Скачать презентацию In the Name of the Most High Network Скачать презентацию In the Name of the Most High Network

94e1935f5c078739af70ba1ece610cdf.ppt

  • Количество слайдов: 51

In the Name of the Most High Network Security: Introduction to Conventional Encryption Behzad In the Name of the Most High Network Security: Introduction to Conventional Encryption Behzad Akbari Fall 2010 1

Outline n n n Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Outline n n n Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution 2

Symmetric Encryption n n A. k. a. conventional / secret-key / single-key Sender and Symmetric Encryption n n A. k. a. conventional / secret-key / single-key Sender and recipient share a common key All classical encryption algorithms are secret-key -based Was the only type prior to invention of public-key in 1970’s By far most widely used 3

Conventional Encryption Principles n An encryption scheme has five ingredients: q q q n Conventional Encryption Principles n An encryption scheme has five ingredients: q q q n Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm Security depends on the secrecy of the key, not the secrecy of the algorithm 4

Some Basic Terminology n Cipher q q n n Study of encryption principles/methods q Some Basic Terminology n Cipher q q n n Study of encryption principles/methods q n Recovering ciphertext from plaintext q n Converting plaintext to ciphertext q n Algorithm for transforming plaintext to ciphertext Study of principles/ methods of deciphering ciphertext without knowing key Encipher (encrypt) Decipher (decrypt) Cryptography Cryptanalysis (codebreaking) Cryptology q Field of both cryptography and cryptanalysis 5

Conventional Encryption Principles 6 Conventional Encryption Principles 6

Requirements n Two requirements for secure use of symmetric encryption: q q n A Requirements n Two requirements for secure use of symmetric encryption: q q n A strong encryption algorithm A secret key known only to sender / receiver Mathematically we have: Y = EK(X) X = DK(Y) n n Assume encryption algorithm is known Implies a secure channel to distribute key 7

Cryptography n Characterize cryptographic system by: q Type of encryption operations used n Substitution Cryptography n Characterize cryptographic system by: q Type of encryption operations used n Substitution / transposition / product q q Number of keys used n q Some examples will be discussed later Single-key or private / two-key or public Way in which plaintext is processed n Block / stream 8

Cryptanalysis n Objective q n Recover key not just message General approaches: q q Cryptanalysis n Objective q n Recover key not just message General approaches: q q Cryptanalytic attack Brute-force attack 9

Cryptanalytic Attacks n Ciphertext only q n Known plaintext q n Select plaintext and Cryptanalytic Attacks n Ciphertext only q n Known plaintext q n Select plaintext and obtain ciphertext Chosen ciphertext q n Know/suspect plaintext & ciphertext Chosen plaintext q n Only know algorithm & ciphertext, is statistical, know or can identify plaintext Select ciphertext and obtain plaintext Chosen text q Select plaintext or ciphertext to en/decrypt 10

More Definitions n Unconditional security q n No matter how much computer power or More Definitions n Unconditional security q n No matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext Computational security q Given limited computing resources (e. g. time needed for calculations is greater than age of universe), the cipher cannot be broken 11

Brute Force Search (Exhaustive key search) n n n Always possible to simply try Brute Force Search (Exhaustive key search) n n n Always possible to simply try every key Most basic attack, proportional to key size Assume either know / recognize plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4. 3 109 231 µs= 35. 8 minutes 2. 15 milliseconds 56 256 = 7. 2 1016 255 µs= 1142 years 10. 01 hours 128 2128 = 3. 4 1038 2127 µs= 5. 4 1024 years 5. 4 1018 years 168 2168 = 3. 7 1050 2167 µs= 5. 9 1036 years 5. 9 1030 years 26! = 4 1026 2 1026 µs= 6. 4 1012 years 6. 4 106 years 26 characters (permutation) 12

Classical Substitution Ciphers n n n Letters of plaintext are replaced by other letters Classical Substitution Ciphers n n n Letters of plaintext are replaced by other letters or by numbers or symbols Or, if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns Let’s take a look at several real schemes… 13

Caesar Cipher n n n Earliest known substitution cipher By Julius Caesar First attested Caesar Cipher n n n Earliest known substitution cipher By Julius Caesar First attested use in military affairs Replaces each letter by the 3 rd letter following Example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB 14

Caesar Cipher n Define transformation (mapping scheme) as: abcdefghijklmnopqrstuvwxyz DEFGHIJKLMNOPQRSTUVWXYZABC n Assign each letter Caesar Cipher n Define transformation (mapping scheme) as: abcdefghijklmnopqrstuvwxyz DEFGHIJKLMNOPQRSTUVWXYZABC n Assign each letter a number abcdefghij k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 n Mathematical approach of Caesar cipher: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26) 15

