Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3/18/2013
3/18/2013
3/18/2013
Single round
These are private-key symmetric ciphers same key for encrypt and decrypt Each single round must be invertible Key scheduling rounds do not need to be invertible If key is constant from block to block, this is a monoalphabetic, but with huge alphabet Strength comes from confusion and diffusion repeatedly applied
JNTUH CEH Network Security & Cryptography 5
3/18/2013
Non-feedback network of Invertible operations Partially Encrypted text To next round A XOR C
3/18/2013
XOR
C
JNTUH CEH Network Security & Cryptography
3/18/2013
3/18/2013
10
3/18/2013
11
k1 s1 k2
. . .
Consists of n rounds R = the round function si = state after round i ki = the ith round key
12
s2
. . .
R c
kn
3/18/2013
k1 k2
. . .
s1
R-1
s2
. . .
R-1 c
kn
3/18/2013
13
Feistel Networks
If function is not invertible rounds can still be made invertible. Requires at least 2 rounds to mix all bits.
high bits low bits
R F XOR R-1
ki
F XOR
ki
Backwards
3/18/2013
14
XOR
XOR
Left halfi+1
3/18/2013
Right halfi+1 Right halfi+1 Left halfi+1 Note: This block is reversible The direction of signal flow does not change in the one-way block JNTUH CEH Network Security & The XOR is a reversible device 15
Cryptography
possibly weaker than other ciphers, but more rounds (typically 16) can be used
The one-way function is half the width of the block, so a 64-bit block can be encrypted efficiently with a 32-bit processor The Feistel block is vulnerable to differential cryptanalysis, which is a chosenplaintext attack. With enough rounds, it is usable.
3/18/2013
16
3/18/2013
17
Product Ciphers
Each round has two components:
Substitution on smaller Decorrelate input and output: confusion Permutation across the smaller Mix the bits: diffusion blocks blocks
Substitution-Permutation Product Cipher Avalanche Effect: 1 bit of input should affect all output bits, ideally evenly, and for all settings of other in bits
3/18/2013 JNTUH CEH Network Security & Cryptography 18
48
Components
6
E-box expansion and permutation S-box substitution a 64 by 4 bit memory or array P-box expansion and permutation E and P boxes were hardwired S-boxes were in on-chip ROM 256 bytes per round
32
3/18/2013
21
3/18/2013
22
3/18/2013
23
Mangler Function
48-bit Key and the expanded 48-bit R are broken into 8 chunks of 6bits each.
S-boxes
Semi-weak keys
Only two sub-keys are generated on alternate rounds DES has 12 of these (in 6 pairs)
None of these causes a problem since they are a tiny fraction of all available keys However they MUST be avoided by any key generation program
3/18/2013 Dept. of ECE Network Security & Cryptography 29
DES attacks
Brute force attack The COPACOBANA machine, built for US$10,000 by the Universities of Bochum and Kiel, contains 120 low-cost FPGAs and can perform an exhaustive key search on DES in ays on average. The p9 dhoto shows the backplane of the machine with the FPGAs.
3/18/2013 Dept. of ECE Network Security & Cryptography 30
However, the attacks are theoretical and are unfeasible to mount in practice, these types of attack are sometimes termed certificational weaknesses.
3/18/2013
31
Extending DES to 128 bit data paths and 112 bit keys Extending the key expansion calculation.
3/18/2013
32
Double DES
Using two encryption stages and two keys
C = ek2(ek1(p)) p=dk1(dk2(c))
3/18/2013
35
When we have another pair of (P2 ,C2), the possible key pairs that work for them is also 248. Then, among these two sets of key pools found, the expected common key
pairs is only
JNTUH CEH Network Security & Cryptography
3/18/2013
36
Triple DES
DES variant Standardized in ANSI X.917 & ISO 8732 and in PEM for key management Proposed for general EFT standard by ANSI X9 Backwards compatible with many DES schemes Uses either two or three keys.
3/18/2013
37
Triple DES
Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
C = EK3[DK2[EK1[P]]]
C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K
3/18/2013
39
3/18/2013
40
3/18/2013
41
CAST 128
By Carlisle Adams and Stafford Tavares
Defined in RFC 2144 Use key size varying from 40 to 128 bits Structure of Feistel network 16 rounds on 64 bit data block The round function differs from round to round Four primitive operations
Addition, subtraction (mod 232) Bitwise exclusive-OR
3/18/2013 JNTUH CEH Network Security & Cryptography 42
Blowfish
Easy to implement (simple structrure) Two basic operations: addition, XOR High execution speed Similar to Feistel Scheme Run in less than 5K of memory Variable security: key length is variable (between 32 and 448 bits). > Allows a tradeoff between speed and security. -The key is used to generate 18 32-bit subkeys. -Encryption/decryption consist of 16 rounds. The sub key and s-boxes are complicated. So, not suitable when key changes often.
3/18/2013 JNTUH CEH Network Security & Cryptography 43
Blowfish
Encryption: Uses two primitive operations: 1. Addition: performed modulo 232. 2. Bitwise Exclusive-OR. > These two operations do not commute. >Making cryptanalysis difficult.
