Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The Advanced Encryption Standard (AES) was published by the National Institute of
Standards and Technology (NIST) in 2001.
AES is a symmetric block cipher that is intended to replace DES as the approved
standard for a wide range of applications. Compared to public-key ciphers such as RSA, the
structure of AES and most symmetric ciphers is quite complex and cannot be explained as
easily as many other cryptographic algorithms.
Figure 5.1 shows the overall structure of the AES encryption process. The cipher
takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or 32
bytes (128, 192, or 256 bits).
The key is copied into the first four words of the expanded key. The remainder of the
expanded key is filled in four words at a time.
Random numbers play an important role in the use of encryption for various network
security applications.
The Use of Random Numbers
A number of network security algorithms and protocols based on cryptography make use
of random binary numbers. For example,
PRNG construction is to use a symmetric block cipher as the heart of the PRNG
mechanism. For any block of plaintext, a symmetric block cipher produces an output
block that is apparently random.
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.
It is a variable key size stream cipher with byte-oriented operations. The
algorithm is based on the use of a random permutation. Analysis shows that the
period of the cipher is overwhelmingly likely to be greater than 10100.
RSA scheme is a cipher in which the plaintext and ciphertext are integers between 0 and
n - 1 for some n. A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than
21024.
Description of the Algorithm
RSA makes use of an expression with exponentials. Plaintext is encrypted in blocks, with
each block having a binary value less than some number n. That is, the block size must be
less than or equal to log2(n) + 1; in practice, the block size is i bits, where 2i 6 n … 2i+1.
Encryption and decryption are of the following form, for some plaintext block M and
ciphertext block C.
C = Me mod n
M = Cd mod n = (Me)d mod n = Med mod n
For symmetric encryption to work, the two parties to an exchange must share the same
key, and that key must be protected from access by others. Furthermore, frequent key
changes are usually desirable to limit the amount of data compromised if an attacker learns
the key. Therefore, the strength of any cryptographic system rests with the key distribution
technique, a term that refers to the means of delivering a key to two parties who wish to
exchange data without allowing others to see the key.
For two parties A and B, key distribution can be achieved in a number of ways, as
follows:
1. A can select a key and physically deliver it to B.
2. A third party can select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party can transmit the new
key to the other, encrypted using the old key.
4. . If A and B each has an encrypted connection to a third party C, C can deliver a key
on the encrypted links to A and B.
A Key Distribution Scenario
The key distribution concept can be deployed in a number of ways. A typical
Scenario is illustrated in Figure 14.3
A Transparent Key Control Scheme: The approach is useful for providing end
to- end encryption at a network or transport level in a way that is transparent to the
end users. The approach assumes that communication makes use of a connection-
oriented end-to-end protocol, such as TCP.
Controlling Key Usage: The concept of a key hierarchy and the use of automated
key distribution techniques greatly reduce the number of keys that must be manually
managed and distributed.
Simple Secret Key Distribution: An extremely simple scheme was put forward by
Merkle, . If A wishes to communicate with B, the following procedure is employed:
X.509 defines a framework for the provision of authentication services by the X.500
directory to its users. The directory may serve as a repository of public-key certificates.
Each certificate contains the public key of a user and is signed with the private key of a
trusted certification authority.
In addition, X.509 defines alternative authentication protocols based on the use of
public-key certificates.
X.509 is based on the use of public-key cryptography and digital signatures. The
standard does not dictate the use of a specific algorithm but recommends RSA.
END