8/19/2019 CH02-CompSec3e

1/8

1/19/2016

Chapter 2Cryptographic Tools

1

Symmetric Encryption• The universal technique for providing confidentiality

for transmitted or stored data• Also referred to as conventional encryption or

single-key encryption

• Two requirements for secure use:• Need a strong encryption algorithm *• Sender and receiver must have obtained copies

of the secret key in a secure fashion and mustkeep the key secure

2

Plaintextinput

Y = E[ K , X ] X = D[ K , Y ]

X

K K

Transmittedciphertext

Plaintextoutput

Secret key shared bysender and recipient

Secret key shared bysender and recipient

Encryption algorithm(e.g., DES)

Decryption algorithm(reverse of encryption

algorithm)

Figure 2.1 Simplified Model of Symmetric Encryption

3

Attacking SymmetricEncryption

Cryptanalytic Attacks Brute-Force Attack

Rely on:Nature of the algorithm

Some knowledge of thegeneral characteristics of theplaintextSome sample plaintext-

ciphertextpairsExploits the characteristics ofthe algorithm to attempt todeduce a specific plaintext orthe key being used

If successful all future and pastmessages encrypted with thatkey are compromised

Try all possible keys on someciphertext until an intelligibletranslation into plaintext isobtained

On average half of all possiblekeys must be tried to achievesuccess

4

8/19/2019 CH02-CompSec3e

2/8

8/19/2019 CH02-CompSec3e

3/8

1/19/2016

Advanced EncryptionStandard (AES)Needed a

replacement for3DES

3DES was notreasonable forlong term use

NIST called forproposals for a

new AES in 1997Should have a security

strength equal to orbetter than 3DES

Significantly improvedefficiency

Symmetric block cipher

128 bit data and128/192/256 bit keys

SelectedRijndael in

November 2001

Published asFIPS 197

9

Typically symmetric encryption is applied to a unit ofdata larger than a single 64-bit or 128-bit block Electronic codebook (ECB) mode is the simplestapproach to multiple-block encryption

Each block of plaintext is encrypted using the same keyCryptanalysts may be able to exploit regularities in theplaintext

Modes of operationAlternative techniques developed to increase the securityof symmetric block encryption for large sequencesOvercomes the weaknesses of ECB

10

Encrypt

E n c r y p t i o n

K

Figure 2.2 Types of Symmetric Encryption

b

b

b

b

P 1

C 1

P 2

C 2

b

b

P n

C n

Encrypt K Encrypt K

Decrypt

D e c r y p t i o n

K

b

b

b

b

C 1

P 1

C 2

P 2

b

b

C n

P n

Decrypt

(a)Blockc ipher encryption(electronic codebookmode)

(b)Stream encryption

K Decrypt K

Pseudorandombytegenerator

(keystream generator)

Plaintextbyte stream

M

Key K

Key K

k k Plaintext

byte stream M

Ciphertextbyte stream

C ENCRYPTION

Pseudorandombytegenerator

(keystream generator)

DECRYPTION

k

11

Block & Stream Ciphers

• Processes the input one block of elements at a time• Produces an output block for each input block • Can reuse keys• More common

Block Cipher

• Processes the input elements continuously• Produces output one element at a time• Encrypts plaintext one byte at a time• Pseudorandom stream is one that is unpredictable without

knowledge of the input key• Primary advantage is that they are almost always faster

and use far less code

Stream Cipher

12

8/19/2019 CH02-CompSec3e

4/8

1/19/2016

Message Authentication

Protects againstactive attacks

Verifies receivedmessage isauthentic

Can useconventional

encryption

• Contents have not beenaltered

• From authentic source• Timely and in correct

sequence

• Only sender & receivershare a key

13

Message

MAC

K

K

Transmit

MACalgorithm

MACalgorithm

Compare

Figure 2.3 Messag e Authentication Using a MessageAuthentication Code (MAC).

14

15

M e s s a g e

M e s s a g e

M e s s a g e

K

E

K

(a) Using symmetric encryption

Compare

D

H

H

H

H

H

M e s s a g e

M e s s a g e

M e s s a g e

PR a

E

PU a

(b) Using public-key encryption

Compare

D

M e s s a g e

M e s s a g e

M e s s a g e

(c) Using secret value

Compare

K

K

K

K

Source A Destination B

Figure 2.5 Message Authentication Using a One-Way Hash Function.

H

16

8/19/2019 CH02-CompSec3e

5/8

1/19/2016

Hash Function RequirementsCan be applied to a block o f data of any size

Produces a fixed-length output

H(x) is relatively easy to compute for any given x

One-way or pre-image resistant• Computationally infeasible to find x such that H(x) = h

Computationally infeasible to find y ≠ x such that H(y) = H(x)

Collision resistant or strong collision resistance

• Computationally infeasible to find any pair (x,y) such that H(x) = H(y)

17

Security of Hash Functions

There are twoapproaches to

attacking a secure hashfunction:

Cryptanalysis• Exploit logicalweaknesses in thealgorithm

Brute-force attack • Strength of hash functiondepends solely on thelength of the hash codeproduced by thealgorithm

SHA most widely usedhash algorithm

Additional secure hashfunction applications:

Passwords• Hash of a password isstored by an operatingsystem

Intrusion detection• Store H(F) for each fileon a system and securethe hash values

18

Publiclyproposed byDiffie andHellman in

1976

Based onmathematical

functions

Asymmetric• Uses two

separate keys• Public key

and private

key• Public key ismade publicfor others touse

Some form ofprotocol isneeded for

distribution

19

PlaintextReadable message or data that is fed into the algorithm as inputEncryption algorithmPerforms transformations on the plaintext

