lukasz pater [email protected] software...
TRANSCRIPT
2014 Lukasz Pater EDMS 1373428
Lukasz Pater [email protected] Software Engineer
Symmetric Cryptography
2014 Lukasz Pater
Agenda § Few words about myself
§ Introduction § Basic Concepts
§ History
§ Data Encryption Standard
§ Advanced Encryption Standard
§ Concept of perfect secrecy § Why does it not have practical
relevance?
§ Conclusions
Symmetric Cryptography
2014 Lukasz Pater
Professional Experience § Internship at DeNIC (09.2008 – 02.2009) § Design, test and configuration of future
“.de”-name servers.
§ Technical Student, Fellow and Staff Member at CERN in GS-ASE-EDS section (04.2009 – present) § Administration, security and
customization of Infor EAM – CERN’s Asset Management System.
§ The other activity of the section is development and administration of EDMS – CERN’s Engineering Data Management System.
Symmetric Cryptography
2014 Lukasz Pater
Cryptography Practice and study of techniques for secure communication in
the presence of third parties.
Spring Campus
Spring Campus
yXs7d70k dY_mGH
Types of cryptography Symmetric key cryptography – Involves the use of one key Public key cryptography – Involves the use of two keys Hash functions – Involves the use of no keys (why is it useful?)
Symmetric Cryptography
2014 Lukasz Pater
Cryptanalysis § The art of deciphering encrypted messages without knowing
the keys § No mathematical proof of security for most ciphers
§ The only way to have assurance that a cipher is secure is to try to break it … and fail
§ Kerckhoffs’ principle (1883) ( ≠ security thorough obscurity)
§ For example, the GSM specifications were developed secretly. When the encryption algorithms were leaked the system became compromised even without the secret key
A cryptosystem should be secure even if the attacker knows all details about the system, with the exception of the secret key
A3/A8
Symmetric Cryptography
2014 Lukasz Pater
Cipher Types § Substitution Ciphers § A substitution technique is one in which letters are replaced
throughout the message for other letters. § Caesar and Vigenère Cipher
§ Transposition Ciphers § In a transposition cipher the letters are kept unchanged but their
order is scrambled:
D U N B A _ 4 1
3 8 5 1 4 7 2 6
B 4 A D N 1 U _
Plaintext
Password
Ciphertext
Symmetric Cryptography
2014 Lukasz Pater
Ceasar Cipher § Most famous mono-alphabetic
substitution cipher § Known as substitution cipher
because letters are substituted for one another (AèD, BèE, …)
§ Named after Julius Caesar who used it with a shift of three to protect messages in military affairs
§ Cryptanalysis § Only have 26 possible ciphers
(AèB or C or D … or Z)
§ Could simply try each in turn
Symmetric Cryptography
2014 Lukasz Pater
Vigenère Cipher § Simplest poly-alphabetic
substitution cipher § Uses a key to select which
alphabet is used for each letter of the message (look-up table)
§ Key: k = k1k2 ... kn; ith letter specifies ith alphabet to use
§ Multiple ciphertext letters for each plaintext letter § Letter frequencies are obscured,
but not totally lost
§ Find the key length and attack each mono-alphabetic cipher
BLUE BLUE BL VOLG ARIV ER
WZFK BCCZ FC
Plaintext Password
Ciphertext
Symmetric Cryptography
2014 Lukasz Pater
Enigma / History § One of the best known electro-
mechanical encryption machines § Invented in 1918 by A. Scherbius
§ Simple design, yet powerful in capability
§ Heavily used during WW II
§ Breaking the Enigma (1944) probably brought an early end to the war
§ Daily keys (settings for rotors and plugboard cables) were sent in a code book each month
Symmetric Cryptography
2014 Lukasz Pater
How did Enigma work? § Essentially it is an automated and
complex substitution cipher § Rotors have different wiring
connecting input to output
§ Rotors move after each keypress
§ The key is the initial position of the the three rotors
§ The reflector design allowed encryption and decryption with the same setting, but also ensured no letter encoded to itself
§ Number of possible keys: 1016
Symmetric Cryptography
2014 Lukasz Pater
Cryptography in the computer age
§ Working with binary code
§ Things can be done many times § Think of Enigma machine with
20 rotors …
§ Beside that the basic principles remain the same as in classical cryptography
+24672351 74737882
99410233
+24672351 32291467
56963818
Symmetric Cryptography
2014 Lukasz Pater
Data Encryption Standard (DES)
§ Most widely used block cipher in the world § Adopted by NIST in 1977
§ Fast and easy to implement
§ Considered obsolete (broken via distributed.net in 23 hours)
§ Design principles of DES were to achieve an high degree of diffusion and confusion § Diffusion: making each plaintext bit affect as many ciphertext bits
