EEC-484/584EEC-484/584Computer NetworksComputer Networks
Lecture 15Lecture 15
Wenbing ZhaoWenbing Zhao
22
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
OutlineOutline
• Reminder:– Wiki page peer review due tonight (12/1)
• Introduction to cryptography
33
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology
• Encryption is the process of encoding a message so that its meaning is not obvious– Equivalent terms: encode, encipher
• Encryption addresses the need for confidentiality of data• Encryption can also be used to ensure integrity (i.e.,
unauthorized change can be detected)• Encryption is the basis of protocols that enable us to
provide security while accomplishing system or network tasks
44
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology
• Decryption is the reverse process, transforming an encrypted message back into its normal, original form – Equivalent terms: decode, decipher
• A system for encryption and decryption is called a cryptosystem
55
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology
• The encryption and decryption rules are called encryption and decryption algorithms
• Encryption/decryption algorithms often use a device called a key, denoted by K, so that the resulting ciphertext depends on the original plaintext message, the algorithm, and the key value
• An encryption scheme that does not require the use of a key is called a keyless cipher
66
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology• Plaintext: message to be encrypted• Ciphertext: encrypted message• DK(EK(P)) = P
77
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Symmetric EncryptionSymmetric Encryption• The encryption and decryption keys are the
same, so P = D(K, E(K,P))• D and E are closely related. They are mirror-
image processes• The symmetric systems provide a two-way
channel to their users• The symmetry of this situation is a major
advantage of this type of encryption, but it also leads to a problem: key distribution
88
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Asymmetric EncryptionAsymmetric Encryption
• Encryption and decryption keys come in pairs. The decryption key, KD, inverts the encryption of key KE, so that P = D(KD, E(KE,P))
• Asymmetric encryption systems excel at key management
99
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
CryptologyCryptology
• Cryptology is the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis
• Cryptography – art of devising ciphers – Comes from Greek words for “secret writing”. It refers
to the practice of using encryption to conceal text
• Cryptanalysis – art of breaking ciphers – Study of encryption and encrypted messages, hoping to
find the hidden meanings
1010
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Basic Encryption MethodsBasic Encryption Methods
• Substitution ciphers: one letter is exchanged for another
• Transposition ciphers: order of letters is rearranged
1111
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Substitution CiphersSubstitution Ciphers
• Idea: each letter or group of letters is replaced by another letter or group of letters
• Caesar cipher – circularly shift by 3 letters– a -> D, b -> E, … z -> C– More generally, shift by k letters, k is the key
• Monoalphabetic cipher – map each letter to some other letter– A b c d e f … w x y z– Q W E R T Y … V B N M <= the key
1212
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Substitution CiphersSubstitution Ciphers
• Not difficult to determine the key using frequencies of letters, pairs of letter etc., or by guessing a probable word or phrase
• Most frequently occurred– Letters: e, t, o, a, n, …– Digrams: th, in, er, re, an, …– Trigrams: the, ing, and, ion, ent– Words: the, of, and, to, a, in, that, …
1313
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Transposition CiphersTransposition Ciphers
• Transposition cipher – reorders (rearrange) symbols but does not disguise them. It is also called permutation
• Transpositions try to break established patterns• Both substitution and transport ciphers can be
broken using language statistical information
1414
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Columnar TranspositionColumnar Transposition
• Plaintext written in rows, number of columns = key length
• Key is used to number the columns
• Ciphertext read out by columns, starting with column whose key letter is lowest
1515
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Columnar TranspositionColumnar Transposition
• A transposition cipher example
1616
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
One-Time PadsOne-Time Pads• One-time pad: construct an unbreakable cipher
– Choose a random bit string as the key– Convert the plaintext into a bit string– Compute the XOR of these two strings, bit by bit– The resulting ciphertext cannot be broken, because in
a sufficiently large sample of ciphertext, each letter will occur equally often
=> there is simply no information in the message because all possible plaintexts of the given length are equally likely
1717
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
One-Time PadsOne-Time Pads
I L O V E Y O U .
