Lecture 4: Using Block Ciphers

Slides:



Advertisements
Similar presentations
Block Cipher Modes of Operation and Stream Ciphers
Advertisements

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Chapter 4 Modes of Operation Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
1 Lect. 9 : Mode of Operation. 2 Modes of Operation – ECB Mode  Electronic Code Book Mode Break a message into a sequence of plaintext blocks Each plaintext.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 6
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption
CS470, A.SelcukModes of Operation1 Encrypting with Block Ciphers CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
8. Cryptography part 21 Rotor Machines Combine Substitution and Transposition Methods produce ciphers that are very difficult to break Rotor Machines in.
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
symmetric key cryptography
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
Network Security Lecture 4 Modes of Operation Waleed Ejaz
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.
Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
Encryption Types & Modes Chapter 9 Encryption Types –Stream Ciphers –Block Ciphers Encryption Modes –ECB - Electronic Codebook –CBC - Cipher Block Chaining.
More About DES Cryptography and Network Security Reference: Sec 3.1 of Stallings Text.
Data Encryption Standard (DES) © 2000 Gregory Kesden.
Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 5 – More About Block.
BLOCK CIPHER SYSTEMS OPERATION MODES OF DATA ENCRYPTION STANDARD (DES)
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Introduction to Cryptography
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Lecture 23 Symmetric Encryption
Privacy and Integrity: “ Two Essences of Network Security” Presenter Prosanta Gope Advisor Tzonelih Hwang Quantum Information and Network Security Lab,
Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers.
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Message Authentication Codes CSCI 5857: Encoding and Encryption.
@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
Modes of Operation block ciphers encrypt fixed size blocks – eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts.
Block Cipher Encrypting a large message Electronic Code Book (ECB) message m1 m2 m3 m4 m5 m6 c1 c2 c3 c4 c5 c6 E E E Secret.
CS480 Cryptography and Information Security
Computer and Network Security
Block Cipher Modes CS 465 Make a chart for the mode comparisons
Block vs Stream Ciphers
Counter Mode, Output Feedback Mode
Elect. Codebook, Cipher Block Chaining
Secret-Key Encryption
Presentation transcript:

Lecture 4: Using Block Ciphers Outline encrypting large messages checking integrity securing DES

Electronic Code Book (ECB) How to use a block cipher to encrypt a large message? break message into blocks M1 C1 E M2 C2 E M3 C3 E M4 C4 E encrypt each block separately with secret key

Problems with ECB plaintext ECB encrypted ciphertext same plaintext block produces same ciphertext can be analyzed, rearranged plaintext ECB encrypted ciphertext rearranging example (from the book) – copy president’s salary into your own position without decoding

One-Time Pad proven (Shannon): XOR a message with a (truly) random number (never reuse it again) – unbreakable (no information is given away) one-time pad – such usage of random numbers stream cipher – generates one-time pad and XORs it with the stream of plaintext to generate ciphertext

Fixing ECB M1 M2 M3 M4 transmit r1, c1, r2, c2, r3, c3, r4, c4 r1 r2 consider this: generate random numbers and XOR with blocks before encoding M1 M2 M3 M4 transmit r1, c1, r2, c2, r3, c3, r4, c4 r1 r2 r3 r4 E E E E C1 C2 C3 C4 M1 XOR R1 = M2 XOR R2; XOR both sides with R1, get M1 = M2 XOR R2 XOR R1; XOR with M2 M1 XOR M2 = R1 XOR R2 problems: need to send twice as much data can still rearrange blocks if two ciphertext blocks equal, know XOR of two plaintext blocks = XOR of the corresponding two random numbers

Cipher Block Chaining (CBC) randomizes output by using previous ciphertext block first block is randomized using initialization vector (IV) IV M1 M2 M3 M4 E E E E see next hidden slide IV C1 C2 C3 C4 how does CBC do decoding?

CBC Decryption & Analysis IV C1 C2 C3 C4 D D D D IV M1 M2 M3 M4 if Ci is lost or garbled then next data item is garbled, the rest are okay to change Mi one needs to change Ci-1 What happens if Ci gets lost or garbled? How much data gets lost? assume an attacker knows block Mi and wants to change it, what does it need to change? can encryption/decryption be done in parallel?

