network security & cryptography lecture 9
TRANSCRIPT
-
7/29/2019 Network Security & Cryptography Lecture 9
1/38
Network Security
andCryptographyLecture 9
IDEA, RC5,RC2, Encryption key placement
Uday Prakash Pethakamsetty
-
7/29/2019 Network Security & Cryptography Lecture 9
2/38
International Data Encryption Algorithm (IDEA)
Developed by James Massey & Xuejia Lai atETH originally in Zurich in 1990, then calledIPES. X Lai, J L Massey, A Proposal for a New Block
Encryption Standard In Advances in cryptology- Eurocrypt 90, Lecture Notes in
computer Science, vol 473, pp 389-404.
X Lai, J L Massey, S Murphy, Markov Ciphers andDifferential Cryptanalysis. In Advances in cryptologyEurocrypt 91, Lecture Notes in
Computer Science, vol 547, pp 17-38.
Name changed to IDEA in 1992.
3/18/2013 2Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
3/38
IDEA
IDEA is patented in Europe & US, however non-commercial use is freely permitted Used in the public domain PGP (with agreement)
Currently no attack against IDEA is known Seem secure against differential cryptanalysis, brute force.
The name IDEA is also a trademark. Thepatents expired in 2010-2011. Today, IDEA islicensed in all the countries where it is patented
by MediaCrypt. IDEA was used in Pretty Good Privacy (PGP)
v2.0.
3/18/2013 3Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
4/38
IDEA...
Encrypts 64-bit blocks using a 128-bit key
PRINCIPLE: Based on mixing operations fromdifferent (incompatible) algebraic groups
XOR, +mod 216 , *mod 216 + 1 On 16-bit sub-blocks, with no permutations used.
The non-linearity deserved is obtained by threemodulo operations (XOR, addition modulo 216 ,
Multiplication modulo 210 +1); instead of using S-boxes.
Easily implemented both in hardware and software.
3/18/2013 4Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
5/38
IDEA
Initially, the 64 bit data is divided into 4 sub
blocks (x1,x2,x3,x4) of 16 bit each.
These sub-blocks together undergo 8 rounds
(R1,R2,R3,R4,R5,R6,R7,R8)of transformation
operation, with the sub-keys.
The 128 bit key is divided into 8 sub-keys
(K1,K2,K3,K4,K5,K6,K7,K8) of 16 bits each.
-
7/29/2019 Network Security & Cryptography Lecture 9
6/38
IDEA
3/18/2013 6Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
7/38
IDEA(overview)
3/18/2013 7Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
8/38
IDEA (Middle and Last Rounds)
3/18/2013 8Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
9/38
IDEA
Round Transformation of each round:
1) Multiply x1 and the first sub-keyx1*k1
2) Add x2 and second sub-key x2+k2
3) Add x3 and third sub-key x3+k3
4) Multiply x4 and fourth sub-key x4*k4
5) XOR the results of step1 and 3
6) XOR the results of step2 and 47) Multiply results of steps 5 with fifth sub-key
8) Add results of steps 6 and 7
9) Multiply the results of steps 8 with the sixth sub-key.
10) Add the results of step 7 and 9
11) XOR the results of steps 1 and 9y1
12) XOR the results of steps 3 and 9 y2
13) XOR the results of steps 2 and 10 y314) XOR the results of steps 4 and 10 y4
15) Y2 and Y3 sub-blocks are swapped.
Y1 ,Y2,Y3,Y4------ end result of each round
-
7/29/2019 Network Security & Cryptography Lecture 9
10/38
IDEA
Last ROUND doesnt have swap step.
Additionally, it has following transformations:
Multiply Y1 and the 1st subkey
Add Y2 and the second subkey
Add Y3 and the 3rd Sub-key
Multiply Y4 and the 4th sub-key
Finally, the cipher text is the concatenation of
the blocks:::::::Y1,Y2,Y3,Y4
-
7/29/2019 Network Security & Cryptography Lecture 9
11/38
IDEA
Sub-key Generation
Total needed 52=6 8+4 sub-keys First are directly from the key in order
Left shift of 25 bits, and then next 8 sub-
keys Each sub-key is a sub-block of the
original key.
Decryption
Much more complicated
It needs the inverse of the encryptionkey
For addition, multiplication respectively.
