Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today “Help wanted” for security project“Help wanted” for security project.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today “Help wanted” for security project“Help wanted” for security project."— Presentation transcript:

1 March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today “Help wanted” for security project“Help wanted” for security project RecapRecap Block CiphersBlock Ciphers Block Cipher ModesBlock Cipher Modes Group Problem Solve – Block CiphersGroup Problem Solve – Block Ciphers Reading Assignment:Reading Assignment: –Internet Cryptography Chapters 1 and 2 –Chapter excerpt on Volume Encryption from “Authentication”

2 March 2005 2R. Smith - University of St Thomas - Minnesota “Help Wanted” for security project (The title probably sounds more impressive than the actual work)(The title probably sounds more impressive than the actual work) –I need someone to help collect information about computer security product certifications over the past 3 years –Part-time student position for a few weeks QualificationsQualifications –Can deal with MS Access –Can read a structured technical document and quickly extract data from it –Ability to puzzle out other languages (German, French, maybe Korean or Japanese) preferred but not required

3 March 2005 3R. Smith - University of St Thomas - Minnesota Recap Crypto Building BlocksCrypto Building Blocks –One-way hash –Randomness –XOR for encryption –Keystream generation – pseudo-random number generation –Nonces Block CiphersBlock Ciphers –Another building block

4 March 2005 4R. Smith - University of St Thomas - Minnesota Cracking a Block Cipher It’s a hard thing to doIt’s a hard thing to do Known plaintext attackKnown plaintext attack –You may need several plaintext/ciphertext pairs to attack –Generally, you still must do trial-and-error key testing Block ciphers are intentionally designed to make this hard.Block ciphers are intentionally designed to make this hard. –The designers assume the attackers can get a bunch of plaintext/ciphertext pairs –Those pairs aren’t enough to leak the key

5 March 2005 5R. Smith - University of St Thomas - Minnesota Hacking Ciphertext Let’s try encrypting with a block cipherLet’s try encrypting with a block cipher Let’s edit the ciphertextLet’s edit the ciphertext Next, decrypt and see what happens.Next, decrypt and see what happens.

6 March 2005 6R. Smith - University of St Thomas - Minnesota Cipher Block “Modes” These use other crypto building blocks to solve certain problems with block ciphersThese use other crypto building blocks to solve certain problems with block ciphers How do we handle partial blocks?How do we handle partial blocks? –Not all digital data will fit exactly into the blocks –How do we do a ‘real’ stream cipher with a block cipher? Also – There is a ‘patterning’ problemAlso – There is a ‘patterning’ problem –If you just use the block cipher directly, you may leak information through patterns in the encrypted data

7 March 2005 7R. Smith - University of St Thomas - Minnesota “Straight” Crypto – ECB Mode Just apply the key to the plaintextJust apply the key to the plaintext Block after block after blockBlock after block after block

8 March 2005 8R. Smith - University of St Thomas - Minnesota Penguin using Straight Crypto BEFORE:AFTER:

9 March 2005 9R. Smith - University of St Thomas - Minnesota What We Want BEFORE:AFTER:

10 March 2005 10R. Smith - University of St Thomas - Minnesota What’s the problem? The blocks themselves form patternsThe blocks themselves form patterns –We ‘leak’ information because of those patterns Also, it only works on whole blocksAlso, it only works on whole blocks –How do we encrypt partial blocks? –I.E. how do we make a block cipher into a stream cipher?

11 March 2005 11R. Smith - University of St Thomas - Minnesota A Simple Idea: Key Autokey (OFB) The key stream is independent of the data streamThe key stream is independent of the data stream Sort of like a ‘stream cipher’ - can work bit by bitSort of like a ‘stream cipher’ - can work bit by bit The “Initialization Vector” – it’s a nonceThe “Initialization Vector” – it’s a nonce

12 March 2005 12R. Smith - University of St Thomas - Minnesota OFB Decryption Basically identical to the encryption operationBasically identical to the encryption operation Start with the initialization vector (IV)Start with the initialization vector (IV) Generates the exact same key streamGenerates the exact same key stream

13 March 2005 13R. Smith - University of St Thomas - Minnesota Another view of OFB The block cipher provides the PRNGThe block cipher provides the PRNG –The actual keystream varies with the key and the IV Block Cipher Algorithm Initialization Vector (IV) Plaintext Ciphertext Key

14 March 2005 14R. Smith - University of St Thomas - Minnesota A variant: Cipher Feedback (CFB) Like OFB, but feeds forward the ciphertextLike OFB, but feeds forward the ciphertext –Keystream incorporates the ciphertext Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt

15 March 2005 15R. Smith - University of St Thomas - Minnesota CFB Decryption Basically identical to the encryption operationBasically identical to the encryption operation Start with the initialization vector (IV)Start with the initialization vector (IV) Generates the exact same key streamGenerates the exact same key stream

16 March 2005 16R. Smith - University of St Thomas - Minnesota Yet Another: Counter Mode (CTR) Like OFB, but uses a counter instead of chainingLike OFB, but uses a counter instead of chaining “Nonce” is a random data value; counter increments“Nonce” is a random data value; counter increments Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt

