eec 688/788 secure and dependable computing lecture 3 wenbing zhao department of electrical and...
TRANSCRIPT
EEC 688/788EEC 688/788Secure and Dependable Secure and Dependable ComputingComputing
Lecture 3Lecture 3
Wenbing ZhaoWenbing ZhaoDepartment of Electrical and Computer EngineeringDepartment of Electrical and Computer Engineering
Cleveland State UniversityCleveland State University
[email protected]@ieee.org
04/18/23EEC688: Secure & Dependable
Computing 1
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
OutlineOutline
Introduction to cryptography Terminology Basic encryption methods One time pad
Symmetric-key algorithms DES, AES, etc
Cipher modes
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology Encryption is the process of encoding a message
so that its meaning is not obvious Equivalent terms: encode, encipher
Decryption is the reverse process, transforming an encrypted message back into its normal, original form Equivalent terms: decode, decipher
Plaintext: message to be encrypted Ciphertext: encrypted message
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology
The cryptosystem involves a set of rules for how to encrypt the plaintext and how to decrypt the ciphertext
Why encryption? It addresses the need for confidentiality of data, also helps
to ensure integrity It forms the basis of protocols that enable us to provide
security while accomplishing system or network tasks
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cryptography TerminologyCryptography Terminology
The encryption and decryption rules are called encryption and decryption algorithms
Encryption/decryptions algorithms often use a device called a key, denoted by K, so that the resulting ciphertext depends on the original plaintext message, the algorithm, and the key value
An encryption scheme that does not require the use of a key is called a keyless cipher
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Symmetric EncryptionSymmetric Encryption The encryption and decryption keys are the same,
so P = D(K, E(K,P)) D and E are closely related. They are mirror-image
processes The symmetric systems provide a two-way channel
to their users The symmetry of this situation is a major advantage
of this type of encryption, but it also leads to a problem: key distribution
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Symmetric EncryptionSymmetric Encryption DK(EK(P)) = P
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Asymmetric EncryptionAsymmetric Encryption
Encryption and decryption keys come in pairs. The decryption key, KD, inverts the encryption of key KE, so that P = D(KD, E(KE,P))
Asymmetric encryption systems excel at key management
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
CryptologyCryptology Cryptology is the research into and study of
encryption and decryption; it includes both cryptography and cryptanalysis
Cryptography – art of devising ciphers Comes from Greek words for “secret writing”. It refers to the
practice of using encryption to conceal text Cryptanalysis – art of breaking ciphers
Study of encryption and encrypted messages, hoping to find the hidden meanings
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
CryptanalysisCryptanalysis Attempt to break a single message Attempt to recognize patterns in encrypted messages,
to be able to break subsequent ones Attempt to deduce the key, in order to break
subsequent messages easily Attempt to find weaknesses in the implementation or
environment of use of encryption Attempt to find general weaknesses in an encryption
algorithm
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
CryptanalysisCryptanalysis
Traffic analysis: attempt to infer some meaning without even breaking the encryption, e.g., Noticing an unusual frequency of communication Determining something by whether the communication was
short or long
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cryptanalysis Cryptanalysis –– Breaking Encryption Schemes Breaking Encryption Schemes Ciphertext-only: cryptanalyst has a quantity of
ciphertext and no plaintext Known plaintext: cryptanalyst has some matched
ciphertext and plaintext Chosen plaintext: cryptanalyst has the ability to
encrypt pieces of plaintext of his own choosing
04/18/23EEC688: Secure & Dependable
Computing 12
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Basic Encryption MethodsBasic Encryption Methods
Substitution ciphers: one letter is exchanged for another
Transposition ciphers: order of letters is rearranged
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Substitution CiphersSubstitution Ciphers
Idea: each letter or group of letters is replaced by another letter or group of letters
Caesar cipher – circularly shift by 3 letters a -> D, b -> E, … z -> C More generally, shift by k letters, k is the key
Monoalphabetic cipher – map each letter to some other letter A b c d e f … w x y z Q W E R T Y … V B N M <= the key
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cryptanalysis of Substitution Cryptanalysis of Substitution Ciphers Ciphers Brute force cryptanalysis would have to try 26! permutations of
a particular ciphertext message Smarter way: use frequencies of letters, pairs of letter etc., or by
guessing a probable word or phrase. Most frequently occurred Letters: e, t, o, a, n, … Digrams: th, in, er, re, an, … Trigrams: the, ing, and, ion, ent Words: the, of, and, to, a, in, that, …
When messages are long enough, the frequency distribution analysis quickly betrays many of the letters of the plaintext
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Transposition CiphersTransposition Ciphers Substitution cipher – preserves order of plaintext
symbols but disguises them Transposition cipher – reorders (rearrange) symbols
but does not disguise them. It is also called permutation
With transposition, the cryptography aims for Widely spreading the information from the message or the
