Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.

Published byShannon Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For."— Presentation transcript:

1 IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For Educational Purposes Only Revised: September 4, 2002

2 1 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Encryption Question Context: You are an IT project manager, overseeing a blended staff of 5 network engineers and administrators. The CIO of your organization recently tasked your group to design a secure platform to support an enterprise wide Content Management solution. It is your responsibility to consider, and account for, the security implications of having financially sensitive documents stored in a common repository. Questions: What types of security issues should your team take when designing your solution? What specific measures would you use/employ to thwart certain types of attacks or vulnerabilities?

3 2 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 2 & 3 Review: Model of Conventional Encryption Process Cryptography Defined Example 1: Caesar Cipher Example 2: Columnar Transposition Characteristics of ‘Good’ Ciphers Stream and Block Ciphers Feistel DES Chapter 2 & 3 Review

4 3 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 4: Context and Challenges Alternative and Variant Approaches Double DES Meet-in-the-Middle Attacks Triple DES Triple DES with Three Keys Other Symmetric Block Ciphers Chapter 4 Outline

5 4 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Context and Challenges Context: DES is the most widely used encryption scheme: -Block cipher that processes plaintext in 64-bit blocks. -Uses keys of 56-bits in length. -Achieves its strength from repeated rounds of substitution and permutation. Challenges: The size of the key makes the algorithm vulnerable to brute force attacks. There are methods for increasing the effective length of a DES key, which requires no change to the algorithm itself. [1]

6 5 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Alternative Approaches Alternatives Approaches: Alternative 1: Given DES’ potential vulnerability to brute force attacks, one approach is to design a completely new algorithm, e.g. Blowfish and RC5. [2] Alternative 2: An alternative approach is to preserve the existing investment in software and equipment, and to use multiple encryption with DES with multiple keys, e.g. Double and Triple DES [2].

7 6 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Double DES Double DES: Driving Logic: A reasonable approach to overcome the security vulnerabilities of using a single 56-bit key, may involve using two keys. If somehow an exhaustive search defeats one key, the second key should double the time required to break [1] -Given a plaintext P and two keys K1 and K2, ciphertext C can be generated as: C = E K2 (E K1 (P)) [2] Pitfalls: Believed to provide the effect of a 112-bit key (or 2^112 trials). But it is believed that the chosen Plaintext can be revealed in 2^57 trials, i.e. the second key providing virtually no security.[1] -Given any two keys K1 and K2, it would be possible to find a key K3 such that: C = E K2 (E K1 (P)) = (E K3 (P)) [2] -Susceptible to Meet-in-the-Middle Attacks

8 7 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Meet-in-the-Middle Attacks Meet-in-the-Middle Attacks: Observation: Given a double-encrypted plaintext: E K2 (E K1 (P)), then X = E K1 (P) = D K2 (C) Attack Approach: Given a known pair (P, C), the attack proceeds as follows [2]: -Encrypt P for all 2^56 possible values of K1 -Store results in a table and sort the table by the values of x -Next, decrypt C using all 2 ^56 possible values of K2 -As each decryption is produced, check the result against the table. -If two matching keys produce the correct ciphertext, they are to be accepted as the correct keys.

9 8 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Triple DES Triple DES: (1) Counteracts Meet-in-the-Middle Attacks by using three stages. (2) Plaintext gets encrypted, decrypted, and then encrypted – using a total of two keys: C= E K1( D K2 ( E K1 (P))) (3) No significance in using decryption for the 2nd stage; it only allows users of triple DES to decrypt data encrypted by users of the older single DES: C= E K1( D K2 ( E K1 (P))) = E K1 (P)

10 9 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Triple DES with Three Keys Triple DES with Three Keys: Some researchers feel that three distinct key triple DES is a preferred approach: -Has an effective key length of 168 Bits -Express as: C= E K3( D K2 ( E K1 (P))) A number of Internet-based apps have adopted this approach: PGP, S/MIME

