Chapter_three - Computer Security.pdf

Welcome to CoSc 4031
Computer Security
Chapter Three
Cryptography and Encryption Techniques
Dilla University
College of Engineering and Technology
School of Computing and Informatics, Department of comp.sci
Dilla University, Department of Computer Science

Outline
• Basic cryptographic terms
• Historical background
• Symmetric and Public Key Cryptography
• Symmetric key cryptography
– One time pads
– Stream vs. block ciphers
– Block cipher modes
• Example symmetric key algorithms
– DES
– Triple DES (two variants)
– AES
• Public key cryptography
– One-way functions
– RSA
• Asymmetric crypto primitives
• Cryptographic hash functions
Dilla University, Department of
Computer Science

Introduction
• Computer data often travels from one computer to
another, leaving the safety of its protected
physical surroundings.
• Once the data is out of hand, people with bad
intention could modify or forge your data, either
for amusement or for their own benefit.
• Cryptography can reformat and transform our data,
making it safer on its trip between computers.
Computer Science

Introduction
• Encryption or cryptography the name means
secret writing.
• probably the strongest defense in the arsenal
of computer security protection.
• Well-disguised data cannot easily be read,
modified, or fabricated.
Computer Science

Introduction
• Cryptography conceals data against unauthorized access.
• is the art and science of making a cryptosystem that is
capable of providing information security.
• deals with the actual securing of digital data.
• design of mechanisms based on mathematical algorithms.
• cryptosystem is an implementation of cryptographic
techniques and their accompanying infrastructure to
provide information security services.
• A cryptosystem is also referred to as a cipher system.
Computer Science

Introduction
• study of secure communications techniques that allow only
the sender and intended recipient of a message to view its
contents.
Computer Science

Basic cryptographic terms
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to
ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - or science encompassing the principles
and methods of transforming an intelligible message into
one that is unintelligible, and then retransforming that
message back to its original form.
Computer Science

Basic cryptographic terms
• cryptanalysis (codebreaking) - the
study of principles/ methods of
deciphering ciphertext without knowing
key
• cryptology - the field of both
cryptography and cryptanalysis
• Encoding, enciphering, encryption.
Computer Science

Cont. …
• Cryptography has five ingredients:
– Plaintext
– Encryption algorithm
– Secret Key
– Ciphertext
– Decryption algorithm
• Security depends on the secrecy of
the key, not the secrecy of the
algorithm
Computer Science

Cont. …
Simplified Encryption Model
Computer Science

Cont. …
• A sender S wanting to transmit message M to a
receiver R
• To protect the message M, the sender first
encrypts it into an unintelligible message M’
• After receipt of M’, R decrypts the message to
obtain M
• M is called the plaintext
– What we want to encrypt
• M’ is called the ciphertext
– The encrypted output
Description:
Computer Science

Cont. …
• Given
– P=Plaintext
– C=CipherText
– k=key shared by sender and receiver
• C = EK (P) Encryption
• P = DK (C) Decryption
Notation:
Computer Science

History: Caesar Cipher
• Caesar Cipher: The earliest known
example of a substitution cipher in
which each character of a message is
replaced by a character three position
down in the alphabet.
– Plaintext: are you ready
– Ciphertext: duh brx uhdgb
Computer Science

Cont. …
• If we represent each letter of the
alphabet by an integer that
corresponds to its position in the
alphabet:
– The formula for replacing each character ‘p’
of the plaintext with a character ‘c’ of the
ciphertext can be expressed as:
c = E3(p ) = (p + 3) mod 26
Computer Science

Cont. …
• A more general version of this cipher
that allows for any degree of shift:
– c = Ek(p ) = (p + k) mod 26
• The formula for decryption would be
– p = Dk(c ) = (c - k) mod 26
• In these formulas
– ‘k’ is the secret key. The symbols ’E’ and ’D’
stand for Encryption and Decryption
respectively, and p and c are characters in the
plain and cipher text respectively.
Computer Science

History: Enigma
• Before war broke out in
1939 the Germans had
planned a special way of
keeping their
communications secret. The
army, navy and air force
were told to encode their
messages using cipher
machines called ENIGMA.
Computer Science

Cont. …
• Enigma could put a message into code in over
150 MILLION MILLION MILLION
different ways.
• The Germans believed that no one could
crack the Enigma code. But the Allies knew
that if they could, they would be able to find
out their enemy's military secrets.
Computer Science

Cont. …
• The Enigma machine looked like
a typewriter in a wooden box.
An electric current went from
the keyboard through a set of
rotors and a plugboard to light
up the 'code' alphabet.
Computer Science

Cont. …
• In the 1930's Polish cipher
experts secretly began to
try to crack the code. Just
before war broke out they
managed to pass models and
drawings of Enigma to
British and French code-
breakers.
• Later Enigma was broken.
Computer Science

