ECE454/CS594 Computer and Network Security

Slides:



Advertisements
Similar presentations
Symmetric Encryption Prof. Ravi Sandhu.
Advertisements

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
SYMMETRIC CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Block Cipher Modes of Operation and Stream Ciphers
Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security
L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
Lecture 5: Cryptographic Hashes
1 Intercepting Mobile Communications: The Insecurity of …or “Why WEP Stinks” Dustin Christmann.
“Advanced Encryption Standard” & “Modes of Operation”
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.2 Secret Key Cryptography.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Chapter 4 Modes of Operation Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 6
Lecture 23 Symmetric Encryption
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
Slide 1 Stream Ciphers uBlock ciphers generate ciphertext Ciphertext(Key,Message)=Message  Key Key must be a random bit sequence as long as message uIdea:
Chapter 20 Symmetric Encryption and Message Confidentiality.
Lecture 4: Using Block Ciphers
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Stream Cipher July 2011.
Network Security Lecture 4 Modes of Operation Waleed Ejaz
Applied Cryptography Spring 2015 Chaining Modes. What happens when the clear text is longer than the block length k? Most simple solution — encrypt each.
3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.
Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
Encryption Types & Modes Chapter 9 Encryption Types –Stream Ciphers –Block Ciphers Encryption Modes –ECB - Electronic Codebook –CBC - Cipher Block Chaining.
More About DES Cryptography and Network Security Reference: Sec 3.1 of Stallings Text.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 23 Symmetric Encryption
Privacy and Integrity: “ Two Essences of Network Security” Presenter Prosanta Gope Advisor Tzonelih Hwang Quantum Information and Network Security Lab,
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
University of Malawi, Chancellor College
@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
Modes of Operation block ciphers encrypt fixed size blocks – eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts.
Block Cipher Encrypting a large message Electronic Code Book (ECB) message m1 m2 m3 m4 m5 m6 c1 c2 c3 c4 c5 c6 E E E Secret.
CS480 Cryptography and Information Security
Chapter6: More on Symmetric Ciphers
Algorithm Modes ECB, CBC, CFB, OFB.
Computer and Network Security
Outline Desirable characteristics of ciphers Stream and block ciphers
Block Cipher Modes CS 465 Make a chart for the mode comparisons
Block vs Stream Ciphers
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Counter Mode, Output Feedback Mode
Elect. Codebook, Cipher Block Chaining
Secret-Key Encryption
Presentation transcript:

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011

Secret Key Cryptography Modes of operation Stream cipher

Encrypting A Large Message How to encrypt a message > 64 bits? Electronic Code Book (ECB) Cipher Block Chaining (CBC) Output Feedback Mode (OFB) Cipher Feedback Mode (CFB) Counter Mode (CTR)

ECB Mode Message is broken into 64-bit blocks ECB Encryption ECB Decryption Message is broken into 64-bit blocks Each block is independently encoded with the same secret key

Pros and Cons of ECB Suitable for use in secure transmission of single values (e.g. an encryption key) Error in one received ciphertext block does not affect the correct decryption of other ciphertext blocks Identical plaintext blocks produce identical ciphertext blocks resulting in recognizable pattern Ciphertext blocks can be easily rearranged or modified

ECB Rearranging and Modification Attacks 10,000’s digit of salary easily modified 10,000’s digit blocks easily swapped

CBC Mode CBC Encryption CBC Decryption Selects a random number: IV (initialization vector) that is XORed with the first plaintext block. Why? Then generates its own random numbers: the ciphertext from the previous block, XORed with the next plaintext block

Pros and Cons of CBC Suitable for use in general-purpose block-oriented transmission, and authentication The same block repeating in the plaintext will not cause repeats in the ciphertext Subject to modification attack: (but error propagates) Subject to ciphertext block rearranging attack IV: needs to be shared between sender and receiver, either a fixed value or sent encrypted (How to encrypt?)

CBC Modification Attack Original message Decrypted message after modification Solution?

CBC Rearranging Attack If the ciphertext blocks are rearranged as: C1, C5, C3, C2, C4, C6 The resulting plaintext blocks can be deduced…

AES Example: ECB vs. CBC AES in ECB mode AES in CBC mode Similar plaintext blocks produce similar ciphertext blocks (not good!)

