Professional Documents
Culture Documents
Cryptography
Concepts
Advantage Disadvantage
• Extremely faster than Asymmetric Cryptography • Requires a secure out-of-band medium to share the
• Can encrypt/decrypt very large amount of data keys
• Hard to break if a large key size is used • As the number of parties increases, manageability of
keys is a problem
• Provides only confidentiality, not authenticity or
integrity
Examples
DES, 3DES, IDEA, Blowfish, RC4/5/6, AES
• SP-Network (Substitution/Permutation)
• Used by block ciphers to increase their strength
Asymmetric Cryptography
Pair of keys are required for encryption/decryption
Public key is usually shared while private key is secured by the owner
Secure Message format ~ message is encrypted with receiver's public key ~ Confidentiality
Open Message format ~ message is encrypted with sender’s private key ~ Authenticity
Advantage Disadvantage
• Scalable • Slower than symmetric key
• Provides confidentiality, authentication and non- • Mathematically complex and intensive task
repudiation
• Better key distribution mechanism
Examples
RSA, ECC, DH, El Gamal, DSA
Symmetric vs Asymmetric
Symmetric Algorithm Types
• Compression:
• Reduce redundancy before plaintext is encrypted
• Expansion:
• Expanding the plaintext by duplicating values. Commonly used to match
the keysize
• Padding:
• Adding material to plaintext data before it is encrypted
• Key mixing:
• Using a portion of a key to limit exposure of the key. Keyschedules are
used to generate subkeys from master keys.
Hybrid Encryption Methods
Modes of
Operations
Advantage Disadvantage
• Faster and Easy • Repetitive information contained in the plaintext may
show in the ciphertext, if aligned with blocks.
• If the same message is encrypted (with the same
key) and sent twice, their ciphertext are the same.
Application
Secure transmission of short pieces of information (e.g. a temporary encryption key), database, PIN, Challenge-response
value
Cipher Block Chaining (CBC)
• Solve security deficiencies in ECB
• Each previous cipher blocks is chained to be input with current plaintext block
• The encryption of a block depends on the current and all blocks before it.
• Initialization Vector (IV) is used to encrypt the first 64-bit block to bring in
randomness
• A ciphertext segment depends on the current and all preceding plaintext segments.
• A corrupted ciphertext segment during transmission will affect the current and next
several plaintext segments.
• Size of the ciphertext must be the same size as the block of plaintext
• Appropriate when data arrives in bits/bytes and when error propagation is not accepted
• Advantage:
• more resistant to transmission errors; a bit error in a ciphertext segment affects only the
decryption of that segment.
• IV should be generated randomly each time and sent with the ciphertext.
• Uses: stream encryption over noisy channels (digital video, audio signals)
Counter (CTR)
• Uses an IV counter that increments for each plaintext block that needs to be encrypted
• can be any function which produces a sequence which is guaranteed not to repeat for a long time
• Strengths:
• Counter must be
• Uses: high-speed network encryptions, Encrypting ATM cells, IPSec, Wireless 802.11i
Comparison of Modes
Mode Description Application
ECB 64-bit plaintext block encoded separately Secure transmission of encryption key
CBC 64-bit plaintext blocks are XORed with Commonly used method. Used for
preceding 64-bit ciphertext authentication
CFB s bits are processed at a time and used similar Primary stream cipher. Used for
to CBC authentication
OFB Similar to CFB except that the output is not fed Stream cipher well suited for transmission
back over noisy channels
CTR Key calculated using the nonce and the counter General purpose block oriented
value. Counter is incremented for each block transmission.
Used for high-speed communications
CCMP Counter mode with CBC-MAC protocol based Component of 802.11i wireless standard
on AES encryption using CTR with CBC-MAC
Remark on each mode
• CBC is an excellent block cipher
• CFB, OFB, and CTR are stream ciphers
• CTR is faster because simpler and it allows parallel processing
• CBC and CFB
• reusing an IV leaks some information about the first block of plaintext, and
about any common prefix shared by the two messages
• OFB and CTR
• reusing an IV completely destroys security
• Stream ciphers are considered Synchronous cryptosystems
• Block Chain ciphers are considered Asynchronous cryptosystems
• CTR component in CCMP provides data privacy
• In CCMP MAC provides data origin authentication and data integrity for the
packet payload
3DES
• Uses 48 round computation
• Highly resistant to differential cryptanalysis
• There is heavy performance hit ~ can take 3 times longer
than DES for encryption and decryption
• Works in 4 Different modes
DES-EEE3 Uses 3 different keys for Encryption
DES-EDE3 Uses 3 different keys, Encrypted, decrypted, encrypted
DES-EEE2 Uses 2 keys, first and third encryption process uses same key
DES-EDE2 Uses 2 keys, first and third encryption process uses same key
Rijndael
• Block size: 128, 192, 256
• Key length: 128, 192, 256
• Rounds: variable rounds depending on the key size
• Consists of 4 major operations
• Substitute Bytes
• Shift rows (transposition)
• Mix columns
AES
• The Advanced Encryption Standard (AES) is a symmetric-key block cipher published
by the National Institute of Standards and Technology (NIST) in December 2001
• The criteria defined by NIST for selecting AES fall into three areas:
• Security
• Cost
• Implementation
• Encrypts and decrypts a data block of 128,192 or 256 bits. It uses 10, 12, or 14
rounds. The number of rounds depends on the key and block size, which can be
128, 192, or 256 bits.