key across the ciphertext Transpositions try to break established patterns
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Columnar TranspositionColumnar Transposition
Plaintext written in rows, number of columns = key length
Key is used to number the columns Ciphertext read out by columns, starting with
column whose key letter is lowest
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Columnar TranspositionColumnar Transposition
A transposition cipher example
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
One-Time PadsOne-Time Pads One-time pad: construct an unbreakable cipher
Choose a random bit string as the key Convert the plaintext into a bit string Compute the XOR of these two strings, bit by bit The resulting ciphertext cannot be broken, because in a
sufficiently large sample of ciphertext, each letter will occur equally often, as will every digram, every trigram, and so on
=> There is simply no information in the message because all possible plaintexts of the given length are equally likely
04/18/23EEC688: Secure & Dependable
Computing 19
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
One-Time PadsOne-Time Pads
Disadvantages The key cannot be memorized, both sender and
receiver must carry a written copy with them Total amount of data can be transmitted is limited
by the amount of key available Sensitive to lost or inserted characters
04/18/23EEC688: Secure & Dependable
Computing 20
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Symmetric-Key AlgorithmsSymmetric-Key Algorithms
DES – The Data Encryption Standard AES – The Advanced Encryption Standard Other Ciphers Cipher Modes
04/18/23EEC688: Secure & Dependable
Computing 21
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Data Encryption StandardData Encryption Standard Developed by IBM. US standard for unclassified info (1977)
Same key for encryption as for decryption Encrypts in 64-bit blocks Uses 56-bit key Has 19 stages,
16 parameterized by different functions of the key
04/18/23EEC688: Secure & Dependable
Computing 22
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Triple DESTriple DES Triple DES – effectively increases the key length. It
uses two keys and three stages In first stage, the plaintext is encrypted using DES in the
usual way with K1
In second stage, DES is run in decryption mode, using K2 as the key
In third stage, another DES encryption is done with K1
Triple DES encryption Triple DES decryption
04/18/23EEC688: Secure & Dependable
Computing 23
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
AES – The Advanced Encryption StandardAES – The Advanced Encryption Standard
AES is a result of a cryptographic contest Organized by NIST in 1997
Rules for AES proposals1. The algorithm must be a symmetric block cipher
2. The full design must be public
3. Key lengths of 128, 192, and 256 bits supported
4. Both software and hardware implementations required
5. The algorithm must be public or licensed on nondiscriminatory terms
Winner: Rijndael (from two Belgian cryptographers: Joan Daemen and Vincent Rijmen)
04/18/23EEC688: Secure & Dependable
Computing 24
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Other Symmetric-Key Other Symmetric-Key CiphersCiphers
04/18/23EEC688: Secure & Dependable
Computing 25
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Stream Ciphers Stream Ciphers Stream ciphers: convert one symbol of plaintext immediately into
a symbol of ciphertext The transformation depends only on the symbol, the key, and the
control information of the encryption algorithm
04/18/23EEC688: Secure & Dependable
Computing 26
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Block CiphersBlock Ciphers Block cipher: encrypts a group of plaintext symbols as one block
It works on blocks of plaintext and produce blocks of ciphertext The columnar transposition is an example of block ciphers
04/18/23EEC688: Secure & Dependable
Computing 27
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cipher ModesCipher Modes A block cipher (e.g., AES & DES) is basically a
monoalphabetic substitution cipher using big characters Whenever the same plaintext block goes in the front end,
the same ciphertext block comes out the back end If you encrypt the plaintext abcdefgh 100 times with same
DES key, you get the same ciphertext 100 times An intruder can exploit this property to help subvert the
cipher
04/18/23EEC688: Secure & Dependable
Computing 28
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Electronic Code Book ModeElectronic Code Book Mode In ECB mode, each plaintext block is encrypted independently with
the block cipher ECB allows easy parallelization to yield higher performance.
However, no processing is possible before a block is seen
04/18/23EEC688: Secure & Dependable
Computing 29
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Electronic Code Book Mode - Electronic Code Book Mode - ProblemsProblems In ECB, plaintext patterns are not concealed
Each identical block of plaintext gives an identical block of ciphertext. The plaintext can be easily manipulated by removing, repeating, or interchanging blocks
Example
04/18/23EEC688: Secure & Dependable
Computing 30
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cipher Block Chaining ModeCipher Block Chaining Mode To avoid the ECB mode problem: replacing a block
will cause the plaintext decrypted starting at the replaced to become garbage
Exclusive OR the encrypted text with the next block of plaintext before encryption: Need an initialization vector (IV) to boostrap
C0 = E(P0 XOR IV), C1 = E(P1 XOR C0), etc.
Drawback: must wait until full 64-bit (128-bit) block to arrive to decrypt
04/18/23EEC688: Secure & Dependable
Computing 31
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cipher Block Chaining ModeCipher Block Chaining Mode Exclusive OR the encrypted text with the next block
of plaintext before encryption: C0 = E(P0 XOR IV), C1 = E(P1 XOR C0), etc.
