Network Security
Network Security
Essentials
Essentials
Chapter 2
Chapter 2
Fourth Edition
Fourth Edition
by William Stallings
by William Stallings
(Based on
(Based on
Lecture slides by
Lecture slides by
Lawrie Brown
Lawrie Brown
)
)
Outline
Symmetric encryption
Block encryption algorithms
Stream ciphers
Block cipher modes of operations
Symmetric Encryption
Symmetric Encryption
or conventional /
or conventional /
private-key
private-key
/ single-key
/ single-key
sender and recipient share a common key
sender and recipient share a common key
all classical encryption algorithms are
all classical encryption algorithms are
private-key
private-key
was only type prior to invention of public-
was only type prior to invention of public-
key in 1970’s
key in 1970’s
and by far most widely used
and by far most widely used
Some Basic Terminology
Some Basic Terminology
plaintext
plaintext
- original message
- original message
ciphertext
ciphertext
- coded message
- coded message
cipher
cipher
- algorithm for transforming plaintext to ciphertext
- algorithm for transforming plaintext to ciphertext
key
key
- info used in cipher known only to sender/receiver
- info used in cipher known only to sender/receiver
encipher (encrypt)
encipher (encrypt)
- converting plaintext to ciphertext
- converting plaintext to ciphertext
decipher (decrypt)
decipher (decrypt)
- recovering ciphertext from plaintext
- recovering ciphertext from plaintext
cryptography
cryptography
- study of encryption principles/methods
- study of encryption principles/methods
cryptanalysis (codebreaking)
cryptanalysis (codebreaking)
- study of principles/
- study of principles/
methods of deciphering ciphertext
methods of deciphering ciphertext
without
without
knowing key
knowing key
cryptology
cryptology
- field of both cryptography and cryptanalysis
- field of both cryptography and cryptanalysis
Symmetric Cipher Model
Symmetric Cipher Model
Requirements
Requirements
two requirements for secure use of
two requirements for secure use of
symmetric encryption:
symmetric encryption:
a strong encryption algorithm
a strong encryption algorithm
a secret key known only to sender / receiver
a secret key known only to sender / receiver
mathematically have:
mathematically have:
Y
Y
= E(K,
= E(K,
X
X
)
)
X
X
= D(K,
= D(K,
Y
Y
)
)
assume encryption algorithm is known
assume encryption algorithm is known
implies a secure channel to distribute key
implies a secure channel to distribute key
Cryptography
Cryptography
can characterize cryptographic system by:
can characterize cryptographic system by:
type of encryption operations used
type of encryption operations used
•
substitution
substitution
•
transposition
transposition
•
product
product
number of keys used
number of keys used
•
single-key or private
single-key or private
•
two-key or public
two-key or public
way in which plaintext is processed
way in which plaintext is processed
•
block
block
•
stream
stream
Cryptanalysis
Cryptanalysis
objective to recover key not just message
objective to recover key not just message
general approaches:
general approaches:
cryptanalytic attack
cryptanalytic attack
brute-force attack
brute-force attack
if either succeed all key use compromised
if either succeed all key use compromised
Cryptanalytic Attacks
Cryptanalytic Attacks
ciphertext only
ciphertext only
only know algorithm & ciphertext, is statistical,
only know algorithm & ciphertext, is statistical,
know or can identify plaintext
know or can identify plaintext
known plaintext
known plaintext
know/suspect plaintext & ciphertext
know/suspect plaintext & ciphertext
chosen plaintext
chosen plaintext
select plaintext and obtain ciphertext
select plaintext and obtain ciphertext
chosen ciphertext
chosen ciphertext
select ciphertext and obtain plaintext
select ciphertext and obtain plaintext
chosen text
chosen text
select plaintext or ciphertext to en/decrypt
select plaintext or ciphertext to en/decrypt
An encryption scheme: computationally
secure if
The cost of breaking the cipher exceeds the
value of information
The time required to break the cipher exceeds
the lifetime of information
Brute Force Search
Brute Force Search
always possible to simply try every key
always possible to simply try every key
most basic attack, proportional to key size
most basic attack, proportional to key size
assume either know / recognise plaintext
assume either know / recognise plaintext
Key Size (bits) Number of
Alternative Keys
Time required at 1
decryption/µs
Time required at 10
6
decryptions/µs
32 2
32
= 4.3 × 10
9
2
31
µs = 35.8 minutes 2.15 milliseconds
56 2
56
= 7.2 × 10
16
2
55
µs = 1142 years 10.01 hours
128 2
128
= 3.4 × 10
38
2
127
µs = 5.4 × 10
24
years 5.4 × 10
18
years
168 2
168
= 3.7 × 10
50
2
167
µs = 5.9 × 10
36
years 5.9 × 10
30
years
26 characters
(permutation)
26! = 4 × 10
26
2 × 10
26
µs = 6.4 × 10
12
years 6.4 × 10
6
years
Feistel Cipher Structure
Feistel Cipher Structure
Horst Feistel devised the
Horst Feistel devised the
feistel cipher
feistel cipher
based on concept of invertible product cipher
based on concept of invertible product cipher
partitions input block into two halves
partitions input block into two halves
process through multiple rounds which
process through multiple rounds which
perform a substitution on left data half
perform a substitution on left data half
based on round function of right half & subkey
based on round function of right half & subkey
then have permutation swapping halves
then have permutation swapping halves
implements Shannon’s S-P net concept
implements Shannon’s S-P net concept
Feistel Cipher Structure
Feistel Cipher Structure
Feistel Cipher Design Elements
Feistel Cipher Design Elements