Output Feedback Mode (OFB) k-bit OFB OFB is a stream cipher: encryption is done by XORing plaintext with one-time pad One-time pad: b0|b1|b2|b3…, where b0 is a random 64-bit IV, b1 is the secret key encrypted b0, and so on…

Pros and Cons of OFB Suitable for use in stream-oriented transmission over noisy channel (e.g., satellite communication) One-time pad can be generated in advance, only XOR operations are performed in real-time Bit errors do not propagate: error in one ciphertext block only garbles the corresponding plaintext block Message can arrive in arbitrarily sized chunks, get encrypted and transmitted immediately Plaintext modification attack: if attacker knows <plaintext, ciphertext>, he can XOR the plaintext and ciphertext, and XOR the result with any message of his choosing Must not reuse the same IV or secret key (Why?)

Cipher Feedback Mode (CFB) k-bit CFB Similar to OFB k bits shifted in the register are the k bits of ciphertext from the previous block (k can be any number: 1, 8, 64, 128, etc.)

Pros and Cons of CFB Suitable for use in general-purpose stream-oriented transmission, and authentication Less subject to tampering: with k-bit CFB, the change of any k-bit of plaintext in a predictable way will cause unpredictably garbling the next b/k blocks One-time pad cannot be pre-computed, encryption needs to be done in real-time Error in a k-bit ciphertext block propagates: it garbles the next b/k plaintext blocks

Counter Mode (CTR) Similar to OFB Instead of chaining the encryption of one-time pad, the IV is incremented and encrypted to get successive blocks of the one-time pad

Pros and Cons of CTR Suitable for use in general-purpose block-oriented transmission, and high speed encryption One-time pad can be pre-computed Decrypting at any point rather than the beginning: ideal for random access applications Hardware/software efficiency: parallel encryption/decryption on multiple blocks of plaintext or ciphertext Provable security: at least as secure as other modes Simplicity: unlike ECB and CBC, no decryption algorithm is needed in CTR (also true for OFB and CFB) Must not reuse the same IV or key, same as OFB Because: An attacker could get the XOR of two plaintext blocks by XORing the two corresponding ciphertext blocks

Generating MACs Integrity: protect against undetected modifications, cannot be guaranteed by any mode of operation if attacker knows the plaintext Plaintext + CBC residue (when message not secret)

Privacy and Integrity: The Don’ts Privacy: CBC encryption Integrity: CBC residue Ciphertext + CBC residue? Encrypt {plaintext + CBC residue}? Encrypt {plaintext + CRC}?

Ciphertext + CBC Residue Problem?

Encrypt {plaintext + CBC residue} Problem?

Encrypt {plaintext + CRC} Longer CRC maybe Okay

Privacy and Integrity: The Do’s Privacy: CBC encryption + Integrity: CBC residue, but with different keys CBC + weak cryptographic checksum CBC + CBC residue with related keys CBC + cryptographic hash: keyed hash preferred OCB: offset codebook mode: both privacy and integrity in a single cryptographic pass, desirable

3DES: CBC Outside vs. Inside CBC on the outside (Why this one?) CBC on the inside

Stream Ciphers A key is input into a pseudorandom generator to produce a pseudorandom keystream Pseudorandom stream: unpredictable without knowing key Keystream is bitwise XORed with plaintext stream

Design Considerations The encryption sequence should have a large period without repetitions The keystream k should approximate the properties of a true random number stream as close as possible Input key K need be sufficiently long When properly designed, a stream cipher can be as secure as block cipher of comparable key length Advantage of stream ciphers: almost always faster and use far less code than block ciphers

RC4 Designed by Ron Rivest in 1987 for RSA security Variable key-size stream cipher with byte-oriented applications Popular uses: SSL/TLS (Secure Sockets Layer/Transport Layer Security), WEP (Wired Equivalent Privacy) protocol and the newer WiFi Protected Access (WPA) A variable-length key (1—256 bytes) is used to initialize a 256-byte state vector S A byte in the keystream k is generated from S by selecting one of the 256 entries for encryption/decryption The entries in S are permuted after generating each k

RC4 (Cont’d)

RC4 Keystream Generation

Strength of RC4 No practical attack on RC4 is known Must not reuse key A known vulnerability in WEP: relevant to the generation of the key input to RC4 but not RC4 itself

Reading Assignments [Kaufman] Chapter 4

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.