InitializationVector
Encryption Decryption
04/18/23EEC688: Secure & Dependable
Computing 32
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cipher Feedback ModeCipher Feedback Mode Basic operation (Pi and Ci are blocks):
Ci = E(Ci-1) XOR Pi, Pi = E(Ci-1) XOR Ci, C0 = IV Issue: Losing a single bit or byte will ruin all data after that
04/18/23EEC688: Secure & Dependable
Computing 33
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cipher Feedback ModeCipher Feedback Mode To enable byte-by-byte encryption
When plaintext byte n (Pn) arrives, DES algorithm operates a 64-bit register to generate a 64-bit ciphertext
Leftmost byte of that ciphertext is extracted and XORed with Pn
That byte is transmitted on the transmission line The shift register is shifted left 8 bits, causing Cn-8 to fall off
the left end, and Cn is inserted in the position just vacated at the right end by C9
04/18/23EEC688: Secure & Dependable
Computing 34
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Cipher Feedback ModeCipher Feedback Mode
Encryption Decryption
04/18/23EEC688: Secure & Dependable
Computing 35
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Stream Cipher ModeStream Cipher Mode To be insensitive to transmission error, an arbitrarily
large sequence of output blocks, called the keystream, is treated like a one-time pad and XORed with the plaintext to get the ciphertext It works by encrypting an IV, using a key to get an output
block The output block is then encrypted, using the key to get a
second output block This block is then encrypted to get a third block, and so on
The keystream is independent of the data, so (1) It can be computed in advance (2) It is completely insensitive to transmission errors
04/18/23EEC688: Secure & Dependable
Computing 36
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Stream Cipher ModeStream Cipher Mode
Encryption Decryption
04/18/23EEC688: Secure & Dependable
Computing 37
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Stream Cipher ModeStream Cipher Mode It is essential never to use the same (key, IV) pair
twice with a stream cipher because doing so will generate the same keystream each time
Using the same keystream twice exposes the ciphertext to a keystream reuse attack
Stream cipher mode is also called output feedback mode
04/18/23EEC688: Secure & Dependable
Computing 38
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Keystream Reuse AttackKeystream Reuse Attack Plaintext block, P0, is encrypted with the keystream to get P0
XOR K0 Later, a second plaintext block, Q0, is encrypted with the same
keystream to get Q0 XOR K0
An intruder who captures both ciphertext blocks can simply XOR them together to get P0 XOR Q0, which eliminates the key
The intruder now has the XOR of the two plaintext blocks If one of them is known or can be guessed, the other can also be
found In any event, the XOR of two plaintext streams can be attacked
by using statistical properties of the message
04/18/23EEC688: Secure & Dependable
Computing 39
04/18/2304/18/23 EEC688: Secure & Dependable ComputingEEC688: Secure & Dependable Computing Wenbing ZhaoWenbing Zhao
Counter ModeCounter Mode To allow random access to encrypted data
The IV plus a constant is encrypted, and the resulting ciphertext XORed with the plaintext
By stepping the IV by 1 for each new block, it is easy to decrypt a block anywhere in the file without first having to decrypt all of its predecessors
04/18/23EEC688: Secure & Dependable
Computing 40
04/18/2304/18/23 EEC693: Secure and Dependable ComputingEEC693: Secure and Dependable Computing Wenbing ZhaoWenbing Zhao
ExerciseExercise
Q1. Assuming that the DES block cipher is used in the Electronic Code Book mode. If one bit in a block of ciphertext is inverted during transmission, how many bits will likely be damaged after decryption at the receiver?
04/18/23EEC688: Secure & Dependable
Computing 41
04/18/2304/18/23 EEC693: Secure and Dependable ComputingEEC693: Secure and Dependable Computing Wenbing ZhaoWenbing Zhao
ExerciseExercise
Q2. Assuming that the DES block cipher is used in the Cipher Block Chaining mode. If one bit of ciphertext is inverted during transmission, how many bits will likely be damaged after decryption at the receiver?
04/18/23EEC688: Secure & Dependable
Computing 42
04/18/2304/18/23 EEC693: Secure and Dependable ComputingEEC693: Secure and Dependable Computing Wenbing ZhaoWenbing Zhao
ExerciseExercise
Q3. Assuming that the DES block cipher is used in the Cipher Feedback mode. If one bit of ciphertext is inverted during transmission, how many bits will likely be damaged after decryption at the receiver (for both variations)?
04/18/23EEC688: Secure & Dependable
Computing 43
04/18/2304/18/23 EEC693: Secure and Dependable ComputingEEC693: Secure and Dependable Computing Wenbing ZhaoWenbing Zhao
ExerciseExercise
Q4. Assuming that the DES block cipher is used in the Stream Cipher mode (it is also called output feedback mode). If one bit of ciphertext is inverted during transmission, how many bits will likely be damaged after decryption at the receiver?
04/18/23EEC688: Secure & Dependable
Computing 44