Upload
clemence-payne
View
220
Download
1
Tags:
Embed Size (px)
Citation preview
IT 221:Classical and Modern Encryption Techniques
Lecture 2: Classical and Modern Encryption Techniques
For Educational Purposes Only
Revised: September 4, 2002
2August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Encryption Question
•Context: You are a consultant working for a larger private-sector client. Your team is responsible for managing a network that supports a CRM (Customer Relationship Management) application, which often contains highly sensitive, often encrypted, financial information. A Hacker figures out the algorithm your client is using to encrypt outgoing emails and internal, sensitive information, and posts the algorithm on the Internet.
• Questions: Should this situation be of serious concern? Why or why not?
What are some of the next steps your team should take?
3August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
• Chapter 2:Terminology and BackgroundEncryption AlgorithmsModel of Conventional Encryption ProcessCryptography DefinedDimensions of CryptographyUnconditional and Computational SecurityExample 1: Caesar CipherExample 2: Columnar TranspositionCharacteristics of ‘Good’ Ciphers
Chapter 2 Outline
4August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Terminology and Background
•Context: Suppose S (Sender) wants to send a message to R (Receiver). S entrusts the message to T (Transmission Medium) who will deliver it to R. An outsider O might try to access the message by Blocking, Intercepting, Modifying, or Fabricating it. [1].
• Terminology: Encryption: Process of encoding a message so that its meaning is not obvious. [1]
Decryption: The reverse process of Encryption – transforming an encrypted message into its normal, plaintext form. [1]
Cryptosystem: A system for Encryption and Decryption. [1]
5August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Encryption Algorithms
•Encryption Algorithms: Some algorithms use a key K, so that the ciphertext message depends on both the original plaintext message and the key value, denoted C = E(K,P) [1].
-Symmetric: Encryption and Decryption keys are mirror processes.
-Asymmetric: Decryption key inverts the Encryption process, such that converting ciphertext back to plaintext is not simply the reversing of the encryption steps.
• Key Secrecy: Security depends on the secrecy of the key, and not the secrecy of the algorithm.
Key Size No of Alt Keys Time Req @ 106 Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years
6August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Model of Conventional Encryption Process
• An encryption scheme has 5 major components:
(1) Plaintext Input
(2) Encryption Algorithm
(3) Secret Key
(4) Transmitted Ciphertext
(5) Decryption Algorithm
7August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Cryptography Defined
•Cryptography Defined: Cryptanalysis: The process of attempting to discover X and/or Y, with the
Ciphertext message X and the Encryption Key K. [2]
Cryptanalyst studies encryption and encrypted messages, with the objective of revealing the hidden messages of the messages [1].
8August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
• Cryptographic Systems generally fall along three independent
dimensions:
The type of operations used for transforming plaintext to ciphertext.
The number of keys used. - If both sender and receiver use the same key, the key is referred to as symmetric, single key, secret key, or conventional encryption. - If the sender and receiver each uses a different key, the system is referred to asymmetric, two key, or public-key encryption.
The way in which the plaintext is processed.
Dimensions of Cryptography
9August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Unconditional and Computational Security
•Unconditionally Secure: An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext.
• Computationally Secure: An encryption is said to be computationally secure if:
- The cost of breaking the cipher exceeds the value of the encrypted information.
- The time required to break the cipher exceeds the useful lifetime of the information.
10August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Classical Encryption Techniques
• Classical Techniques are based on two building blocks:
Substitution: The letters of plaintext are replaced by other letters or by numbers or symbols. Of the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns [2].
Transposition: Some sort of permutation is performed on the letters of plaintext [2].
11August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Example 1: Caesar Cipher
• Caesar Cipher: Methodology: Each plaintext letter is substituted for a letter a fixed number of positions after it in the alphabet. [1]
Example: Ci = E(Pi) = Pi + 3
Advantages and Disadvantages:
- Simplicity in encrypting plain text
- Simplicity in decoding ciphertext
12August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Example 2: Columnar Transposition
• Columnar Transposition: Methodology: The goal of a substitution is confusion. Transposition is an encryption method in which the letters of the message are rearranged. The goal in this case is diffusion [1].
