Click here to load reader
Upload
sheila-powell
View
218
Download
3
Embed Size (px)
Citation preview
Symmetric and Asymmetric (Public) key
EncryptionWeek-8
Symmetric Key EncryptionThe same key is used to encrypt and decrypt messages
• This means key is shared between sender & receiver
• Typically, a company will have many keys, a separate key for each of its
clients (Why?)
• All keys must be recorded but kept secure from theft
• Disclosure of keys compromises message since algorithm is publicly
known
Symmetric Key EncryptionSimple Model
Plaintext, P EncryptionMethod, E
Ciphertext, C = Ek(P)
Plaintext, PDecryptionMethod, D
EncryptionKey, K
DecryptionKey, K
Passive intruderJust listens
Active intruderAlter messages
Symmetric Key EncryptionAlgorithm
• Encryption of plaintext P using key K gives ciphertext C
C = Ek (P)
• Decryption of ciphertext C using key K gives plaintext P
P = Dk (C)
• Therefore:
Dk (Ek (P)) = P
Data Encryption Standard (DES)Most widely used encryption standard – Data Encryption Algorithm
(DEA)
• A joint National Security Agency (NSA) and IBM development (mid-70s)
• Maintained by National Institute of Standards and Technology (NIST)
• DES based on 56-bit key (no longer secure!)
Data Encryption Standard (DES)DES brute-force attack
• Broken in 22 hours by Electronic Foundation Machine (EFF)
• Using special-purpose supercomputer assisted by 10,000 machines
distributed over internet
• Some commercial organisation continue to use DES for less sensitive
messages
Data Encryption Standard (DES)Algorithm
• It is a complex combination of two fundamental building blocks of
encryption: Substitution and Transposition.
• The algorithm derives its strength from repeated application of these
two techniques, one on top of the other, for a total of 16 cycles.
• The algorithm begins by encrypting the plaintext as blocks of 64 bits.
• The key is 64 bits long, but in fact it can be any 56-bit number.
• The extra 8 bits are often used as check digits and do not affect
encryption in normal implementations.
Data Encryption Standard (DES)Algorithm
Triple DESA newer DES standard harder to break (i.e. stronger level of security)
• Involves using original DES 3 times with different keys
• Several versions (i.e. variants of 3DES)
• 3DES - Encryption, Encryption, Encryption
• 3DES - Encryption, Decryption, Encryption
Advance Encryption Standard (AES)A newer DES standard harder to break (i.e. stronger level of security)
• NIST’s (National Institute of Standards and Technology) new standard
designed to replace DES and 3DES
• Rijndael (pronounced “rain doll”) (Daemen and Rijmen, 1998)
algorithm based on AES
• Cracking AES by brute force takes 150 trillion years!
Comparing AES and DESStructure
• Both are block ciphers, with an adaptation permitting them to be used
as stream ciphers
• AES designed for growth: longer key, more cycles for added security
Speed
• DES is table-driven, uses simple operations, lends itself to hardware
implementation
• AES is less table driven; uses even simpler operations; lends itself to
machine implementation
Comparing AES and DESKeys
• DES: fixed 56 bit key (the biggest problem of the algorithm
• AES: can use key of 128, 192, 256 bits; algorithm extends naturally to
even longer keys
Concerns
• Key distribution problem: Key is shared between sender and receiver
• Introduces trusted third party KDC
Comparing AES and DESWeaknesses
• DES: No significant ones discovered in almost 30 years of scrutiny
• Design rational secret
• AES: None discovered, but scrutiny since 1998
• Design rational public
Asymmetric (Public) Key EncryptionOne key to encrypt, another to decrypt
• Based on two keys, called “public” and “private” keys (i.e.
mathematical related pair)
• Public key is widely and openly distributed and used to encrypt
message
• Private key is kept confidential and used to decrypt message
• Addressed problem of key distribution and management with
symmetric encryption
Asymmetric (Public) Key EncryptionProcess
• Alice uses Bob’s public key k to encrypt her message Ek(M), which
sends to Bob
• Bob uses his private key s to decrypt message Alice encrypted using his
public key k: Ds (Ek (M)) = M
• Bob reads message and uses same method as Alice to send a reply
• Alice and Bob can communicate securely
Asymmetric (Public) Key EncryptionProperties
• Computationally infeasible to deduce the private key from the public
key
• Key pair mathematically related (permanently matched to each other)
• The difficulty in deriving private key is based on Number Theory
• Alice and Bob can communicate securely
• Key management problem reduced to the one-site protection of
private key
AlgorithmsSymmetric:
• DES/3DES
• Blowfish
• IDEA (International Data
Encryption Algorithm)
• RC4 / RC5 / RC6 …
• Serpent
• Towfish
• Asymmetric
• Knapsack (old)
• RSA (popular)
• El Gamal
• Other ...
Thank You !