COE 456 –Secure Network

Systems

Topic - Cryptography and

Crypto Protocols

Dr E. T. Tchao
❖ Some material adapted from J.F Kurose and K.W. Ross, W. Stallings and
L. Brown
8-1
Goals
❖ understand principles of security using cryptographic
protocols:
▪ cryptography and its many uses beyond
“secrecy/confidentiality”
▪ authentication
▪ message integrity
▪ …

Network Security 8-2

What Security Goals ?
Secrecy/confidentiality: only sender, intended receiver
should “understand” message contents
▪ sender encrypts message, receiver decrypts message
authentication: sender, receiver want to confirm identity of
each other
message integrity: sender, receiver want to ensure message
not altered (in transit, or afterwards) without detection
Non-repudiation: if sender sends something he/she cannot
successfully repudiate what he/she did -> signatures
Trust/Key-Management: Trust on security of the system is
based on how cryptographic keys are managed.

Network Security 8-3

Friends and enemies: Alice, Bob, Eve, Trudy
❖ well-known in network security world
❖ Bob, Alice (lovers!) want to communicate “securely”
❖ Trudy and Mallory (intruder) may intercept, delete, add messages
❖ Eve (eavesdropper) may listen to messages
Alice Bob
channel data, control
messages

data secure secure data

sender sreceiver

Trudy

Network Security 8-4

Who might Bob, Alice be?
❖ … well, real-life Bobs and Alices!
❖ Web browser/server for electronic transactions
(e.g., online purchases)
❖ online banking client/server
❖ DNS servers
❖ routers exchanging routing table updates
❖ Voter, voting machine, voting server
❖ other examples?

Network Security 8-5

There are bad guys (and girls) out there!

Q: What can a “bad guy” do?

Network Security 8-6

A: A lot!
▪ eavesdrop: intercept messages
▪ actively insert messages into connection
▪ impersonation: can fake (spoof) source address
in packet (or any field in packet)
▪ hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself
in place
▪ denial of service: prevent service from being
used by others (e.g., by overloading resources)

Network Security 8-7

 The language of cryptography

Alice’s Bob’s
K encryption K decryption
A
key Bkey

plaintext encryption ciphertext decryption plaintext

algorithm algorithm

m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))

Network Security 8-8

Breaking an encryption scheme
❖ Brute Force Attack
❖ Cryptanalysis:
▪ Use mathematical and
analytical techniques to
find weaknesses in the
encryption algorithm
❖ Cipher-text only attack:
Trudy has ciphertext she
can analyze
Side-channel attacks:
timing, power analysis, electromagnetic analysis, acoustic
❖ Known-plaintext attack (KPA):
Trudy has plaintext
corresponding to ciphertext
▪ e.g., in monoalphabetic
cipher, Trudy determines
pairings for a,l,i,c,e,b,o,
❖ Chosen-plaintext attack (CPA):
Trudy can get ciphertext for
chosen plaintext
Network Security 8-9
Symmetric key cryptography - Type 1

KS KS

plaintext encryption ciphertext decryption plaintext

message, m algorithm algorithm
K (m) m = KS(KS(m))
S

symmetric key crypto: Bob and Alice share same (symmetric)

key: K S
❖ e.g., key is knowing substitution pattern in mono alphabetic
substitution cipher
Q: how do Bob and Alice agree on key value?

Network Security 8-10

Before Modern Cryptography
1. Substitution Ciphers

Caesar Cipher

Network Security 8-11

Simple encryption scheme
▪ monoalphabetic cipher: substitute one letter for another

plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
e.g.: Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc

Encryption key: mapping from set of 26 letters

to set of 26 letters
Network Security 8-12
A more sophisticated encryption approach
❖ n substitution ciphers, M1,M2,…,Mn
❖ cycling pattern:
▪ e.g., n=4: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..
❖ for each new plaintext symbol, use subsequent
subsitution pattern in cyclic pattern
▪ dog: d from M1, o from M3, g from M4

Encryption key: n substitution ciphers, and cyclic

pattern
▪ key need not be just n-bit pattern

Network Security 8-13

Transposition Cipher (still before modern crypto)

Changes the positions of the letters while keeping

their identities the same.
Letters are rearranged based on a key or pattern

Network Security 8-14

Before Modern Cryptography
● Substitution Ciphers
● Transposition Ciphers

however, these days, these are used

● Block Ciphers: operate on fixed-size blocks of
plaintext.