as possible § Confusion: making the relationship between the encryption key
and the ciphertext as complex as possible
Symmetric Cryptography
2014 Lukasz Pater
Data Encryption Standard (DES)
§ Encrypts plaintext in 64-bit blocks using a 64-bit key
§ The encryption process is made of two permutations (initial and final) and sixteen rounds § The permutations have no
cryptographic significance § Each round differs only in the
48-bit round (keyi) key as input
§ The algorithm can be run in reverse for decryption
Init. Perm
Round1
Round2
Round16 Key
Gen
erat
or
DES
key1
key2
key16
Final Perm
DUBNA_14 64bits 64bits
6&d#9M>X
Symmetric Cryptography
2014 Lukasz Pater
Data Encryption Standard (DES)
§ Separate message block into two 32-bit halves, Li and Ri
§ The confusion is introduced by using a ‘complex’ nonlinear function ƒ
§ Function ƒ has two inputs: Ri and a 48-bit round key ki
§ The diffusion is introduced by XOR-ing Li and the output of function ƒ
DUBN A_14
A_14 tE@F
ƒ(Ri,ki) 48bits
Symmetric Cryptography
2014 Lukasz Pater
Data Encryption Standard (DES)
§ The heart of DES is the ƒ function. § Since the round key ki is a 48-bit input, it first expands Ri to 48
bits and XORs it with ki
§ In the next step the S-boxes do the real mixing (confusion). DES uses 8 S-Boxes, each with 6-bit input and 4-bit output
§ Served most commerce applications for almost 30 years
§ The design criteria are classified § Considerable controversy over
the design, particularly in the choice of a 56-bit key
Symmetric Cryptography
2014 Lukasz Pater
Advanced Encryption Standard (AES)
§ DES is showing its age, Triple-DES too slow § 1997: AES announced, call for algorithms
§ 1999: 5 finalists
§ October 2000: Rijndael selected
§ Similar to DES: block cipher with 128-bit blocks § Key length: 128, 192 or 256 bits.
§ S-Boxes based on modular arithmetic with polynomials
§ Easy to analyse, attacks fail
Symmetric Cryptography
2014 Lukasz Pater
Advanced Encryption Standard (AES) CERN/JINR_SCHOOL
PreRound
Round1
Round2
Roundn
DH6MSH9_%K?3=23A
Key
Exp
ansi
on key1
key2
key3
keyn
128,192 or 256 bits
AES
128bits
Symmetric Cryptography
2014 Lukasz Pater
AES / Round C / R H E J _ O R I S O N N C L
keyi
SubBytes
ShiftRows
MixColumns
AddKey
§ SubBytes transformation replaces each byte of the block by its substitute § The transformation is defined
algebraically by using GF(28)
§ ShiftRows transformation shifts each row cyclically
C / R H J _ O E S O R I L N N C
C / R H E J _ O R I S O N N C L
Symmetric Cryptography
2014 Lukasz Pater
AES / Round
keyi
SubBytes
ShiftRows
MixColumns
AddKey
§ MixColumns transformation transforms each column of the state to a new column § Changing the bits inside a byte
(based on the bits inside the neighboring bytes) grants diffusion at the bit level
§ Each column is multiplied by a constant matrix
§ AddKey combines (XOR) each byte of the state with the corresponding byte of the subkey keyi
C / R H E J _ O R I S O N N C L
Symmetric Cryptography
2014 Lukasz Pater
AES / Summary
§ AES was designed after DES. Most of the known attacks on DES were already tested on AES § Brute-Force Attacks: larger keys make it more secure than DES
§ Statistical Attacks: statistical analysis of the ciphertext has failed so far
§ Differential Attacks: not possible for the time being
§ Encryption and decryption are not “the same” (as in DES), but each step has an inverse
§ The algorithms used in AES are so simple that they can be easily implemented using very primitive hardware
Symmetric Cryptography
2014 Lukasz Pater
One Time Pad / Overview
§ Developed by Gilbert Vernam in 1918
§ Special Case of the Vigenere Cipher
§ Plaintext length ≤ key length § The message is represented as a binary string
§ The key is a truly random sequence of 0’s and 1’s
§ Encryption: exclusive-OR of the plaintext and the key (left)
0 1 0 0 0 0 1 0 0 1 1 1 0 1 0 0
0 0 1 1 0 1 1 0
Symmetric Cryptography
2014 Lukasz Pater
One Time Pad / Analysis
§ Proven to be mathematically secure against all attacks
§ Key must be random § Randomness is not easy to generate
§ Non-randomness of the key makes the algorithm breakable
§ Any key should only be used once
§ Why isn’t it a standard cryptosystem? § The keys must be exchanged over a secure channel …
A cryptosystem is unconditionally secure if the ciphertext does not give any information about the plaintext (except its length)
Symmetric Cryptography
2014 Lukasz Pater
Conclusions § Cryptography is hard
§ Security can not be proven
§ Even expertly designed ciphers have weaknesses
§ With symmetric cipher both parties need the same key …
§ A theoretically secure cipher system may not be secure in practice
§ A theoretically breakable cipher system may be secure in practice
Symmetric Cryptography
2014 Lukasz Pater
Questions & Answers