Output Feedback (OFB) Mode OFB is a stream cipher IV – based, IV is transmitted in clear two versions no shifting pad1=e(IV, key) pad2=e(pad1, key) padi=e(padi-1,key) k-bit shifting (see pic) advantages the pad can be pre-generated – no costly operations at run-time (good for multimedia or resource-constrained devices) how much info is affected if portion of ciphertext is garbled/lost? problems if known plaintext, can be altered is random access possible? can encryption/decryption be done in parallel? k-bit shifting version of OFB advantages if garbled (no shifting) – only those plaintext bits are garbled, if shifting – all lost; if lost or duplicated – synchronization lost, rest of stream damaged problems for example – the bad guy got the stream, knows plaintext, XORs with plaintext – gets the pad, then can use the pad to encrypt anything depends on how much shifting, if no shifting – sure, if all shifting - none the picture shows a more complex version of OFB where k bits are shifted

Cipher Feedback (CFB) Mode similar to OFB message data is also used to generate padding advantages is random access possible? what if part of ciphertext is garbled/lost/duplicated? problems is OFB-like pad pre-generation possible? can it be altered if plaintext is known can encryption/decryption be done in parallel? advantages yes the decryption eventually resynchronizes, this is not immediately visible, draw a “broken ladder” of keys as they are used to decrypt a packet (the “ladder” bytes of previous 4 packets (assuming 1-byte shifting) is used to decrypt a packet) problems no not without garbling adjacent blocks encryption – no, decryption - yes

Counter (CTR) Mode CTR is another stream cipher to create pad, IV is incremented and encrypted is random access possible? what if part of ciphertext is garbled/lost/duplicated? is pad pre-generation possible can encryption/decryption be done in parallel? is known plaintext alteration possible? yes no problem – minimum garbling known plaintext alteration possible

Integrity checking automated integrity checking – computer should be able to detect tampering (a human presence should not be required any “garbage” can pass through) message authentication code (MAC) – a cryptographic checksum generated with the help of a key CBC, OFB, CFB and CTR – good security, integrity vulnerable

CBC Residue IV M1 M2 M3 M4 C1 C2 C3 residue E Do CBC encryption on M using key K, throw away all but last block. send message in clear + the “residue”, Used in banking Has property that if you don’t know the key you can’t generate (or verify) the MAC, or modify the message without (probably) changing the MAC however, can generate an arbitrary message matching MAC IV M1 M2 M3 M4 C1 C2 C3 residue E

Joint Privacy and Integrity concurrently use two CBCs – one for privacy, the other for integrity why can’t use only one for both?

Securing DES purpose: retain the same mechanism, expand key size why not double DES? encrypt with K1 twice. How much more work (over DES) for good guys? Bad guys? encrypt with K1 then K2. What is time/memory for bad guys? Good guys? subject to subtle known plaintext attack double encryption with the same key – yet another DES-like block cipher, key the same size, brute force attack possible two different keys: subtle attack becomes possible suppose have a few <m,c> pairs, run it forward on m and backward on c of the first pair for all keys, match results, get matching pairs of keys and try against next pairs

3DES Defined as doing EDE with K1, K2, K3, but standardly K1 is set equal to K3. reason: because of known-plaintext attack, 3DES is considered to only have time-strength equal to 112 bit key, not 168. also, 112 bits considered enough (for now). why EDE instead of EEE? Initial and final permutations would cancel each other out with EEE (minor advantage to EDE) EDE compatible with single DES if K1=K2=K3. double encryption with the same key – yet another DES-like block cipher, key the same size, brute force attack possible two different keys: subtle attack becomes possible suppose have a few <m,c> pairs, run it forward on m and backward on c of the first pair for all keys, match results, get matching pairs of keys and try against next pairs

3DES and CBC same integrity problems as with regular CBC CBC is defined to be done on the outside of 3DES same integrity problems as with regular CBC CBC can potentially be done on the inside of 3DES more secure against tampering but more work garbling/loosing/duplicating of one block garbles the rest of message double encryption with the same key – yet another DES-like block cipher, key the same size, brute force attack possible two different keys: subtle attack becomes possible suppose have a few <m,c> pairs, run it forward on m and backward on c of the first pair for all keys, match results, get matching pairs of keys and try against next pairs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.