Scribd
Upload
55 views13 pages

Net Sec c2p4

This document discusses network security essentials and covers several topics related to symmetric encryption algorithms including: 1) the use of random and pseudorandom numbers in cryptography, 2) common symmetric block encryption algorithms like DES, 3DES, and AES, 3) stream ciphers like RC4, and 4) cipher block modes of operation such as ECB, CBC, CFB, and CTR.

Uploaded by

nishongopothik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
55 views13 pages

Net Sec c2p4

This document discusses network security essentials and covers several topics related to symmetric encryption algorithms including: 1) the use of random and pseudorandom numbers in cryptography, 2) common symmetric block encryption algorithms like DES, 3DES, and AES, 3) stream ciphers like RC4, and 4) cipher block modes of operation such as ECB, CBC, CFB, and CTR.

Uploaded by

nishongopothik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Network Security

Essentials
chapter 2 part 4

Fifth Edition

by William
Stallings
Algorithm design

Purpose-built Algorithms Three broad


algorithms based on categories of
existing cryptographic
cryptographic algorithms are
algorithms commonly used
to create
PRNGs:
Designed specifically Cryptographic Symmetric block
and solely for the algorithms have the ciphers
purpose of effect of Asymmetric ciphers
generating randomizing input
pseudorandom bit Hash functions and
Can serve as the message
streams core of PRNGs authentication codes
Stream Cipher design considerations

• The encryption sequence should have a large period


• The longer the period of repeat, the more difficult it will be to
do cryptanalysis
• The keystream should approximate the properties of a true random
number stream as close as possible
• The more random-appearing the keystream is, the more randomized the
ciphertext is, making cryptanalysis more difficult
• The pseudorandom number generator is conditioned on the value of
the input key
• To guard against brute-force attacks, the key needs to be sufficiently long
• With current technology, a key length of at least 128 bits is desirable
RC4 algorithm

• A stream cipher designed in 1987 by Ron Rivest for RSA Security


• It is a variable key-size stream cipher with byte-oriented
operations
• The algorithm is based on the use of a random permutation
• Is used in the Secure Sockets Layer/Transport Layer Security
(SSL/TLS) standards that have been defined for communication
between Web browsers and servers
• Also used in the Wired Equivalent Privacy (WEP) protocol and the
newer WiFi Protected Access (WPA) protocol that are part of the
IEEE 802.11 wireless LAN standard
Cipher block Modes of Operation

• A symmetric block cipher processes one block of data at a time


• In the case of DES and 3DES, the block length is b=64 bits
• For AES, the block length is b=128
• For longer amounts of plaintext, it is necessary to break the plaintext into
b-bit blocks, padding the last block if necessary
• Five modes of operation have been defined by NIST
• Intended to cover virtually all of the possible applications of encryption
for which a block cipher could be used
• Intended for use with any symmetric block cipher, including triple DES and
AES
Electronic Codebook Mode (ECB)

• Plaintext is handled b bits at a time and each block of plaintext is


encrypted using the same key
• The term “codebook” is used because, for a given key, there is a
unique ciphertext for every b-bit block of plaintext
• One can imagine a gigantic codebook in which there is an entry for every
possible b-bit plaintext pattern showing its corresponding ciphertext
• With ECB, if the same b-bit block of plaintext appears more than
once in the message, it always produces the same ciphertext
• Because of this, for lengthy messages, the ECB mode may not be secure
• If the message is highly structured, it may be possible for a cryptanalyst to
exploit these regularities
Advantages of CTR mode

• Hardware efficiency
• Encryption/decryption can be done in parallel on multiple blocks of plaintext or ciphertext
• Throughput is only limited by the amount of parallelism that is achieved
• Software efficiency
• Because of the opportunities for parallel execution, processors that support parallel features can be
effectively utilized
• Preprocessing
• The execution of the underlying encryption algorithm does not depend on input
of the plaintext or ciphertext --- when the plaintext or ciphertext input is
presented, the only computation is a series of XORs, greatly enhancing
throughput
• Random access
• The ith block of plaintext or ciphertext can be processed in random-access fashion
• Provable security
• It can be shown that CTR is at least as secure as the other modes discussed in this
section
• Simplicity
• Requires only the implementation of the encryption algorithm and not the
decryption algorithm
summary

• Symmetric encryption • Random and pseudorandom


principles numbers
• Cryptography • The use of random numbers
• Cryptanalysis • TRNGs, PRNGs, PRFs
• Feistel cipher structure • Algorithm design
• Symmetric block encryption • Stream ciphers and RC4
algorithms • Stream cipher structure
• Data encryption standard • RC4 algorithm
• Triple DES • Cipher block modes of
• Advanced encryption operation
standard
• ECB
• CBC
• CFB
• CTR

You might also like