7/29/2019 11002_Lec 05-08
1/73
1Symmetric Encryption and Message Confidentiality
CAP361:
SECURITY AND PRIVACY OF INFORMATION
Lecture Number 05-08
Bhagat AvinashAsst. Prof.Domain:D3School of Computing ApplicationsLovely Professional UniversityEmail:
3/1/2013
7/29/2019 11002_Lec 05-08
2/73
2Symmetric Encryption and Message Confidentiality
Network Security Essentials
Fourth Edition
by William Stallings
Lecture slides by Lawrie Brown
7/29/2019 11002_Lec 05-08
3/73
3Symmetric Encryption and Message Confidentiality
Some Basic Terminology plaintext original message
ciphertext coded message
cipher algorithm for transforming plaintext to ciphertext
key
info used in cipher known only to sender/receiver
encipher (encrypt) converting plaintext to ciphertext
decipher (decrypt) recovering ciphertext from plaintext
cryptography
study of encryption principles/methods cryptanalysis (codebreaking) study of principles/ methods of
deciphering ciphertext withoutknowing key
cryptology field of both cryptography and cryptanalysis
7/29/2019 11002_Lec 05-08
4/73
4Symmetric Encryption and Message Confidentiality
Symmetric Cipher Model
7/29/2019 11002_Lec 05-08
5/73
5Symmetric Encryption and Message Confidentiality
Requirements
Two requirements for secure use of encryption:
1. a strong encryption algorithm
2. a secret key known only to sender / receiver
mathematically have:
Y= E(K,X)
X= D(K, Y)
Encryption depends upon secrecy of key
7/29/2019 11002_Lec 05-08
6/73
6Symmetric Encryption and Message Confidentiality
CryptographyCryptography can be classified as :
type of encryption operations used
substitution
transposition
product
number of keys used
single-key or private
two-key or public
way in which plaintext is processed
block
stream
7/29/2019 11002_Lec 05-08
7/737Symmetric Encryption and Message Confidentiality
Cryptanalysis
The process of attempting to discover theplaintext or key
Objective to recover key not just message
general approaches:cryptanalytic attack
brute-force attack
7/29/2019 11002_Lec 05-08
8/738Symmetric Encryption and Message Confidentiality
Cryptanalysis
Cryptanalytic Attacks : rely on the nature ofthe algorithm plus perhaps some knowledge
of the general characteristics of the plaintext
or even some sample plaintext-ciphertextpairs. This type of attack exploits the
characteristics of the algorithm to attempt to
deduce a specific plaintext or to deduce the
key being used.
7/29/2019 11002_Lec 05-08
9/739Symmetric Encryption and Message Confidentiality
Cryptanalysis
Brute-force attack : The attacker tries everypossible key on a piece of ciphertext until an
intelligible translation into plaintext is
obtained. On average, half of all possible keysmust be tried to achieve success.
7/29/2019 11002_Lec 05-08
10/7310Symmetric Encryption and Message Confidentiality
Type of Attack Known to Cryptanalyst
Ciphertext only Encryption algorithm
Ciphertext
Known plaintext Encryption algorithm
Ciphertext
One or more plaintext-ciphertextpairs formed with the secret key
Chosen plaintext Encryption algorithm
Ciphertext Plaintext message chosen by
cryptanalyst, together with its
corresponding ciphertext generated
with the secret key
7/29/2019 11002_Lec 05-08
11/7311Symmetric Encryption and Message Confidentiality
Type of Attack Known to Cryptanalyst
Chosen Ciphertext Encryption algorithm
Ciphertext Purported ciphertext chosen by
cryptanalyst, together with its
corresponding decrypted plaintext
generated with the secret key
Chosen text Encryption algorithm
Ciphertext
Plaintext message chosen by
cryptanalyst, together with its
corresponding ciphertext generated withthe secret key
Purported ciphertext chosen by
cryptanalyst, together with its
corresponding decrypted plaintext
generated with the secret key
7/29/2019 11002_Lec 05-08
12/73
12Symmetric Encryption and Message Confidentiality
Brute Force Search
always possible to simply try every key
most basic attack, proportional to key size
assume either know / recognise plaintext
Key Size (bits) Number of AlternativeKeys
Time required at 1
decryption/sTime required at 106
decryptions/s
32 232 = 4.3 109 231 s = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 s = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 s = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 s = 5.9 1036 years 5.9 1030 years
26 characters
(permutation)
26! = 4 1026 2 1026 s = 6.4 1012 years 6.4 106 years
7/29/2019 11002_Lec 05-08
13/73
13Symmetric Encryption and Message Confidentiality
Symmetric Block Encryption Algorithms The most commonly used symmetric encryption
algorithms are block cipher.
