Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.

Slides:



Advertisements
Similar presentations
“Advanced Encryption Standard” & “Modes of Operation”
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.2 Secret Key Cryptography.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Sri Lanka Institute of Information Technology
Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
1 Pertemuan 06 Kriptografi tradisional Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Dr. Khalid A. Kaabneh Amman Arab University
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Chapter 20 Symmetric Encryption and Message Confidentiality.
1 Chapter 2-1 Conventional Encryption Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Block ciphers Structure of a multiround block cipher
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Classical &ontemporyryptology 1 Block Cipher Today’s most widely used ciphers are in the class of Block Ciphers Today’s most widely used ciphers are in.
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Lecture 23 Symmetric Encryption
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
Chapter 2 Symmetric Encryption.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
1 The Data Encryption Standard. 2 Outline 4.1 Introduction 4.4 DES 4.5 Modes of Operation 4.6 Breaking DES 4.7 Meet-in-the-Middle Attacks.
Module :MA3036NI Symmetric Encryption -3 Lecture Week 4.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
Encryption Encryption: Transforms Message so that Interceptor Cannot Read it –Plaintext (original message) Not necessarily text; Can be graphics, etc.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
Symmetric Cryptography
Lecture 3: Symmetric Key Encryption
Cryptography Basics and Symmetric Cryptography
مروري برالگوريتمهاي رمز متقارن(كليد پنهان)
PART VII Security.
SYMMETRIC ENCRYPTION.
Presentation transcript:

Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge Institute of Technology, Sweden King Mongkut’s Univerity of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv

Dr. Reuven Aviv, 2008Conventional Encryption2 Outline Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Key Distribution

Prof Reuven Aviv, 2008Conventional Encryption3 Conventional Encryption Principles An encryption scheme has five ingredients: –Plaintext –Encryption algorithm –Secret Key –Ciphertext –Decryption algorithm Security depends on the secrecy of the key, not the secrecy of the algorithm

Prof. Reuven Aviv, 2008Conventional Encryption4 Conventional Encryption Process What do we require from the algorithm?

Prof. Reuven Aviv, 2008Conventional Encryption5 Requirements The Encryption algorithm should be strong –Opponent who knows the algorithm & ciphertexts would be unable to reveal the plaintext or the key The key is to be distributed in a secure way Low cost chip implementation why? Important for wide spread use Secrecy of algorithm NOT required why?

Prof. Reuven Aviv, 2008Conventional Encryption6 Classification of Cryptographic Systems The type of operations used for transforming plaintext to ciphertext examples? The number of keys used –symmetric (single key) –asymmetric (two-keys, - public-key encryption) The way in which the plaintext is processed –Block cipher, stream cipher

Dr. Reuven Aviv, June 2002Conventional Encryption7 A model for Encryption algorithm Horst Feistel of IBM in 1973 Input – – block of plaintext in two halves: (L 0, R 0 ) –Secret Key K Encryption: N rounds of “processing” –L i-1, R i-1, K i  L i, R i,K i+1 –Sub-keys K i derived from K One round of encryption: –R i = apply special F(K i, R i-1 ), XOR with L i-1 –L i = R i-1 what is XOR?

Dr. Reuven Aviv, June 2002Conventional Encryption8

Dr. Reuven Aviv, June 2002Conventional Encryption9 Transmission and Decryption Transmission: Two halves of ciphertext Decryption at the receiver (receiver knows K) Input: –Two halves of Ciphertext (L n+1, R n+1 ) –Last sub-key: K n How receiver knows this? Receiver uses same algorithm as encryption –Each step: create K i, (L i, R i ) in reverse order –Output: plaintext (L 0, R 0 ) how to make the algorithm stronger?

Dr. Reuven Aviv, June 2002Conventional Encryption10 Increasing the strength of the algorithm Larger Block size Larger Key Size Increasing Number of rounds –Output bits depend on more input bits Complex Subkey generation algorithm More complex F() What’s the price of all this? All of the above reduce speed why is that important?

Dr. Reuven Aviv, June 2002Conventional Encryption11 Conventional Encryption Algorithms Data Encryption Standard (DES) –The most widely used encryption scheme –DES encrypts block after block (block cypher) –The plaintext is processed in 64-bit blocks –The key K is 56-bits in length Triple DES (TDES) –3 keys, three executions of DES Advanced Encryption Standard (AES)

Dr. Reuven Aviv, June 2002Conventional Encryption12 DES Encryption: –Initial permutation of the input 64-bit block ?? –16 rounds ( using a special F function) –Swap two halves –Inverse of initial permutation –  ciphertext Decryption –Initial permutation of ciphertext 64-bit block –16 rounds (use sub-keys in reverse order) –Swap  plaintext

Dr. Reuven Aviv, June 2002Conventional Encryption13

Dr. Reuven Aviv, June 2002Conventional Encryption14 Concerns about DES algorithm vulnerable? (easy way to break?) –No vulnerability found, but –The function F is very complex Key length –DES cracker built – less $250,000, three days work to break (find key) –Much faster cracking done using internet DES is not considered a strong algorithm What a cracker want? What does he do?