● Stream Ciphers: operates on one bit or byte at a

time, rather than in fixed-size blocks.

Network Security 8-15

Symmetric Encryption Principles
❖ A symmetric encryption scheme has five ingredients
▪ Plaintext:
• The is the original intelligible message or data that is fed
into the algorithm as input
▪ Encryption algorithm
• The encryption algorithm performs various substitutions
and transformations on the plaintext
▪ Secret key
• The key is a value independent of the plaintext and of the
algorithm
• It is also input to the encryption algorithm
▪ Ciphertext
• This is the scrambled message produced as output. It
depends on the plaintext and the secret key
▪ Decryption algorithm
• The encryption algorithm run in reverse. It takes the
ciphertext and the secret key
8-16
Symmetric Cipher Model

8-17
Requirements
❖ With the message X and the encryption key K as
▪ Input, the encryption algorithm forms the ciphertext Y
Y = E(K, X)
X = D(K, Y)
❖ two requirements for secure use of symmetric
encryption:
▪ a strong encryption algorithm
▪ a secret key known only to sender / receiver
❖ assume encryption algorithm is known
❖ There is a secure channel to distribute key

8-18
Symmetric key crypto: DES
DES: Data Encryption Standard
❖ US encryption standard [NIST 1993]
❖ 56-bit symmetric key, 64-bit plaintext input
❖ block cipher with cipher block chaining
❖ how secure is DES?
▪ DES Challenge: 56-bit-key-encrypted phrase decrypted
(brute force) in less than a day
▪ no known good analytic attack
❖ making DES more secure:
▪ 3DES: encrypt 3 times with 3 different keys

Network Security 8-19

DES follows the Feistel
Network Structure
DES operation
initial permutation
16 identical “rounds” of
function application,
each using different 48
bits of key
final permutation

Network Security 8-20

Data Encryption Standard
(DES)
the most widely used encryption
scheme
• FIPS PUB 46
• referred to as the Data Encryption
Algorithm (DEA)
• uses 64 bit plaintext block and 56 bit
key to produce a 64 bit ciphertext block

strength concerns:
• concerns about algorithm
• DES is the most studied encryption algorithm
in existence
• use of 56-bit key
• Electronic Frontier Foundation (EFF) announced
in July 1998 that it had broken a DES
encryption
 Triple DES (3DES)
● repeats basic DES algorithm three times using either two or
three unique keys
● first standardized for use in financial applications in ANSI
standard X9.17 in 1985
● attractions:
● 168-bit key length overcomes the vulnerability to brute-force
attack of DES
● underlying encryption algorithm is the same as in DES

● drawbacks:
● algorithm is sluggish in software
● uses a 64-bit block size
AES: Advanced Encryption Standard

❖ symmetric-key NIST standard, replaced DES (Nov

2001)

❖ processes data in 128 bit blocks

❖ 128, 192, or 256 bit keys

❖ brute force decryption (try each key) taking 1 sec on

DES, takes 149 trillion years for AES

Network Security 8-23

AES: main steps
data preprocessing
❖ key expansion
❖ initial round
❖ main rounds
▪ SubBytes
▪ ShiftRows
▪ MixColumns
▪ AddRoundKey
❖ final round Network Security 8-24
Advanced Encryption Standard
(AES)
NIST called selected
needed a
for proposals Rijndael in
replacement
for a new AES November
for 3DES
in 1997 2001
should have a security
strength equal to or
better than 3DES

significantly improved
3DES was not efficiency
published as
reasonable for
FIPS 197
long term use
symmetric block cipher

