Network Security Principles,

Symmetric Key Cryptography,

Public Key Cryptography

Modified by Xiuzhen Cheng

Originally provided by Professor Rick Han
([email protected]) at the University of
Colorado at Boulder
 Network Security
• Classic properties of secure systems:
• Confidentiality
• Encrypt message so only sender and receiver can
understand it.
• Authentication
• Both sender and receiver need to verify the
identity of the other party in a communication: are
you really who you claim to be?
• Authorization
• Does a party with a verified identity have
permission to access (r/w/x/…) information? Gets
into access control policies.
 Network Security (2)
• Classic properties of secure systems: (cont.)
• Integrity
• During a communication, can both sender and
receiver detect whether a message has been
altered?
• Non-Repudiation
• Originator of a communication can’t deny later
that the communication never took place
• Availability
• Guaranteeing access to legitimate users.
Prevention of Denial-of-Service (DOS) attacks.
 Cryptography
plaintext ciphertext plaintext
Encryption Decryption

• Encryption algorithm also called a cipher

• Cryptography has evolved so that modern
encryption and decryption use secret keys
• Only have to protect the keys! => Key distribution
problem
• Cryptographic algorithms can be openly published
plaintext ciphertext plaintext
Encryption Decryption

Key KA Key KB
 Cryptography (2)
• Cryptography throughout history:
• Julius Caesar cipher: replaced each character by a
character cyclically shifted to the left.
Weakness?
• Easy to attack by looking at frequency of characters

• Mary Queen of Scots: put to

death for treason after Queen
Elizabeth’s I’s spymaster cracked
her encryption code
• WWII: Allies break German
Enigma code and Japanese naval
code
• Enigma code machine (right)
 Cryptography (3)
• Cryptanalysis – Type of attacks:
• Brute force: try every key
• Ciphertext-only attack:
• Attacker knows ciphertext of several messages
encrypted with same key (but doesn’t know plaintext).
• Possible to recover plaintext (also possible to deduce
key) by looking at frequency of ciphertext letters
• Known-plaintext attack:
• Attacker observes pairs of plaintext/ciphertext
encrypted with same key.
• Possible to deduce key and/or devise algorithm to
decrypt ciphertext.
 Cryptography (4)
• Cryptanalysis – Type of attacks:
• Chosen-plaintext attack:
• Attacker can choose the plaintext and look at the paired
ciphertext.
• Attacker has more control than known-plaintext attack
and may be able to gain more info about key
• Adaptive Chosen-Plaintext attack:
• Attacker chooses a series of plaintexts, basing the next
plaintext on the result of previous encryption
• Differential cryptanalysis – very powerful attacking tool
• But DES is resistant to it
• Cryptanalysis attacks often exploit the
redundancy of natural language
• Lossless compression before encryption removes
redundancy
 Principles of Confusion and
Diffusion
plaintext ciphertext plaintext
Encryption Decryption

Key KA Key KB
• Terms courtesy of Claude Shannon, father of
Information Theory
• “Confusion” = Substitution
• a -> b
• Caesar cipher
• “Diffusion” = Transposition or Permutation
• abcd -> dacb
• DES
 Principles of Confusion and
Diffusion (2)
• “Confusion” : a classical Substitution Cipher

Courtesy:
Andreas
Steffen

• Modern substitution ciphers take in N bits and

substitute N bits using lookup table: called S-
Boxes
 Principles of Confusion and
Diffusion (3)
• “Diffusion” : a classical Transposition cipher

Courtesy:
Andreas
Steffen

• modern Transposition ciphers take in N bits and

permute using lookup table : called P-Boxes
 Symmetric-Key Cryptography
plaintext ciphertext plaintext
Encryption Decryption

Key KA Key KB=KA

Secure Key Distribution

• Both sender and receiver keys are the same: KA=KB

• The keys must be kept secret and securely
distributed – we’ll study this later
• Thus, also called “Secret Key Cryptography”
• Data Encryption Standard (DES)
Symmetric-Key Cryptography (2)
• DES
• 64-bit input is permuted
• 16 stages of identical
operation
• differ in the 48-bit
key extracted from
56-bit key - complex
• R2= “R1 is encrypted
with K1 and XOR’d
with L1”
• L2=R1, …
• Final inverse permutation
stage
 Symmetric-Key Cryptography (3)
• Data Encryption Standard (DES)
• Encodes plaintext in 64-bit chunks using a 64-bit key
(56 bits + 8 bits parity)
• Uses a combination of diffusion and confusion to
achieve security
• abcd  dbac
• Was cracked in 1997
• Parallel attack – exhaustively search key space
• Triple-DES: put the output of DES back as input into
DES again with a different key, loop again: 3*56 = 168
bit key
• Decryption in DES – it’s symmetric! Use KA again as
input and then the same keys except in reverse order
• Advanced Encryption Standard (AES) successor
 Symmetric-Key Cryptography (4)
• DES is an example of a block cipher
• Divide input bit stream into n-bit sections, encrypt
only that section, no dependency/history between
sections

Courtesy:
Andreas
Steffen

• In a good block cipher, each output bit is a

function of all n input bits and all k key bits
 Symmetric-Key Cryptography (5)
• Electronic Code Book (ECB) mode for block
ciphers of a long digital sequence

• Vulnerable to replay attacks: if an attacker thinks block

C2 corresponds to $ amount, then substitute another Ck
• Attacker can also build a codebook of <Ck, guessed Pk>
pairs
 Symmetric-Key Cryptography (6)
• Cipher Block Chaining (CBC) mode for block
ciphers

• Inhibits replay attacks and codebook building: identical

input plaintext Pi =Pk won’t result in same output code due
to memory-based chaining
• IV = Initialization Vector – use only once
 Symmetric-Key Cryptography (7)
• Stream ciphers

