Docstoc

Lecture 03 Symmetric Cryptography Part 2.ppt

Document Sample
Lecture 03  Symmetric Cryptography Part 2.ppt Powered By Docstoc
					           Lecture 03
Symmetric Cryptography Part 2
    Asst.Prof.Supakorn Kungpisdan, Ph.D.
             supakorn@mut.ac.th
                     Outline

• Advanced Encryption Standard (AES)

• Design of Symmetric Cryptosystems

• Locations of Encryption Devices

• Key Distribution

• Random Numbers

• Problems of Symmetric Cryptography


                         2             ISEC0513 Computer Network Security
                           Origins

•   clear a replacement for DES was needed
    • have theoretical attacks that can break it
    • have demonstrated exhaustive key search attacks

•   can use Triple-DES – but slow, has small blocks

•   US NIST issued call for ciphers in 1997

•   15 candidates accepted in Jun 98

•   5 were shortlisted in Aug-99

•   Rijndael was selected as the AES in Oct-2000

•   issued as FIPS PUB 197 standard in Nov-2001

                                       3              ISEC0513 Computer Network Security
           AES Requirements

•   private key symmetric block cipher

•   128-bit data, 128/192/256-bit keys

•   stronger & faster than Triple-DES

•   active life of 20-30 years (+ archival use)

•   provide full specification & design details

•   both C & Java implementations

•   NIST have released all submissions & unclassified analyses


                                   4              ISEC0513 Computer Network Security
                              AES

•   128-bit plaintext block

•   Key length -> 128, 192, 256 bits

•   10 rounds for each encryption and decryption

•   128-bit plaintext is divided into 16 8-bit (1-byte) blocks.

•   128-bit key is generated to 44 32-bit “words”, and 4 different
    words will be used in each round

•   11 sets of 4-word keys are used in 10-round encryption !

•   Decryption algorithm is not identical to encryption algorithm
                                   5                 ISEC0513 Computer Network Security
AES Parameters




      6     ISEC0513 Computer Network Security
AES Key Expansion




        7    ISEC0513 Computer Network Security
AES Encryption
and Decryption




                 8   ISEC0513 Computer Network Security
           AES Encryption

• 4 stages in each round:
  • Substitution bytes -> use S-box for byte-to-byte
    substitution
  • Shift rows -> simple row-by-row permutation
  • Mix columns -> a substitution that alters each byte in a
    column as a function of all of the bytes in the column
  • Add round keys -> bitwise XOR of the current block
    with the key




                             9              ISEC0513 Computer Network Security
SubBytes




   10      ISEC0513 Computer Network Security
SubBytes (cont.)




      S-box
       11     ISEC0513 Computer Network Security
SubBytes (cont.)




   Inverse S-box
        12         ISEC0513 Computer Network Security
SubBytes (cont.)




       13     ISEC0513 Computer Network Security
ShiftRows




    14      ISEC0513 Computer Network Security
MixColumns




    15   ISEC0513 Computer Network Security
MixColumns (cont.)




        16    ISEC0513 Computer Network Security
AddRoundKey




     17   ISEC0513 Computer Network Security
AddRoundKey (cont.)




         18   ISEC0513 Computer Network Security
AES Operations




      19    ISEC0513 Computer Network Security
                     Outline

• Advanced Encryption Standard (AES)

• Design of Symmetric Cryptosystems

• Locations of Encryption Devices

• Key Distribution

• Random Numbers

• Problems of Symmetric Cryptography


                         20            ISEC0513 Computer Network Security
          Design of Symmetric
            Cryptosystems

• A Cryptographic algorithm should be efficient for
  good use
  • It should be fast and key length should be of the right
    length – e.g.; not too short

• Cryptographic algorithms are not impossible to
  break without a key
  • If we try all the combinations, we can get the original
    message



                             21                                            2-21
                                             ISEC0513 Computer Network Security
Design of Symmetric Cryptosystems
             (cont.)

• The security of a cryptographic algorithm depends
  on how much work it takes for someone to break it
  • E.g. If it takes 10 mil. years to break a cryptographic
    algorithm X using all the computers of a state, X can be
    thought of as a secure one – reason: cluster computers
    and quantum computers are powerful enough to crack
    many current cryptographic algorithms.




                            22             ISEC0513 Computer Network Security
Design of Symmetric Cryptosystems
             (cont.)

• Encryption Algorithm Design
  • Should the block size of messages be small or
    large?
  • Should the keyspace be large?
  • Should we consider other search rather than brute-
    force search?




