1. Conventional Encryption

2. Outline Conventional Encryption Principles
Conventional Encryption Algorithms
Cipher Block Modes of Operation
Location of Encryption Devices
Key Distribution

3. Symmetric Encryption A.k.a. conventional / secret-key / single-key
Sender and recipient share a common key
All classical encryption algorithms are secret-key-based
Was the only type prior to the invention of public-key in 1970’s
Why?
By far most widely used
Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only type of encryption in use prior to the development of public-key encryption in the 1970s. It remains by far the most widely used of the two types of encryption. All traditional schemes are symmetric / single key / private-key encryption algorithms, with a single key, used for both encryption and decryption. Since both sender and receiver are equivalent, either can encrypt or decrypt messages using that common key.

4. Conventional Encryption Principles
An encryption scheme has five ingredients:
Plaintext
Encryption algorithm
Secret key
Ciphertext
Decryption algorithm
Security depends on the secrecy of the key, not the secrecy of the algorithm
Why?

5. Conventional Encryption Principles

6. Requirements Two requirements for secure use of symmetric encryption:
A strong encryption algorithm
A secret key known only to sender and receiver
Mathematically we have:
Y = EK(X)
X = DK(Y)
Assume encryption algorithm is known
Implies a secure channel to distribute key
We assume that it is impractical to decrypt a message on the basis of the cipher- text plus knowledge of the encryption/decryption algorithm, and do not need to keep the algorithm secret; rather we only need to keep the key secret. This feature of symmetric encryption is what makes it feasible for widespread use. It allows easy distribution of s/w and h/w implementations.
Can take a closer look at the essential elements of a symmetric encryption scheme: mathematically it can be considered a pair of functions with: plaintext X, ciphertext Y, key K, encryption algorithm EK, decryption algorithm DK.

7. Cryptography Characterize cryptographic systems by:
Type of encryption operations used
Substitution / Transposition / Product
Number of keys used
Single-key or secret / two-key or public
Way in which plaintext is processed
Block / stream
Cryptographic systems can be characterized along these three independent dimensions.

8. More Definitions Unconditional security Computational security
No matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
Computational security
Given limited computing resources (e.g. time needed for calculations is greater than the age of universe), the cipher cannot be broken
Security of a key/password?
Two more definitions are worthy of note. An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if either the cost of breaking the cipher exceeds the value of the encrypted information, or the time required to break the cipher exceeds the useful lifetime of the information. Unconditional security would be nice, but the only known such cipher is the one-time pad (later).
For all reasonable encryption algorithms, we have to assume computational security where it either takes too long, or is too expensive, to bother breaking the cipher.

9. Confusion and Diffusion
Cipher needs to completely obscure statistical properties of the original message
A one-time pad does this
More practically, Shannon suggested combining S & P elements to obtain:
Diffusion
Dissipates statistical structure of plaintext over bulk of ciphertext
Confusion
Makes relationship between ciphertext and key as complex as possible
The terms diffusion and confusion were introduced by Claude Shannon to capture the two basic building blocks for any cryptographic system. Every block cipher involves a transformation of a block of plaintext into a block of ciphertext, where the transformation depends on the key. The mechanism of diffusion seeks to make the statistical relationship between the plaintext and ciphertext as complex as possible in order to thwart attempts to deduce the key. Confusion seeks to make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible, again to thwart attempts to discover the key.
So successful are diffusion and confusion in capturing the essence of the desired attributes of a block cipher that they have become the cornerstone of modern block cipher design.

10. Brute Force Search (Exhaustive Key Search)
Always possible to simply try every key
Most basic attack, proportional to key size
Assume either know / recognize plaintext
Key Size (bits)
Number of Alternative Keys
Time required at
1 decryption/µs
106 decryptions/µs 32
232 = 4.3  109
231 µs = 35.8 minutes
2.15 milliseconds 56
256 = 7.2  1016
255 µs = 1142 years
10.01 hours
128
2128 = 3.4  1038
2127 µs = 5.4  1024 years
5.4  1018 years
168
2168 = 3.7  1050
2167 µs = 5.9  1036 years
5.9  1030 years
26 letters (permutation)
26! = 4  1026
2  1026 µs = 6.4  1012 years
6.4  106 years
A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. Stallings Table 2.2 shows how much time is required to conduct a brute-force attack, for various common key sizes (DES is 56, AES is 128, Triple-DES is 168, plus general mono-alphabetic cipher), where either a single system or a million parallel systems, are used.

