cisc 210 - class today
DESCRIPTION
CISC 210 - Class Today. “Help wanted” for security project Recap Block Ciphers Block Cipher Modes Group Problem Solve – Block Ciphers Reading Assignment: Internet Cryptography Chapters 1 and 2 Chapter excerpt on Volume Encryption from “Authentication”. “Help Wanted” for security project. - PowerPoint PPT PresentationTRANSCRIPT
March 2005 1R. Smith - University of St Thomas - Minnesota
CISC 210 - Class TodayCISC 210 - Class Today
• ““Help wanted” for security projectHelp wanted” for security project• RecapRecap• Block CiphersBlock Ciphers• Block Cipher ModesBlock Cipher Modes• Group Problem Solve – Block CiphersGroup Problem Solve – Block Ciphers
• Reading Assignment:Reading Assignment:– Internet Cryptography Chapters 1 and 2Internet Cryptography Chapters 1 and 2– Chapter excerpt on Volume Encryption from “Authentication”Chapter excerpt on Volume Encryption from “Authentication”
March 2005 2R. Smith - University of St Thomas - Minnesota
““Help Wanted” for security projectHelp Wanted” for security project
• (The title probably sounds more impressive (The title probably sounds more impressive than the actual work)than the actual work)
– I need someone to help collect information about computer I need someone to help collect information about computer security product certifications over the past 3 yearssecurity product certifications over the past 3 years
– Part-time student position for a few weeksPart-time student position for a few weeks
• QualificationsQualifications– Can deal with MS AccessCan deal with MS Access– Can read a structured technical document and quickly extract Can read a structured technical document and quickly extract
data from itdata from it– Ability to puzzle out other languages (German, French, maybe Ability to puzzle out other languages (German, French, maybe
Korean or Japanese) preferred but not requiredKorean or Japanese) preferred but not required
March 2005 3R. Smith - University of St Thomas - Minnesota
RecapRecap
• Crypto Building BlocksCrypto Building Blocks– One-way hashOne-way hash– RandomnessRandomness– XOR for encryptionXOR for encryption– Keystream generation – pseudo-random number generationKeystream generation – pseudo-random number generation– NoncesNonces
• Block CiphersBlock Ciphers– Another building blockAnother building block
March 2005 4R. Smith - University of St Thomas - Minnesota
Cracking a Block CipherCracking a Block Cipher
• It’s a hard thing to doIt’s a hard thing to do
• Known plaintext attackKnown plaintext attack– You may need several plaintext/ciphertext pairs to attackYou may need several plaintext/ciphertext pairs to attack– Generally, you still must do trial-and-error key testingGenerally, you still must do trial-and-error key testing
• Block ciphers are intentionally designed to Block ciphers are intentionally designed to make this hard. make this hard. – The designers assume the attackers can get a bunch of The designers assume the attackers can get a bunch of
plaintext/ciphertext pairsplaintext/ciphertext pairs– Those pairs aren’t enough to leak the keyThose pairs aren’t enough to leak the key
March 2005 5R. Smith - University of St Thomas - Minnesota
Hacking CiphertextHacking Ciphertext
• Let’s try encrypting with a block cipherLet’s try encrypting with a block cipher
• Let’s edit the ciphertextLet’s edit the ciphertext
• Next, decrypt and see what happens.Next, decrypt and see what happens.
March 2005 6R. Smith - University of St Thomas - Minnesota
Cipher Block “Modes”Cipher Block “Modes”
• These use other crypto building blocks to solve These use other crypto building blocks to solve certain problems with block cipherscertain problems with block ciphers
• How do we handle partial blocks?How do we handle partial blocks?– Not all digital data will fit exactly into the blocksNot all digital data will fit exactly into the blocks– How do we do a ‘real’ stream cipher with a block cipher?How do we do a ‘real’ stream cipher with a block cipher?
• Also – There is a ‘patterning’ problemAlso – There is a ‘patterning’ problem– If you just use the block cipher directly, you may leak If you just use the block cipher directly, you may leak
information through patterns in the encrypted datainformation through patterns in the encrypted data
March 2005 7R. Smith - University of St Thomas - Minnesota
““Straight” Crypto – ECB ModeStraight” Crypto – ECB Mode
• Just apply the key to the plaintextJust apply the key to the plaintext• Block after block after blockBlock after block after block
March 2005 8R. Smith - University of St Thomas - Minnesota
Penguin using Straight CryptoPenguin using Straight Crypto
BEFORE:BEFORE: AFTER:AFTER:
March 2005 9R. Smith - University of St Thomas - Minnesota
What We WantWhat We Want
BEFORE:BEFORE: AFTER:AFTER:
March 2005 10R. Smith - University of St Thomas - Minnesota
What’s the problem?What’s the problem?
