Professional Documents
Culture Documents
Course Work
1
Course Outcomes
2
Syllabus – Unit 2
UNIT II - ENCRYPTION – SYMMETRIC TECHNIQUES (9 Hours)
Substitution Ciphers – Transposition Ciphers – Classical Ciphers - DES -
AES - Confidentiality Modes of Operation – Key Channel Establishment for
symmetric cryptosystems.
REFERENCES:
•William Stallings, “Crpyptography and Network security: Principles and Practices”,
Pearson/PHI, 5th Edition,2010.
•Behrouz A. Forouzan, “Cryptography and Network Security”, 2ndEdition, Tata McGraw
Hill Education,2010.
•Wade Trappe, Lawrence C Washington, “Introduction to Cryptography with coding
theory”, 2nd Edition, Pearson,2007.
•Douglas R. Stinson ,“Cryptography Theory and Practice ”, 3rd Edition, Chapman &
Hall/CRC, 2006.
•W. Mao, “Modern Cryptography – Theory and Practice”, Pearson Education, 2nd
Edition,2007.
3
ADVANCE
ENCRYPTION
STANDARD
TOPICS
• ORIGIN OF AES
• BASIC AES
• INSIDE ALGORITHM
• FINAL NOTES
AES: ADVANCED ENCRYPTION
STANDARD
symmetric-key NIST standard, replaced DES (Nov 2001)
processes data in 128 bit blocks
128, 192, or 256 bit keys
brute force decryption (try each key) taking 1 sec on DES,
takes 149 trillion years for AES
ORIGINS
Cryptography 8
AES ROUND STRUCTURE
• THE 128-BIT VERSION OF THE AES
ENCRYPTION ALGORITHM PROCEEDS
IN TEN ROUNDS.
• EACH ROUND PERFORMS AN
INVERTIBLE TRANSFORMATION ON A
128-BIT ARRAY, CALLED STATE.
• THE INITIAL STATE X0 IS THE XOR OF
THE PLAINTEXT P WITH THE KEY K:
• X0 = P XOR K.
9
AES ROUNDS
• EACH ROUND IS BUILT FROM FOUR BASIC STEPS:
1. SUBBYTES STEP: AN S-BOX SUBSTITUTION STEP
2. SHIFTROWS STEP: A PERMUTATION STEP
3. MIXCOLUMNS STEP: A MATRIX MULTIPLICATION STEP
4. ADDROUNDKEY STEP: AN XOR STEP WITH A ROUND KEY
DERIVED FROM THE 128-BIT ENCRYPTION KEY
10
BLOCK CIPHER MODES
• A BLOCK CIPHER MODE DESCRIBES THE WAY A BLOCK CIPHER
ENCRYPTS AND DECRYPTS A SEQUENCE OF MESSAGE BLOCKS.
• ELECTRONIC CODE BOOK (ECB) MODE (IS THE SIMPLEST):
• BLOCK P[I] ENCRYPTED INTO CIPHERTEXT BLOCK C[I] = EK(P[I])
• BLOCK C[I] DECRYPTED INTO PLAINTEXT BLOCK M[I] = DK(C[I])
11
Public domain images from http://en.wikipedia.org/wiki/File:Ecb_encryption.png and http://en.wikipedia.org/wiki/File:Ecb_decryption.png
STRENGTHS AND WEAKNESSES OF
ECB
• WEAKNESS:
• STRENGTHS:
• DOCUMENTS AND IMAGES
• IS VERY SIMPLE ARE NOT SUITABLE FOR ECB
• ALLOWS FOR ENCRYPTION SINCE PATTERS
IN THE PLAINTEXT ARE
PARALLEL
REPEATED IN THE
ENCRYPTIONS OF THE CIPHERTEXT:
BLOCKS OF A
PLAINTEXT
• CAN TOLERATE THE
LOSS OR DAMAGE OF A
BLOCK 06/30/22 12
ANOTHER EXAMPLE
13
CIPHER BLOCK CHAINING (CBC)
MODE
• IN CIPHER BLOCK CHAINING (CBC) MODE
• THE PREVIOUS CIPHERTEXT BLOCK IS COMBINED WITH THE
CURRENT PLAINTEXT BLOCK C[I] = EK (C[I 1] P[I])
• C[1] = V, A RANDOM BLOCK SEPARATELY TRANSMITTED
ENCRYPTED (KNOWN AS THE INITIALIZATION VECTOR)
• DECRYPTION: P[I] = C[I 1] DK (C[I])
V V
EK EK EK EK DK DK DK DK
• STRENGTHS: • WEAKNESSES:
• CBC REQUIRES THE