-
7/29/2019 Network Security & Cryptography Lecture 9
12/38
IDEA
Key Scheduling 128 bit key=8 16 bit sub-keys
First 6 sub-keys are used for 1st round.
Remaining 2 sub-keys for 2nd round
Entire 128 bit key is given a rotation for 25 steps to left and again divided
into 8 blocks (of 16 bit each). First 4 sub-keys are used for the remaining in 2nd round.
Remaining $ sub-keys re used for 3rd round
Entire 128 bit key is left shifted 25 bits and divided into 8 blocks
This process iterates for all the rounds till the end. For Decryption, the sub-keys are reversed and are either the
multiplicative or additive inverse of the corresponding encryption sub-keys.
-
7/29/2019 Network Security & Cryptography Lecture 9
13/38
IDEA
Decryption Same code can perform either encryption or
decryption given different expanded keys.
The inverses of the encryption keys and use themin the opposite order (use the inverse of the last-used encryption key as the first used when doingencryption).
Since the last encryption round (an odd-round)
used keys K49,K50,K51,K52, The first decryption round uses the inverses of the
keys K49-K52.
-
7/29/2019 Network Security & Cryptography Lecture 9
14/38
IDEA- Important Feature
The size of the sub-block
Need 216 +1 be prime number
To compute the inverse for each possible subkey
So sub-block size 8 is also possible
28+1=257 is prime number
3/18/2013 14Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
15/38
IDEA
Cryptanalysis:
Only 4 rounds of cipher makes it immune to
differential cryptanalysis.
Joan Daeman, Rene Govaerts & Joos Vandewalle
showed that the cipher had certain keys which can
be easily discovered in a chosen plaintext attack.
-
7/29/2019 Network Security & Cryptography Lecture 9
16/38
RC 5
Developed by R. Rivest Suitable for hardware or software Fast, simple Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations (circular bit shifts)
Fast, simple, low memory, data-dependent rotations
Adaptable to processors of different word length A family of algorithms determined by word length, number of rounds, size of
secret key
Decryption and encryption are not the same With little variations
Primitive operations Addition, XOR, left circular rotation
3/18/2013 Department of ECE JNTUH 16
-
7/29/2019 Network Security & Cryptography Lecture 9
17/38
Stream Ciphers
Decryption requires use of same pseudo
random sequence:
Ex: Cipher text : 10100000
key stream : 01101100 XOR operation
Plain Text : 11001100
One Time Pad uses genuine random numbergenerator , whereas stream cipher uses a
pseudorandom number stream.
-
7/29/2019 Network Security & Cryptography Lecture 9
18/38
Properties of Stream Cipher
1) Encryption sequence should have a large period, i.e., repetition
period of pseudo-random sequence must be large.
2) Key stream should approximate the properties of a true random
number stream. i.e., probability of occurrence of 1s and 0s must
be equal.
3) Pseudo-random stream is conditional on value of input key. To
prevent brute-force attacks, the key needs to be longer. With
current technology, a key length of at-least 128 bits is desirable.
-
7/29/2019 Network Security & Cryptography Lecture 9
19/38
Stream Cipher vs. Block Cipher
Stream ciphers are faster than block ciphers
Block ciphers can reuse the keys.
But, if two plaintexts are encrypted with thesame key using a stream cipher, then
cryptanalysis becomes simple.
If two cipher text streams are XORed together,the result is the XOR of the original plaintexts.
-
7/29/2019 Network Security & Cryptography Lecture 9
20/38
Stream Ciphers
Encrypts plaintext one byte at a time.
Can even operate on one bit at a time, or on unitslarger than 1 byte.
Pseudorandom number stream should beunpredictable without the knowledge of the inputkey.
PR generator output is called key stream.
Ex: plain text : 11001100 key stream : 01101100 XOR operation
Cipher text: 10100000
-
7/29/2019 Network Security & Cryptography Lecture 9
21/38
RC4
Ron Rivest (of the famous RCA) is the inventor
A long random string is called a one-time pad.
A stream cipher generates a one-time pad and
applies it to a stream of plain text with .
RC4 is a stream cipher designed by Ron Rivest.
