lukasz pater [email protected] software...

2014 Lukasz Pater EDMS 1373428

Lukasz Pater [email protected] Software Engineer

Symmetric Cryptography

2014 Lukasz Pater

Agenda §  Few words about myself

§  Introduction §  Basic Concepts

§ History

§  Data Encryption Standard

§  Advanced Encryption Standard

§  Concept of perfect secrecy § Why does it not have practical

relevance?

§  Conclusions


2014 Lukasz Pater

Professional Experience §  Internship at DeNIC (09.2008 – 02.2009) §  Design, test and configuration of future

“.de”-name servers.

§  Technical Student, Fellow and Staff Member at CERN in GS-ASE-EDS section (04.2009 – present) §  Administration, security and

customization of Infor EAM – CERN’s Asset Management System.

§  The other activity of the section is development and administration of EDMS – CERN’s Engineering Data Management System.


2014 Lukasz Pater

Cryptography Practice and study of techniques for secure communication in

the presence of third parties.

Spring Campus

Spring Campus

yXs7d70k dY_mGH

Types of cryptography Symmetric key cryptography – Involves the use of one key Public key cryptography – Involves the use of two keys Hash functions – Involves the use of no keys (why is it useful?)


2014 Lukasz Pater

Cryptanalysis §  The art of deciphering encrypted messages without knowing

the keys § No mathematical proof of security for most ciphers

§  The only way to have assurance that a cipher is secure is to try to break it … and fail

§  Kerckhoffs’ principle (1883) ( ≠ security thorough obscurity)

§  For example, the GSM specifications were developed secretly. When the encryption algorithms were leaked the system became compromised even without the secret key

A cryptosystem should be secure even if the attacker knows all details about the system, with the exception of the secret key

A3/A8


2014 Lukasz Pater

Cipher Types §  Substitution Ciphers §  A substitution technique is one in which letters are replaced

throughout the message for other letters. § Caesar and Vigenère Cipher

§  Transposition Ciphers §  In a transposition cipher the letters are kept unchanged but their

order is scrambled:

D U N B A _ 4 1

3 8 5 1 4 7 2 6

B 4 A D N 1 U _

Plaintext

Password

Ciphertext


2014 Lukasz Pater

Ceasar Cipher § Most famous mono-alphabetic

substitution cipher §  Known as substitution cipher

because letters are substituted for one another (AèD, BèE, …)

§ Named after Julius Caesar who used it with a shift of three to protect messages in military affairs

§  Cryptanalysis § Only have 26 possible ciphers

(AèB or C or D … or Z)

§ Could simply try each in turn


2014 Lukasz Pater

Vigenère Cipher §  Simplest poly-alphabetic

substitution cipher § Uses a key to select which

alphabet is used for each letter of the message (look-up table)

§  Key: k = k1k2 ... kn; ith letter specifies ith alphabet to use

§ Multiple ciphertext letters for each plaintext letter §  Letter frequencies are obscured,

but not totally lost

§  Find the key length and attack each mono-alphabetic cipher

BLUE BLUE BL VOLG ARIV ER

WZFK BCCZ FC

Plaintext Password

Ciphertext


2014 Lukasz Pater

Enigma / History § One of the best known electro-

mechanical encryption machines §  Invented in 1918 by A. Scherbius

§  Simple design, yet powerful in capability

§ Heavily used during WW II

§  Breaking the Enigma (1944) probably brought an early end to the war

§  Daily keys (settings for rotors and plugboard cables) were sent in a code book each month


2014 Lukasz Pater

How did Enigma work? §  Essentially it is an automated and

complex substitution cipher § Rotors have different wiring

connecting input to output

§ Rotors move after each keypress

§  The key is the initial position of the the three rotors

§  The reflector design allowed encryption and decryption with the same setting, but also ensured no letter encoded to itself

§  Number of possible keys: 1016


2014 Lukasz Pater

Cryptography in the computer age

§ Working with binary code

§  Things can be done many times §  Think of Enigma machine with

20 rotors …

§  Beside that the basic principles remain the same as in classical cryptography

+24672351 74737882

99410233

+24672351 32291467

56963818


2014 Lukasz Pater

Data Encryption Standard (DES)

§ Most widely used block cipher in the world §  Adopted by NIST in 1977

§  Fast and easy to implement

§ Considered obsolete (broken via distributed.net in 23 hours)