Cryptanalysis of Caesar Cipher n Only have 26 possible ciphers q n n Map Cryptanalysis of Caesar Cipher n Only have 26 possible ciphers q n n Map A to A, B, …, or Z Could simply try each in turn A brute force search q q Given ciphertext, just try all shifts of letters Need to recognize when have plaintext n n E. g. break ciphertext "GCUA VQ DTGCM“ Homework: n Write a program to break this ciphertext encrypted by a Caesar cipher (deadline 89/07/22). q “TYQZCXLETZY EPNSYZWZRJ ACZRCLX ZQ BLKGTY LKLO FYTGPCDTEJ” 16

Monoalphabetic Cipher n n Rather than just shifting the alphabet Could shuffle (jumble) the Monoalphabetic Cipher n n Rather than just shifting the alphabet Could shuffle (jumble) the letters arbitrarily Each plaintext letter maps to a different random ciphertext letter Hence key is 26 letters long Plain: a b c d e f g h i j k l m n o p q rs t u vw x y z Cipher: D KV Q F I B JWPESC XH TMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA n How many possible keys in total? 17

Monoalphabetic Cipher Security n n A total of 26! = 4^1026 keys With so Monoalphabetic Cipher Security n n A total of 26! = 4^1026 keys With so many keys, one might think it is secure But would be !!!WRONG!!! Problem is language characteristics 18

Language Redundancy and Cryptanalysis n Human languages are redundant q n n Letters are Language Redundancy and Cryptanalysis n Human languages are redundant q n n Letters are not equally commonly used In English q q q n E. g. "th lrd s m shphrd shll nt wnt" E is by far the most common letter Followed by T, R, N, I, O, A, S Other letters like Z, J, K, Q, X are fairly rare Have tables of single, double & triple letter frequencies for various languages 19

English Letter Frequencies 20 English Letter Frequencies 20

Use in Cryptanalysis n Key concept q q n Caesar cipher looks for common Use in Cryptanalysis n Key concept q q n Caesar cipher looks for common peaks/troughs q q n Monoalphabetic substitution ciphers do not change relative letter frequencies Discovered by Arabian scientists in 9 th century Calculate letter frequencies for ciphertext Compare counts/plots against known values Peaks at: A-E-I triple, NO pair, RST triple Troughs at: JK, X-Z Monoalphabetic must identify each letter q Tables of common double/triple letters help 21

Example Cryptanalysis n Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ n Count relative letter frequencies (see Example Cryptanalysis n Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ n Count relative letter frequencies (see text) q q q Guess P & Z are e & t Guess ZW is th and hence ZWP is the Proceed with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow 22

Classical Feistel Cipher Structure n n Virtually all conventional block encryption algorithms, including DES Classical Feistel Cipher Structure n n Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973 The realization of a Feistel Network depends on the choice of a number of parameters and design features: 23

Feistel Cipher Structure n n n Block size q larger block sizes mean greater Feistel Cipher Structure n n n Block size q larger block sizes mean greater security Key Size q larger key size means greater security Number of rounds q multiple rounds offer increasing security Subkey generation algorithm q greater complexity will lead to greater difficulty of cryptanalysis. Fast software encryption/decryption q the speed of execution of the algorithm becomes a concern 24

25 25

Conventional Encryption Algorithms n Data Encryption Standard (DES) q q q The most widely Conventional Encryption Algorithms n Data Encryption Standard (DES) q q q The most widely used encryption scheme The algorithm is reffered to the Data Encryption Algorithm (DEA) DES is a block cipher The plaintext is processed in 64 -bit blocks The key is 56 -bits in length 26

27 27

28 28

DES n n Mathematically, the overall processing at each iteration: q Li = Ri-1 DES n n Mathematically, the overall processing at each iteration: q Li = Ri-1 q Ri = Li-1 F(Ri-1, Ki) Concerns about: q The algorithm and the key length (56 bits) 29

Avalanche Effect n An important desirable property of encryption algorithm q q n A Avalanche Effect n An important desirable property of encryption algorithm q q n A change of one input or key bit results in changing approx half output bits Making attacks by guessing keys impossible DES exhibits strong avalanche 30

Time to break a code (106 decryptions/µs) 31 Time to break a code (106 decryptions/µs) 31

Strength of DES – Key Size n 56 -bit keys have 256 = 7. Strength of DES – Key Size n 56 -bit keys have 256 = 7. 2 x 1016 values q n Recent advances have shown possibilities q q q n Brute force search looks hard In 1997 on the Internet in a few months In 1998 on dedicated h/w (EFF) in a few days In 1999 above combined in 22 hrs! Still must be able to recognize plaintext 32

Strength of DES – Analytic Attacks n Several analytic attacks utilizing some deep structure Strength of DES – Analytic Attacks n Several analytic attacks utilizing some deep structure of the cipher q q q n These are statistical attacks q q q n By gathering information about encryptions Can eventually recover some/all of the sub-key bits If necessary then exhaustively search for the rest Differential cryptanalysis Linear cryptanalysis Related key attacks Must now consider alternatives to DES 33