block size: 128 bits
block size: 128 bits
key size: 128 bits
key size: 128 bits
number of rounds: 16
number of rounds: 16
subkey generation algorithm
subkey generation algorithm
round function
round function
fast software en/decryption
fast software en/decryption
ease of analysis
ease of analysis
Symmetric Block Cipher
Algorithms
DES (Data Encryption Standard)
3DES (Triple DES)
AES (Advanced Encryption Standard)
Data Encryption Standard (DES)
Data Encryption Standard (DES)
most widely used block cipher in world
most widely used block cipher in world
adopted in 1977 by NBS (now NIST)
adopted in 1977 by NBS (now NIST)
as FIPS PUB 46
as FIPS PUB 46
encrypts 64-bit data using 56-bit key
encrypts 64-bit data using 56-bit key
has widespread use
has widespread use
has considerable controversy over its
has considerable controversy over its
security
security
DES History
DES History
IBM developed Lucifer cipher
IBM developed Lucifer cipher
by team led by Feistel in late 60’s
by team led by Feistel in late 60’s
used 64-bit data blocks with 128-bit key
used 64-bit data blocks with 128-bit key
then redeveloped as a commercial cipher
then redeveloped as a commercial cipher
with input from NSA and others
with input from NSA and others
in 1973 NBS issued request for proposals
in 1973 NBS issued request for proposals
for a national cipher standard
for a national cipher standard
IBM submitted their revised Lucifer which
IBM submitted their revised Lucifer which
was eventually accepted as the DES
was eventually accepted as the DES
DES Design Controversy
DES Design Controversy
although DES standard is public,
although DES standard is public,
considerable controversy over design
considerable controversy over design
in choice of 56-bit key (vs Lucifer 128-bit)
in choice of 56-bit key (vs Lucifer 128-bit)
and because design criteria were classified
and because design criteria were classified
subsequent events and public analysis
subsequent events and public analysis
show in fact design was appropriate
show in fact design was appropriate
use of DES has flourished
use of DES has flourished
especially in financial applications
especially in financial applications
still standardised for legacy application use
still standardised for legacy application use
Time to Break a DES Code
(assuming 10
6
decryptions/µs)
Multiple Encryption & DES
Multiple Encryption & DES
clear a replacement for DES was needed
clear a replacement for DES was needed
theoretical attacks that can break it
theoretical attacks that can break it
demonstrated exhaustive key search attacks
demonstrated exhaustive key search attacks
AES is a new cipher alternative
AES is a new cipher alternative
prior to this alternative was to use multiple
prior to this alternative was to use multiple
encryption with DES implementations
encryption with DES implementations
Triple-DES is the chosen form
Triple-DES is the chosen form
Double-DES?
Double-DES?
could use 2 DES encrypts on each block
could use 2 DES encrypts on each block
C = E
C = E
K2
K2
(E
(E
K1
K1
(P))
(P))
issue of reduction to single stage
issue of reduction to single stage
and have “meet-in-the-middle” attack
and have “meet-in-the-middle” attack
works whenever use a cipher twice
works whenever use a cipher twice
since
since
X = E
X = E
K1
K1
(P) = D
(P) = D
K2
K2
(C)
(C)
attack by encrypting P with all keys and store
attack by encrypting P with all keys and store
then decrypt C with keys and match X value
then decrypt C with keys and match X value
takes
takes
O(2
O(2
56
56
)
)
steps
steps
Triple-DES with Two-Keys
Triple-DES with Two-Keys
hence must use 3 encryptions
hence must use 3 encryptions
would seem to need 3 distinct keys
would seem to need 3 distinct keys
but can use 2 keys with E-D-E sequence
but can use 2 keys with E-D-E sequence
C = E
C = E
K1
K1
(D
(D
K2
K2
(E
(E
K1
K1
(P)))
(P)))
nb encrypt & decrypt equivalent in security
nb encrypt & decrypt equivalent in security
if
if
K1=K2
K1=K2
then can work with single DES
then can work with single DES
standardized in ANSI X9.17 & ISO8732
standardized in ANSI X9.17 & ISO8732
no current known practical attacks
no current known practical attacks
several proposed impractical attacks might
several proposed impractical attacks might
become basis of future attacks
become basis of future attacks
Triple-DES with Three-Keys
Triple-DES with Three-Keys
although no practical attacks on two-key
although no practical attacks on two-key
Triple-DES have some
Triple-DES have some
concern
concern
s
s
Two-key: key length = 56*2 = 112 bits
Two-key: key length = 56*2 = 112 bits
Three-key: key length = 56*3 = 168 bits
Three-key: key length = 56*3 = 168 bits
can use Triple-DES with Three-Keys to
can use Triple-DES with Three-Keys to
avoid even these
avoid even these
C = E
C = E
K3
K3
(D
(D
K2
K2
(E
(E
K1
K1
(P)))
(P)))
has been adopted by some Internet
has been adopted by some Internet
applications, eg PGP, S/MIME
applications, eg PGP, S/MIME
Triple DES
Origins
Origins
clearly a replacement for DES was needed
clearly a replacement for DES was needed
have theoretical attacks that can break it
have theoretical attacks that can break it
have demonstrated exhaustive key search attacks
have demonstrated exhaustive key search attacks
can use Triple-DES – but slow, has small blocks
can use Triple-DES – but slow, has small blocks
US NIST issued call for ciphers in 1997
US NIST issued call for ciphers in 1997
15 candidates accepted in Jun 98
15 candidates accepted in Jun 98
5 were shortlisted in Aug-99
5 were shortlisted in Aug-99
Rijndael was selected as the AES in Oct-2000
Rijndael was selected as the AES in Oct-2000
issued as FIPS PUB 197 standard in Nov-2001
issued as FIPS PUB 197 standard in Nov-2001