Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.

Published byRudolf Dale Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge."— Presentation transcript:

1 Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge Institute of Technology, Sweden King Mongkut’s Univerity of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv

2 Dr. Reuven Aviv, 2008Conventional Encryption2 Outline Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Key Distribution

3 Prof Reuven Aviv, 2008Conventional Encryption3 Conventional Encryption Principles An encryption scheme has five ingredients: –Plaintext –Encryption algorithm –Secret Key –Ciphertext –Decryption algorithm Security depends on the secrecy of the key, not the secrecy of the algorithm

4 Prof. Reuven Aviv, 2008Conventional Encryption4 Conventional Encryption Process What do we require from the algorithm?

5 Prof. Reuven Aviv, 2008Conventional Encryption5 Requirements The Encryption algorithm should be strong –Opponent who knows the algorithm & ciphertexts would be unable to reveal the plaintext or the key The key is to be distributed in a secure way Low cost chip implementation why? Important for wide spread use Secrecy of algorithm NOT required why?

6 Prof. Reuven Aviv, 2008Conventional Encryption6 Classification of Cryptographic Systems The type of operations used for transforming plaintext to ciphertext examples? The number of keys used –symmetric (single key) –asymmetric (two-keys, - public-key encryption) The way in which the plaintext is processed –Block cipher, stream cipher

7 Dr. Reuven Aviv, June 2002Conventional Encryption7 A model for Encryption algorithm Horst Feistel of IBM in 1973 Input – – block of plaintext in two halves: (L 0, R 0 ) –Secret Key K Encryption: N rounds of “processing” –L i-1, R i-1, K i  L i, R i,K i+1 –Sub-keys K i derived from K One round of encryption: –R i = apply special F(K i, R i-1 ), XOR with L i-1 –L i = R i-1 what is XOR?

8 Dr. Reuven Aviv, June 2002Conventional Encryption8

9 Dr. Reuven Aviv, June 2002Conventional Encryption9 Transmission and Decryption Transmission: Two halves of ciphertext Decryption at the receiver (receiver knows K) Input: –Two halves of Ciphertext (L n+1, R n+1 ) –Last sub-key: K n How receiver knows this? Receiver uses same algorithm as encryption –Each step: create K i, (L i, R i ) in reverse order –Output: plaintext (L 0, R 0 ) how to make the algorithm stronger?

10 Dr. Reuven Aviv, June 2002Conventional Encryption10 Increasing the strength of the algorithm Larger Block size Larger Key Size Increasing Number of rounds –Output bits depend on more input bits Complex Subkey generation algorithm More complex F() What’s the price of all this? All of the above reduce speed why is that important?

11 Dr. Reuven Aviv, June 2002Conventional Encryption11 Conventional Encryption Algorithms Data Encryption Standard (DES) –The most widely used encryption scheme –DES encrypts block after block (block cypher) –The plaintext is processed in 64-bit blocks –The key K is 56-bits in length Triple DES (TDES) –3 keys, three executions of DES Advanced Encryption Standard (AES)

12 Dr. Reuven Aviv, June 2002Conventional Encryption12 DES Encryption: –Initial permutation of the input 64-bit block ?? –16 rounds ( using a special F function) –Swap two halves –Inverse of initial permutation –  ciphertext Decryption –Initial permutation of ciphertext 64-bit block –16 rounds (use sub-keys in reverse order) –Swap  plaintext

13 Dr. Reuven Aviv, June 2002Conventional Encryption13

14 Dr. Reuven Aviv, June 2002Conventional Encryption14 Concerns about DES algorithm vulnerable? (easy way to break?) –No vulnerability found, but –The function F is very complex Key length –DES cracker built – less $250,000, three days work to break (find key) –Much faster cracking done using internet DES is not considered a strong algorithm What a cracker want? What does he do?

15 Dr. Reuven Aviv, June 2002Conventional Encryption15 Cracking methods If plaintext is really text –Use statistical distribution of letters, syllables –Use existence of structure: headers, … –In conjunction with brute force If plaintext is not text but a general binary file –Use structure if known –Brute force Note most files have some structure –E.g. program files –Otherwise attacker would not know if he succeeded

16 Dr. Reuven Aviv, June 2002Conventional Encryption16 Cryptanalysis: Average time required for exhaustive key search Key Size (bits) Number of Alternative Keys Time required at 10 6 Decryption/µs 322 32 = 4.3 x 10 9 2.15 milliseconds 562 56 = 7.2 x 10 16 10 hours 1282 128 = 3.4 x 10 38 5.4 x 10 18 years 1682 168 = 3.7 x 10 50 5.9 x 10 30 years

17 Dr. Reuven Aviv, June 2002Conventional Encryption17 Triple DES Encryption: Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt) P = Plaintext C = ciphertext E K [X] = encryption of X using key K D K [Y] = decryption of Y using key K Effective key length of 168 bits We use decryption in the middle. Why? C = E K3 [D K2 [E K1 [P]]]