• DOESN’T SHOW RELIABLE
PATTERNS IN THE TRANSMISSION OF ALL
PLAINTEXT THE BLOCKS
• IS THE MOST SEQUENTIALLY
• CBC IS NOT SUITABLE
COMMON MODE
FOR APPLICATIONS THAT
• IS FAST AND ALLOW PACKET LOSSES
RELATIVELY SIMPLE (E.G., MUSIC AND VIDEO
STREAMING)
15
JAVA AES ENCRYPTION EXAMPLE
• SOURCE
HTTP://JAVA.SUN.COM/JAVASE/6/DOCS/TECHNOTES/GUIDES/SECURITY/CRYPTO/CRYPTOSPEC.HTML
• GENERATE AN AES KEY
CIPHER AESCIPHER;
AESCIPHER = CIPHER.GETINSTANCE("AES/ECB/PKCS5PADDING");
• ENCRYPT
AESCIPHER.INIT(CIPHER.ENCRYPT_MODE, AESKEY);
BYTE[] PLAINTEXT = "MY SECRET MESSAGE".GETBYTES();
BYTE[] CIPHERTEXT = AESCIPHER.DOFINAL(PLAINTEXT);
• DECRYPT
AESCIPHER.INIT(CIPHER.DECRYPT_MODE, AESKEY);
BYTE[] PLAINTEXT1 = AESCIPHER.DOFINAL(CIPHERTEXT);
16
AES COMPETITION
REQUIREMENTS
• PRIVATE KEY SYMMETRIC BLOCK CIPHER
• INITIAL CRITERIA:
• SECURITY – EFFORT FOR PRACTICAL CRYPTANALYSIS
• COST – IN TERMS OF COMPUTATIONAL EFFICIENCY
• ALGORITHM & IMPLEMENTATION CHARACTERISTICS
• FINAL CRITERIA
• GENERAL SECURITY
• EASE OF SOFTWARE & HARDWARE IMPLEMENTATION
• IMPLEMENTATION ATTACKS
• FLEXIBILITY (IN EN/DECRYPT, KEYING, OTHER FACTORS)
AES SHORTLIST
• AFTER TESTING AND EVALUATION, SHORTLIST IN AUG-
99
• MARS (IBM) - COMPLEX, FAST, HIGH SECURITY MARGIN
• RC6 (USA) - V. SIMPLE, V. FAST, LOW SECURITY MARGIN
• RIJNDAEL (BELGIUM) - CLEAN, FAST, GOOD SECURITY
MARGIN
• SERPENT (EURO) - SLOW, CLEAN, V. HIGH SECURITY MARGIN
• TWOFISH (USA) - COMPLEX, V. FAST, HIGH SECURITY MARGIN
• RIJNDAEL DESIGN:
• SIMPLICITY
• HAS 128/192/256 BIT KEYS, 128 BITS DATA
• RESISTANT AGAINST KNOWN ATTACKS J. Daemen
• SPEED AND CODE COMPACTNESS ON MANY CPUS
TOPICS
• ORIGIN OF AES
• BASIC AES
• INSIDE ALGORITHM
• FINAL NOTES
AES CONCEPTUAL SCHEME
Plaintext (128 bits)
22
MULTIPLE ROUNDS
• ROUNDS ARE (ALMOST) IDENTICAL
• FIRST AND LAST ROUND ARE A LITTLE DIFFERENT
23
HIGH LEVEL DESCRIPTION
No MixColumns
OVERALL STRUCTURE
128-BIT VALUES
1 byte
26
DATA UNIT
UNIT TRANSFORMATION
CHANGING PLAINTEXT TO STATE
TOPICS
• ORIGIN OF AES
• BASIC AES
• INSIDE ALGORITHM
• FINAL NOTES
DETAILS OF EACH ROUND
SUBBYTES: BYTE SUBSTITUTION
• A SIMPLE SUBSTITUTION OF EACH BYTE
• PROVIDE A CONFUSION
x’y’16
SUBBYTES TABLE
• IMPLEMENT BY TABLE LOOKUP
INVSUBBYTES TABLE
SAMPLE SUBBYTE
TRANSFORMATION
ROTWORD[B0,B1,B2,B3] = [B1,B2,B3,B0]
• ORIGIN OF AES
• BASIC AES
• INSIDE ALGORITHM
• FINAL NOTES
AES SECURITY
• VERY EFFICIENT
• AES ANIMATION:
• HTTP://WWW.CS.BC.EDU/~STRAUBIN/CS381-05/BLOCKCIPHERS/
RIJNDAEL_INGLES2004.SWF
MODES OF
OPERATIONS
HOW TO USE A BLOCK CIPHER?
• BLOCK CIPHERS ENCRYPT FIXED-SIZE BLOCKS
• E.G. DES ENCRYPTS 64-BIT BLOCKS
• WE NEED SOME WAY TO ENCRYPT A MESSAGE OF ARBITRARY
LENGTH
• E.G. A MESSAGE OF 1000 BYTES
• NIST DEFINES SEVERAL WAYS TO DO IT
• CALLED MODES OF OPERATION
56
FIVE MODES OF OPERATION
57
MESSAGE PADDING
• THE PLAINTEXT MESSAGE IS BROKEN INTO BLOCKS, P1, P2, P3, ...
• THE LAST BLOCK MAY BE SHORT OF A WHOLE BLOCK AND
NEEDS PADDING.