E L V I S L I V E S
Original one-time pad used
If someone tries to decrypt using another one-time pad
1818
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
One-Time PadsOne-Time Pads
• Disadvantages– The key cannot be memorized, both sender
and receiver must carry a written copy with them
– Total amount of data can be transmitted is limited by the amount of key available
– Sensitive to lost or inserted characters
1919
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Stream Ciphers Stream Ciphers • Stream ciphers: convert one symbol of plaintext
immediately into a symbol of ciphertext– The transformation depends only on the symbol, the
key, and the control information of the encryption algorithm
2020
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Block CiphersBlock Ciphers• Block cipher: encrypts a group of plaintext symbols as one
block• Block ciphers work on blocks of plaintext and produce
blocks of ciphertext – The columnar transposition is an example of block ciphers
2121
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cryptanalysis Cryptanalysis –– Breaking Encryption Schemes Breaking Encryption Schemes
• Ciphertext-only: cryptanalyst has a quantity of ciphertext and no plaintext
• Known plaintext: cryptanalyst has some matched ciphertext and plaintext
• Chosen plaintext: cryptanalyst has the ability to encrypt pieces of plaintext of his own choosing
2222
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Symmetric-Key AlgorithmsSymmetric-Key Algorithms
• DES – The Data Encryption Standard
• AES – The Advanced Encryption Standard
• Cipher Modes
2323
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Data Encryption StandardData Encryption Standard• Developed by IBM. US standard for unclassified info (1977)
• Same key for encryption as for decryption• Encrypts in 64-bit blocks• Uses 56-bit key• Has 19 stages,
16 parameterized by different functions of the key
2424
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Triple DESTriple DES
• Triple DES – effectively increases the key length. It uses two keys and three stages– In first stage, the plaintext is encrypted using DES in
the usual way with K1
– In second stage, DES is run in decryption mode, using K2 as the key
– In third stage, another DES encryption is done with K1
Triple DES encryption Triple DES decryption
2525
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
AES – The Advanced Encryption StandardAES – The Advanced Encryption Standard
• AES is a result of a cryptographic contest– Organized by NIST in 1997
• Rules for AES proposals1. The algorithm must be a symmetric block cipher
2. The full design must be public
3. Key lengths of 128, 192, and 256 bits supported
4. Both software and hardware implementations required
5. The algorithm must be public or licensed on nondiscriminatory terms
• Winner: Rijndael (from two Belgian cryptographers: Joan Daemen and Vincent Rijmen)
2626
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
AESAES
• Creating of the state and rk arrays
2727
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cipher ModesCipher Modes
• Despite all the complexity, AES and DES (or any block cipher) is basically a monoalphabetic substitution cipher using big characters– Whenever the same plaintext block goes in the front
end, the same ciphertext block comes out the back end
– If you encrypt the plaintext abcdefgh 100 times with same DES key, you get the same ciphertext 100 times
– An intruder can exploit this property to help subvert the cipher
2828
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Electronic Code Book ModeElectronic Code Book Mode• In ECB mode, each plaintext block is encrypted
independently with the block cipher• ECB allows easy parallelization to yield higher
performance. However, no processing is possible before a block is seen
2929
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Electronic Code Book Mode - ProblemsElectronic Code Book Mode - Problems
• In ECB, plaintext patterns are not concealed– Each identical block of plaintext gives an identical block
of ciphertext. The plaintext can be easily manipulated by removing, repeating, or interchanging blocks
• Example
3030
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cipher Block Chaining ModeCipher Block Chaining Mode
• To avoid the ECB mode problem: replacing a block will cause the plaintext decrypted starting at the replaced to become garbage
• Exclusive OR the encrypted text with the next block of plaintext before encryption: C0 = E(P0 XOR IV), C1 = E(P1 XOR C0), etc.
• Drawback: must wait until full 64-bit (128-bit) block to arrive to decrypt
3131
Fall Semester 2008Fall Semester 2008 EEC-484/584: Computer NetworksEEC-484/584: Computer Networks Wenbing ZhaoWenbing Zhao
Cipher Block Chaining ModeCipher Block Chaining Mode
• Exclusive OR the encrypted text with the next block of plaintext before encryption: C0 = E(P0 XOR IV), C1 = E(P1 XOR C0), etc.
InitializationVector
Encryption Decryption