IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September 4, 2002
1 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Encryption Question Context: You are a consultant working for a larger private-sector client. Your team is responsible for managing a network that supports a CRM (Customer Relationship Management) application, which often contains highly sensitive, often encrypted, financial information. A Hacker figures out the algorithm your client is using to encrypt outgoing s and internal, sensitive information, and posts the algorithm on the Internet. Questions: Should this situation be of serious concern? Why or why not? What are some of the next steps your team should take?
2 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 2: Terminology and Background Encryption Algorithms Model of Conventional Encryption Process Cryptography Defined Dimensions of Cryptography Unconditional and Computational Security Example 1: Caesar Cipher Example 2: Columnar Transposition Characteristics of ‘Good’ Ciphers Chapter 2 Outline
3 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Terminology and Background Context: Suppose S (Sender) wants to send a message to R (Receiver). S entrusts the message to T (Transmission Medium) who will deliver it to R. An outsider O might try to access the message by Blocking, Intercepting, Modifying, or Fabricating it. [1]. Terminology: Encryption: Process of encoding a message so that its meaning is not obvious. [1] Decryption: The reverse process of Encryption – transforming an encrypted message into its normal, plaintext form. [1] Cryptosystem: A system for Encryption and Decryption. [1]
4 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Encryption Algorithms Encryption Algorithms: Some algorithms use a key K, so that the ciphertext message depends on both the original plaintext message and the key value, denoted C = E(K,P) [1]. - Symmetric: Encryption and Decryption keys are mirror processes. - Asymmetric: Decryption key inverts the Encryption process, such that converting ciphertext back to plaintext is not simply the reversing of the encryption steps. Key Secrecy: Security depends on the secrecy of the key, and not the secrecy of the algorithm. Key SizeNo of Alt KeysTime 10 6 Decryption/µs = 4.3 x milliseconds = 7.2 x hours = 3.4 x x years = 3.7 x x years
5 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Model of Conventional Encryption Process An encryption scheme has 5 major components: (1) Plaintext Input (2) Encryption Algorithm (3) Secret Key (4) Transmitted Ciphertext (5) Decryption Algorithm
6 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Cryptography Defined Cryptography Defined: Cryptanalysis: The process of attempting to discover X and/or Y, with the Ciphertext message X and the Encryption Key K. [2] Cryptanalyst studies encryption and encrypted messages, with the objective of revealing the hidden messages of the messages [1].
7 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Cryptographic Systems generally fall along three independent dimensions: The type of operations used for transforming plaintext to ciphertext. The number of keys used. - If both sender and receiver use the same key, the key is referred to as symmetric, single key, secret key, or conventional encryption. - If the sender and receiver each uses a different key, the system is referred to asymmetric, two key, or public-key encryption. The way in which the plaintext is processed. Dimensions of Cryptography
8 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Unconditional and Computational Security Unconditionally Secure: An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext. Computationally Secure: An encryption is said to be computationally secure if: - The cost of breaking the cipher exceeds the value of the encrypted information. - The time required to break the cipher exceeds the useful lifetime of the information.
9 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Classical Encryption Techniques Classical Techniques are based on two building blocks : Substitution: The letters of plaintext are replaced by other letters or by numbers or symbols. Of the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns [2]. Transposition: Some sort of permutation is performed on the letters of plaintext [2].
10 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Example 1: Caesar Cipher Caesar Cipher: Methodology: Each plaintext letter is substituted for a letter a fixed number of positions after it in the alphabet. [1] Example: Ci = E(Pi) = Pi + 3 Advantages and Disadvantages: - Simplicity in encrypting plain text - Simplicity in decoding ciphertext
11 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Example 2: Columnar Transposition Columnar Transposition: Methodology: The goal of a substitution is confusion. Transposition is an encryption method in which the letters of the message are rearranged. The goal in this case is diffusion [1]. Example: c1c2c3c4 c5c6cc7c8 c9c10c11c12
12 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Characteristics of ‘Good’ Ciphers Claude Shannon’s Characteristics of ‘Good’ Ciphers [1]: Principle 1: The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption. Principle 2: The set of keys and the enciphering algorithm should be free from complexity. Principle 3: The implementation of the process should be as simple as possible. Principle 4: Errors in ciphering should not propagate and cause corruption of further information in the message. Principle 5: The size of the enciphered text should be no larger than the text of the original message.