                          23                                         2-23
                                       ISEC0513 Computer Network Security
                     Outline

• Advanced Encryption Standard (AES)

• Design of Symmetric Cryptosystems

• Locations of Encryption Devices

• Key Distribution

• Problems of Symmetric Cryptography




                        24             ISEC0513 Computer Network Security
    Placement of Encryption

         Link encryption                      End-to-end encryption
•   encryption occurs                   •   encryption occurs between
    independently on every link             original source and final
•   implies must decrypt traffic            destination
    between links                       •   need devices at each end
•   requires many devices, but              with shared keys
    paired keys




                                   25                 ISEC0513 Computer Network Security
Locations of Encryption Devices




               26     ISEC0513 Computer Network Security
 Placement of Encryption (cont.)

• when using end-to-end encryption must leave
  headers in clear
  • so network can correctly route information
• hence although contents protected, traffic pattern
  flows are not
• ideally want both at once
  • end-to-end protects data contents over entire path
    and provides authentication
  • link protects traffic flows from monitoring

                           27           ISEC0513 Computer Network Security
 Placement of Encryption (cont.)

• can place encryption function at various layers in
  OSI Reference Model
  • link encryption occurs at layers 2, 3
  • end-to-end can occur at layers 4, 7
  • as move higher less information is encrypted but it is
    more secure though more complex with more entities
    and keys




                            28              ISEC0513 Computer Network Security
Link Encryption VS End-to-end Encryption




                   29         ISEC0513 Computer Network Security
Encryption VS
Protocol Level




                 30   ISEC0513 Computer Network Security
Traffic Padding




       31    ISEC0513 Computer Network Security
                 Outline

• Key Distribution

• Random Numbers

• Problems of Symmetric Cryptography




                        32             ISEC0513 Computer Network Security
             Key Distribution

•   The security of symmetric cryptosystem is based on the security
    of key distribution.

•   Important process à two hosts need a shared key before
    transmitting a message securely.

•   Secret key must be securely distributed between hosts, and
    need to be updated frequently.

•   But, HOW can we securely distribute the shared key?




                                 33              ISEC0513 Computer Network Security
      Key Exchange with Key Distribution
                   Center
•   Master key VS Session key




                                34   ISEC0513 Computer Network Security
                              Steps
1.   Alice sends a request (IDA, IDB) for a session key and a nonce (N1)
     to KDC.
     q Nonce may be a random number.
     q What is nonce for?

2.   KDC sends an encrypted message to A containing:
     q Session key KS
     q Encrypted session key for Bob EKb(KS, IDA)

3.   Alice forwards EKb(KS, IDA) to Bob. Bob can decrypt it. (anyone
     else?)

4.   Bob confirms that he has received KS by sending Alice EKs[N2].

•    Alice responses by sending f(N2) encrypted with KS.


                                    35                ISEC0513 Computer Network Security
    Hierarchical Key Control

•   In a very large network, a single KDC is not enough -> a
    hierarchy of KDCs can be established.

•   Local KDCs and a global KDC

•   Local KDC is responsible for parties in the same domain,
    whereas global KDC is taking care of communications of
    parties in different domains.




                                36               ISEC0513 Computer Network Security
      Key Distribution Issues

•   hierarchies of KDC’s required for large networks, but must
    trust each other

•   session key lifetimes should be limited for greater security

•   use of automatic key distribution on behalf of users, but must
    trust system

•   use of decentralized key distribution

•   controlling key usage




                                  37               ISEC0513 Computer Network Security
        Session Key Lifetime

•   The more frequently session keys are exchanged, the more
    secure they are.
•   However, each session key distribution causes delays.
•   In connection-oriented protocols, a new session key is issued
    for each connection.
•   However, if the connection is open for a long time, it may be
    needed to retransmit a new session key.
•   In connectionless protocols, not obvious how often the new
    session key is exchanged.
•   A better strategy is to use a given session key for a certain fixed
    period only or for a certain number of transaction.
                                   38               ISEC0513 Computer Network Security
    Decentralized Key Control

•   Centralized Key Control -> KDC is normally assumed to be
    trusted and secured from attacks.

•   However, attacks may occur. -> try decentralized approach

•   Decentralization is suitable for local connection.
    • Involved parties need a master key between pairs of parties
      as many as [n(n-1)]/2 keys among n users.




