Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography and Key Management

Published byColleen Harrell Modified over 7 years ago

Similar presentations

Presentation on theme: "Cryptography and Key Management"— Presentation transcript:

1 Cryptography and Key Management
Unit - 3

2 Outline Basics of cryptography
Symmetric Cryptography (DES, Triple DES, AES, Key distribution) Asymmetric cryptography Public and private keys RSA Elliptic curve Hash function Digital signatures PKI Applied cryptography

3 Why Cryptography? Cryptography is a component of many security systems
It applies to numerous aspects of the security models ( Confidentiality, Authentication, Integrity, Authorization, Non- repudiation) Desired Property Threat Solution Confidentiality Disclosure Encryption for secrecy Disguising traffic patterns Authentication Spoofing Digital signature Integrity Modification, replay Message digests, hashing, time stamps Non-repudiation Denial

4 Cryptosystem Where A cryptosystem is a 5-tuples consisting of
(E,D,M,K,C) Where E : Encryption Algorithm D: Decryption Algorithm M: Set of planetext K: Set of Keys C: Set of Ciphers E: M X K -> C, D: C X K -> M

5 Encryption Terms and Operations
Plaintext – an original message Ciphertext – an encrypted message Encryption – the process of transforming plaintext into ciphertext (also encipher) Decryption – the process of transforming ciphertext into plaintext (also decipher) Encryption key – the text value required to encrypt and decrypt data

6 Key A key is an input to a cryptographic algorithm used to obtain confidentiality, integrity, Authenticity or other property over some data The security of the cryptosystem often depends on keeping the key secret to some set of parties The keyspace is the set of all possible keys Entropy is a measure of the variance in keys (typically measured in bits) Keys are often stored in some secure place: passwords, disk keyrings, smartcards, certificates…

7 What Is Cryptography Cryptography is the science of hiding information in plain sight, in order to conceal it from unauthorized parties. Substitution cipher first used by Caesar for battlefield communications

8 Secure Communications
Encryption Key Decryption Key Alice plaintext Encrypt ciphertext Decrypt Bob Mallory/ Oscar Eve Enemy or Adversary Fig. Basic Communication Scenario

9 Eve’s Goals Read the message
Figure out the key Alice is using and read all the messages encrypted with that key Modify the content of the message in such a way that Bob will think Alice sent the altered message. Impersonate(imitate) Alice and communicate with Bob who thinks: he is communicating with Alice. Oscar is a passive observer who is trying to perform (1) and (2). Mallory is more active and evil who is trying to perform (3) And (4).

10 Attack Methods Ciphertext only: Alice has only a copy of ciphertext
Known Plaintext: Eve has a copy of ciphertext and the corresponding plaintext and tries to deduce the key. Chosen Plaintext: Eve has a copy of ciphertext corresponding to a copy of plaintext selected by Alice who believes it is useful to deduce the key. Chosen Ciphertext: Eve has a copy of plaintext corresponding to a copy of ciphertext selected by Alice who believes it is useful to deduce the key.

11 Encryption Methodologies

12 Types of Encryption Block cipher Stream cipher
Encrypts blocks of data, often 128 bits Stream cipher Operates on a continuous stream of data

13 Block Ciphers Encrypt and decrypt a block of data at a time
Typically 128 bits Typical uses for block ciphers Files, messages, text communications, web Well known encryption algorithms DES, 3DES, AES, CAST, Twofish, Blowfish, Serpent

14 Decryption: simple XOR with the same key
Stream Ciphers Used to encrypt a continuous stream of data, such as an audio or video transmission A stream cipher is a substitution cipher that typically uses an exclusive-or (XOR) operation that can be performed very quickly by a computer. Plaintext 1 Key Ciphertext Encryption: simple XOR with key Ciphertext 1 Key Plaintext Decryption: simple XOR with the same key

15 Encryption Algorithm Algorithm used to make content unreadable by all but the intended receivers E(key, plaintext) = ciphertext D(key, ciphertext) = plaintext Block vs. Stream Ciphers Block: input is fixed blocks of same length Stream: stream of input

16 Substitution Cipher Plaintext characters are substituted to form ciphertext “A” becomes “R”, “B” becomes “G”, etc. Character rotation Caesar rotated three to the right (A > D, B > E, C > F, etc.) A table or formula is used ROT13 is a Caesar cipher Subject to frequency analysis attack

17 Caesar Cipher Substitution cipher
Every character is replaced with the character three slots to the right

18 Transposition Cipher Plaintext messages are transposed into ciphertext, Scrambles the symbols to produce output The key is the permutation of symbols Plaintext: Write into columns going down Read from columns to the right Ciphertext: AKCNBTAEORTTVRIAOITDCNAHG Subject to frequency analysis attack A K C N B T E O R V I D H G

