unit v network management and security
TRANSCRIPT
Chapter 2Symmetric Encryption and Message
Confidentiality
Overview
• Conventional Encryption Principles
• Conventional Encryption Algorithms
• Cipher Block Modes of Operation
• Location of Encryption Devices
• Key Distribution
Encryption
• The most important automated tool for network and communication security is encryption.
• The most common forms of encryption are: conventional or symmetric encryption and public-key or asymmetric encryption.
Conventional Encryption principles
• An encryption scheme has five ingredientso Plain texto Encryption algorithmso Public and private keyso Cipher texto Decryption algorithm
• Agents possess their private keys• Access other public keys from a central repository• Security depends on the secrecy of the key, not the secrecy of
the algorithm
Conventional Encryption
Algorithm Components• Plain Text- original data or input• Encryption Algorithm- performs substitutions or transformations on
the plaintext • Public and Private Keys- also input determines the
substitutions/transpositions• Cipher Text- scrambled message or output• Decryption Algorithm- encryption algorithm run backward, tking the
cipher text and producing the plain text.
Conventional Encryption Principles
Cryptography• Classified according to three independent dimensions:
o The type of operations used for transforming plaintext to cipher text
o The number of keys used symmetric (single key or secret- key or private-key) asymmetric (two-keys, or public-key encryption)
o The way in which the plaintext is processed
Cryptanalysis• Process of attempting to discover the plaintext or key• An encryption scheme is computationally secure if the ciphertext
meets one of these criteriao cost of breaking the cipher exceeds the value of the
informationo time requires to break the cipher exceeds the useful lifetime of
the information
Cryptanalysis• The process of attempting to discover the plaintext or key
Cryptanalysis• A brute force approach involves trying every possible key until the
translation is obtained.• Some new low cost chips have made this approach more
reasonable.• Greatest security problem is maintaining the security of the key.
Types of Attacks
Computationally Secure
An encryption scheme is said to be computationally secure if:• The cost of breaking the cipher exceeds the value of the
encrypted information or • The time required to break the cipher exceeds the useful
lifetime of the information.
Average time required for exhaustive key search
2.15 milliseconds232 = 4.3 x 10932
5.9 x 1030 years2168 = 3.7 x 1050168
5.4 x 1018 years2128 = 3.4 x 1038128
10 hours256 = 7.2 x 101656
Time required at 106 Decryption/µs
Number of Alternative Keys
Key Size (bits)
Classical ciphers
• Substitution- “units” of plain text are replaced with cipher text o Polyalphabetic substitution- different for each character
• Transposition- “unit” of plaintext are rearranged, usually in complex order
Feistel Cipher Structure
• Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973
• The realization of a Feistel Network depends on the choice of the following parameters and design features:
Feistel Cipher Structure• Block size: larger block sizes mean greater security
• Key Size: larger key size means greater security
• Number of rounds: multiple rounds offer increasing security
• Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis.
• Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern
Conventional Symmetric Encryption Algorithms
• Data Encryption Standard (DES)o The most widely used encryption schemeo The algorithm is reffered to the Data Encryption
Algorithm (DEA)o DES is a block ciphero The plaintext is processed in 64-bit blockso The key is 56-bits in lengtho No longer used for government transmissions
DES• Concerns about:
o The algorithm and the key length (56-bits)
Time to break a code (106 decryptions/µs)
Triple DEA
• Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K
• Effective key length of 168 bits
C = EK3[DK2[EK1[P]]]
Triple DEA
• Replacement for DES was neededo Theoretical attacks that can break ito Demonstrated exhaustive key search attacks
• Can use Triple DES – but slow, small block size• NIST issued a call for a new AES in 1997• 15 candidates accepted in Jun 1998 • 5 candidates were short-listed in Aug 1999 • Rijndael was selected as the AES in Oct 2000• Published as FIPS PUB 197 standard in Dec 2001
Advanced Encryption Standard
• Symmetric block cipher • 128-bit data, 128/192/256-bit keys • Stronger & faster than triple DES • Active life of 20-30 years (+ archival use) • Provide full specification & design details • Both C & Java implementations• NIST have released all submissions & unclassified analyses
AES Requirements
• Initial criteria:o Security – effort for practical cryptanalysiso Cost – in terms of computational efficiency (speed, memory)o Algorithm & implementation characteristics
flexibility, algorithm simplicity• Final criteria
o General securityo Ease of software & hardware implementationo Restricted-space environmentso Attacks on implementations
timing attack, power analysiso Flexibility (in en/decrypt, keying, other factors)
AES Evaluation Criteria
Overall AES Structure
• Data block of 4 columns of 4 bytes is “state”• Key is expanded to array of words• Has 9/11/13 rounds in which state undergoes:
o Substitute bytes (1 S-box used on every byte) o Shift rows (permute bytes between columns) o Mix columns (substitute using matrix multiplication of
columns) o Add round key (XOR state with key material)o View as alternating XOR key & scramble data bytes
• Initial XOR key material & incomplete last round• With fast XOR & table lookup implementation
The AES Cipher - Rijndael
• Designed by Rijmen-Daemen in Belgium • Block length: 128 bits • Key length: 128/192/256 bits• Number of Rounds: 10/12/14 rounds• An iterated cipher (rather than Feistel cipher)
o Processes data as block of 4 columns of 4 byteso Operates on entire data block in every round
• Designed to be:o Resistance against all known attackso Speed and code compactness on a wide range of platforms o Design simplicity
AES Parameters
AES Encryption & Decryption
AES Data Structures
AES Encryption Round
Substitute Bytes (SubBytes)
• Simple substitution on each byte of state independently• Use an S-box of 16x16 bytes containing a permutation of all
256 8-bit values• Each byte of state is replaced by a new byte indexed by row
(left 4-bits) & column (right 4-bits)o eg. byte {95} is replaced by {2A} in row 9 column 5
• S-box constructed using defined transformation of values in GF(28)
• Designed to be resistant to all known attacks
Substitute Bytes
S-Box
Inverse S-Box
Substitution of Bytes
Shift Rows
• A circular byte shift in eacho 1st row is unchangedo 2nd row does 1 byte circular shift to lefto 3rd row does 2 byte circular shift to lefto 4th row does 3 byte circular shift to left
• Decrypt inverts using shifts to right• Since state is processed by columns, this step permutes bytes
between the columns
Shift Rows
Shifting of rows
Mix Columns
• Each column is processed separately• Each byte is replaced by a value dependent on all 4 bytes in the
column
Mix Columns
• XOR state with 128-bits of the round key• Again processed by column (though effectively a series of byte
operations)• Inverse for decryption identical
o Since XOR own inverse, with reversed keys• Designed to be as simple as possible
o A form of Vernam cipher on expanded keyo Complexity of other stages ensures security
Add Round Key
Add Round Key
Stream Cipher Diagram
Stream Ciphers
Stream Ciphers
Location of Encryption Device
• Link encryption:o A lot of encryption deviceso High level of securityo Decrypt each packet at every switch
• End-to-end encryptiono The source encrypt and the receiver decryptso Payload encryptedo Header in the clear
• High Security: Both link and end-to-end encryption are needed
Key Distribution
• A key could be selected by A and physically delivered to B.• A third party could select the key and physically deliver it to A
and B.• If A and B have previously used a key, one party could transmit
the new key to the other, encrypted using the old key.• If A and B each have an encrypted connection to a third party
C, C could deliver a key on the encrypted links to A and B.
Key Distribution
• Session key:o Data encrypted with a one-time session key.At the
conclusion of the session the key is destroyed• Permanent key:
o Used between entities for the purpose of distributing session keys