IDEA
• IDEA is a block cipher
• IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit key
• Completely avoid substitution boxes and table lookups used in the block ciphers
• The 64-bit plaintext block is partitioned into 16-bit sub-blocks, each has 8 rounds of
mathematical functions performed on it.
• IDEA is faster than DES when implemented in Software
• Used in PGP
• It is a patented algorithm
Blowfish
• No License required
RC4/RC5/RC6
• A series of symmetric encryption algorithms developed by RSA Security
• RC4 - a variable key-size stream cipher. The algorithm is based on the use of a random
permutation. Simple, fast, efficient
• Used in the SSL standards (for secure Web communication), IEEE 802.11 wireless LAN
standard, Microsoft Point-to-Point Encryption, and many others
• RC5 – Block cipher. Data block sizes:32,64,128 bits; key size goes up to 2048 bits. Number of
rounds for encryption/decryption is variable; can go up to 255
• RC6 – Block cipher. Same as RC5, increases overall speed from RC5
Skipjack
• Operates on 64 bit block of text.
• It is approved for use in Federal processing standard (FIPS) 185 and the Escrowed Encryption
Standard
Symmetric Keys round up
Block Size Key length comments
• De facto standard used for key exchange, encryption, digital signature and
authentication
• The public and private keys are a function of large prime numbers
• It is based on the difficulty of factoring large numbers that are a product of two
large prime numbers
• El Gamal depends on the one way function, means that the encryption and
decryption are done in separate functions
• Elliptic curve cryptography [ECC] is a public-key cryptosystem just like RSA, and El Gamal
• These algorithms are based on a mathematical dilemma that poses the following
question:
• If there are several items each with different weight, is it possible to add these items to a knapsack so the
• It means someone can tell you something that you can trust without telling you more
• Example, you trust a message based on half the key pair (public key), without needing to
• A MAC algorithm takes two inputs -- a message and a secret key -- and produces
a MAC
• Types
• Hash MAC (HMAC)
• CBC-MAC
• CMAC
HMAC
• Hash-based Message Authentication Code
• Use cryptographic hash function in combination with a secret key
• Requires sender and receiver to have the same secret key
• Symmetric key is concatenated with the message before it is sent to
Hashing algorithm; the output is the MAC value that is appended to the
message and sent
• The receiver must have the same symmetric key to concatenate and run
the Hashing algorithm to obtain the matching MAC value
• Message is not encrypted with HMAC, hence no confidentiality provided
Cipher Block Chaining message authentication
code (CBC-MAC)
• Message is encrypted with symmetric block cipher in CBC mode and the
final output is used as MAC
• The sender attaches the MAC with the plain text message and sends it
• The receiver runs the same symmetric block cipher in CBC mode to
generate the same MAC value
• It provides data origin authentication (also referred as system
authentication) and integrity
• Both the parties must have the same keys
• MAC authentication is bound to a system and not user; hence provides
weak authentication
Cipher-based message authentication code
(CMAC)
• X.509 is the standard that dictates the fields that is used in the
certificate and the valid values that can be populated in the fields
• S/MIME
• Defacto standard for encrypted email
• Uses RSA encryption
• Relies on use of X.509 certificates for exchanging keys
• Supports AES and 3DES symmetric algorithm
Digital Rights Management – Media protection
• Content Scrambling System (CSS)
• Enforces playback and region restrictions on DVDs
• Was broken with the release of a tool known as DeCSS
• Storage Keys
• Used to encrypt the storage media of the computer system
Attacks on Cryptography
• There are two kinds of attacks
• Passive attacks
• Attacks that do not need active intrusion of the algorithms;
• They are used to gain information before launching active attacks
• It is difficult to detect
• Controls can be placed to prevent them rather than detect and stop
• Active attacks
• Attacks that involved active intrusion of the message
• Involves altering messages, modifying system files, masquerading as another individual
Birthday Attack • It is easier to find two messages that hash to the same hash value than to match a
specific hash with another
• Use the hash algorithm that is twice the length of the message digest as the desired
work factor to prevent this attack
Meet-in-the-middle • Uses a known-plaintext attack
• The plaintext is encrypted using all possible keys and the resulting ciphertext is
decrypted using all possible keys; the matching pairs will provide the key
• Double DES was successfully attacked via this method
Brute force Attack • Most common attack, all possible keys are tried until one is found to decrypt the
ciphertext
• Rainbow table is used to speed-up the process
• It is a lookup table for stored hash values
Karthikeyan Dhayalan
MD & Chief Security Partner
www.cyintegriti.com