A block cipher processes the plaintext input in
fixed sized blocks and produces a block of
ciphertext of equal size
Feistel Cipher Structure
Data Encryption Standard
Triple DES(3DES)
Advanced Encryption Standard.
7/29/2019 11002_Lec 05-08
14/73
7/29/2019 11002_Lec 05-08
15/73
15Symmetric Encryption and Message Confidentiality
Feistel Cipher StructureHorst Feistel devised the feistel cipher of IBM
The inputs to the encryption algorithm are
Plaintext block of length 2w
A key K
The plain text block is divided into two halves,LE0 and RE0.
The two halves of the data pass through n
rounds of processing and then combine toprovide cipher text block.
7/29/2019 11002_Lec 05-08
16/73
16Symmetric Encryption and Message Confidentiality
Feistel Cipher Structure Each round i has inputs LEi-1 and REi-1 derived
from the previous round, as well as a sub key Ki
derived the overall K
Sub keys are generated from main key K using
sub key generation algorithm.
7/29/2019 11002_Lec 05-08
17/73
17Symmetric Encryption and Message Confidentiality
The Feistel
Cipher Structure
i
7/29/2019 11002_Lec 05-08
18/73
18Symmetric Encryption and Message Confidentiality
Round i
+
f
Li-1 Ri-1
ki
Li Ri
7/29/2019 11002_Lec 05-08
19/73
19Symmetric Encryption and Message Confidentiality
Feistel Cipher Structure
7/29/2019 11002_Lec 05-08
20/73
20Symmetric Encryption and Message Confidentiality
Feistel Cipher Design
ElementsExact realization of a symmetric block cipher dependson following parameters and design features:
block size
key size
number of rounds
subkey generation algorithm
round function
fast software en/decryption
ease of analysis
7/29/2019 11002_Lec 05-08
21/73
21Symmetric Encryption and Message Confidentiality
Feistel Cipher Design Elements
Block size Larger block size means greater security but it reduces encryption /
decryption speed typical size 128 bits.
Key size Larger key size means greater security but it reduces encryption /
decryption speed typical size 128 bits
Number of rounds Single round offers inadequate security. Multiple rounds offers greater
security. Generally 16 rounds
7/29/2019 11002_Lec 05-08
22/73
22Symmetric Encryption and Message Confidentiality
Feistel Cipher Design Elements
Subkey Generation Algorithm Greater complexity in algorithm should lead greater difficulty of
cryptanalysis.
Round function Grater complexity generally means greater resistance to cryptanalysis.
Fast S/W en/decryption Encryption is embedded in application or utility functions accordingly
speed of the execution of the algorithm becomes convern.
