Network Security
Network Security
Essentials
Essentials
Chapter 2
Chapter 2
Fourth Edition
Fourth Edition
by William Stallings
by William Stallings
(Based on
(Based on
Lecture slides by
Lecture slides by
Lawrie Brown
Lawrie Brown
)
)
Outline

Symmetric encryption

Block encryption algorithms

Stream ciphers

Block cipher modes of operations
Symmetric Encryption
Symmetric Encryption

or conventional /

or conventional /
private-key
private-key
/ single-key
/ single-key

sender and recipient share a common key
sender and recipient share a common key

all classical encryption algorithms are
all classical encryption algorithms are
private-key
private-key

was only type prior to invention of public-
was only type prior to invention of public-
key in 1970’s
key in 1970’s

and by far most widely used
and by far most widely used
Some Basic Terminology
Some Basic Terminology

plaintext
plaintext
- original message
- original message

ciphertext

ciphertext
- coded message
- coded message

cipher
cipher
- algorithm for transforming plaintext to ciphertext
- algorithm for transforming plaintext to ciphertext

key
key
- info used in cipher known only to sender/receiver
- info used in cipher known only to sender/receiver

encipher (encrypt)
encipher (encrypt)
- converting plaintext to ciphertext
- converting plaintext to ciphertext

decipher (decrypt)
decipher (decrypt)
- recovering ciphertext from plaintext
- recovering ciphertext from plaintext

cryptography
cryptography
- study of encryption principles/methods
- study of encryption principles/methods

cryptanalysis (codebreaking)

cryptanalysis (codebreaking)
- study of principles/
- study of principles/
methods of deciphering ciphertext
methods of deciphering ciphertext
without
without
knowing key
knowing key

cryptology
cryptology
- field of both cryptography and cryptanalysis
- field of both cryptography and cryptanalysis
Symmetric Cipher Model
Symmetric Cipher Model
Requirements
Requirements

two requirements for secure use of
two requirements for secure use of
symmetric encryption:
symmetric encryption:

a strong encryption algorithm
a strong encryption algorithm

a secret key known only to sender / receiver
a secret key known only to sender / receiver


mathematically have:
mathematically have:
Y
Y
= E(K,
= E(K,
X
X
)
)
X
X
= D(K,
= D(K,
Y
Y
)
)

assume encryption algorithm is known
assume encryption algorithm is known

implies a secure channel to distribute key
implies a secure channel to distribute key
Cryptography
Cryptography

can characterize cryptographic system by:
can characterize cryptographic system by:


type of encryption operations used
type of encryption operations used
•
substitution
substitution
•
transposition
transposition
•
product
product

number of keys used
number of keys used
•
single-key or private
single-key or private
•
two-key or public
two-key or public

way in which plaintext is processed
way in which plaintext is processed
•
block
block
•
stream
stream
Cryptanalysis

Cryptanalysis

objective to recover key not just message
objective to recover key not just message

general approaches:
general approaches:

cryptanalytic attack
cryptanalytic attack

brute-force attack
brute-force attack

if either succeed all key use compromised
if either succeed all key use compromised
Cryptanalytic Attacks
Cryptanalytic Attacks

ciphertext only
ciphertext only



only know algorithm & ciphertext, is statistical,
only know algorithm & ciphertext, is statistical,
know or can identify plaintext
know or can identify plaintext

known plaintext

known plaintext



know/suspect plaintext & ciphertext
know/suspect plaintext & ciphertext

chosen plaintext
chosen plaintext



select plaintext and obtain ciphertext
select plaintext and obtain ciphertext

chosen ciphertext
chosen ciphertext



select ciphertext and obtain plaintext
select ciphertext and obtain plaintext

chosen text
chosen text



select plaintext or ciphertext to en/decrypt
select plaintext or ciphertext to en/decrypt


An encryption scheme: computationally
secure if

The cost of breaking the cipher exceeds the
value of information

The time required to break the cipher exceeds
the lifetime of information
Brute Force Search
Brute Force Search

always possible to simply try every key
always possible to simply try every key

most basic attack, proportional to key size
most basic attack, proportional to key size

assume either know / recognise plaintext
assume either know / recognise plaintext
Key Size (bits) Number of
Alternative Keys
Time required at 1
decryption/µs
Time required at 10
6

decryptions/µs
32 2
32

= 4.3 × 10
9
2
31
µs = 35.8 minutes 2.15 milliseconds
56 2
56
= 7.2 × 10
16
2
55
µs = 1142 years 10.01 hours
128 2
128
= 3.4 × 10
38
2
127
µs = 5.4 × 10
24
years 5.4 × 10
18
years
168 2
168
= 3.7 × 10
50
2
167
µs = 5.9 × 10

36
years 5.9 × 10
30
years
26 characters
(permutation)
26! = 4 × 10
26
2 × 10
26
µs = 6.4 × 10
12
years 6.4 × 10
6
years
Feistel Cipher Structure
Feistel Cipher Structure

Horst Feistel devised the
Horst Feistel devised the
feistel cipher
feistel cipher

based on concept of invertible product cipher
based on concept of invertible product cipher

partitions input block into two halves
partitions input block into two halves

process through multiple rounds which

process through multiple rounds which

perform a substitution on left data half
perform a substitution on left data half

based on round function of right half & subkey
based on round function of right half & subkey

then have permutation swapping halves
then have permutation swapping halves

implements Shannon’s S-P net concept
implements Shannon’s S-P net concept
Feistel Cipher Structure
Feistel Cipher Structure
Feistel Cipher Design Elements
Feistel Cipher Design Elements

block size: 128 bits
block size: 128 bits

key size: 128 bits
key size: 128 bits

number of rounds: 16
number of rounds: 16

subkey generation algorithm
subkey generation algorithm


round function
round function

fast software en/decryption
fast software en/decryption

ease of analysis
ease of analysis
Symmetric Block Cipher
Algorithms

DES (Data Encryption Standard)