18 Dr. Reuven Aviv, June 2002Conventional Encryption18 Triple DES

19 Dr. Reuven Aviv, June 2002Conventional Encryption19 TDES: Decryption C = E K3 [D K2 [E K1 [P]]] D K3 [C] = D K2 [E K1 [P]] E K2 [D K3 [C] = E K1 [P] P = D k1 [E K2 [D K3 [C]]]

20 Encryption of Messages Dr. Reuven Aviv, June 2002 Conventional Encryption20 How a long message is encrypted?

21 Dr. Reuven Aviv, June 2002Conventional Encryption21 Cipher Block Operation: ECB mode “Electronic Code Book” Divide message into blocks; encrypt each block For every block  a ciphertext block –Like a gigantic table: plaintext, ciphertext plaintext blocks repeats?  same ciphertext block –cracker identifies blocks, easier to crack Improvement: design method so that repeat plaintext blocks  different ciphertext blocks! How?

22 Dr. Reuven Aviv, June 2002Conventional Encryption22 Cipher Block Chaining Mode (CBC) Ciphertext block i, C i : Do XOR of the current plaintext block P i and the preceding ciphertext block, C i-1 Then encrypt

23 Dr. Reuven Aviv, June 2002 Conventional Encryption23 CBC Encryption  Create “initial value” block  XOR with first Plaintext block  Encrypt  first ciphertext block  XOR with second plaintext block,…

24 Dr. Reuven Aviv, June 2002Conventional Encryption24 Decryption in CBC mode Decrypt first ciphertext block XOR result with Initial Value Block –  first Plaintext block Decrypt second ciphertext block XOR with first ciphertext block –  second plaintext block. …

25 Dr. Reuven Aviv, June 2002Conventional Encryption25 The Initial Value block IV First ciphertext block C 1 = E K (IV  P 1 ) First Plaintext block P 1 = IV  D K (C 1 ) IV should be sent to receiver for decryption

26 Dr. Reuven Aviv, June 2002Conventional Encryption26 Intitial value attcak Consider bit j of P 1 : –P 1 [j] = IV[j]  D K (C 1 )[j] –If IV[j] is inverted, so is P 1 [j] If attacker gets IV on the way, change it and re- send it to receiver, he can predictably change bits of P 1 What can we do to avoid this attack? Better encrypt IV on its way IV can be encrypted as a single block, with no chaining

27 Key Distribution Dr. Reuven Aviv, June 2002 Conventional Encryption27

28 Dr. Reuven Aviv, June 2002Conventional Encryption28 Types and Usages of Keys Session key: –Data encrypted with a short lived session key –At the end of the session the key is destroyed Permanent (or Master) key: –Used for distributing a (first/new) session key –session key encrypted by master key, sent –A (or B) can do this, –or 3’rd party C with shared master keys K a, K b C is Key Distribution Center (KDC) How K a, K b, are created / distributed?

29 Dr. Reuven Aviv, June 2002Conventional Encryption29 Using KDC: 1. A  KDC A sends non encrypted Request for a session Key for communicating with B –Contents: { A id, B id, N 1 Nonce} Identifier of sender (A) (e.g. Address | port) Identifier of intended party (B) A random string (Nonce) what’s that for? A expects that the nonce will be echoed by the receiver of this message (the KDC) –It will be encrypted so that A will know that it was echoed by KDC and not by an imposter

30 Dr. Reuven Aviv, June 2002Conventional Encryption30 Using KDC: 2. KDC  A 2 parts reply encrypted by master key Ka: Part I – to be used by A: –One time (first/new) session key –Original request (including the nonce) A now knows session key came from KDC A knows it’s not a replay of old reply why? Part II - encrypted by K b, will be sent later to B: Session key and A id

31 Key Distribution Scenario Dr. Reuven Aviv, June 2002 Conventional Encryption31

32 Dr. Reuven Aviv, June 2002Conventional Encryption32 Using KDC: 3. A  B A stores the session key, forwarding Part II to B –Both A and B now know the session key –B knows that session key was created by KDC –But B is not sure whether A is not an imposter –May be it is D, who stole part II, sends to B –B checks if sender knows the session key how 4. B  A: nonce N2, encrypted by the session key 5. A  B: some predefined function of N2 f(N2) –B checks result, if OK, A knows the session key This is Challenge response authentication

33 Dr. Reuven Aviv, June 2002Conventional Encryption33 Key Distribution Scenario

Download ppt "Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.2 Secret Key Cryptography.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.2 Secret Key Cryptography.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
1 Pertemuan 06 Kriptografi tradisional Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 06 Kriptografi tradisional Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.

1 Day 04- Cryptography Acknowledgements to Dr. Ola Flygt of Växjö University, Sweden for providing the original slides.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

Similar presentations

Ads by Google