Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."— Presentation transcript:

1 Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 5: Security Basics-1 Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Slides are courtesy of Kenny Fong

2 Kemal AkkayaWireless & Network Security 2 Cryptography  Cryptography is the study of mathematical techniques in the provision of information security services. It is the strongest and most widely used tool for defending against many kinds of security threats.  Goals of cryptography  Confidentiality: keeping information secret from all but those who are authorized to see it  Integrity: ensuring information has not been altered by unauthorized or unknown means  Authentication: corroborating the source of information or the identity of an entity  Non-repudiation: preventing the denial of previous commitments or actions

3 Kemal AkkayaWireless & Network Security 3 Symmetric-Key Encryption  A symmetric-key encryption scheme, or a cipher, consists of:  a secret key K shared by the sender and the receiver,  an encryption algorithm E K that, with a message M (called the plaintext) and the secret key K as input, produces the encrypted message C = E K (M) as output (called the ciphertext), and  a decryption algorithm D K that, with a ciphertext C and the secret key K as input, outputs the original message M = D K (C); i.e., given any key K, D K (E K (M)) = M for all messages M.

4 Kemal AkkayaWireless & Network Security 4 Symmetric-Key Encryption

5 Kemal AkkayaWireless & Network Security 5 Cryptanalysis  Cryptanalysis is the science of recovering the plaintext or deducing the key without access to the key.  A brute-force attack, also called exhaustive key search, attempts to decrypt a given ciphertext message with every possible key until the resulting plaintext is meaningful (identified by means of frequency analysis).  In general, a brute-force attack on a cipher with an n-bit key requires at most 2 n trials. Therefore, the longer the key length, the more secure the cipher.

6 Kemal AkkayaWireless & Network Security 6 Caesar Cipher  The Caesar cipher (also called the shift cipher) replaces each letter of a message with another letter a fixed number of places after it in the alphabet (the alphabet is wrapped around).  Mathematical description  Assign a numerical equivalent to each letter: A – 0, B – 1, C – 2, …, Y – 24, Z – 25  Encrypt: for each plaintext letter M i, the ciphertext letter is C i = E K (M i ) = (M i + K) mod 26 where the secret key K is the shift amount (which is a number between 1 and 25)  Decrypt: M i = D K (C i ) = (C i – K) mod 26  Example: M = KENNYFONG, C = NHQQBIRQJ, K = 3  Cryptanalysis: brute-force attack (there are only 25 possible keys)

7 Kemal AkkayaWireless & Network Security 7 Vigenère Cipher  The Vigenère cipher, invented by Giovan Batista Belaso in 1553 (but misattributed to Blaise de Vigenère in the 19 th century), works as follows:  Let K = K 0 K 1 … K d-1, where d is the number of letters in K. The key K is usually a word with 5 – 8 letters.  Encrypt: C i = (M i + K i mod d ) mod 26  Decrypt: M i = (C i – K i mod d ) mod 26  Example: K = FALSE Plaintext KENNYISTHEGREATESTMANINTHEWORLD Key FALSEFALSEFALSEFALSEFALSEFALSEF Ciphertext PEYFCNSEZILRPSXJSEEESIYLLJWZJPI

8 Kemal AkkayaWireless & Network Security 8 Block Ciphers  A block cipher encrypts the plaintext message one block at a time (every block has the same fixed size).  Most contemporary ciphers are block ciphers:  Data Encryption Standard (DES) Key length: 56 bits, block length: 64 bits  Advanced Encryption Standard (AES) Key length: 128/192/256 bits, block length: 128 bits  Triple DES  International Data Encryption Algorithm (IDEA)  Blowfish  Ron’s Code 5 (RC5)

9 Kemal AkkayaWireless & Network Security 9 Block Ciphers  Block ciphers generally apply the techniques of substitution and permutation to complicate the statistical relationship between the ciphertext and the plaintext, thereby thwarting cryptanalysis based on statistical analysis.  A mode of operation specifies how a block cipher with a fixed block size (e.g., 128 bits for AES) can be extended to process messages of arbitrary length. Most of the modes of operation partition a message P in the most straightforward way: P = P 1 P 2 … P N, where P i is an m-bit block for all 1 ≤ i ≤ N and m is the block size of the block cipher used, padding the last block P N if necessary.  5 modes:  ECB, CBC, CFB, OFB, CTR