3DES (Triple DES)

AES (Advanced Encryption Standard)
Data Encryption Standard (DES)
Data Encryption Standard (DES)

most widely used block cipher in world
most widely used block cipher in world

adopted in 1977 by NBS (now NIST)
adopted in 1977 by NBS (now NIST)

as FIPS PUB 46
as FIPS PUB 46

encrypts 64-bit data using 56-bit key
encrypts 64-bit data using 56-bit key


has widespread use
has widespread use

has considerable controversy over its
has considerable controversy over its
security
security
DES History
DES History

IBM developed Lucifer cipher
IBM developed Lucifer cipher

by team led by Feistel in late 60’s
by team led by Feistel in late 60’s

used 64-bit data blocks with 128-bit key
used 64-bit data blocks with 128-bit key

then redeveloped as a commercial cipher
then redeveloped as a commercial cipher
with input from NSA and others
with input from NSA and others

in 1973 NBS issued request for proposals
in 1973 NBS issued request for proposals
for a national cipher standard
for a national cipher standard


IBM submitted their revised Lucifer which
IBM submitted their revised Lucifer which
was eventually accepted as the DES
was eventually accepted as the DES
DES Design Controversy
DES Design Controversy

although DES standard is public,
although DES standard is public,
considerable controversy over design
considerable controversy over design

in choice of 56-bit key (vs Lucifer 128-bit)
in choice of 56-bit key (vs Lucifer 128-bit)

and because design criteria were classified
and because design criteria were classified

subsequent events and public analysis
subsequent events and public analysis
show in fact design was appropriate
show in fact design was appropriate

use of DES has flourished
use of DES has flourished

especially in financial applications
especially in financial applications

still standardised for legacy application use

still standardised for legacy application use
Time to Break a DES Code
(assuming 10
6
decryptions/µs)
Multiple Encryption & DES
Multiple Encryption & DES

clear a replacement for DES was needed
clear a replacement for DES was needed

theoretical attacks that can break it
theoretical attacks that can break it

demonstrated exhaustive key search attacks
demonstrated exhaustive key search attacks

AES is a new cipher alternative
AES is a new cipher alternative

prior to this alternative was to use multiple
prior to this alternative was to use multiple
encryption with DES implementations
encryption with DES implementations

Triple-DES is the chosen form
Triple-DES is the chosen form
Double-DES?
Double-DES?


could use 2 DES encrypts on each block
could use 2 DES encrypts on each block

C = E
C = E
K2
K2
(E
(E
K1
K1
(P))
(P))

issue of reduction to single stage
issue of reduction to single stage

and have “meet-in-the-middle” attack
and have “meet-in-the-middle” attack

works whenever use a cipher twice
works whenever use a cipher twice

since
since
X = E
X = E
K1
K1
(P) = D

(P) = D
K2
K2
(C)
(C)

attack by encrypting P with all keys and store
attack by encrypting P with all keys and store

then decrypt C with keys and match X value
then decrypt C with keys and match X value

takes
takes
O(2
O(2
56
56
)
)
steps
steps
Triple-DES with Two-Keys
Triple-DES with Two-Keys

hence must use 3 encryptions
hence must use 3 encryptions

would seem to need 3 distinct keys
would seem to need 3 distinct keys


but can use 2 keys with E-D-E sequence
but can use 2 keys with E-D-E sequence

C = E
C = E
K1
K1
(D
(D
K2
K2
(E
(E
K1
K1
(P)))
(P)))

nb encrypt & decrypt equivalent in security
nb encrypt & decrypt equivalent in security

if
if
K1=K2
K1=K2
then can work with single DES
then can work with single DES

standardized in ANSI X9.17 & ISO8732

standardized in ANSI X9.17 & ISO8732

no current known practical attacks
no current known practical attacks

several proposed impractical attacks might
several proposed impractical attacks might
become basis of future attacks
become basis of future attacks
Triple-DES with Three-Keys
Triple-DES with Three-Keys

although no practical attacks on two-key
although no practical attacks on two-key
Triple-DES have some
Triple-DES have some
concern
concern
s
s

Two-key: key length = 56*2 = 112 bits
Two-key: key length = 56*2 = 112 bits

Three-key: key length = 56*3 = 168 bits
Three-key: key length = 56*3 = 168 bits

can use Triple-DES with Three-Keys to
can use Triple-DES with Three-Keys to
avoid even these

avoid even these

C = E
C = E
K3
K3
(D
(D
K2
K2
(E
(E
K1
K1
(P)))
(P)))

has been adopted by some Internet
has been adopted by some Internet
applications, eg PGP, S/MIME
applications, eg PGP, S/MIME
Triple DES
Origins
Origins

clearly a replacement for DES was needed
clearly a replacement for DES was needed

have theoretical attacks that can break it
have theoretical attacks that can break it


have demonstrated exhaustive key search attacks
have demonstrated exhaustive key search attacks

can use Triple-DES – but slow, has small blocks
can use Triple-DES – but slow, has small blocks

US NIST issued call for ciphers in 1997
US NIST issued call for ciphers in 1997

15 candidates accepted in Jun 98
15 candidates accepted in Jun 98

5 were shortlisted in Aug-99
5 were shortlisted in Aug-99

Rijndael was selected as the AES in Oct-2000
Rijndael was selected as the AES in Oct-2000

issued as FIPS PUB 197 standard in Nov-2001
issued as FIPS PUB 197 standard in Nov-2001