                                 39              ISEC0513 Computer Network Security
Decentralized Key
  Distribution




        40    ISEC0513 Computer Network Security
     Decentralized Key Distribution
                 (cont.)

1.    Alice and Bob share a master key MKm.

2.    Alice sends a request for a session key with a nonce N 1 to
      Bob.

3.    Bob sends KS encrypted with shared master key MKm. The
      message contains a nonce N2.

4.    Alice responses with f(N2) encrypted with the session key.




                                  41               ISEC0513 Computer Network Security
                 Outline

• Random Numbers

• Problems of Symmetric Cryptography




                        42             ISEC0513 Computer Network Security
          Random Numbers

• many uses of random numbers in cryptography
  • Nonces in authentication protocols to prevent replay
  • Session keys
  • Public key generation
  • Keystream for a one-time pad

• in all cases its critical that these values be
  • statistically random, uniform distribution, independent
  • unpredictability of future values from previous values



                               43              ISEC0513 Computer Network Security
       Pseudorandom Number
        Generators (PRNGs)

• Often use deterministic algorithmic techniques to
  create “random numbers”
  • Although are not truly random
  • Can pass many tests of “randomness”

• Known as “pseudorandom numbers”

• Created by “Pseudorandom Number
  Generators (PRNGs)”


                          44              ISEC0513 Computer Network Security
 Using Block Ciphers as PRNGs

• For cryptographic applications, can use a block
  cipher to generate random numbers

• Often for creating session keys from master key

• Counter Mode
  Xi = EKm[i]

• Output Feedback Mode
  Xi = EKm[Xi-1]



                          45            ISEC0513 Computer Network Security
             ANSI X9.17 PRG



Date/time




Seed value



                   46   ISEC0513 Computer Network Security
    ANSI X9.17 PRG (cont.)

•   It uses date/time & seed inputs and 3 triple-DES encryptions to
    generate a new seed & random value.
    • DTi - Date/time value at the beginning of ith generation stage
    • Vi - Seed value at the beginning of ith generation stage
    • Ri - Pseudorandom number produced by the ith generation stage
    • K1, K2 - DES keys used for each stage

•   Then compute successive values as:
    • Ri   = EDE([K1, K2], [Vi XOR EDE([K1, K2], DTi)])
    • Vi+1 = EDE([K1, K2], [Ri XOR EDE([K1, K2], DTi)])




                                     47                ISEC0513 Computer Network Security
      Natural Random Noise

•   best source is natural randomness in real world

•   find a regular but random event and monitor

•   do generally need special h/w to do this
    • E.g. radiation counters, radio noise, audio noise, thermal noise in
      diodes, leaky capacitors, mercury discharge tubes etc

•   starting to see such h/w in new CPU's

•   problems of bias or uneven distribution in signal
    • have to compensate for this when sample and use
    • best to only use a few noisiest bits from each sample


                                     48                ISEC0513 Computer Network Security
          Published Sources

• a few published collections of random numbers

• Rand Co, in 1955, published 1 million numbers
  • generated using an electronic roulette wheel
  • has been used in some cipher designs

• earlier Tippett in 1927 published a collection

• issues are that:
  • these are limited
  • too well-known for most uses

                               49              ISEC0513 Computer Network Security
                     Outline

• Advanced Encryption Standard (AES)

• Design of Symmetric Cryptosystems

• Locations of Encryption Devices

• Key Distribution

• Random Numbers

• Problems of Symmetric Cryptography


                         50           ISEC0513 Computer Network Security
           Problems of Symmetric
               Cryptography
•   Keys must be distributed in secret.

•   If a key is compromised, then so the security of the entire system.

•   Not scalable -> assume that each pair of total n users shares different
    secrets. Number of keys needed is n(n-1)/2 keys

•   Algorithms are easy to break compared to public-key cryptographic
    algorithms

•   Symmetric one can be performed faster -> less time -> less power
    consumption -> suitable for being implemented in mobile devices

•   Lack of necessary security services e.g. non repudiation, provide low-
    level of integrity check
                                     51                 ISEC0513 Computer Network Security
Questions?
       Next week
Public-key Cryptography
                Discussion

• Discuss two differences between Block Cipher and
  Stream Cipher

• Explain how symmetric cryptography can provide
  authentication

• Suggest a key distribution technique that provides
  offline key generation and distribution




                          53            ISEC0513 Computer Network Security

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:1/14/2014
language:Unknown
pages:53