• The blocks themselves form patternsThe blocks themselves form patterns– We ‘leak’ information because of those patternsWe ‘leak’ information because of those patterns
• Also, it only works on whole blocksAlso, it only works on whole blocks– How do we encrypt partial blocks?How do we encrypt partial blocks?– I.E. how do we make a block cipher into a stream cipher?I.E. how do we make a block cipher into a stream cipher?
March 2005 11R. Smith - University of St Thomas - Minnesota
A Simple Idea: Key Autokey (OFB)A Simple Idea: Key Autokey (OFB)
• The key stream is independent of the data streamThe key stream is independent of the data stream• Sort of like a ‘stream cipher’ - can work bit by bitSort of like a ‘stream cipher’ - can work bit by bit• The “Initialization Vector” – it’s a nonceThe “Initialization Vector” – it’s a nonce
March 2005 12R. Smith - University of St Thomas - Minnesota
OFB DecryptionOFB Decryption
• Basically identical to the encryption operationBasically identical to the encryption operation• Start with the initialization vector (IV)Start with the initialization vector (IV)• Generates the exact same key streamGenerates the exact same key stream
March 2005 13R. Smith - University of St Thomas - Minnesota
Another view of OFBAnother view of OFB
• The block cipher provides the PRNGThe block cipher provides the PRNG– The actual keystream varies with the key and the IVThe actual keystream varies with the key and the IV
Block CipherBlock CipherAlgorithmAlgorithm
Initialization Initialization Vector (IV)Vector (IV) PlaintextPlaintext
CiphertextCiphertextKeyKey
March 2005 14R. Smith - University of St Thomas - Minnesota
A variant: Cipher Feedback (CFB)A variant: Cipher Feedback (CFB)
• Like OFB, but feeds forward the ciphertextLike OFB, but feeds forward the ciphertext– Keystream incorporates the ciphertextKeystream incorporates the ciphertext
• Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt
March 2005 15R. Smith - University of St Thomas - Minnesota
CFB DecryptionCFB Decryption
• Basically identical to the encryption operationBasically identical to the encryption operation• Start with the initialization vector (IV)Start with the initialization vector (IV)• Generates the exact same key streamGenerates the exact same key stream
March 2005 16R. Smith - University of St Thomas - Minnesota
Yet Another: Counter Mode (CTR)Yet Another: Counter Mode (CTR)
• Like OFB, but uses a counter instead of chainingLike OFB, but uses a counter instead of chaining• ““Nonce” is a random data value; counter incrementsNonce” is a random data value; counter increments• Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt
March 2005 17R. Smith - University of St Thomas - Minnesota
CTR DecryptionCTR Decryption
• Basically identical to the encryption operationBasically identical to the encryption operation• Start with the initialization vector (IV)Start with the initialization vector (IV)• Generates the exact same key streamGenerates the exact same key stream
March 2005 18R. Smith - University of St Thomas - Minnesota
A Popular Choice: CBCA Popular Choice: CBC
• Kind of Rube Goldberg-ishKind of Rube Goldberg-ish• Each block of plaintext is mixed with the previous Each block of plaintext is mixed with the previous
block of ciphertext before encryptionblock of ciphertext before encryption• Again, uses an IVAgain, uses an IV
March 2005 19R. Smith - University of St Thomas - Minnesota
CBC DecryptionCBC Decryption
• Start with the initialization vector (IV)Start with the initialization vector (IV)• XOR with decrypted ciphertext to yield plaintextXOR with decrypted ciphertext to yield plaintext• ““Error extension” - how do errors propagate?Error extension” - how do errors propagate?• Can we “mix and match” blocks?Can we “mix and match” blocks?