Alternatives to DES n A replacement for DES was needed q q n Have Alternatives to DES n A replacement for DES was needed q q n Have theoretical attacks that can break it have demonstrated exhaustive key search attacks A strengthened DES q Triple-DEA (Triple-DES) 34

Triple DEA n Use three keys and three executions of the DES algorithm (encrypt-decryptencrypt) Triple DEA n Use three keys and three executions of the DES algorithm (encrypt-decryptencrypt) C = EK 3[DK 2[EK 1[P]]] n n n C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K Effective key length of 168 bits 35

Triple DEA 36 Triple DEA 36

Alternatives to DES n Triple-DES q Slow n n Use small blocks AES Cipher Alternatives to DES n Triple-DES q Slow n n Use small blocks AES Cipher – Rijndael q q q Designed by Joan. Daemen and Vincent Rijmen in Belgium Has 128/192/256 -bit keys, 128 -bit data An iterative rather than feistel cipher n n Processes data as block of 4 columns of 4 bytes Operates on entire data block in every round 37

Block vs. Stream Ciphers n Block ciphers q q Process messages in blocks, each Block vs. Stream Ciphers n Block ciphers q q Process messages in blocks, each of which is then en/decrypted Like a substitution on very big characters n 64 -bits or more q n Instead, create from smaller building blocks q q n Need a table of 2^64 entries for a 64 -bit block Using the idea of a product cipher Many current ciphers are block ciphers n A wide range of applications Stream ciphers q Process messages a bit or byte at a time when en/decrypting 38

Ideal Block Cipher Expansion (E-table) Permutation (P-box) Substitution (S-box) 39 Ideal Block Cipher Expansion (E-table) Permutation (P-box) Substitution (S-box) 39

Substitution-Permutation (S-P) Ciphers n S-P: substitution-permutation q Two primitive cryptographic operations n n q Substitution-Permutation (S-P) Ciphers n S-P: substitution-permutation q Two primitive cryptographic operations n n q q q Substitution (S-box) Permutation (P-box) Introduced by Claude Shannon in 1949 paper Form the basis of modern block ciphers Provide confusion & diffusion of message & key 40

Confusion and Diffusion n Cipher needs to completely obscure statistical properties of original message Confusion and Diffusion n Cipher needs to completely obscure statistical properties of original message q n A one-time pad does this More practically, Shannon suggested combining S & P elements to obtain: q Diffusion n q Dissipates statistical structure of plaintext over bulk of ciphertext Confusion n Makes relationship between ciphertext and key as complex as possible 41

Other Symmetric Block Ciphers n International Data Encryption Algorithm (IDEA) q q n 128 Other Symmetric Block Ciphers n International Data Encryption Algorithm (IDEA) q q n 128 -bit key Used in PGP Blowfish q q q Easy to implement High execution speed Run in less than 5 K of memory 42

Other Symmetric Block Ciphers n n RC 5 q Suitable for hardware and software Other Symmetric Block Ciphers n n RC 5 q Suitable for hardware and software q Fast, simple q Adaptable to processors of different word lengths q Variable number of rounds q Variable-length key q Low memory requirement q High security q Data-dependent rotations Cast-128 q Key size from 40 to 128 bits q The round function differs from round to round 43

Cipher Block Modes of Operation n Cipher Block Chaining (CBC) Mode q The input Cipher Block Modes of Operation n Cipher Block Chaining (CBC) Mode q The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block. q Repeating pattern of 64 -bits are not exposed 44

45 45

Location of Encryption Device n Link encryption: q q q n End-to-end encryption q Location of Encryption Device n Link encryption: q q q n End-to-end encryption q q q n A lot of encryption devices High level of security Decrypt each packet at every switch The source encrypts and the receiver decrypts Payload encrypted Header in the clear High Security q Both link and end-to-end encryption are needed 46

47 47

Key Distribution Physical delivery 1. § § A key could be selected by A Key Distribution Physical delivery 1. § § A key could be selected by A and physically delivered to B. A third party could select the key and physically deliver it to A and B. Network transfer 2. § § § If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. Diffie-Hellman key exchange 48

Key Distribution n Session key: q q n Data encrypted with a one-time session Key Distribution n Session key: q q n Data encrypted with a one-time session key At the conclusion of the session the key is destroyed Permanent key: q Used between entities for the purpose of distributing session keys 49

50 50

Recommended Reading n n Scneier, B. Applied Cryptography, New York: Wiley, 1996 Mel, H. Recommended Reading n n Scneier, B. Applied Cryptography, New York: Wiley, 1996 Mel, H. X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001 51