• POSSIBLE PADDING:
• KNOWN NON-DATA VALUES (E.G. NULLS)
• OR A NUMBER INDICATING THE SIZE OF THE PAD
• OR A NUMBER INDICATING THE SIZE OF THE
PLAINTEXT
• THE LAST TWO SCHEMES MAY REQUIRE AN
EXTRA BLOCK.
58
ELECTRONIC CODE BOOK (ECB)
59
REMARKS ON ECB
60
CIPHER BLOCK CHAINING (CBC)
Ci E K Ci 1 Pi
C0 IV
62
REMARKS ON CBC
64
CIPHER FEEDBACK MODE (BASIC
VERSION)
65
CIPHER FEEDBACK (CFB) MODE
67
ENCRYPTION IN CFB MODE
68
DECRYPTION IN CFB MODE
69
REMARK ON CFB
70
OUTPUT FEEDBACK MODE (BASIC
VERSION)
71
OUTPUT FEEDBACK (OFB) MODE
Output Feedback
73
REMARK ON OFB
• THE BLOCK CIPHER IS USED AS A STREAM CIPHER.
• APPROPRIATE WHEN DATA ARRIVES IN BITS/BYTES.
• ADVANTAGE:
• MORE RESISTANT TO TRANSMISSION ERRORS; A BIT ERROR
IN A CIPHERTEXT SEGMENT AFFECTS ONLY THE DECRYPTION
OF THAT SEGMENT.
• DISADVANTAGE:
• CANNOT RECOVER FROM LOST CIPHERTEXT SEGMENTS; IF A
CIPHERTEXT SEGMENT IS LOST, ALL FOLLOWING SEGMENTS
WILL BE DECRYPTED INCORRECTLY (IF THE RECEIVER IS NOT
AWARE OF THE SEGMENT LOSS).
• IV SHOULD BE GENERATED RANDOMLY EACH TIME
AND SENT WITH THE CIPHERTEXT.
74
COUNTER MODE (CTR)
T1 = IV (RANDOM)
TI = IV + I - 1
CI = PI ♁ EK(TI)
C = (IV, C1, C2, C3, ...) 75
REMARK ON CTR
• STRENGTHES:
• NEEDS ONLY THE ENCRYPTION ALGORITHM
• FAST ENCRYPTION/DECRYPTION; BLOCKS CAN BE
PROCESSED (ENCRYPTED OR DECRYPTED) IN
PARALLEL; GOOD FOR HIGH SPEED LINKS
• RANDOM ACCESS TO ENCRYPTED DATA BLOCKS
76
STREAM CIPHERS
Vernam’s one-time pad cipher
Key = k1k2k3k4 (random, used one-time only)
Plaintext = m1m2m3m4
Ciphertext = c1c2c3c4
where ci mi ki
78
STREAM CIPHER DIAGRAM
79
STREAM CIPHERS
Typically, process the plaintext byte by byte.
So, the plaintext is a stream of bytes: P1 , P2 , P3 ,
Use a key K as the seed to generate a sequence of
pseudorandom bytes (keystream): K1 , K 2 , K 3 ,
The ciphertext is C1 , C2 , C3 , C4 , , where
Ci Pi K i
Various stream ciphers differ in the way they
generate keystreams. 80
STREAM CIPHERS
For a stream cipher to be secure, the keystream
should have a large period, and
should be as random as possible, each of the 256
values appearing about equally often.
The same keystream must not be reused. That is,
the input key K must be different for each plaintext
(if the pseudorandom generator is deterministic).
81
THE RC4 STREAM CIPHER
Initial Permutation of S:
j0
for i 0 to 255 do
j ( j S[i ] T [i] ) mod 256
Swap S[i ], S [ j ]
This part of RC4 is generally known as the
Key Scheduling Algorithm (KSA).
After KSA, the input key and the temporary
vector T will no longer be used. 84
RC4: KEY STREAM GENERATION
Header IV Packet
l ICV FCS
encrypted
89
DEFINITION
• KEY ESTABLISHMENT IS A PROCESS WHERE A SHARED SECRET
BECOMES AVAILABLE TO TWO OR MORE PARTIES, FOR
SUBSEQUENT CRYPTOGRAPHIC USE.
• KEY ESTABLISHMENT MAY BE BROADLY SUBDIVIDED INTO KEY
TRANSPORT AND KEY AGREEMENT.
• KEY TRANSPORT PROTOCOL IS A KEY ESTABLISHMENT
TECHNIQUE WHERE ONE PARTY CREATES OR OTHERWISE OBTAINS
A SECRET VALUE, AND SECURELY TRANSFERS IT TO THE OTHER(S).
• KEY AGREEMENT PROTOCOL IS A KEY ESTABLISHMENT
TECHNIQUE IN WHICH A SHARED SECRET IS DERIVED BY TWO (OR
MORE) PARTIES AS A FUNCTION OF INFORMATION CONTRIBUTED
BY, OR ASSOCIATED WITH, EACH OF THESE, (IDEALLY) SUCH THAT
NO PARTY CAN PREDETERMINE THE RESULTING VALUE.
THANK YOU