L4 (Crypto)
L4 (Crypto)
MIS 1201
(Symmetric Key Cryptography)
Kasun De Zoysa
1
The classic cryptography
Encryption algorithm and related key are kept
secret.
Breaking the system is hard due to large numbers
of possible keys.
For example: for a key 128 bits long
there are
128 38
2 ≈10
keys to check using brute force.
Encryption
Some
confidential
text (message)
in clear
(readable)
form
Decryption
3
Symmetric Key / Private Key
Cryptosystem
Uses a single Private Key shared between users
Strengths
Speed/ Efficient Algorithms – much quicker
than Asymmetric
Hard to break when using a large Key Size
Ideal for bulk encryption / decryption
Weaknesses
Poor Key Distribution (must be done out of
band – ie phone, mail, etc)
Poor Key Management / Scalability (each user
needs a unique key)
Cannot provide authenticity or non-repudiation
– only confidentiality 4
Data Encryption Standard (DES)
5
Triple DES
Clear Text
Cipher Text
6
Triple-DES with Two-Keys
•Use 3 encryptions
would seem to need 3 distinct keys
But can use 2 keys with E-D-E sequence
C = EK1[DK2[EK1[P]]]
Note: encrypt & decrypt equivalent in security
if K1=K2 then can work with single DES
•Standardized in ANSI X9.17 & ISO8732
•No current known practical attacks
7
DES- AES
8
AES Requirements
9
AES Shortlist
10
Advance Encryption Standard (AES)
11
Advance Encryption Standard (AES)
12
Block Ciphers- Modes of Operation
13
Electronic Codebook Book (ECB)
14
Electronic Code Book Mode (ECB)
Clear text
8 8 8 8
8 8 8 8
Cipher text
15
Advantages and Limitations of ECB
16
17
Cipher Block Chaining (CBC)
18
Cipher Block Chaining Mode (CBC)
Clear text
8 8 8 8
IV
8 8 8 8
Cipher text
19
MAC based on CBC
Message
8 8 8 8
IV
MAC
864 864 864 8
20
Advantages and Limitations of CBC
22
Cipher Feedback Mode (CFB)
23
Output Feed Back(OFB) mode
24
Output Feedback Mode (OFB)
25
Counter (CTR)
a “new” mode, though proposed early on
similar to OFB but encrypts counter value
rather than any feedback value
Oi = EK(i)
Ci = Pi XOR Oi
27
Advantages and Limitations of
CTR
28
OpenSSL
# encrypt file.txt to file.enc using 256-bit AES in CBC
mode
29
Key Escrow
• Separate agencies maintain components of private
key, which, when combined, can be used to
decrypt ciphertext
• Stated reason is to decrypt drug related
communications
• Clipper chip is an example
secret algorithm
Unpopular, unused
• Issues include key storage, Big Brother
30
Key Escrow Standard
Key
31
Other Symmetric Block Ciphers
32
Other Symmetric Block Ciphers
RC5
Suitable for hardware and software
Fast, simple
Adaptable to processors of different word lengths
Variable number of rounds
Variable-length key
Low memory requirement
High security
Data-dependent rotations
Cast-128
Key size from 40 to 128 bits
The round function differs from round to round
33
Stream Ciphers
34
Stream Cipher Properties
•Some design considerations are:
– long period with no repetitions
– statistically random
– depends on large enough key
– large linear complexity
– correlation immunity
– confusion
– diffusion
– use of highly non-linear Boolean functions
35
RC4
•A proprietary cipher owned by RSA DSI
•Another Ron Rivest design, simple but effective
•Variable key size, byte-oriented stream cipher
•Widely used (web SSL/TLS, wireless WEP)
•Key forms random permutation of all 8-bit values
•Uses that permutation to scramble input information
processed a byte at a time
36
RC4 Security
•Claimed secure against known attacks
– have some analyses, none practical
•Result is very non-linear
•Since RC4 is a stream cipher, must never reuse a key
•
37
Advantages & Disadvantages
Advantages
Algorithms are fast
•Encryption & decryption are handled by same key
•As long as the key remains secret, the system also
provide authentication
Disadvantages
Key is revealed, the interceptors can decrypt
all encrypted information
•Key distribution problem
•Number of keys increases with the square of the number of people
exchanging secret information
38
Discussion
Discussion
39