7/29/2019 11002_Lec 05-08
23/73
23Symmetric Encryption and Message Confidentiality
Data Encryption Standard (DES)
Most widely used block cipher in world
Adopted in 1977 by NBS (national bureau of
standards )
Now NIST (national inst. Of standards and
technology)
Encrypts 64-bit data using 56-bit key
Has widespread use
7/29/2019 11002_Lec 05-08
24/73
24Symmetric Encryption and Message Confidentiality
DES History
IBM developed Lucifer cipher
by team led by Feistel in late 60s
used then redeveloped as a commercial cipher with input from
NSA and others
in 1973 NBS issued request for proposals for a national cipher
standard
IBM submitted their revised Lucifer which was eventually
accepted as the DES
64-bit data blocks with 128-bit key
7/29/2019 11002_Lec 05-08
25/73
25Symmetric Encryption and Message Confidentiality
DES Design Controversy
Although DES standard is public
Was considerable controversy over design
In choice of 56-bit key (vs lucifer 128-bit)
And because design criteria were classified
Subsequent events and public analysis show in fact design
was appropriate
Use of DES has flourished
Especially in financial applications
Still standardised for legacy application use
7/29/2019 11002_Lec 05-08
26/73
26Symmetric Encryption and Message Confidentiality
DES : Basic Principles
DES is a Block Cipher.
It Encrypts data in blocks of size 64 bits each
64 bits of plain text goes as the input to DES, which
produces 64 bits of Cipher Text.
The key length is 56 Bits.
7/29/2019 11002_Lec 05-08
27/73
27Symmetric Encryption and Message Confidentiality
How Does DES Works ???
7/29/2019 11002_Lec 05-08
28/73
7/29/2019 11002_Lec 05-08
29/73
29Symmetric Encryption and Message Confidentiality
DES Encryption Overview
7/29/2019 11002_Lec 05-08
30/73
30Symmetric Encryption and Message Confidentiality
Level of steps in DES
1. The 64 bit plain text block is handed over to an Initial
Permutation (IP) function
2. The IP is performed on plain text
3. The IP produces two halves of the permuted block:
LPT (Left Plain Text)
RPT (Right Plain Text)
7/29/2019 11002_Lec 05-08
31/73
7/29/2019 11002_Lec 05-08
32/73
32Symmetric Encryption and Message Confidentiality
7/29/2019 11002_Lec 05-08
33/73
33Symmetric Encryption and Message Confidentiality
Triple-DES with Two-Keys 3DES was first standardized for use in financial
application. 3DES uses three keys and three execution of the
DES algorithm.
7/29/2019 11002_Lec 05-08
34/73
34Symmetric Encryption and Message Confidentiality
Triple-DES with Two-Keys
7/29/2019 11002_Lec 05-08
35/73
35Symmetric Encryption and Message Confidentiality
Triple-DES with Two-Keys The function follows an encrypt-decrypt- encrypt
sequence: Encryption operation
C = E(K3,D(K
2,E(K
1,P)))
Where
C = ciphertext
P = plaintext
7/29/2019 11002_Lec 05-08
36/73
36Symmetric Encryption and Message Confidentiality
Triple-DES with Two-Keys
7/29/2019 11002_Lec 05-08
37/73
T i l DES ith T K
7/29/2019 11002_Lec 05-08
38/73
38Symmetric Encryption and Message Confidentiality
Triple-DES with Two-Keys Strengths:
With 3 distinct keys, 3DES has an effective keylength of 168 bits.
It overcomes the vulnerability to brute force
attack.
R d N b
7/29/2019 11002_Lec 05-08
39/73
39Symmetric Encryption and Message Confidentiality
Random NumbersA number of network security algorithms based on
cryptography make use of random numbers e.g.Generation of keys for the RSA public key encryption
algorithm and other public key algorithms.
Generation of a stream key for symmetric stream cipher.
Generation of symmetric key for use of a temporary sessionkey.
In a number of key distribution scenarios such as Kerberos.
7/29/2019 11002_Lec 05-08
40/73
40Symmetric Encryption and Message Confidentiality
Random Number Generators
Pseudorandom numbers:
Cryptographic applications typically make use of
algorithmic techniques for random number
generation. These algorithms are deterministic and
therefore produce sequence of numbers that are
not statistically random. However if the algorithm
is good, the resulting sequence will pass many
reasonable tests of randomness, such numbers arereferred to as pseudorandom numbers.