128 bit data and

128/192/256 bit keys
 Attacking Symmetric
Encryption
Cryptanalytic Attacks Brute-Force Attack
● rely on: ● try all possible keys on some
● nature of the algorithm ciphertext until an intelligible
● some knowledge of the general translation into plaintext is
characteristics of the plaintext obtained
● some sample ● on average half of all possible
plaintext-ciphertext pairs keys must be tried to achieve
● exploits the characteristics of the success
algorithm to attempt to deduce a
specific plaintext or the key being
used
● if successful all future and past
messages encrypted with that
key are compromised
 Table 2.1

Average Time Required for Exhaustive Key Search

Figure
2.2

Figure 2.2 Time to Break a Code (assuming 106 decryptions/ms) The

graph assumes that a symmetric encryption algorithm is attacked using
a brute-force approach of trying all possible keys
 Table 2.2

Comparison of Three Popular Symmetric

Encryption Algorithms
Block Cipher
Encryption

Stream
Encryption
 Block & Stream Ciphers
Block Cipher

• processes the input one block of elements at a time

• produces an output block for each input block
• can reuse keys
• more common

Stream Cipher
• processes the input elements continuously
• produces output one element at a time
• primary advantage is that they are almost always faster and
use far less code
• encrypts plaintext one byte at a time
• pseudorandom stream is one that is unpredictable without
knowledge of the input key
 Practical Security Issues

● typically symmetric encryption is applied to a unit of data

larger than a single 64-bit or 128-bit block

● electronic codebook (ECB) mode is the simplest approach

to multiple-block encryption
● each block of plaintext is encrypted using the same key
● cryptanalysts may be able to exploit regularities in the plaintext

● modes of operation
● alternative techniques developed to increase the security of
symmetric block encryption for large sequences
● overcomes the weaknesses of ECB
How are the keys shared anyway?

❖ Physical Exchange
▪ impractical method for remote parties
❖ Key Distribution Centers (KDC)
▪ popular example being kerberos
❖ Public Key Cryptography
▪ Diffie-Hellman key exchange
▪ Elliptic Curve Cryptography

Network Security 8-33

 Public-Key Cryptography

● public-key/two-key/asymmetric cryptography
involves the use of two keys:
● a public-key, which may be known by anybody, and can
be used to encrypt messages, and verify signatures
● a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures

● is asymmetric because
● those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
 Why Public-Key Cryptography?
● developed to address two key issues:
● key distribution – how to have secure communications
in general without having to trust a KDC with your key
● digital signatures – how to verify a message comes intact
from the claimed sender

● public invention due to Whitfield Diffie & Martin

Hellman at Stanford Uni in 1976
● known earlier in classified community
Requirements for Public-Key
Cryptosystems
computationally easy
to create key pairs

computationally
useful if either easy for sender
key can be used knowing public key
for each role to encrypt
messages

computationally computationally
infeasible for easy for receiver
opponent to knowing private key
otherwise recover to decrypt
original message ciphertext
computationally
infeasible for
opponent to
determine private
key from public key
 Asymmetric Encryption
Algorithms
RSA (Rivest, most widely accepted
block cipher in which
the plaintext and
Shamir, developed in 1977
and implemented
approach to
ciphertext are
integers between 0
Adleman) public-key encryption
and n-1 for some n.

enables two users to

Diffie-Hellma securely reach
agreement about a
n key shared secret that
can be used as a
limited to the
exchange secret key for
subsequent symmetric
exchange of the keys

algorithm encryption of
messages

Digital
Signature provides only a digital
signature function
cannot be used for
encryption or key
Standard with SHA-1 exchange

(DSS)

Elliptic curve security like RSA,

cryptography but with much smaller
keys
(ECC)
Public Key Cryptography
symmetric key crypto
❖ requires sender, receiver
know shared secret key
❖ Q: how to agree on key in
first place (particularly if
never “met”)?
public key crypto
❖ radically different
approach
[Diffie-Hellman76,
RSA78]
❖ sender, receiver do not
share secret key
❖ public encryption key
known to all
❖ private decryption key
known only to receiver
Network Security 8-38
Public key cryptography
+
K Bob’s public
B key