11 10 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Other Symmetric Block Ciphers Other Symmetric Block Ciphers: International Data Encryption Algorithm (IDEA) -128-bit key -Used in PGP Blowfish -Easy to implement -High execution speed -Run in less than 5K of memory RC5 -Suitable for hardware and software –Fast, simple -Variable number of rounds –Variable-length key –Low memory requirement

12 11 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 5: Background Potential Locations for Confidentiality Attacks Active and Passive Attacks Link versus End-to-End Attacks Traffic Confidentiality Link Encryption Approach End-to-End Encryption Approach Key Distribution Automatic Key Distribution Resources Chapter 5 Outline

13 12 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Background Background: The focus of cryptography has historically been the use of encryption to provide confidentiality. [2] The last couple of decades have introduced other considerations, such as authentication, digital signatures, and the use of public key encryption. [2]

14 13 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Potential Locations for Confidentiality Attacks Potential Locations for Confidentiality Attacks: Workstations: In most organizations, workstations are attached to LANs. Users can typically reach other workstations, hosts, and servers directly on the LAN or on other LANs that are interconnect via routers and/or bridges. [2]. LAN: Intruders may gain access to a communications server or host on a LAN, and may potentially gain access to wiring closets, routers, packet switching networks, etc. [2].

15 14 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Active and Passive Attacks Active and Passive Attacks: Active Attacks: Attackers need to gain physical access control of a portion of the communications link and be able to insert and capture transmissions [2] Passive Attacks: Attackers merely need to be able to observe transmissions.[2]

16 15 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Link versus End-to-End Encryption Link and E2E Encryption: (1) Link encryption: –A lot of encryption devices –High level of security –Decrypt each packet at every switch (2) End-to-end encryption –The source encrypt and the receiver decrypts –Payload encrypted –Header in the clear (3) High Security: Both link and E2E encrypion are needed

17 16 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Traffic Confidentiality Traffic Confidentiality: Knoweldge about the length and number of messages between nodes may enable an Outsider to determine who is talking to whom [2]. Various types of information can be derived from a traffic analysis attack [2]: -Identities of Sender, Receiver, and associated parties -How frequently Sender and Receiver are communicating -Message pattern, message length, or quantity of messages -Events that correlate with special conversations Traffic patterns could also reveal elements of the Covert Channel being used between Sender and Receivers.

18 17 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Link Encryption Approach Link Encryption Approach [2]: Packet Headers are encrypted Still possible for Outsiders to assess the amount of traffic entering and leaving each end system When input plaintext is not present, random data are encrypted, making it possible for an attacker to distinguish true data flow from padding, and thereby deduce the amount of traffic.

19 18 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only End-to-End Encryption Approach End-to-End Encryption Approach [2]: One technique is to pad out data units to a uniform length at either the transport of application level. Additionally, null values can be inserted randomly into the stream. These tactics are designed to deny an Outsider knowledge about the amount of data exchanged between users, and obsure underlying traffic patterns.

20 19 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Key Distribution Key Distribution: For encryption to work over a network, the two parties (Sender and Receiver) must exchange and share the same keys, while protecting access to the keys from others [2]. A key could be selected by A and physically delivered to B. A third party could select the key and physically deliver it to A and B. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

21 20 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Automatic Key Distribution Auto Key Distribution [2]: (1) Host sends packet requesting connection. (2) Front end buffers packet; asks KDC for sess key (3) KDC distributes keys to both front-ends. (4) Buffer packet transmitted. (5) Terminology: -FEP: Front-End Processor -KDC: Key Distribution Center -Session Key: Data encrypted with a one-time sess key. At the conclusion of the sess, key is destroyed -Permanent key: Used between entities for the purpose of distributing sess keys

22 21 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only [1] Pfleeger, Charles. Security In Computing, Prentice Hall, 1997. Chapter 4. [2] Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Chapter 4-5 Resources

Download ppt "IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For."

Similar presentations

Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
1 Pertemuan 06 Kriptografi tradisional Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 06 Kriptografi tradisional Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.

IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.

Similar presentations

Ads by Google