7/29/2019 11002_Lec 05-08
41/73
7/29/2019 11002_Lec 05-08
42/73
42Symmetric Encryption and Message Confidentiality
Purpose-PRNG:
Symmetric Block CipherAsymmetric Cipher
Hash functions and Message
Stream Cipher
7/29/2019 11002_Lec 05-08
43/73
43Symmetric Encryption and Message Confidentiality
Stream Cipher
Block vs Stream Cipher
A stream cipher processes the input elements
continuously, producing output one element at
a time as it goes along.
Block Ciphers process plain text in large blocks
Stream ciphers process plain text in small
blocks, even bits.
Pure Block ciphers are memory less
Stream cipher encryption depends not only on
the plain text, , key but also on current state.
Stream Cipher
7/29/2019 11002_Lec 05-08
44/73
44Symmetric Encryption and Message Confidentiality
Stream Cipher
Stream Cipher Structure
A typical stream cipher encrypts plain text onebit or byte or some times more at a time
Stream Cipher
7/29/2019 11002_Lec 05-08
45/73
45Symmetric Encryption and Message Confidentiality
Stream Cipher
Stream Cipher Structure
A key is input to a pseudorandom bit generatorthat produces a stream of 8 bit numbers that
are apparently random.
A pseudorandom stream is one that isunpredictable without the knowledge of input
key.
Stream Cipher Structure
7/29/2019 11002_Lec 05-08
46/73
46Symmetric Encryption and Message Confidentiality
Stream Cipher Structure
Stream Cipher Properties
7/29/2019 11002_Lec 05-08
47/73
47Symmetric Encryption and Message Confidentiality
Stream Cipher Propertiessome design considerations are:
1. The encryption sequence should have long periodwith no repetitions the longer the period of repeat,
the more difficult it will be to do cryptanalysis.
2. Keystream should be truly random random
3. depends on large enough key
4. large linear complexity
RC4
7/29/2019 11002_Lec 05-08
48/73
48Symmetric Encryption and Message Confidentiality
RC4RC4 is a stream cipher designed in 1987 by
Ron Rivest for RSA Security.It is a variable key-size stream cipher with
byte-oriented operations. The algorithm is
based on the use of a random permutation.
RC4
7/29/2019 11002_Lec 05-08
49/73
49Symmetric Encryption and Message Confidentiality
RC4Analysis shows that the period of the cipher is
overwhelmingly likely to be greater than 10100
[ROBS95a]. Eight to sixteen machine
operations are required per output byte, and
the cipher can be expected to run very quickly
in software.
RC4 is used in the SSL/TLS (Secure Sockets
Layer/Transport Layer Security) standards that
have been defined for communication
between Web browsers and servers.
RC4
7/29/2019 11002_Lec 05-08
50/73
50Symmetric Encryption and Message Confidentiality
RC4It is also used in the WEP (Wired Equivalent
Privacy) protocol and the newer WiFiProtected Access (WPA) protocol that are part
of the IEEE 802.11 wireless LAN standard.
RC4 was kept as a trade secret by RSASecurity. In September 1994, the RC4
algorithm was anonymously posted on the
Internet on the Cypherpunks anonymous
remailers list.
RC4
7/29/2019 11002_Lec 05-08
51/73
51Symmetric Encryption and Message Confidentiality
RC4The RC4 algorithm is remarkably simply and
quite easy to explain. A variable-length key offrom 1 to 256 bytes (8 to 2048 bits) is used to
initialize a 256-byte state vector S, with
elements S[0], S[1],..., S[255].
RC4
7/29/2019 11002_Lec 05-08
52/73
52Symmetric Encryption and Message Confidentiality
RC4For encryption and decryption, a byte k (see
Figure) is generated from S by selecting one ofthe 255 entries in a systematic fashion. As
each value of k is generated, the entries in S
are once again permuted.