19 Mono-alphabetic Cipher
One alphabetic character is substituted or another Caesar right-three shift: Or a more random scheme: Subject to frequency analysis attack A B C D E F G H I J Z K L M A B C D E F G H I J Z W R T N P Q U X

20 Polyalphabetic Cipher
Two or more substitution alphabets CAGED becomes RRADB Not subject to frequency attack Plaintext A B C D E F G H I Z Alpha 1 W R T N P Q X Alpha 2 K U Alpha 3 V Alpha 4 M O Alpha 5 Y J

21 Running-key Cipher Plaintext letters converted to numeric (A=0, B=1, etc.) Plaintext values “added” to key values giving ciphertext Modulo arithmetic is used to keep results in range 0-26 Add 26 if results < 0; subtract 26 if results > 26 Plaintext A T C K O N E V I Key S R 19 2 10 14 13 4 21 8 18 17 Sum 23 6 3 16 7 11 12 Ciphertext X G D Q H L M

22 One-time Pad Assume you have a secret bit string s of length n known only to two parties, Alice and Bob Alice sends a message m of length of n to bob Alice uses the following encryption function to generate ciphertext c forall i=1 to n : ci = mi ⊕ si XOR the data with the secret bit string Plaintext A T C K O N E V I Key X G J R Q W P F 19 2 10 14 13 4 21 8 23 6 9 3 17 16 22 15 5 Sum 25 1 7 11 18 Ciphertext Z B H L U

23 Cryptography-Types

24 Symmetric key A common secret that all parties must know
Difficult to distribute key securely Used by DES, 3DES, AES, Twofish, Blowfish, IDEA, RC5 Fig. Symmetric cryptography

25 Asymmetric key Public / private key Keys mathematically tied together
Openly distribute public key to all parties Keep private key secret Anyone can use your public key to send you a message Used by RSA. El Gamal, Elliptic Curve Fig. Asymmetric cryptography

26 Asymmetric Encryption Uses
Encrypt message with recipient's public key Only recipient can read it, using his or her private key Provides confidentiality Sign message Hash message, encrypt hash with your private key Anyone can verify the signature using your public key Provides integrity and non-repudiation (sender cannot deny authorship) Sign and encrypt Both of the above

27 Adding Authenticity Digital signatures
used to verify authenticity of origin Originator’s Signed Message Cleartext Message Private Key Originator Public Key Recipient Sign Verify

28 Using Symmetric and Asymmetric Together
Key exchange using asymmetric cryptography Uses asymmetric keys to distribute bulk encryption keys Allows rapid distribution of short-term keys

29 Symmetric Cryptography

30 Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). Signaled the beginning of the modern area of cryptography In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. Block cipher - Fixed sized input 8-byte input and a 8-byte key (56-bits+8 parity bits)

31 DES Overview Figure Encryption and decryption with DES

32 DES Structure The encryption process is made of two permutations (P-boxes), which we call initial and final permutations, and sixteen rounds of complex key dependent calculation.

33 DES - Basics Fundamentally DES performs only two operations on its input, bit shifting (permutation), and bit substitution. The key controls exactly how this process works. By doing these operations repeatedly and in a non- linear manner you end up with a result which can not be used to retrieve the original without the key. By applying relatively simple operations repeatedly a system can achieve a state of near total randomness.

34 DES Initial round permutes input, then 16 rounds
Each round key (ki) is 48 bits of input key Function f is a substitution table (s-boxes)

35 DES Key Processing The key is usually stored as a 64-bit number, where every eighth bit is a parity bit. The parity bits are pitched during the algorithm, and the 56-bit key is used to create 16 different 48-bit subkeys - one for each round. Subkeys Generation First, the key is loaded according to the PC-1 and then halved. Then each half is rotated by 2 bits in every round except the first, second, 9th and last rounds. The reason for this is that it makes it secure against related-key cryptanalysis. Then 48 of the 56 bits are chosen according to a compression permutation.

36 The Key Schedule The subkeys used by the 16 rounds are formed by the key schedule which consists of: An initial permutation of the key (PC1) which selects 56- bits in two 28-bit halves 16 stages consisting of selecting 24-bits from each half and permuting them by PC2 for use in function f, rotating each half either 1 or 2 places depending on the key rotation schedule KS

37 Security of DES DES, as the first important block cipher, has gone through much scrutiny. Among the attempted attacks, three are of interest: brute-force, differential cryptanalysis, and linear cryptanalysis. Brute-Force Attack Differential Cryptanalysis Linear Cryptanalysis

38 DES- Current State Currently DES is no longer certified for US federal use. The availability of faster hardware, and access to large distributed systems meant that 56-bit DES keys could be recovered by brute force searches in an unreasonably short time (days or even hours). DES should almost certainly not be used in any new product, and should not be used in existing products to protect information with a lifetime of more than a few minutes.

