Chapter 2
Cryptographic Tools
Symmetric Encryption
•
•
•
The universal technique for providing confidentiality for transmitted or stored data
Also referred to as conventional encryption or single-key encryption
Two requirements for secure use:
•
•
Need a strong encryption algorithm
Sender and receiver must have obtained copies
secure fashion and must
of the secret key in a
keep the key secure
Secret key shared by
sender and recipient
Secret key shared by
sender and recipient
K
K
Transmitted
ciphertext
X
Y =E[K, X]
Plaintext
input
Encryption algorithm
(e.g., DES)
X =D[K, Y]
Decryption algorithm
(reverseof encryption
algorithm)
Figure 2.1 Simplified Model of Symmetric Encryption
Plaintext
output
Attacking Symmetric Encryption
Cryptanalytic Attacks
Rely on:
Nature of the algorithm
Some sample plaintext-ciphertext pairs
Some knowledge of the general
characteristics of the plaintext
Exploits the characteristics of the algorithm
to attempt to deduce a specific plaintext or
the key being used
If successful all future and past
messages encrypted with that key are
compromised
Brute-Force Attack
Try all possible keys on some ciphertext until
an intelligible translation into plaintext is
obtained
On average half of all possible keys
must be tried to achieve success
Table 2.1
DES
TripleDES
AES
Plaintext block size(bits)
64
64
128
Ciphertext block size(bits)
64
64
128
Key size(bits)
56
112 or 168
128, 192, or 256
DES = Data Encryption Standard
AES = Advanced Encryption Standard
Comparison of Three Popular Symmetric Encryption Algorithms
Data Encryption Standard
(DES)
•
The most widely used encryption scheme
•
FIPS PUB 46
•
Referred to as the Data Encryption
•
Uses 64 bit plaintext block and 56 bit key to
Algorithm (DEA)
produce a 64 bit ciphertext
block
Strength concerns:
•
Concerns about algorithm
•
•
DES is the most studied encryption algorithm in existence
Use of 56-bit key
•
Electronic Frontier Foundation (EFF) announced in July 1998 that it had broken
a DES encryption
Table 2.2
Key size
(bits)
56
Cipher
DES
Number of
Alternative
Keys
TimeRequired at 109
decryptions/s
TimeRequired
at 1013
decryptions/s
256 ≈ 7.2 × 1016
255 ns = 1.125 years
1 hour
≈ 3.4 ×
2127 ns = 5.3 × 1021
years
5.3 × 1017 years
Triple DES
2167 ns = 5.8 × 1033
2168 ≈ 3.7 × 1050 years
5.8 × 1029 years
192
AES
2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040
years
9.8 × 1036 years
256
AES
2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060
years
1.8 × 1056 years
128
168
AES
2128
1038
Average Time Required for Exhaustive Key Search
Triple DES (3DES)
Repeats basic DES algorithm three times using either two or three unique keys
First standardized for use in financial applications in ANSI standard X9.17 in 1985
Attractions:
168-bit key length overcomes the vulnerability to brute-force attack of DES
Underlying encryption algorithm is the same as in DES
Drawbacks:
Algorithm is sluggish in software
Uses a 64-bit block size
Advanced Encryption Standard (AES)
Should
Should have
have a
a security
security strength
strength
Needed a
equal
equal to
to or
or better
better than
than 3DES
3DES
NIST called for
replacement for
proposals for a new
3DES
was not
3DES
AES in 1997
Significantly
Significantly improved
improved efficiency
efficiency
reasonable for long
term use
Selected Rijndael in
November 2001
Published as
FIPS 197
Symmetric
Symmetric block
block cipher
cipher
128
128 bit
bit data
data and
and 128/192/256
128/192/256 bit
bit
keys
keys
Practical Security Issues
Typically symmetric encryption is applied to a unit of data larger than a single 64-bit
or 128-bit block
Electronic codebook (ECB) mode is the simplest approach to multiple-block encryption
Each block of plaintext is encrypted using the same key
Cryptanalysts may be able to exploit regularities in the plaintext
Modes of operation
Alternative techniques developed to increase the security
sequences
Overcomes the weaknesses of ECB
of symmetric block encryption for large
Decryption
Encryption
P1
P2
b
K
K
Encrypt
b
K
Encrypt
b
Encrypt
b
C1
C2
C1
C2
b
K
Pn
b
b
Cn
Cn
b
K
Decrypt
b
K
Decrypt
b
Decrypt
b
P1
b
P2
Pn
(a) Block cipher encryption (electronic codebook mode)
Key
K
Key
K
Pseudorandombyte
generator
(key streamgenerator)
Pseudorandombyte
generator
(key streamgenerator)
k
Plaintext
bytestream
M
ENCRYPTION
k
Ciphertext
bytestream
C
DECRYPTION
(b) Streamencryption
Figure2.2 Types of Symmetric Encryption
Plaintext
bytestream
M
Block & Stream Ciphers
Block Cipher
•
•
•
•
Processes the input one block of elements at a time
Produces an output block for each input block
Can reuse keys
More common
Stream Cipher
•
•
•
•
•
Processes the input elements continuously
Produces output one element at a time
Primary advantage is that they are almost always faster and use far less code
Encrypts
Encrypts plaintext
plaintext one
one byte
byte at
at a
a time
time
Pseudorandom stream is one that is unpredictable without knowledge of the input key
Message Authentication
• Contents have not been altered
• From authentic source
Timely and
in correct sequence
Protects against•active
attacks
Verifies received message is authentic
• Only encryption
sender & receiver share a key
Can use conventional
Message
K
Transmit
MAC
algorithm
Compare
MAC
algorithm
MAC
K
Figure 2.3 Message Authentication Using a Message
Authentication Code (MAC).