• Rather than divide bit stream into discrete blocks, as

block ciphers do, XOR each bit of your plaintext
continuous stream with a bit from a pseudo-random
sequence
• At receiver, use same symmetric key, XOR again to
extract plaintext
 Symmetric-Key Cryptography (8)
• RC4 stream cipher by Ron Rivest of RSA Data
Security Inc. – used in 802.11b’s security
• Block ciphers vs. stream ciphers
• Stream ciphers work at bit-level and were originally
implemented in hardware => fast!
• Block ciphers work at word-level and were originally
implemented in software => not as fast
• Error in a stream cipher only affects one bit
• Error in a block cipher in CBC mode affects two
blocks
• Distinction is blurring:
• Stream ciphers can be efficiently implemented in software
• Block ciphers getting faster
 Symmetric-Key Cryptography (9)
• Symmetric key is propagated to both endpoints
A & B via Diffie-Hellman key exchange algorithm
• A & B agree on a large prime modulus n, a “primitive
element” g, and a one-way function f(x)=gx mod n
• n and g are publicly known
• A chooses a large random int a and sends B AA=ga mod
n
• B chooses a large random int b and sends A BB= gb
mod n
• A & B compute secret key S = gba mod n
• Since x=f-1(y) is difficult to compute, then observer
who knows AA, BB, n, g and f will not be able to
deduce the product ab and hence S is secure
 Symmetric Key Distribution

• Key distribution
• Public key via trusted Certificate
Authorities
• Symmetric key?
• Diffie-Helman Key Exchange
• Public key, then secret key (e.g. SSL)
• Symmetric Key distribution via a KDC (Key
Distribution Center)
 Symmetric Key Distribution (2)
• Symmetric Key distribution via a KDC (Key
Distribution Center)
• KDC is a server (trusted 3rd party) sharing a
different symmetric key with each registered user
• Alice wants to talk with Bob, and sends encrypted
request to KDC, KA-KDC(Alice,Bob)
• KDC generates a one-time shared secret key R1
• KDC encrypts Alice’s identity and R1 with Bob’s secret key,
let m= KB-KDC(Alice,R1)
• KDC sends to Alice both R1 and m, encrypted with Alice’s
key: i.e. KA-KDC(R1, KB-KDC(Alice,R1))
• Alice decrypts message, extracting R1 and m. Alice
sends m to Bob.
• Bob decrypts m and now has the session key R1
Symmetric Key Distribution (3)

m=

• Kerberos authentication basically follows this

KDC trusted 3rd party approach
• In Kerberos, the message m is called a ticket and
has an expiration time
 Public-Key Cryptography
plaintext ciphertext plaintext
Encryption Decryption

Key KPUBLIC Key KPRIVATE

• For over 2000 years, from Caesar to 1970s,

encrypted communication required both sides to share
a common secret key => key distribution problems!
• Diffie and Hellman in 1976 invented asymmetric public
key cryptography – elegant, revolutionary!
• Sender’s key differs from receiver’s key
• Simplifies key distribution – just protect Kprivate
• Useful for authentication as well as encryption
 Public-Key Cryptography (2)
plaintext ciphertext plaintext
Encryption Decryption

Key KPUBLIC Key KPRIVATE

Public Key Distribution Secure Key

• Host (receiver) who wants data sent to it in

encrypted fashion advertises a public encryption key
Kpublic
• Sender encrypts with public key
• Receiver decrypts with private key
 Public-Key Cryptography (3)
plaintext ciphertext plaintext
Encryption Decryption

Key KPUBLIC Key KPRIVATE

Public Key Distribution Secure Key

• Decryption algorithm has the property that

• only a private key Kprivate can decrypt the
ciphertext, and
• it is computationally infeasible to deduce Kprivate
even though attacker knows the public key Kpublic
and the encryption algorithm
 Public-Key Cryptography (4)
• Decryption algorithm has the property that only a
private key Kprivate can decrypt the ciphertext
• Based on the difficulty of factoring the product
of two prime #’s
• Example: RSA algorithm (Rivest, Shamir, Adleman)
• Choose 2 large prime #’s p and q
• n=p*q should be about 1024 bits long
• z=(p-1)*(q-1)
• Choose e<n with no common factors with z
• Find d such that (e*d) mod z = 1
• Public key is (n,e), private key is (n,d)
• Message m is encrypted to c = me mod n
• Ciphertext c is decrypted m = cd mod n
 RSA example:
A host chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z.

letter m me c = me mod n
encrypt:
“L” 12 1524832 17

d
decrypt:
c c m = cd mod n letter
17 481968572106750915091411825223072000 12 “L”
 Public-Key Cryptography (4)
• Provides security because:
• There are no known algorithms for quickly
factoring n=p*q, the product of two large prime
#’s
• If we could factor n into p and q, then it would be
easy to break the algorithm: have n, p, q, e, then
just iterate to find decryption key d.
• Public-key cryptography is slow because of the
exponentiation:
• m = cd mod n = (me)d mod n = (md)e mod n
• 1024-bit value for n
• So, don’t use it for time-sensitive applications
and/or use only for small amounts of data – we’ll
see how SSL makes use of this
 Public-Key Cryptography (5)
• A 512 bit number (155 decimals) was factored into
two primes in 1999 using one Cray and 300
workstations
• 1024 bit keys still safe
• Incredibly useful property of public-key
cryptography:
• m = cd mod n = (me)d mod n = (md)e mod n
• Thus, can swap the order in which the keys are
used.
• Example: can use private key for encryption and a
public key for decryption – will see how it is useful
in authentication!