3/18/2013 21Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
22/38
RC 4
-
7/29/2019 Network Security & Cryptography Lecture 9
23/38
C code for
RC4 one-time pad generator
3/18/2013 23Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
24/38
Key features ofadvanced symmetric block ciphers
3/18/2013 24Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
25/38
Dept. of ECE Network Security & Cryptography25
Confidentialityusing Symmetric Encryption
Have two major placement alternatives
Link encryption encryption occurs independently on every link
implies must decrypt traffic between links
requires many devices, but paired keys
End-to-end encryption encryption occurs between original source and final
destination
need devices at each end with shared keys
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
26/38
Dept. of ECE Network Security & Cryptography26
Placement of Encryption
Can place encryption function at various layers
in OSI Reference Model
link encryption occurs at layers 1 or 2
end-to-end can occur at layers 3, 4, 6, 7
as move higher less information is encrypted but it
is more secure though more complex with more
entities and keys
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
27/38
27
Location of Encryption Device
Link encryption:
A lot of encryption devices
High level of security
Decrypt each packet at every switch
End-to-end encryption
The source encrypt and the receiver decrypts
Payload encrypted
Header in the clear High Security: Both link and end-to-end encryption
are needed
3/18/2013 Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
28/38
283/18/2013 Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
29/38
29
Key Distribution
1. A key could be selected by A and physicallydelivered to B.
2. A third party could select the key and physicallydeliver it to A and B.
3. If A and B have previously used a key, one partycould transmit the new key to the other, encryptedusing the old key.
4. If A and B each have an encrypted connection to athird party C, C could deliver a key on theencrypted links to A and B.
3/18/2013 Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
30/38
30
Key Distribution
Session key:
Data encrypted with a one-time session key. At the
conclusion of the session the key is destroyed
Permanent key:
Used between entities for the purpose of
distributing session keys
3/18/2013 Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
31/38
Dept. of ECE Network Security & Cryptography31
Key Distribution
Symmetric schemes require both parties to
share a common secret key
Issue is how to securely distribute this key
Often secure system failure due to a break inthe key distribution scheme
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
32/38
323/18/2013 Department of ECE JNTUH
-
7/29/2019 Network Security & Cryptography Lecture 9
33/38
Dept. of ECE Network Security & Cryptography 33
Key Distribution
Given parties A and B have various keydistribution alternatives:1.A can select key and physically deliver to B
2.third party can select & deliver key to A & B
3. if A & B have communicated previously can useprevious key to encrypt a new key
4.if A & B have secure communications with a thirdparty C, C can relay key between A & B
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
34/38
Dept. of ECE Network Security & Cryptography 34
Key Distribution Scenario
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
35/38
Dept. of ECE Network Security & Cryptography 35
Key Distribution Issues
hierarchies of KDCs required for large networks, butmust trust each other
session key lifetimes should be limited for greatersecurity
use of automatic key distribution on behalf of users, butmust trust system
use of decentralized key distribution
controlling purposes keys are used for
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
36/38
Dept. of ECE Network Security & Cryptography 36
Random Numbers
many uses ofrandom numbers in cryptography nonces in authentication protocols to prevent replay
session keys
public key generation
keystream for a one-time pad
in all cases its critical that these values be statistically random with uniform distribution, independent
unpredictable cannot infer future sequence on previous values
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
37/38
Dept. of ECE Network Security & Cryptography 37
Private-Key Cryptography
traditional private/secret/single key cryptographyuses one key
shared by both sender and receiver
if this key is disclosed communications are
compromised also is symmetric, parties are equal
hence does not protect sender from receiver forging amessage & claiming is sent by sender
3/18/2013
-
7/29/2019 Network Security & Cryptography Lecture 9
38/38
References
Behrouz A. Forouzan, Debdeep Mukhopadhyay,Cryptography and Network Security 2e, McGraw HillPublications, ISBN 978-0-07-070208-0.
William Stallings, Cryptography and Network Security-
Principles and Practices, 4e, Pearson-Printice Hallpublications, ISBN 81-7758-774-9.
Stallings, W. Cryptography and Network Security: Principlesand Practice, 2nd edition. Prentice Hall, 1999
Scneier, B. Applied Cryptography, New York: Wiley, 1996
Mel, H.X. Baker, D. Cryptography Decrypted. AddisonWesley, 2001.
Cyberspace.org
3/18/2013 38Department of ECE JNTUH