11. Conventional Encryption Algorithms
Data Encryption Standard (DES)
The most widely used encryption scheme
The algorithm is reffered to as the Data Encryption Algorithm (DEA)
DES is a block cipher
The plaintext is processed in 64-bit blocks
The key is 56-bits in length in the original version

14. DES
Mathematically, the overall processing at each iteration:
Li = Ri-1
Ri = Li F(Ri-1, Ki)
Concerns about:
The algorithm and the key length (56-bits)

15. Time to break a code (106 decryptions/µs)

16. Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values
Brute force search looks hard
Recent advances have shown possibilities
In 1997 on the Internet in a few months
In 1998 on dedicated h/w (EFF) in a few days
In 1999 above combined in 22 hrs!
Still must be able to recognize plaintext
Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES in two areas: key size and the nature of the algorithm.
With a key length of 56 bits, there are 2^56 possible keys, which is approximately 7.2*10^16 keys. Thus a brute-force attack appeared impractical.
However DES was finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker [EFF98].
There have been other demonstrated breaks of the DES using both large networks of computers & dedicated h/w, including:
on a large network of computers in a few months
on dedicated h/w (EFF) in a few days
above combined in 22hrs!
It is important to note that there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext.
Clearly must now consider alternatives to DES, the most important of which are AES and triple DES.

17. Alternatives to DES A replacement for DES was needed
Have theoretical attacks that can break it
have demonstrated exhaustive key search attacks
A strengthened DES
Triple-DEA (Triple-DES)
Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES in two areas: key size and the nature of the algorithm.
With a key length of 56 bits, there are 2^56 possible keys, which is approximately 7.2*10^16 keys. Thus a brute-force attack appeared impractical.
However DES was finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker [EFF98].
There have been other demonstrated breaks of the DES using both large networks of computers & dedicated h/w, including:
on a large network of computers in a few months
on dedicated h/w (EFF) in a few days
above combined in 22hrs!
It is important to note that there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext.
Clearly must now consider alternatives to DES, the most important of which are AES and triple DES.

18. Triple DEA
Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
C = ciphertext
P = Plaintext
EK[X] = encryption of X using key K
DK[Y] = decryption of Y using key K
Effective key length of 168 bits (3x56)
C = EK3[DK2[EK1[P]]]

19. Triple DEA

20. Alternatives to DES Triple-DES AES Cipher – Rijndael Slow
Use small blocks
AES Cipher – Rijndael
Designed by Joan. Daemen and Vincent Rijmen in Belgium
Has 128/192/256-bit keys, 128-bit data
An iterative rather than feistel cipher
Processes data as block of 4 columns of 4 bytes
Operates on entire data block in every round
Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES in two areas: key size and the nature of the algorithm.
With a key length of 56 bits, there are 2^56 possible keys, which is approximately 7.2*10^16 keys. Thus a brute-force attack appeared impractical.
However DES was finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker [EFF98].
There have been other demonstrated breaks of the DES using both large networks of computers & dedicated h/w, including:
on a large network of computers in a few months
on dedicated h/w (EFF) in a few days
above combined in 22hrs!
It is important to note that there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext.
Clearly must now consider alternatives to DES, the most important of which are AES and triple DES.

21. Block vs. Stream Ciphers
Block ciphers
Process messages in blocks, each of which is then en/decrypted
Like a substitution on very big characters
64-bits or more
Need a table of 2^64 entries for a 64-bit block
Instead, create from smaller building blocks
Using the idea of a product cipher
Many current ciphers are block ciphers
A wide range of applications
Stream ciphers
Process messages a bit or byte at a time when en/decrypting
Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”. Block ciphers are currently better analysed, and seem to have a broader range of applications, hence focus on them.

22. Other Symmetric Block Ciphers
International Data Encryption Algorithm (IDEA)
128-bit key
Used in PGP
Blowfish
Easy to implement
High execution speed
Run in less than 5K of memory

23. Other Symmetric Block Ciphers
RC5
Suitable for hardware and software
Fast, simple
Adaptable to processors of different word lengths
Variable number of rounds
Variable-length key
Low memory requirement
High security
Data-dependent rotations
Cast-128
Key size from 40 to 128 bits
The round function differs from round to round

24. Location of Encryption Device
Link encryption:
A lot of encryption devices
High level of security
Decrypt each packet at every switch
End-to-end encryption
The source encrypts and the receiver decrypts
Payload encrypted
Header in the clear
High Security
Both link and end-to-end encryption are needed

26. Key Distribution Physical delivery Network transfer
A key could be selected by A and physically delivered to B.
A third party could select the key and physically deliver it to A and B.
Network transfer
If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key.
If A and B each has an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.
Diffie-Hellman key exchange

27. Session and Permanent Key
Session key:
Data encrypted with a one-time session key
At the conclusion of the session, the key is destroyed
Permanent key:
Used between entities for the purpose of distributing session keys

29. Recommended Reading
Scneier, B. Applied Cryptography, New York: Wiley, 1996
Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001