H
Message
Destination B
Message
Message
SourceA
H
K
K
E
D
Compare
H
Message
Message
Message
(a) Using symmetric encryption
H
PRa
PUa
E
D
Compare
(b) Using public-key encryption
Message
K
Message
Message
K
K
K
H
H
Compare
(c) Using secret value
Figure 2.5 Message Authentication Using a One-Way Hash Function.
Hash Function Requirements
Can
Can be
be applied
applied to
to a
a block
block of
of data
data of
of any
any size
size
Produces
Produces a
a fixed-length
fixed-length output
output
H(x)
H(x) is
is relatively
relatively easy
easy to
to compute
compute for
for any
any given
given x
x
One-way
One-way or
or pre-image
pre-image resistant
resistant
•
Computationally
Computationally infeasible
infeasible to
to find
find x
x such
such that
that H(x)
H(x) =
=h
h
Computationally
Computationally infeasible
infeasible to
to find
find y
y≠
≠x
x such
such that
that H(y)
H(y) =
= H(x)
H(x)
Collision
Collision resistant
resistant or
or strong
strong collision
collision resistance
resistance
•
Computationally
Computationally infeasible
infeasible to
to find
find any
any pair
pair (x,y)
(x,y) such
such that
that H(x)
H(x) =
= H(y)
H(y)
Security of Hash Functions
There are two approaches to
attacking a secure hash
function:
SHA most widely used hash
Additional secure hash
algorithm
function applications:
Cryptanalysis
Passwords
• Exploit logical weaknesses in the
• Hash of a password is stored by an
algorithm
operating system
Brute-force attack
Intrusion detection
• Strength of hash function depends solely
• Store H(F) for each file on a system and
on the length of the hash code produced
by the algorithm
secure the hash values
Some
Asymm
two
ol is
Uses
•
protoc
etric
form of
separ
needed
ate
for
distrib
ution
keys
•
Public
Based
on
mathe
matical
functio
ns
key
Publicl
y
propos
ed by
Diffie
and
Hellma
n in
1976
and
privat
e key
•
Public
key is
Public-Key Encryption Structure
made
public
for
others
to use
Plaintext
Encryption algorithm
Pair of keys, one for encryption, one for decryption
Ciphertext
Performs transformations on the plaintext
Public and private key
Readable message or data that is fed into the algorithm as input
Scrambled message produced as output
Decryption key
Produces the original plaintext
Bob
(a) Encryption with public key
Alice
Alice's
public key
ring
J oy
Ted
Mike
PRb
PUb
Bob's private
key
Bob
Bob's public
key
X=
D[PUb, Y]
Transmitted
ciphertext
X
Y =E[PRb, X]
Plaintext
input
Encryption algorithm
(e.g., RSA)
Bob
Decryption algorithm
(b) Encryption with privatekey
Plaintext
output
Alice
Figure2.6 Public-Key Cryptography
User encrypts data using his or her own private key
Anyone who knows the corresponding public key will be able
to decrypt the message
Table 2.3
Applications for Public-Key Cryptosystems
Algorithm
Digital Signature
Symmetric Key
Distribution
Encryption of
Secret Keys
RSA
Yes
Yes
Yes
Diffie-Hellman
No
Yes
No
DSS
Yes
No
No
Elliptic Curve
Yes
Yes
Yes
Requirements for Public-Key Cryptosystems
Computationally easy to create
key pairs
Computationally easy for sender
Useful if either key can be used
knowing public key to encrypt
for each role
messages
Computationally infeasible for
Computationally easy for
opponent to otherwise recover
receiver knowing private key to
original message
decrypt ciphertext
Computationally infeasible for
opponent to determine private
key from public key
Asymmetric Encryption Algorithms
RSA (Rivest,
Shamir,
Most widely accepted and
Developed in 1977
implemented approach to
public-key encryption
Adleman)
DiffieHellman key
exchange
algorithm
Enables two users to
securely reach agreement
about a shared secret
that can be used as a
secret key for subsequent
Limited to the exchange
of the keys
symmetric encryption of
messages
Digital
Signature
Standard
Provides only a digital
Cannot be used for
signature function with
encryption or key
SHA-1
exchange
(DSS)
Elliptic curve
cryptography
(ECC)
Security like RSA, but with
much smaller keys
Block cipher in which the
plaintext and ciphertext
are integers between 0
and n-1 for some n.