39 3DES or Triple-DES Triple-DES is a block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. DES used a single 56-bit key. 3DES uses three 56-bit keys (often just referred to as a 3DES key), and performs three rounds of DES operations on the data. The result is that DES technology could be used until long term solution (the Advanced Encryption Standard) is found.

40 3DES A typical process of 3DES is known as EDE (Encrypt- Decrypt-Encrypt). In this case, the first and third keys are equal, so the effective key length is 112-bits. In the first operation, the plaintext is encrypted with the first DES key, K1.

41 3DES In the second step, the results of the first step, C1, is decrypted using the second key, K2 Since K2 ≠ K1, this does not result in the original plaintext message.

42 3DES In the final step, the results of the second step, C2, is encrypted using the third key, K3 The output ciphertext C3 is the final encrypted message. Recall that K3 = K1 in this case, so even though there are three 56-bit keys, the effective key length is only bits.

43 3DES or Triple-DES Decryption in this case follows the reverse of the encryption process, as shown below.

44 3DES or Triple-DES Although the length of the key has doubled, there are 256 (= 72,057,594,037,927,936) times as many keys. Therefore a brute force search for a 3DES-EDE key would take 256 times longer on the same hardware than a brute force search for a DES key. 3DES is still an acceptable encryption method.

45 AES DES is near end of useful life
NIST has begun process to look for successor to DES The Advanced Encryption Standard (AES) was the result of an open international search organized by NIST for a replacement for DES. AES Process: Proposals submitted 3/98 AES Workshop - 8/98 15 proposals selected Key sizes of 128, 192, and 256 bits

46 AES Features The features of AES are as follows
Symmetric key symmetric block cipher 128-bit data, 128/192/256-bit keys Stronger and faster than Triple-DES Provide full specification and design details Software implementable in C and Java

47 AES Algorithm – High Level
KeyExpansion—round keys are derived from the cipher key using Rijndael's key schedule Initial Round AddRoundKey—each byte of the state is combined with the round key using bitwise xor Each consists of 4-subprocess SubBytes: The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns. ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps. MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column. AddRoundKey: The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key. Final Round (no MixColumns) SubBytes ShiftRows AddRoundKey

48 The State and Key Schedule
Input is a 128 bit block (16 bytes) that is placed in the state array The key is entered in a block and divided into key schedule words of 4 bytes/word. The key schedule is an expansion of the key—eg, a bit key is expanded into 44 key schedule words. A square matrix of bytes is used by the standard to describe the state.

49 Rounds and Transformation Stages
The encryption process executes a round function, Nr times, with the number of rounds (Nr) being dependent on key size. The round function consists of four transformation stages. SubBytes() ShiftRows() MixColumns() AddRoundKey()

50 Rounds and Transformation Stages
The cipher begins with an AddRoundKey(). All rounds then execute each of the transformations except the last round. The MixColumns( ) transformation is not executed in the final round. For a 128 bit key, there are 10 rounds. 12 and 14 rounds are used with keys of 192 and 256.

51 AES Decryption AES decryption is accomplished using inverses of the transformations, in the appropriate order. The AddRoundKey( ) is its own inverse when (since A  B  B = A).

52 The Key Exchange Problem
Although symmetric encryption is commonly used due to its historical position in the cryptography and its speed, it suffers from a serious problem of how to safely and secretly deliver a secret key from the sender to the recipient. This problem forms the basis for the key exchange problem. The key exchange problem involves: ensuring that keys are exchanged so that the sender and receiver can perform encryption and decryption, ensuring that an eavesdropper or outside party cannot break the code, ensuring the receiver that a message was encrypted by the sender.

53 Manual Key Distribution
Manually distributed symmetric keys should be either encrypted or use split knowledge The distribution mechanism should assure The authorized distribution of keys That the entity distributing the keys is trusted by both the transmitter and recipient The keys are protected according to relevant standards (e.g. FIPS=>Federal Information Processing Standard) The keys are received by the authorized recipient

54 Electronic Key Distribution/Transport of Symmetric Keys
Requires other secret or public keys to have been previously distributed Mechanism should insure that The distributed key is not disclosed or modified The key is protected in accordance with industry standards ( e.g. FIPS) The recipient has received the correct key Keys in this category are the secret authentication key, long and short term data encryption keys, key encrypting key for wrapping, master key for key derivation, and secret authorization key.

55 Thank You ! References: http://www.garykessler.net/library/crypto.html
Audio-Video Lectures on:

Download ppt "Cryptography and Key Management"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.

Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Similar presentations

Ads by Google