Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Wrap Algorithm.

Published byLeon Leonard Modified over 8 years ago

Similar presentations

Presentation on theme: "Key Wrap Algorithm."— Presentation transcript:

1 Key Wrap Algorithm

2 Key wrap algorithm Key wrap algorithm Types of key wrap algorithms
Even when a user encrypts message by using symmetric key algorithm, he has two keys; one is called key encryption key(KEK) which is used for encrypting the content encryption key(CEK) which is use for encrypting message. And then send encrypted CEK and encrypted message. Types of key wrap algorithms AESKW(AES key wrapping algorithm) TDKW (TDES key wrapping algorithm) AKW1 AKW2

3 Simplified AESKW Bob Alice KEKAB KEKAB generate CEKAB
encrypt CEKAB : Ckey=EKEKAB(CEKAB) Message: x encrypt message: c=ECEKAB(x) KEKAB (Ckey, c) decrypt Ckey : CEKAB=EKEKAB(Ckey) decrypt message: x=ECEKAB(c)

4 Purpose of key wrapping
For more security? In my opinion, there is no point of key wrapping for providing more security. If KEK is revealed, so is the message. But there is one advantage: Suppose Bob maintains encrypted data communicated up to now. Even if KEK is revealed, he doesn’t need to change the CEK. Instead, Alice re-encrypts the same CEK with new KEK and sends the newly encrypted CEK to Bob.

5 Random Number Generation (RNG)

6 Types of RNG True RNG Pseudo RNG
Random numbers are generated from physical process in real life. Eg, coin flipping, lottery, thermal noise, mouse movement, etc. Pseudo RNG Random numbers are computed, i.e. they are deterministic. Typical algorithm for computing PRNG S0=seed, Si+1 = F(Si) Eg, RAND() function in ANSI C S0=12345, Si+1 = Si (mod 231)

7 Types of RNG Cryptography PRNG (CPRNG)
CPRNGs are PRNG with one additional property; generated numbers are unpredictable. Given n output bits Si, Si+1, …, Si+n-1 It is computationally infeasible to generate Sn.

8 Uses of Random Numbers Random numbers used to generate keys
Symmetric keys RSA: Prime numbers Diffie Hellman: secret values Random numbers used for nonces Sometimes a sequence is OK But sometimes nonces must be random Random numbers also used in simulations, statistics, etc. Such numbers need to be “statistically” random

9 Case: Misuse of Random Numbers
Online version of Texas Hold ‘em Poker ASF Software, Inc. Random numbers used to shuffle the deck Program did not produce a random shuffle A serious problem or not?

10 Card Shuffle There are 52! > 2225 possible shuffles
The poker program used “random” 32-bit integer to determine the shuffle So, only 232 distinct shuffles could occur Code used Pascal pseudo-random number generator (PRNG): Randomize() Seed value for PRNG was function of number of milliseconds since midnight Less than 227 milliseconds in a day So, less than 227 possible shuffles

11 Card Shuffle Seed based on milliseconds since midnight
PRNG re-seeded with each shuffle By synchronizing clock with server, number of shuffles that need to be tested  218 Could then test all 218 in real time Test each possible shuffle against “up” cards Attacker knows every card after the first of five rounds of betting!

12 Poker Example Poker program is an extreme example
But common PRNGs are predictable Only a question of how many outputs must be observed before determining the sequence Crypto random sequences not predictable For example, keystream from RC4 cipher But “seed” (or key) selection is still an issue! How to generate initial random values? Keys (and, in some cases, seed values)

13 Randomness Sources of randomness via software
Software is (hopefully) deterministic So must rely on external “random” events Mouse movements, keyboard dynamics, network activity, etc., etc. Can get quality random bits by such methods But quantity of bits is very limited Bottom line: “The use of pseudo-random processes to generat e secret quantities can result in pseudo-security”

Download ppt "Key Wrap Algorithm."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Random Number Generation Graham Netherton Logan Stelly.

Random Number Generation Graham Netherton Logan Stelly.
Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Public Key Cryptography

Public Key Cryptography
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7

Similar presentations

Ads by Google