Modes of Operation
7/29/2019 11002_Lec 05-08
53/73
53Symmetric Encryption and Message Confidentiality
Modes of OperationA block cipher algorithm is a basic building block
for providing data security. To apply a blockcipher in a variety of applications, four "modes of
operation" have been defined by NIST (FIPS 81).
The four modes are intended to cover virtually all
the possible applications of encryption for which
a block cipher could be used.
Modes of Operation
7/29/2019 11002_Lec 05-08
54/73
54Symmetric Encryption and Message Confidentiality
Modes of Operation1. Electronic Codebook (ECB)
2. Cipher Block Chaining (CBC)3. Cipher Feedback (CFB) /Output Feedback (OFB)
4. Counter (CTR)
Electronic Codebook Book (ECB)
7/29/2019 11002_Lec 05-08
55/73
55Symmetric Encryption and Message Confidentiality
Electronic Codebook Book (ECB)
In ECB plaintext is handled one block at a time and each
block of plaintext is encrypted using the same key.
Electronic Codebook Book (ECB)
7/29/2019 11002_Lec 05-08
56/73
56Symmetric Encryption and Message Confidentiality
Electronic Codebook Book (ECB)
The term codebook is used because, for a given key,
there is a unique ciphertext for every b-bit block ofplaintext.
7/29/2019 11002_Lec 05-08
57/73
57Symmetric Encryption and Message Confidentiality
Advantages and Limitations of ECB
The ECB method is ideal for a short amount of
data, such as an encryption key. Thus, if youwant to transmit a DES key securely, ECB is the
appropriate mode to use.
The most significant characteristic of ECB is thatthe same b-bit block of plaintext, if it appears
more than once in the message, always
produces the same ciphertext.
7/29/2019 11002_Lec 05-08
58/73
58Symmetric Encryption and Message Confidentiality
Advantages and Limitations of ECB
For lengthy messages, the ECB mode may not be
secure. If the message is highly structured, itmay be possible for a cryptanalyst to exploit
these regularities.
e.g., if it is known that the message always starts outwith certain predefined fields, then the cryptanalyst
may have a number of known plaintext-ciphertext pairs
to work with. If the message has repetitive elements,
with a period of repetition a multiple of b bits, thenthese elements can be identified by the analyst. This
may help in the analysis or may provide an opportunity
for substituting or rearranging blocks.
Cipher Block Chaining (CBC)
7/29/2019 11002_Lec 05-08
59/73
59Symmetric Encryption and Message Confidentiality
Cipher Block Chaining (CBC)In this scheme, the input to the encryption
algorithm is the XOR of the current plaintextblock and the preceding ciphertext block; the
same key is used for each block.
Cipher Block Chaining (CBC)
7/29/2019 11002_Lec 05-08
60/73
60Symmetric Encryption and Message Confidentiality
Cipher Block Chaining (CBC)In effect, we have chained together the
processing of the sequence of plaintext blocks.The input to the encryption function for each
plaintext block bears no fixed relationship to the
plaintext block. Therefore, repeating patterns of
b bits are not exposed.
Cipher Block Chaining (CBC)
7/29/2019 11002_Lec 05-08
61/73
61Symmetric Encryption and Message Confidentiality
Cipher Block Chaining (CBC)In conclusion, because of the chaining
mechanism of CBC, it is an appropriate mode forencrypting messages of length greater than b
bits.
In addition to its use to achieve confidentiality,
the CBC mode can be used for authentication
7/29/2019 11002_Lec 05-08
62/73
62Symmetric Encryption and Message Confidentiality
Cipher Block Chaining
(CBC)
Cipher FeedBack (CFB)
7/29/2019 11002_Lec 05-08
63/73
63Symmetric Encryption and Message Confidentiality
Cipher FeedBack (CFB) The DES scheme is essentially a block cipher
technique that uses b-bit blocks. However, it ispossible to convert DES into a stream cipher, using
either the cipher feedback (CFB) or the output
feedback mode.