10 Kemal AkkayaWireless & Network Security 10 Electronic Codebook Mode (ECB)  Encrypt: The ciphertext to be sent is, where C i = E K (P i ) for all 1 ≤ i ≤ N.  Decrypt: P i = D K (C i ) for all 1 ≤ i ≤ N.  Though ECB is simple, it suffers the problem that if the same plaintext block appears more than once in the message, ECB always produces the same ciphertext block, allowing an adversary to gain some knowledge by observing repetitions in lengthy messages.

11 Kemal AkkayaWireless & Network Security 11 Cipher Block Chaining Mode (CBC)  Precomputation: an m-bit initialization vector IV is randomly selected, where m is the block size.  Encrypt: The ciphertext to be sent is, where C 0 = IV and C i = E K (C i-1  P i ) for all 1 ≤ i ≤ N.  Decrypt: P i = C i-1  D K (C i ) for all 1 ≤ i ≤ N, where C 0 = IV.  The same plaintext block may not be encrypted to the same ciphertext block in CBC, because the i th ciphertext block depends on the i th plaintext block and all the previous plaintext blocks. However, unlike ECB, CBC encryption is not parallelizable (but CBC decryption is parallelizable).

12 Kemal AkkayaWireless & Network Security 12 Cipher Feedback (CFB)

13 Kemal AkkayaWireless & Network Security 13 Counter (CTR)

14 Kemal AkkayaWireless & Network Security 14 Data Encryption Standard (DES)  Adopted in 1977 by NIST  Block cipher with 64 bits of blocks  56 bits key length  16 Rounds

15 Kemal AkkayaWireless & Network Security 15 Triple DES (3DES)  first used in financial applications  in DES FIPS PUB 46-3 standard of 1999  uses three keys & three DES executions: C = E(K 3, D(K 2, E(K 1, P)))  decryption same with keys reversed  use of decryption in second stage gives compatibility with original DES users  effective 168-bit key length, slow, secure  AES will eventually replace 3DES

16 Kemal AkkayaWireless & Network Security 16 Advanced Encryption Standard (AES)

17 Kemal AkkayaWireless & Network Security 17 AES Round Structure

18 Kemal AkkayaWireless & Network Security 18 Stream Ciphers  Processes input elements continuously  Bit by bit (or byte)  Key input to a pseudorandom bit generator  Produces stream of random like numbers  Unpredictable without knowing input key  Are faster and use far less code  Design considerations:  Encryption sequence should have a large period  Keystream approximates random number properties  Uses a sufficiently long key (i.e., 128 bits)  RC4 is the most common  Others  A5/1, A5/2, FISH, Helix, ISAAC, MUGI, Panama, Phelix, Pike

19 Kemal AkkayaWireless & Network Security 19 Diffie-Hellman Key Exchange  First practical scheme to exchange a secret key  Used in symmetric ciphers  Proposed by Diffie & Hellman in 1976  note: now know that Williamson (UK CESG) secretly proposed the concept in 1970  Practical method to exchange a secret key  Used in a number of commercial products  Security relies on difficulty of computing discrete logarithms

20 Kemal AkkayaWireless & Network Security 20 Diffie- Hellman Algorithm

21 Kemal AkkayaWireless & Network Security 21 Diffie-Hellman Example  Have  prime number q = 353  primitive root  = 3  A and B each compute their public keys  A computes Y A = 3 97 mod 353 = 40  B computes Y B = 3 233 mod 353 = 248  Then exchange and compute secret key:  for A: K = (Y B ) XA mod 353 = 248 97 mod 353 = 160  for B: K = (Y A ) XB mod 353 = 40 233 mod 353 = 160  Attacker must solve:  3 a mod 353 = 40 which is hard  Desired answer is 97, then compute key as B does

22 Kemal AkkayaWireless & Network Security 22 Key Exchange Protocols

Download ppt "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Similar presentations

Ads by Google