3/18/2013
44
Blowfish
Encryption Algorithm: -Plaintext is divided into two 32 bit halves. -Go through 16 rounds of transformation using subkeys. -Each rounds takes two 32 bit inputs and produces two 32 outputs. -Output of a round is fed into the next round. -The output of 16th round is exclusive-ORed with 17th and 18th subkeys to produce the ciphertext.
JNTUH CEH Network Security & Cryptography
3/18/2013
45
Blowfish
Details of a Single Round: - Each round includes complex use of addition modulo 232, Ex-OR, and substitution using S-Boxes. - 32 bit input to the function F is divided into four bytes. -Each byte goes through a separate S-box and is expanded into 32 bits. -32 bit outputs go through complex transformation using addition modulo 232 and Ex-OR.
3/18/2013
46
Used in PGP Confusion: (the ciphertext should depend upon the plaintext and key in a complex way) Confusion is achieved by using three operations.
Diffusion: (Each plaintext bit should influence as many ciphertext bits as possible) -IDEA very effective in achieving diffusion.
3/18/2013
47
IDEA...
Confusion: -Achieved by mixing three different operations. -Each operation takes two 16-bit inputs and produces a 16-bit output. Three Operations: 1. Bit-by-bit Exclusive-OR. 2. Addition of integers modulo 2^16 (=65536) 3. Addition of integers modulo 216... -inputs and output are treated as 16 bit unsunged integers. 4. Multiplication of integers modulo 216+1 (=65537). -inputs and output are treated as 16 bit unsunged integers. -A block of all zeros is treated as 216.
3/18/2013
48
IDEA
Three Operations:.. in combination provide a complex transformation making cryptanalysis very difficult. Three operations are incompatible:
>No two satisfy distributive law. >No two satisfy associate law.
3/18/2013
49
IDEA
Diffusion: Provided by a multiplication/addition structure (MA). >Takes two inputs: (1) Two 16 bit values derived from plaintext. (2) Two 16 bit subkeys derived from the key. >Produces two 16 bit outputs.
3/18/2013 JNTUH CEH Network Security & Cryptography 50
IDEA
Diffusion: >Each output bit depends on every input bit and on every bit of the subkeys. //meaning lot of diffusion.// >This structure is repeated 8 times in the encryption algorithm. //provides very effective diffusion.//
3/18/2013 JNTUH CEH Network Security & Cryptography 51
IDEA
Encryption Algorithm:
>Consists of eight rounds. >64 bit input is divided into four 16-bit sub-blocks. >Each round uses six 16-bit keys. >Each round produces four 16-bit outputs. >Output of a round is fed into the next round.
3/18/2013
52
IDEA
Details of a Single Round: Four input sub-blocks are combined with four subkeys producing 4 output sub-blocks. Four output sub-blocks are combined using XOR operation to from two 16 bit blocks. These two blocks are fed into the MA structure. MA structure takes & produces two 16-bit outputs. Four outputs of upper transformation are combined with the two outputs of MA structure to produce four output blocks for this round.
3/18/2013
53
3/18/2013
54
3/18/2013
56
3/18/2013
57
IDEA Decryption
Same code can perform either encryption or decryption given different expanded keys. The inverses of the encryption keys and use them in the opposite order (use the inverse of the last-used encryption key as the first used when doing encryption). Since the last encryption round (an oddround) used keys K49,K50,K51,K52, The first decryption round uses the inverses of the keys K49-K52.
3/18/2013 JNTUH CEH Network Security & Cryptography 58
3/18/2013
59
RC 5
Developed by R. Rivest
Suitable for hardware or software Fast, simple Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations (circular bit shifts) Fast, simple, low memory, data-dependent rotations Adaptable to processors of different word length
A family of algorithms determined by word length, number of rounds, size of secret key
Primitive operations
Addition, XOR, left circular rotation
3/18/2013 JNTUH CEH Network Security & Cryptography 60
RC4
Ron Rivest (of the famous RCA) is the inventor A long random string is called a one-time pad. A stream cipher generates a one-time pad and applies it to a stream of plain text with . RC4 is a stream cipher designed by Ron Rivest.
3/18/2013
61
3/18/2013
62
3/18/2013
63
End-to-end encryption
The source encrypt and the receiver decrypts Payload encrypted Header in the clear
3/18/2013
65
Key Distribution
1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.
3/18/2013 JNTUH CEH Network Security & Cryptography 66
Key Distribution
Session key:
Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed
Permanent key:
Used between entities for the purpose of distributing session keys
3/18/2013
67
3/18/2013
68
References
Behrouz A. Forouzan, Debdeep Mukhopadhyay, Cryptography and Network Security 2e, McGraw Hill Publications, ISBN 978-0-07-070208-0. William Stallings, Cryptography and Network SecurityPrinciples and Practices, 4e, Pearson-Printice Hall publications, ISBN 81-7758-774-9. Stallings, W. Cryptography and Network Security: Principles and Practice, 2nd edition. Prentice Hall, 1999 Scneier, B. Applied Cryptography, New York: Wiley, 1996 Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001.
3/18/2013 JNTUH CEH Network Security & Cryptography 69