March 2005 20R. Smith - University of St Thomas - Minnesota
Quick Overview of ModesQuick Overview of Modes
• Seen HereSeen Here– Codebook – the non-modeCodebook – the non-mode– OFB – gives us a basic stream cipherOFB – gives us a basic stream cipher– CFB – Feeds back the ciphertext, not the keystreamCFB – Feeds back the ciphertext, not the keystream– CTR – reasonable choice for disk drive encryptionCTR – reasonable choice for disk drive encryption– CBC – complicated and popularCBC – complicated and popular
• OthersOthers– XEX – supercharged CTR mode, used in TrueCryptXEX – supercharged CTR mode, used in TrueCrypt
March 2005 21R. Smith - University of St Thomas - Minnesota
In Class group exerciseIn Class group exercise
• Four groups, 4 problemsFour groups, 4 problems– For each:For each:
• Is the output obviously messed up?Is the output obviously messed up?• Does the output ever get back to normal?Does the output ever get back to normal?• If so, how much output gets affected (#bits, #blocks)?If so, how much output gets affected (#bits, #blocks)?
1.1. Swap two blocks in CBCSwap two blocks in CBC
2.2. Ciphertext flips 1 bit in CBCCiphertext flips 1 bit in CBC
3.3. Swap two blocks in CTRSwap two blocks in CTR
4.4. Ciphertext flips 1 bit in CTRCiphertext flips 1 bit in CTR
March 2005 22R. Smith - University of St Thomas - Minnesota
Desktop Crypto ImplementationsDesktop Crypto Implementations
• File encryptionFile encryption– User controlled; sharing and separation on computerUser controlled; sharing and separation on computer
• Hard drive encryptionHard drive encryption– Done in hardware, no real user controlDone in hardware, no real user control
• Volume encryptionVolume encryption– Done in software; no real user controlDone in software; no real user control
• Policy implications!Policy implications!
March 2005 23R. Smith - University of St Thomas - Minnesota
Operating System StructureOperating System Structure
• Pieces of the OS, related to I/O systemPieces of the OS, related to I/O system– File systemFile system– Device driversDevice drivers
• Drivers are flexible partDrivers are flexible part
• File system and API give a standard ‘view’ of File system and API give a standard ‘view’ of hard drives to user programshard drives to user programs
March 2005 24R. Smith - University of St Thomas - Minnesota
Volume encryptionVolume encryption
• Device driver encrypts data written to the driveDevice driver encrypts data written to the drive• Can’t boot without a password/phrase/keyCan’t boot without a password/phrase/key• Users can steal from each otherUsers can steal from each other
– Trojan horse issueTrojan horse issue
• Everything is safe if volume is stolenEverything is safe if volume is stolen– (and key is unknown)(and key is unknown)
March 2005 25R. Smith - University of St Thomas - Minnesota
Hard drive encryptionHard drive encryption
• Fast crypto built into hard driveFast crypto built into hard drive• Users can steal from each otherUsers can steal from each other• Crypto is harder to disableCrypto is harder to disable• Problem: how do we handle the key?Problem: how do we handle the key?
March 2005 26R. Smith - University of St Thomas - Minnesota
Structure AlternativesStructure Alternatives
• Hard drive encryptionHard drive encryption– At hardware levelAt hardware level– Outside/beyond device driverOutside/beyond device driver
• Volume encryptionVolume encryption– At device driver levelAt device driver level– File system sees a normal driveFile system sees a normal drive
March 2005 27R. Smith - University of St Thomas - Minnesota
Software Crypto DilemmasSoftware Crypto Dilemmas
• How do we keep the crypto safe?How do we keep the crypto safe?– What can ‘they’ subvertWhat can ‘they’ subvert
• Subversion examplesSubversion examples– File encryptionFile encryption– Hard drive encryptionHard drive encryption
• Access control protectionsAccess control protections
March 2005 28R. Smith - University of St Thomas - Minnesota
Cipher block modesCipher block modes
The images all came from the Wikipedia entry on Block Cipher ModesThe images all came from the Wikipedia entry on Block Cipher Modes
The Penguin image was produced by [email protected] and The GIMP if someone The Penguin image was produced by [email protected] and The GIMP if someone asks.asks.
Creative Commons LicenseCreative Commons License
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit States License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.
March 2005 29R. Smith - University of St Thomas - Minnesota
March 2005 30R. Smith - University of St Thomas - Minnesota
March 2005 31R. Smith - University of St Thomas - Minnesota
Creative Commons LicenseCreative Commons License
This work is licensed under the Creative This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United Commons Attribution-Share Alike 3.0 United
States License. To view a copy of this license, States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-visit http://creativecommons.org/licenses/by-
sa/3.0/us/ or send a letter to Creative sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Commons, 171 Second Street, Suite 300, San
Francisco, California, 94105, USA.Francisco, California, 94105, USA.