A stream cipher eliminates the need to pad a
message to be an integral number of blocks. It also
can operate in real time.
Cipher FeedBack (CFB)
7/29/2019 11002_Lec 05-08
64/73
64Symmetric Encryption and Message Confidentiality
Cipher FeedBack (CFB)One desirable property of a stream cipher is that the
ciphertext be of the same length as the plaintext.Thus, if 8-bit characters are being transmitted, each
character should be encrypted to produce a cipher
text output of 8 bits. If more than 8 bits are
produced, transmission capacity is wasted.
Let the unit of transmission is s bits; a common value is s = 8.
As with CBC, the units of plaintext are chained together, so
that the ciphertext of any plaintext unit is a function of all the
preceding plaintext. In this case, rather than units of b bits,
the plaintext is divided into segments of s bits.
s-bit Cipher FeedBack (CFB-s)
7/29/2019 11002_Lec 05-08
65/73
65Symmetric Encryption and Message Confidentiality
s bit Cipher FeedBack (CFB s)
7/29/2019 11002_Lec 05-08
66/73
66Symmetric Encryption and Message Confidentiality
Advantages and
Limitations of CFBappropriate when data arrives in bits/bytes
most common stream mode
limitation is need to stall while do blockencryption after every n-bits
note that the block cipher is used in
encryption mode at both endserrors propogate for several blocks after the
error
Counter (CTR)
7/29/2019 11002_Lec 05-08
67/73
67Symmetric Encryption and Message Confidentiality
Counter (CTR)Although interest in the counter mode (CTR) has
increased recently, with applications to ATM(asynchronous transfer mode) network security
and IPSec (IP security), this mode was proposed
early on .
Counter (CTR)
7/29/2019 11002_Lec 05-08
68/73
68Symmetric Encryption and Message Confidentiality
Counter (CTR)In CTR mode, A counter, equal to the plaintext
block size is used. The only requirement is thatthe counter value must be different for each
plaintext block that is encrypted.
Typically, the counter is initialized to some valueand then incremented by 1 for each subsequent
block (modulo 2b where b is the block size).
Counter (CTR)
7/29/2019 11002_Lec 05-08
69/73
69Symmetric Encryption and Message Confidentiality
Counter (CTR)For encryption, the counter is encrypted and then
XORed with the plaintext block to produce theciphertext block; there is no chaining.
For decryption, the same sequence of counter
values is used, with each encrypted counterXORed with a ciphertext block to recover the
corresponding plaintext block.
Counter (CTR)
7/29/2019 11002_Lec 05-08
70/73
70Symmetric Encryption and Message Confidentiality
Counter (CTR)
7/29/2019 11002_Lec 05-08
71/73
71Symmetric Encryption and Message Confidentiality
Advantages and
Limitations of CTRefficiency can do parallel encryptions in h/w or s/w
can preprocess in advance of need good for bursty high speed links
random access to encrypted data blocks
provable security (good as other modes)but must ensure never reuse key/counter
values, otherwise could break (cf OFB)
Questions
7/29/2019 11002_Lec 05-08
72/73
72Symmetric Encryption and Message Confidentiality
Questions1. What are the essential ingredients of a symmetric cipher?
2. What are the two basic functions used in encryption algorithms?
3. What is the difference between a block cipher and a stream
cipher?
4. How many keys are required for two people to communicate via a
symmetric cipher?
5. What are the two approaches to attacking a cipher?
6. Why do some block cipher modes of operation only use
encryption while others uses both encryption and decription?
7. What is triple Encryption?
8. Define Brute force and cryptanalytic attack?
9. How do we classify encryption techniques ----2
Questions
7/29/2019 11002_Lec 05-08
73/73
Q10. Write steps for Feistel Cipher Encryption techniques.
11. What are the parameters that are considered for designing a
symmetric block cipher?12. Explain cipher block modes of operation?
13. What are advantages and disadvantages of cipher block modes of
operation?