-
K Bob’s private
B key

plaintext encryption ciphertext decryption plaintext

message, m algorithm + algorithm message
K (m) - +
B m = K B(K (m))
B

Network Security 8-39

Public key encryption algorithms
requirements:

1
+ . .
need KB( ) and K - ( ) such that
B
- +
K (K (m)) = m
B B

2 given public key K +, it should be

B
impossible to compute private
-
key K
B

RSA: Rivest, Shamir, Adelman algorithm

Network Security 8-40
Prerequisite: modular arithmetic
❖ x mod n = remainder of x when divide by n
❖ facts:
[(a mod n) + (b mod n)] mod n = (a+b) mod n
[(a mod n) - (b mod n)] mod n = (a-b) mod n
[(a mod n) * (b mod n)] mod n = (a*b) mod n
❖ likewise for exponentiation
(a mod n)d mod n = ad mod n
❖ example: x=14, n=10, d=2:
(x mod n)d mod n = 42 mod 10 = 6
xd = 142 = 196 xd mod 10 = 6

Network Security 8-41

Prerequisite: Coprimes
What are coprimes?
you remember GCD or HCF during your basic school days?

If two numbers are coprimes, you can

also say they are “relatively prime”.

Network Security 8-42

RSA: getting ready
❖ message: just a bit pattern
❖ bit pattern can be uniquely represented by an integer
number
❖ thus, encrypting a message is equivalent to encrypting a
number.
example:
❖ m= 10010001 . This message is uniquely represented by
the decimal number 145.
❖ to encrypt m, we encrypt the corresponding number,
which gives a new number (the ciphertext).

Network Security 8-43

RSA: Creating public/private key pair
1. choose two large prime numbers p, q.
(e.g., 1024 bits each and make sure they are both odd)

2. compute n = pq, z or ϕ(n) = (p-1)(q-1)

3. choose e such that 1<e<ϕ(n) and e, ϕ(n) are
“relatively prime” or coprimes.
4. choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. public key is (n,e). private key is (n,d).
+ -
KB KB
Network Security 8-44
RSA: encryption, decryption
0. given (n,e) and (n,d) as computed previously
1. to encrypt message m (<n), compute
c = m e mod n

2. to decrypt received bit pattern, c, compute

m = cd mod n

magic m = (me mod n) d mod n

happens!
c

Network Security 8-45

RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
encrypting 8-bit messages.

bit pattern m me c = me mod n

encrypt:
00001100 12 24832 17

d
c c m = cd mod n
decrypt:
17 48196857210675091509141182522307169 12
7

Network Security 8-46

Why does RSA work?
❖ must show that cd mod n = m
where c = me mod n
❖ fact: for any x and y: xy mod n = x(y mod z) mod n
▪ where n= pq and z = (p-1)(q-1)
❖ thus,
cd mod n = (me mod n)d mod n
= med mod n
= m(ed mod z) mod n
= m1 mod n
=m
Network Security 8-47
RSA: another important property
The following property will be very useful later:

- + + -
K (K (m)) = m = K (K (m))
B B B B

use public key use private key

first, followed by first, followed by
private key public key

result is the same!

Network Security 8-48

Why is RSA secure?
❖ suppose you know Bob’s public key (n,e). How hard
is it to determine d?

❖ essentially need to find factors of n without

knowing the two factors p and q
▪ fact: factoring a big number is hard

Network Security 8-49

RSA in practice: session keys
❖ exponentiation in RSA is computationally intensive

❖ DES is at least 100 times faster than RSA

❖ use public key crypto to establish secure
connection, then establish second key – symmetric
session key – for encrypting data

session key, KS
❖ Bob and Alice use RSA to exchange a symmetric key KS

❖ once both have KS, they use symmetric key cryptography

Network Security 8-50