Dr. Reuven Aviv, June 2002Conventional Encryption15 Cracking methods If plaintext is really text –Use statistical distribution of letters, syllables –Use existence of structure: headers, … –In conjunction with brute force If plaintext is not text but a general binary file –Use structure if known –Brute force Note most files have some structure –E.g. program files –Otherwise attacker would not know if he succeeded

Dr. Reuven Aviv, June 2002Conventional Encryption16 Cryptanalysis: Average time required for exhaustive key search Key Size (bits) Number of Alternative Keys Time required at 10 6 Decryption/µs = 4.3 x milliseconds = 7.2 x hours = 3.4 x x years = 3.7 x x years

Dr. Reuven Aviv, June 2002Conventional Encryption17 Triple DES Encryption: Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt) P = Plaintext C = ciphertext E K [X] = encryption of X using key K D K [Y] = decryption of Y using key K Effective key length of 168 bits We use decryption in the middle. Why? C = E K3 [D K2 [E K1 [P]]]

Dr. Reuven Aviv, June 2002Conventional Encryption18 Triple DES

Dr. Reuven Aviv, June 2002Conventional Encryption19 TDES: Decryption C = E K3 [D K2 [E K1 [P]]] D K3 [C] = D K2 [E K1 [P]] E K2 [D K3 [C] = E K1 [P] P = D k1 [E K2 [D K3 [C]]]

Encryption of Messages Dr. Reuven Aviv, June 2002 Conventional Encryption20 How a long message is encrypted?

Dr. Reuven Aviv, June 2002Conventional Encryption21 Cipher Block Operation: ECB mode “Electronic Code Book” Divide message into blocks; encrypt each block For every block  a ciphertext block –Like a gigantic table: plaintext, ciphertext plaintext blocks repeats?  same ciphertext block –cracker identifies blocks, easier to crack Improvement: design method so that repeat plaintext blocks  different ciphertext blocks! How?

Dr. Reuven Aviv, June 2002Conventional Encryption22 Cipher Block Chaining Mode (CBC) Ciphertext block i, C i : Do XOR of the current plaintext block P i and the preceding ciphertext block, C i-1 Then encrypt

Dr. Reuven Aviv, June 2002 Conventional Encryption23 CBC Encryption  Create “initial value” block  XOR with first Plaintext block  Encrypt  first ciphertext block  XOR with second plaintext block,…

Dr. Reuven Aviv, June 2002Conventional Encryption24 Decryption in CBC mode Decrypt first ciphertext block XOR result with Initial Value Block –  first Plaintext block Decrypt second ciphertext block XOR with first ciphertext block –  second plaintext block. …

Dr. Reuven Aviv, June 2002Conventional Encryption25 The Initial Value block IV First ciphertext block C 1 = E K (IV  P 1 ) First Plaintext block P 1 = IV  D K (C 1 ) IV should be sent to receiver for decryption

Dr. Reuven Aviv, June 2002Conventional Encryption26 Intitial value attcak Consider bit j of P 1 : –P 1 [j] = IV[j]  D K (C 1 )[j] –If IV[j] is inverted, so is P 1 [j] If attacker gets IV on the way, change it and re- send it to receiver, he can predictably change bits of P 1 What can we do to avoid this attack? Better encrypt IV on its way IV can be encrypted as a single block, with no chaining

Key Distribution Dr. Reuven Aviv, June 2002 Conventional Encryption27

Dr. Reuven Aviv, June 2002Conventional Encryption28 Types and Usages of Keys Session key: –Data encrypted with a short lived session key –At the end of the session the key is destroyed Permanent (or Master) key: –Used for distributing a (first/new) session key –session key encrypted by master key, sent –A (or B) can do this, –or 3’rd party C with shared master keys K a, K b C is Key Distribution Center (KDC) How K a, K b, are created / distributed?

Dr. Reuven Aviv, June 2002Conventional Encryption29 Using KDC: 1. A  KDC A sends non encrypted Request for a session Key for communicating with B –Contents: { A id, B id, N 1 Nonce} Identifier of sender (A) (e.g. Address | port) Identifier of intended party (B) A random string (Nonce) what’s that for? A expects that the nonce will be echoed by the receiver of this message (the KDC) –It will be encrypted so that A will know that it was echoed by KDC and not by an imposter

Dr. Reuven Aviv, June 2002Conventional Encryption30 Using KDC: 2. KDC  A 2 parts reply encrypted by master key Ka: Part I – to be used by A: –One time (first/new) session key –Original request (including the nonce) A now knows session key came from KDC A knows it’s not a replay of old reply why? Part II - encrypted by K b, will be sent later to B: Session key and A id

Key Distribution Scenario Dr. Reuven Aviv, June 2002 Conventional Encryption31

Dr. Reuven Aviv, June 2002Conventional Encryption32 Using KDC: 3. A  B A stores the session key, forwarding Part II to B –Both A and B now know the session key –B knows that session key was created by KDC –But B is not sure whether A is not an imposter –May be it is D, who stole part II, sends to B –B checks if sender knows the session key how 4. B  A: nonce N2, encrypted by the session key 5. A  B: some predefined function of N2 f(N2) –B checks result, if OK, A knows the session key This is Challenge response authentication

Dr. Reuven Aviv, June 2002Conventional Encryption33 Key Distribution Scenario

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.