17 March 2005 17R. Smith - University of St Thomas - Minnesota CTR Decryption Basically identical to the encryption operationBasically identical to the encryption operation Start with the initialization vector (IV)Start with the initialization vector (IV) Generates the exact same key streamGenerates the exact same key stream

18 March 2005 18R. Smith - University of St Thomas - Minnesota A Popular Choice: CBC Kind of Rube Goldberg-ishKind of Rube Goldberg-ish Each block of plaintext is mixed with the previous block of ciphertext before encryptionEach block of plaintext is mixed with the previous block of ciphertext before encryption Again, uses an IVAgain, uses an IV

19 March 2005 19R. Smith - University of St Thomas - Minnesota CBC Decryption Start with the initialization vector (IV)Start with the initialization vector (IV) XOR with decrypted ciphertext to yield plaintextXOR with decrypted ciphertext to yield plaintext “Error extension” - how do errors propagate?“Error extension” - how do errors propagate? Can we “mix and match” blocks?Can we “mix and match” blocks?

20 March 2005 20R. Smith - University of St Thomas - Minnesota Quick Overview of Modes Seen HereSeen Here –Codebook – the non-mode –OFB – gives us a basic stream cipher –CFB – Feeds back the ciphertext, not the keystream –CTR – reasonable choice for disk drive encryption –CBC – complicated and popular OthersOthers –XEX – supercharged CTR mode, used in TrueCrypt

21 March 2005 21R. Smith - University of St Thomas - Minnesota In Class group exercise Four groups, 4 problemsFour groups, 4 problems –For each: Is the output obviously messed up?Is the output obviously messed up? Does the output ever get back to normal?Does the output ever get back to normal? If so, how much output gets affected (#bits, #blocks)?If so, how much output gets affected (#bits, #blocks)? 1.Swap two blocks in CBC 2.Ciphertext flips 1 bit in CBC 3.Swap two blocks in CTR 4.Ciphertext flips 1 bit in CTR

22 March 2005 22R. Smith - University of St Thomas - Minnesota Desktop Crypto Implementations File encryptionFile encryption –User controlled; sharing and separation on computer Hard drive encryptionHard drive encryption –Done in hardware, no real user control Volume encryptionVolume encryption –Done in software; no real user control Policy implications!Policy implications!

23 March 2005 23R. Smith - University of St Thomas - Minnesota Operating System Structure Pieces of the OS, related to I/O systemPieces of the OS, related to I/O system –File system –Device drivers Drivers are flexible partDrivers are flexible part File system and API give a standard ‘view’ of hard drives to user programsFile system and API give a standard ‘view’ of hard drives to user programs

24 March 2005 24R. Smith - University of St Thomas - Minnesota Volume encryption Device driver encrypts data written to the driveDevice driver encrypts data written to the drive Can’t boot without a password/phrase/keyCan’t boot without a password/phrase/key Users can steal from each otherUsers can steal from each other –Trojan horse issue Everything is safe if volume is stolenEverything is safe if volume is stolen –(and key is unknown)

25 March 2005 25R. Smith - University of St Thomas - Minnesota Hard drive encryption Fast crypto built into hard driveFast crypto built into hard drive Users can steal from each otherUsers can steal from each other Crypto is harder to disableCrypto is harder to disable Problem: how do we handle the key?Problem: how do we handle the key?

26 March 2005 26R. Smith - University of St Thomas - Minnesota Structure Alternatives Hard drive encryptionHard drive encryption –At hardware level –Outside/beyond device driver Volume encryptionVolume encryption –At device driver level –File system sees a normal drive

27 March 2005 27R. Smith - University of St Thomas - Minnesota Software Crypto Dilemmas How do we keep the crypto safe?How do we keep the crypto safe? –What can ‘they’ subvert Subversion examplesSubversion examples –File encryption –Hard drive encryption Access control protectionsAccess control protections

28 March 2005 28R. Smith - University of St Thomas - Minnesota Cipher block modes The images all came from the Wikipedia entry on Block Cipher Modes The Penguin image was produced by lewing@isc.tamu.edu and The GIMP if someone asks. Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

29 March 2005 29R. Smith - University of St Thomas - Minnesota

30 March 2005 30R. Smith - University of St Thomas - Minnesota

31 March 2005 31R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today “Help wanted” for security project“Help wanted” for security project."

Similar presentations

ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework: Chapter 5, exercises E6-E17Homework: Chapter 5, exercises E6-E17.

March R. Smith - University of St Thomas - Minnesota CISC Class Today Homework: Chapter 5, exercises E6-E17Homework: Chapter 5, exercises E6-E17.
 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.

 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework collect/returnHomework collect/return OS Security/PolicyOS Security/Policy.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework collect/returnHomework collect/return OS Security/PolicyOS Security/Policy.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”

March R. Smith - University of St Thomas - Minnesota CISC Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Finish the other presentationFinish the other presentation Cipher ModesCipher.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Finish the other presentationFinish the other presentation Cipher ModesCipher.
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Going over the HomeworkGoing over the Homework RecapRecap What’s on the.

March R. Smith - University of St Thomas - Minnesota CISC Class Today Going over the HomeworkGoing over the Homework RecapRecap What’s on the.

Similar presentations

Ads by Google