CH02 CompSec4e
CH02 CompSec4e
Strength concerns:
• Concerns about the algorithm itself
• DES is the most studied encryption
algorithm in existence
• Concerns about the use of a 56-bit key
• The speed of commercial off-the-shelf processors makes
this key length woefully inadequate
Table 2.2
Significantly improved
3DES was not efficiency
Published as
reasonable for long
term use FIPS 197
Symmetric block cipher
Modes of operation
Alternative techniques developed to increase the security of symmetric
block encryption for large sequences
Overcomes the weaknesses of ECB
Block & Stream Ciphers
Block Cipher
Stream Cipher
• Processes the input elements continuously
• Produces output one element at a time
• Primary advantage is that they are almost always faster and use far less
code
• Encrypts plaintext one byte at a time
• Pseudorandom stream is one that is unpredictable without knowledge of
the input key
Message Authentication
Protects against
active attacks
Can use
• Only sender and receiver share a
conventional key
encryption
Message Authentication
Without Confidentiality
• Message encryption by itself does not provide a secure form of
authentication
• It is possible to combine authentication and confidentiality in a single
algorithm by encrypting a message plus its authentication tag
• Typically message authentication is provided as a separate function
from message encryption
• Situations in which message authentication without confidentiality
may be preferable include:
• There are a number of applications in which the same message is broadcast to a number of
destinations
• An exchange in which one side has a heavy load and cannot afford the time to decrypt all
incoming messages
• Authentication of a computer program in plaintext is an attractive service
Cryptanalysis Passwords
• Exploit logical weaknesses in • Hash of a password is stored by
the algorithm an operating system
Computationally easy
Useful if either key can for sender knowing
be used for each role public key to encrypt
messages
Computationally
infeasible for opponent to
determine private key
from public key
Asymmetric Encryption
Algorithms
RSA (Rivest, Most widely accepted and
Block cipher in which the
Shamir, Developed in 1977 implemented approach to
public-key encryption
plaintext and ciphertext are
integers between 0 and n-1 for
Adleman) some n.
Digital
Signature Provides only a digital
signature function with SHA-1
Cannot be used for encryption
or key exchange
Standard (DSS)
Elliptic curve
cryptography Security like RSA, but with
much smaller keys
(ECC)
Digital Signatures
NIST FIPS PUB 186-4 defines a digital signature as:
”The result of a cryptographic transformation of data that,
when properly implemented, provides a mechanism for
verifying origin authentication, data integrity and signatory non-
repudiation.”
Thus, a digital signature is a data-dependent bit pattern, generated by an
agent as a function of a file, message, or other form of data block
FIPS 186-4 specifies the use of one of three digital signature algorithms:
Digital Signature Algorithm (DSA)
RSA Digital Signature Algorithm
Elliptic Curve Digital Signature Algorithm (ECDSA)
Random Keys for public-key
Numbers algorithms
Stream key for symmetric
stream cipher
Uses include
generation of: Symmetric key for use as a
temporary session key or in
creating a digital envelope
Handshaking to prevent
replay attacks
Session key
Random Number
Requirements
Randomness Unpredictability
Criteria:
Uniform distribution Each number is statistically
Frequency of occurrence of each
of the numbers should be independent of other
approximately the same numbers in the sequence
Independence
No one value in the sequence
can be inferred from the others
Opponent should not be
able to predict future
elements of the sequence
on the basis of earlier
elements
Random versus
Pseudorandom
Cryptographic applications typically make use of
algorithmic techniques for random number generation
• Algorithms are deterministic and therefore produce sequences of numbers
that are not statistically random
Use a commercially
Library based tape Background laptop/PC data
available encryption Back-end appliance
encryption encryption
package
Even though erased, until disk
sectors are reused data are
recoverable
Summary
• Confidentiality with
symmetric encryption • Public-key encryption
Symmetric encryption Structure
Symmetric block encryption Applications for public-key
algorithms cryptosystems
Requirements for public-key
Stream ciphers
cryptography
• Message authentication and Asymmetric encryption algorithms