Public and private keyPair of keys, one for encryption, one for decryption

CiphertextScrambled message produced as output

Decryption keyProduces the original plaintext 20

8/19/2019 CH02-CompSec3e

6/8

1/19/2016

User encrypts data using his or her ownprivate key

Anyone who knows the correspondingpublic key will be able to decrypt themessage

Mike Bob

Plaintextinput

Transmittedciphertext

PlaintextoutputEncryption algorithm

(e.g., RSA)Decryption algorithm

Bob's privatekey

Bob's publickey

Alice'spublic key

ring

JoyTed

(b) Encryption with private key

X

PU b PR b

[

Y = E[ PR b , X ]

[

X =D[ PU b , Y ]

Figure 2.6 Public-Key Cryptography

Bob Alice

21

Algorithm Digital Signature Symmetric KeyDistribution

Encryption ofSecret Keys

RSA Yes Yes Yes

Diffie-Hellman No Yes No

DSS Yes No No

Elliptic Curve Yes Yes Yes

Table 2.3

Applications for Public-Key Cryptosystems

22

Computationally easyto create key pairs

Computationallyeasy for sender

knowing public keyto encrypt messages

Computationallyeasy for receiver

knowing private keyto decryptciphertext

Computationallyinfeasible foropponent to

determine private keyfrom public key

Computationallyinfeasible foropponent to

otherwise recoveroriginal message

Useful if either keycan be used for

each role

23

RSA (Rivest,Shamir,

Adleman)Developed in 1977

Most widely accepted andimplemented approach to

public-key encryption

Block cipher in which theplaintext and ciphertext

are integers between 0 andn -1 for some n .

Diffie-Hellmankey exchange

algorithm

Enables two users tosecurely reach agreementabout a shared secret that

can be used as a secretkey for subsequent

symmetric encryption ofmessages

Limited to the exchange ofthe keys

DigitalSignature

Standard (DSS)

Provides only a digitalsignature function with

SHA-1

Cannot be used forencryption or key

exchange

Elliptic curvecryptography

(ECC)

Security like RSA, but withmuch smaller keys

24

8/19/2019 CH02-CompSec3e

7/8

1/19/2016

Digital SignaturesUsed for authenticating both source and dataintegrity

Created by encrypting hash code with private key

Does not provide confidentiality

Even in the case of complete encryption

Message is safe from alteration but not eavesdropping

25

Unsigned certificate:contains user ID,user's public key,as well as informationconcerning the CA

Signed certificate

Recipient can verifysignature by comparinghash code values

Figure 2.7 Public-Key Certificate Use

Generate hashcode of unsignedcertificate

Encrypt hash codewith CA's private keyto form signature

H

H

Bob's IDinformation

CAinformation

Bob's public key

E D

Decrypt signaturewith CA's public keyto recover hash code

Use certificate toverify Bob's public key

Create signeddigital certificate

26

Protects a messagewithout needing tofirst arrange for sender

and receiver to havethe same secret key

Equates to the samething as a sealedenvelope containingan unsigned letter

Randomsymmetrickey

Receiver's publickey

Encryptedsymmetrickey

Encryptedmessage

Encryptedmessage

Digitalenvelope

Figure 2.8 Digital Envelopes

(a) Creation of a digital envelope

E

E

Message

Randomsymmetrickey

Receiver's privatekey

Encryptedsymmetrickey

(b) Opening a digital envelope

D

DDigitalenvelope

Message

27

RandomNumbers

Keys for public-keyalgorithms

Stream key for symmetricstream cipher

Symmetric key for use asa temporary session keyor in creating a digital

envelopeHandshaking to preventreplay attacks

Session key

Uses includegeneration of:

28

8/19/2019 CH02-CompSec3e

8/8

1/19/2016

Random NumberRequirementsRandomness Unpredictability

Criteria:Uniform distribution

Frequency of occurrenceof each of the numbersshould be approximatelythe same

IndependenceNo one value in thesequence can be inferredfrom the others

Each number isstatistically independentof other numbers in thesequence

Opponent should not beable to predict futureelements of thesequence on the basis ofearlier elements

29

Random versusPseudorandomCryptographic applications typically make use ofalgorithmic techniques for random number generation• Algorithms are deterministic and t herefore produce sequences of numbers

that are not statistically random

Pseudorandom numbers are:• Sequences produced that satisfy statistical randomness tests• Likely to be predictable

True random number generator (TRNG):• Uses a nondeterministic source to produce randomness• Most operate by measuring unpredictable natural processes

• e.g. radiation, gas discharge, leaky capacitors• Increasingly provided on modern processors

30

Practical Application:Encryption of Stored DataCommon to encrypt transmitted data

Much less common for stored data

There is often little protectionbeyond domain

authentication and operatingsystem access controls

Data are archived forindefinite periods

Even though erased, until disksectors are reused data are

recoverable

Approaches to encrypt stored data:

Use a commerciallyavailable encryption

packageBack-end appliance Library based tapeencryption

Background laptop/PCdata encryption

31

Summary• Public-key

encryptionStructureApplications for public-key cryptosystemsRequirements for public-key cryptographyAsymmetric encryptionalgorithms

• Digital signatures

and keymanagementDigital signaturePublic-key certificatesSymmetric key exchangeusing public-keyencryptionDigital envelopes

• Confidentiality withsymmetric encryption

Symmetric encryptionSymmetric block encryptionalgorithmsStream ciphers

• Messageauthentication andhash functions

Authentication usingsymmetric encryptionMessage authenticationwithout message encryption

Secure hash functionsOther applications of hashfunctions

• Random andpseudorandomnumbers

The use of random numbersRandom versuspseudorandom

32