§  Design principles of DES were to achieve an high degree of diffusion and confusion § Diffusion: making each plaintext bit affect as many ciphertext bits

as possible § Confusion: making the relationship between the encryption key

and the ciphertext as complex as possible


2014 Lukasz Pater


§  Encrypts plaintext in 64-bit blocks using a 64-bit key

§  The encryption process is made of two permutations (initial and final) and sixteen rounds §  The permutations have no

cryptographic significance §  Each round differs only in the

48-bit round (keyi) key as input

§  The algorithm can be run in reverse for decryption

Init. Perm

Round1

Round2

Round16 Key

Gen

erat

or

DES

key1

key2

key16

Final Perm

DUBNA_14 64bits 64bits

6&d#9M>X


2014 Lukasz Pater


§  Separate message block into two 32-bit halves, Li and Ri

§  The confusion is introduced by using a ‘complex’ nonlinear function ƒ

§  Function ƒ has two inputs: Ri and a 48-bit round key ki

§  The diffusion is introduced by XOR-ing Li and the output of function ƒ

DUBN A_14

A_14 tE@F

ƒ(Ri,ki) 48bits


2014 Lukasz Pater


§  The heart of DES is the ƒ function. §  Since the round key ki is a 48-bit input, it first expands Ri to 48

bits and XORs it with ki

§  In the next step the S-boxes do the real mixing (confusion). DES uses 8 S-Boxes, each with 6-bit input and 4-bit output

§  Served most commerce applications for almost 30 years

§  The design criteria are classified § Considerable controversy over

the design, particularly in the choice of a 56-bit key


2014 Lukasz Pater

Advanced Encryption Standard (AES)

§  DES is showing its age, Triple-DES too slow §  1997: AES announced, call for algorithms

§  1999: 5 finalists

§ October 2000: Rijndael selected

§  Similar to DES: block cipher with 128-bit blocks §  Key length: 128, 192 or 256 bits.

§  S-Boxes based on modular arithmetic with polynomials

§  Easy to analyse, attacks fail


2014 Lukasz Pater

Advanced Encryption Standard (AES) CERN/JINR_SCHOOL

PreRound

Round1

Round2

Roundn

DH6MSH9_%K?3=23A

Key

Exp

ansi

on key1

key2

key3

keyn

128,192 or 256 bits

AES

128bits


2014 Lukasz Pater

AES / Round C / R H E J _ O R I S O N N C L

keyi

SubBytes

ShiftRows

MixColumns

AddKey

§  SubBytes transformation replaces each byte of the block by its substitute §  The transformation is defined

algebraically by using GF(28)

§  ShiftRows transformation shifts each row cyclically

C / R H J _ O E S O R I L N N C

C / R H E J _ O R I S O N N C L


2014 Lukasz Pater

AES / Round

keyi

SubBytes

ShiftRows

MixColumns

AddKey

§ MixColumns transformation transforms each column of the state to a new column § Changing the bits inside a byte

(based on the bits inside the neighboring bytes) grants diffusion at the bit level

§  Each column is multiplied by a constant matrix

§  AddKey combines (XOR) each byte of the state with the corresponding byte of the subkey keyi

C / R H E J _ O R I S O N N C L


2014 Lukasz Pater

AES / Summary

§  AES was designed after DES. Most of the known attacks on DES were already tested on AES §  Brute-Force Attacks: larger keys make it more secure than DES

§  Statistical Attacks: statistical analysis of the ciphertext has failed so far

§ Differential Attacks: not possible for the time being

§  Encryption and decryption are not “the same” (as in DES), but each step has an inverse

§  The algorithms used in AES are so simple that they can be easily implemented using very primitive hardware


2014 Lukasz Pater

One Time Pad / Overview

§  Developed by Gilbert Vernam in 1918

§  Special Case of the Vigenere Cipher

§  Plaintext length ≤ key length §  The message is represented as a binary string

§  The key is a truly random sequence of 0’s and 1’s

§  Encryption: exclusive-OR of the plaintext and the key (left)

0 1 0 0 0 0 1 0 0 1 1 1 0 1 0 0

0 0 1 1 0 1 1 0


2014 Lukasz Pater

One Time Pad / Analysis

§  Proven to be mathematically secure against all attacks

§  Key must be random § Randomness is not easy to generate

§ Non-randomness of the key makes the algorithm breakable

§ Any key should only be used once

§ Why isn’t it a standard cryptosystem? §  The keys must be exchanged over a secure channel …

A cryptosystem is unconditionally secure if the ciphertext does not give any information about the plaintext (except its length)


2014 Lukasz Pater

Conclusions § Cryptography is hard

§ Security can not be proven

§ Even expertly designed ciphers have weaknesses

§ With symmetric cipher both parties need the same key …

§ A theoretically secure cipher system may not be secure in practice

§ A theoretically breakable cipher system may be secure in practice


2014 Lukasz Pater

Questions & Answers

lukasz pater [email protected] software...

Documents