13 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 3: Background Stream and Block Ciphers Defined Feistel Cipher Structure Feistel Algorithm DES Structure DES Algorithm DES Round Details DES Weaknesses Time To Break A Code Block Cipher Modes of Operations Chapter 3 Outline
14 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Background Context: Chapter 2 introduced the basic concepts of encryption and cryptanalysis. These approaches are suitable for short, simple messages, but are inappropriate for situations requiring more complex security requirements.
15 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Stream and Block Ciphers Defined Stream and Block Ciphers: Stream Cipher: Encrypts a digital data stream one byte at a time [2]. Block Cipher: Encrypts blocks of plaintext, treated as a whole and used to produce a ciphertext block of equal length [2].
16 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Feistel Cipher Structure Stream and Block Ciphers: Virtually all symmetric block encryption algorithms in current use, including DES, are based on the Feistel block cipher [2]. Realization of the Feistel Network depends on the choice of the following design factors: -Block size: larger block sizes mean greater security - Key Size: larger key size means greater security - Number of rounds: multiple rounds offer increasing security - Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis. - Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern
17 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Feistel Algorithm Feistel Algorithm: (1) Plaintext Input is divided into 2 halves. Halves of data are passed through n rounds of processing to produce ciphertext. (2) Substitution is produced on the Left side of data. (3) This is achieved by applying a round function to the Right half of data, and taking the Exclusive Or of the output with the Left. (4) Finally, a permutation is performed that consists of the interchange of the two halves of data.
18 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only DES Structure Data Encryption Standard (DES): The most widely used encryption scheme DES is a block cipher The plaintext is processed in 64-bit blocks The key is 56-bits in length Achieves its strength from repeated rounds of substitution and permutation
19 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only DES Algorithm DES Algorithm: (1) Input feeds are parsed into 64-bit blocks. 64-bit data blocks are permuted by an Initial Permutation stage. (2) Blocks are transformed using a 64-bit key. In reality, only 56-bits of this key are used (8 parity bits are dropped (it is assumed that these parity bits contain no information about the key)). (3) Data blocks are split. Each half is scrambled independently. The key is applied to one half, and the two are swapped. The process is repeated 16 times.
20 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only DES Round Details DES Algorithm [1]: (1) Blocks are transformed using a 64-bit key. (2) Blocks are broken into 32-bit halves: Left and Right. The key is shifted by a number of bits and permuted. (3) 32-Bit Right half is expanded to 48 bits, and combined with the Key. The result is condensed and combined with Left.
21 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only DES Weaknesses Data Encryption Standard (DES): Complements Weak/Semi-Weak Keys Key Clustering
22 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Time to Break a Code
23 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Block Cipher Modes of Operations Block Cipher Modes of Operations: DES is a basic building block of security. Four ‘modes’ have been design to cover a wide range of possible DES applications. MODEDESC Electronic Cookbook (ECB)Each block of 64 plaintext is encoded independently using the same key. Cipher Block Chaining (CBC)Input to the algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of plaintext. Cipher Feedback (CFB)Input is processed J bits at a time. Preceding ciphertext is used as input to the algorithm to produce pseudorandom output, which is XORed with Plaintext to produce the next unit of ciphertext. Output Feedback (OFB)Similar to CFB, except that the input to the algorithm is the preceding DES output.
24 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only [1] Pfleeger, Charles. Security In Computing, Prentice Hall, Chapter 2-3. [2] Stallings, William. Cryptography and Network Security, Prentice Hall, Chapter 2-3 Resources