  10  00  01 =  10  10  01 =  10  10  11 =  10  10  11 = Key sequence has period of 15 ( )

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set15 NLFSR n-stage Non-Linear Feedback Shift Register: consists of –n bit register r = r 0 …r n–1 –Use: Use r n–1 as key bit Compute x = f(r 0, …, r n–1 ); f is any function Shift r one bit to right, dropping r n–1, x becomes r 0 Note same operation as LFSR but more general bit replacement function

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set16 Example 4-stage NLFSR; f(r 0, r 1, r 2, r 3 ) = (r 0 & r 2 ) | r 3 rk i new bit computationnew r 11000(1 & 0) | 0 = (0 & 1) | 0 = (0 & 1) | 1 = (1 & 0) | 1 = (1 & 0) | 0 = (0 & 1) | 0 = (0 & 1) | 1 = Key sequence has period of 4 (0011)

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set17 Eliminating Linearity NLFSRs not common –No body of theory about how to design them to have long period Alternate approach: output feedback mode –For E encipherment function, k key, r register: Compute r= E k (r); key bit is rightmost bit of r Set r to r and iterate, repeatedly enciphering register and extracting key bits, until message enciphered –Variant: use a counter that is incremented for each encipherment rather than a register Take rightmost bit of E k (i), where i is number of encipherment

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set18 Self-Synchronous Stream Cipher Take key from message itself (autokey) Example: Vigenère, key drawn from plaintext –keyXTHEBOYHASTHEBA –plaintextTHEBOYHASTHEBAG –ciphertextQALFPNFHSLALFCT Problem: –Statistical regularities in plaintext show in key –Once you get any part of the message, you can decipher more

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set19 Another Example Take key from ciphertext (autokey) Example: Vigenère, key drawn from ciphertext –keyXQXBCQOVVNGNRTT –plaintextTHEBOYHASTHEBAG –ciphertextQXBCQOVVNGNRTTM Problem: –Attacker gets key along with ciphertext, so deciphering is trivial

6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set20 Variant Cipher feedback mode: 1 bit of ciphertext fed into n bit register –Self-healing property: if ciphertext bit received incorrectly, it and next n bits decipher incorrectly; but after that, the ciphertext bits decipher correctly –Need to know k, E to decipher ciphertext k E k (r) r …E …  mimi cici