Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others."— Presentation transcript:

1 15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others

2 2 Security Threats Impersonation Pretend to be someone else to gain access to information or services Insecrecy Eavesdrop on data over network Corruption Modify data over network Repudiation Deny sending a message Break-ins Take advantage of implementation bugs Denial of Service Flood resource to deny use from legitimate users

3 3 Three Levels of Defense Firewalls Filtering “dangerous” traffic at a middle point in the network Covered next lecture Network level security (e.g. IPsec) Host-to-host encryption and authentication Can provide security without application knowledge Cannot always protect applications from each other Application level security True end-to-end security Requires extra effort per application Libraries help, like SSL/TLS

4 4 Private Key Authentication Alice wants to talk to Bob Needs to convince him of her identity Both have private key k Naive scheme Alice Bob Vulnerability? “I am Alice”, x, E(x, k)

5 5 Replay Attack Eve can listen in and impersonate Alice later Alice Bob Eve “I am Alice”, x, E(x, k) “I am Alice”, x, E(x)

6 6 Preventing Replay Attacks Bob can issue a challenge phrase to Alice Alice Bob “I am Alice” E(x, k) x

7 7 Private Key Cryptosystems Finite message domain M, key domain K Key k  K Known by all parties Must be secret Encrypt: E: M × K  M Plaintext m p to ciphertext m c as m c = E(m p, k) Decrypt: D: M × K  K m p = D(m c, k) = D(E(m p, k), k) Cryptographic security Given m c, hard to determine m p or k Given m c and m p, hard to determine k

8 8 One Time Pad Messages n-bit strings [b 1,…,b n ] Keys Random n-bit strings [k 1,…,k n ] Encryption/Decryption c = E(b, k) = b  k = [b 1  k 1, …, b n  k n ]  denotes exclusive or b = D(b, k) = c  k = b  k  k = b  [1, …, 1] = b Properties Provably unbreakable if used properly Keys must be truly random Must not be used more than once Key same size as message

9 9 Simple Permutation Cipher Messages n-bit strings [b 1,…,b n ] Keys Permutation  of n Let  =  -1 Encryption/Decryption E([b 1,…,b n ],  ) = [b  (1),…,b  (n) ] D([b 1,…,b n ],  ) = [b  (1),…,b  (n) ] Properties Cryptanalysis possible Only small part of plaintext and key used for each part of ciphertext

10 Data Encryption Standard (DES)

11 11 Overview Initialization Termination Round … Plaintext Cyphertext Key 16 rounds of permutations and substitution DES is a 64-bit block cipher. Both the plaintext and ciphertext are 64 bits wide. The key is 64-bits wide, but every eighth bit is a parity bit yielding a 54-bit key.

12 12 Initialization Plaintext Initial Permutation Right Half Left Half Round Key

13 13 Termination Ciphertext Reverse Initial Permutation Right Half Left Half Round Key

14 14 A Round Right Half Left Half Transformed Key (48-bit) Permutations and substitution XOR Left Half Right Half

15 15 Permutations and Substitutions Right Half Transformed Key (48-bit) S-Box Substitution P-Box Permutation XOR E-Box Permutation 8 S-Boxes are used by the P-Box

16 16 Key Transformation 64-bit Key Remove parity bit 56-bit Key split 28-bit left semikey 28-bit right semikey shift 28-bit shifted left semi-key 28-bit shifted right semi-key Compression Permutation 48-bit semi-key

17 17 E-Box (Expansion Box) 1 2 3 4 5 6 7 8........ 29 30 31 32 1 2 3 4 5 6 7 8 9 10 11........ 44 45 46 47 48 32 48 1 1

18 18 S-Box (Substitution Box) There are 8 different S-Boxes, each of which provides a different 6:4 mapping. Where’d they come from? Some combination of IBM and NSA. The mappings are based on cryptanalysis and are ostensibly free of weaknesses, back-doors, &c.

19 19 P-Box (Permutation Box) S-Box 1 S-Box 2S-Box 3S-Box 4S-Box 5 S-Box 6S-Box 7S-Box 8 48-bit input 32-bit output

20 20 Block Cipher Modes “How do we break a message down into blocks for encryption by DES or another block cipher?”

21 21 Electronic Code Book (ECB) Mode Block 1 Block 2 Block 3 Block 4 Block 5 … E(block) Block 1 Block 2 Block 3 Block 4 Block 5 … Plaintext Ciphertext Pad last block, if necessary Block Encryption

22 22 Cipher Block Chaining (CBC) Mode Random Block 1 Block 2 Block 3 Block 4 … E(block) Block 2 Block 3 Block 4 Block 5 … Plaintext Ciphertext Pad last block, if necessary Random Block called IV can be sent in plain text. Not a secret – just prevents a codebook. Often times a timestamp. XOR Block Encryption

23 23 Leftmost Cipher Feedback Mode (CFB) Mode C I-6 C I-5 C I-4 C I-3 C I-2 C I-1 Shift Register (1 Block wide) Next unit of Ciphertext E(register) 1 unit is 1/N block Block Encryption Encrypted Register XOR Next unit of Plaintext After each unit, shift input register and insert the most recently generated unit of ciphertext output

24 24 Leftmost Output Feedback Mode (OFB) Mode C I-6 C I-5 C I-4 C I-3 C I-2 C I-1 Shift Register (1 Block wide) Next unit of Ciphertext E(register) 1 unit is 1/N block Block Encryption Encrypted Register XOR Next unit of Plaintext After each unit, shift input register and insert the leftmost unit of the encrypted register. output

25 25 Other Ciphers Triple-DES DES three times m c = E(D(E(m p, k 1 ), k 2, k 3 ) Effectively 112 bits Three times as slow as DES Blowfish Developed by Bruce Schneier circa 1993 Variable key size from 32 to 448 bits Very fast on large general purpose CPUs (modern PCs) Not very easy to implement in small hardware Advanced Encryption Standard (AES) Selected by NIST as replacement for DES in 2001 Uses the Rijndael algorithm Keys of 128, 192 or 256 bits

Download ppt "15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Similar presentations

Ads by Google