Stream Ciphers Making the one-time pad practical.

Slides:

Advertisements

Similar presentations

Computer Security Set of slides 4 Dr Alexei Vernitski.

Advertisements

Block Cipher Modes of Operation and Stream Ciphers

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

Encryption/Decyprtion using RC4 Vivek Ramachandran.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.

Announcements: Matlab: tutorial available at Matlab: tutorial available at

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

HSC: Building Stream Cipher from Secure Hash Functions Juncao Li Nov. 29 th 2007 Department of Computer Science Portland State University.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.

Cryptography and Network Security Chapter 6

Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

Lecture 23 Symmetric Encryption

ORYX 1 ORYX ORYX 2 ORYX  ORYX not an acronym, but upper case  Designed for use with cell phones o To protect confidentiality of voice/data o For “data.

Chapter 2 (D) – Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph.

Computer Security CS 426 Lecture 3

Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

CS526Topic 3: One-time Pad and Perfect Secrecy 1 Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream.

Dr. Khalid A. Kaabneh Amman Arab University

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings.

Códigos y Criptografía Francisco Rodríguez Henríquez A Short Introduction to Stream Ciphers.

9/01/2010CS 686 Stream Cipher EJ Jung CS 686 Special Topics in CS Privacy and Security.

Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.

Slide 1 Stream Ciphers uBlock ciphers generate ciphertext Ciphertext(Key,Message)=Message  Key Key must be a random bit sequence as long as message uIdea:

One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.

Chapter 20 Symmetric Encryption and Message Confidentiality.

The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Stream Cipher July 2011.

Applied Cryptography Spring 2015 Chaining Modes. What happens when the clear text is longer than the block length k? Most simple solution — encrypt each.

Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.

Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.

Wired Equivalent Privacy (WEP): The first ‘confidentiality’ algorithm for the wireless IEEE standard. PRESENTED BY: Samuel Grush and Barry Preston.

Presented by: Dr. Munam Ali Shah

Lecture 23 Symmetric Encryption

PRNGs Pseudo-random number generation. Randomness and Cryptography Randomness and pseudo-randomness are useful in cryptography: –To generate random and.

Dr. Lo’ai Tawalbeh summer 2007 Chapter 6: Contemporary Symmetric Ciphers Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

University of Malawi, Chancellor College

1 A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher Souradyuti Paul and Bart Preneel K.U. Leuven, ESAT/COSIC.

Slide 1 Vitaly Shmatikov CS 378 Stream Ciphers. slide 2 Stream Ciphers uRemember one-time pad? Ciphertext(Key,Message)=Message  Key Key must be a random.

Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 2 – Stream Ciphers These slides were.

Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.

หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.

Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.

Modes of Operation block ciphers encrypt fixed size blocks – eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts.

Cryptography CS 555 Topic 15: Stream Ciphers.

Cryptography Lecture 16.

STREAM CIPHERS by Jennifer Seberry.

Symmetric-Key Encryption

Chapter -4 STREAM CIPHERS

Information Security CS 526 Topic 3

CH 6. Stream Ciphers Information Security & IoT Lab 김해용

Information and Computer Security CPIS 312 Lab 4 & 5

Cryptography Lecture 15.

Stream Cipher Structure

Presentation transcript:

Stream Ciphers Making the one-time pad practical

Breno de MedeirosFlorida State University Fall 2005 Binary One-Time Pad K[0]K[1]K[2]…K[n-2]K[n-1] M[0]M[1]M[2]…M[n-2]M[n-1] C[0]C[1]C[2]…C[n-2]C[n-1]     K[0]K[1]K[2]…K[n-2]K[n-1]  M[0]M[1]M[2]…M[n-2]M[n-1]

Breno de MedeirosFlorida State University Fall 2005 Idea behind stream ciphers Start with a fixed-length, shared secret. This is generally called the seed s. Use a procedure that, with the seed as input, generates a stream of bits that seems random, but which is in fact deterministically computable (from s). Use this stream (keystream) as the one-time pad: XOR it with the plaintext.

Breno de MedeirosFlorida State University Fall 2005 Types of Stream Ciphers A stream cipher is a finite state machine (finite input, fixed memory size, deterministic). Two main types: –Key-auto-Key (KAK, synchronous) -- state determined by last bits of keystream –Ciphertext-auto-key (CTAK, self- synchronizing) -- state determined by last bits of ciphertext

Breno de MedeirosFlorida State University Fall 2005 Linear Feedback Shift Registers Compute the parity of “tap” entries in a register Shift the register (right shift in the picture) Enter the parity bit in the new space (leftmost in picture)

Breno de MedeirosFlorida State University Fall 2005 Properties of Shift Registers Very efficient generators of pseudo-random sequences. Think of the newly computed bits as the output Generate provably long sequences before cycling Shift registers in crypto often results in weak ciphers, such as A5/x. However, the shrinking generator seems strong.

Breno de MedeirosFlorida State University Fall 2005 Shrinking Generator Two LFSR generate keystreams s k and t k If s k = 1, output t k If s k = 0, output nothing; increase k Buffer output in order to disguise timing delays which reveal information about the state of keystream s.

Breno de MedeirosFlorida State University Fall 2005 RC4 A state array of 256 bytes: S[0, …, 255] A key K, from 2 to 256 bytes: K[0, …, n] Initialize state as S[i] = i –FOR i = 0 … 255 j = j + S[i] + K[ i mod n] mod 256 SWAP(S[i], S[j])

Breno de MedeirosFlorida State University Fall 2005 RC4 Stream Generator i = 0; j= 0; WHILE(TRUE) –i = i + 1 mod 256; –j = j + S[i] mod 256; –SWAP(S[i], S[j]); –OUTPUT(S[ S[i] + S[j] mod 256] );

Breno de MedeirosFlorida State University Fall 2005 RC4 Weaknesses Initialization starts from a known state. –The first bytes of the RC4 key-stream are distinguishable from random output, and reveal information about the key. Recommendations: –Use random IVs, without ever re-using. –Generate strong pseudo-random keys –Drop initial bytes of key-stream practical: drop 768; paranoid: drop 3072

Breno de MedeirosFlorida State University Fall 2005 Is RC4 Insecure? RC4 has been well- studied. –No known methods to break RC4 (except brute- forcing the key) when used according to recommendations. –E.g.: Robust implementation of RC4 within SSL. RC4 was used in a very insecure way in the WEP protocol: –No method to distribute initial keys –Poor handling of IVs –No dropping of the first key-stream bytes x took unnecessary risks.

Breno de MedeirosFlorida State University Fall 2005 Stream Cipher Summary Stream ciphers are efficient –Useful for secure communication with constrained devices (cell phones, smartcards) Good stream ciphers available (?) –Even as theoretical framework still in development Never re-use key-streams: must provide mechanism to change IV EVERYTIME.