Example:
c1 c2 c3 c4
c5 c6 cc7 c8
c9 c10 c11 c12
13August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Characteristics of ‘Good’ Ciphers
• Claude Shannon’s Characteristics of ‘Good’ Ciphers [1]:
Principle 1: The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption.
Principle 2: The set of keys and the enciphering algorithm should be free from complexity.
Principle 3: The implementation of the process should be as simple as possible.
Principle 4: Errors in ciphering should not propagate and cause corruption of further information in the message.
Principle 5: The size of the enciphered text should be no larger than the text of the original message.
14August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
• Chapter 3:BackgroundStream and Block Ciphers DefinedFeistel Cipher StructureFeistel AlgorithmDES StructureDES AlgorithmDES Round DetailsDES WeaknessesTime To Break A CodeBlock Cipher Modes of Operations
Chapter 3 Outline
15August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Background
•Context: Chapter 2 introduced the basic concepts of encryption and cryptanalysis. These approaches are suitable for short, simple messages, but are inappropriate for situations requiring more complex security requirements.
16August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Stream and Block Ciphers Defined
•Stream and Block Ciphers: Stream Cipher: Encrypts a digital data stream one byte at a time [2].
Block Cipher: Encrypts blocks of plaintext, treated as a whole and used to produce a ciphertext block of equal length [2].
17August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Feistel Cipher Structure
•Stream and Block Ciphers: Virtually all symmetric block encryption algorithms in current use, including DES, are based on the Feistel block cipher [2].
Realization of the Feistel Network depends on the choice of the following design factors:
-Block size: larger block sizes mean greater security
-Key Size: larger key size means greater security
-Number of rounds: multiple rounds offer increasing security
-Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis.
-Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern
18August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Feistel Algorithm
•Feistel Algorithm:(1) Plaintext Input is divided into 2 halves. Halves of data are passed through n rounds of processing to produce ciphertext.
(2) Substitution is produced on the Left side of data.
(3) This is achieved by applying a round function to the Right half of data, and taking the Exclusive Or of the output with the Left.
(4) Finally, a permutation is performed that consists of the interchange of the two halves of data.
19August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
DES Structure
•Data Encryption Standard (DES):
The most widely used encryption scheme
DES is a block cipher
The plaintext is processed in 64-bit blocks
The key is 56-bits in length
Achieves its strength from repeated rounds of substitution and permutation
20August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
DES Algorithm
•DES Algorithm:(1) Input feeds are parsed into 64-bit blocks. 64-bit data blocks are permuted by an Initial Permutation stage.
(2) Blocks are transformed using a 64-bit key. In reality, only 56-bits of this key are used (8 parity bits are dropped (it is assumed that these parity bits contain no information about the key)).
(3) Data blocks are split. Each half is scrambled independently. The key is applied to one half, and the two are swapped. The process is repeated 16 times.
21August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
DES Round Details
•DES Algorithm [1]:(1) Blocks are transformed using a 64-bit key.
(2) Blocks are broken into 32-bit halves: Left and Right. The key is shifted by a number of bits and permuted.
(3) 32-Bit Right half is expanded to 48 bits, and combined with the Key. The result is condensed and combined with Left.
22August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
DES Weaknesses
•Data Encryption Standard (DES):
Complements
Weak/Semi-Weak Keys
Key Clustering
23August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Time to Break a Code
24August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
Block Cipher Modes of Operations
•Block Cipher Modes of Operations: DES is a basic building block of security. Four ‘modes’ have been design to cover a wide range of possible DES applications.
MODE DESC
Electronic Cookbook (ECB) Each block of 64 plaintext is encoded independently using the same key.
Cipher Block Chaining (CBC)
Input to the algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of plaintext.
Cipher Feedback (CFB) Input is processed J bits at a time. Preceding ciphertext is used as input to the algorithm to produce pseudorandom output, which is XORed with Plaintext to produce the next unit of ciphertext.
Output Feedback (OFB) Similar to CFB, except that the input to the algorithm is the preceding DES output.
25August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only
•[1] Pfleeger, Charles. Security In Computing, Prentice Hall, 1997. Chapter 2-3.
•[2] Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Chapter 2-3
Resources