History: Sigaba
• It was suited for
fixed station secure
communications, and
used by U.S. for high-
level communications,
was the only machine
system used by any
participant to remain
completely unbroken
by an enemy during
World War II.
Computer Science

History:B-21 Machine by Boris
Hagelin
• Patterned on the
Enigma and produced
for the Swedish
General staff, Boris
Hagelin of Sweden
developed the B-21
machine in 1925. It
also had the capability
to be connected to an
electric typewriter.
Computer Science

History:BC-38 by Crypto AG Zug
• Boris Hagelin of
Sweden developed a
long line of cipher
systems, beginning
with the B-21, B-211,
C-35, C-36, C-38
(which later became
America's M-209).
Computer Science

History: BID 590 (Noreen)
• The BID 590 was a
British built crypto
machine and was used
by Canada's foreign
service communicators
at various diplomatic
missions to
communicate with
various government
departments.
Computer Science

History: H-4605 (Crypto AG)
• The Crypto AG H4605
was designed as an
off-line, keyboard
operated cipher
machine with twin
printing (of cipher and
plain text) system with
automatic 5-letter
grouping. It's a solid
piece of equipment,
almost 'battleship
grade’.
Computer Science

History: Japanese "Enigma" Rotor
Cipher Machine
Produced
by
Germans
for
Japanese
Computer Science

Japanese Purple machine
¨ Electromechanical stepping switch machine
modelled after Enigma
¨ Used telephone stepping switches instead of rotors
¨ Purple was broken with the help of MAGIC.
¨ Pearl Harbor attack preparations encoded in
Purple, decoded hours before attack.
Computer Science

History: KY-28 (Nestor)
• The KY-28 was an
analog, voice
encryption device
based on transistor
circuitry and was the
shipboard/airborne
member of the
NESTOR family of
equipment.
Computer Science

History: Racal-Milgo 64-1027C
Datacryptor
• The Racal-Milgo 64-
1027C Datacryptor
was used to send and
receive secure data via
computer. This is the
commercial version of
the KG-84, and has
ability to be loaded via
the KYK-13 Fill device.
Computer Science

History: The “Clock Cryptograph”
• It is basically a
nicely implemented
Wheatstone cipher
disk. It was in
active use in the
Danish armed
forces from 1934
(or a little earlier)
until around 1948.
Computer Science

History: People in Breaking Codes
• Bletchley Park was
the home of the
secret Government
Code and Cypher
School. This was the
centre of British
code-breaking during
the war.
Computer Science

Cont. …
• The code-breakers in Bletchley Park were
specially chosen from among the cleverest
people in England. Some were brilliant
mathematicians or linguists.
• Alan Turing, a Cambridge mathematician
and code-breaker who helped to invent one
of the world's first computers at Bletchley
Park.
Computer Science

History: Computer and Code
Breaking
• Colossus was built
for the code-
breakers at
Bletchley Park by
post office
engineers in 1943.
• One of the earliest
computers.
Computer Science

Breaking
• The computer was as
big as a room - 5
metres long, 3
metres deep and 2.5
metres high - and
was made mainly
from parts used for
post office telephone
and telegraph
systems.
Computer Science

Breaking
• This Cray XMP was
donated to the museum by
Cray Research, Inc. It
denotes the newest era of
partnership between NSA
and the American
computer industry in the
employment of computers
for cryptologic processes.
Computer Science

Cryptography
• Cryptographic systems are generally classified along 3
independent dimensions:
1.Type of operations used for transforming
plain text to cipher text. (substitution ,
transposition)
2. The number of keys used (1 (symmetric key or conventional
encryption or single key)or 2 (public key encryption))
3.The way in which the plain text is processed
(block or stream)
Computer Science

Cryptography
• process of attempting to discover X or K or both is
known as cryptanalysis.
• The strategy used by the cryptanalysis depends on the
nature of the encryption scheme and the information
available to the cryptanalyst.
• various types of cryptanalytic attacks
• Cipher text only
• Known plaintext
• Chosen plaintext
• Chosen cipher text
• Steganography
Computer Science

ENCRYPTION TECHNIQUES
• Substitution
• Transposition
• A substitution technique is one in which the
letters of plaintext are replaced by other
letters or by numbers or symbols.
• If the plaintext is viewed as a sequence of
bits, then substitution involves replacing
plaintext bit patterns with cipher text bit
patterns.
Computer Science

ENCRYPTION TECHNIQUES
• Caesar cipher (or) shift cipher
• Monoalphabetic Ciphers
• Polyalphabetic cipher
– Playfair cipher
– Hill cipher
– Vigenere cipher
Computer Science

Symmetric and Public Key
Cryptography
• There are two fundamentally different
cryptographic systems
– Symmetric cryptosystem/ Private key
– Asymmetric cryptosystem/ Public key
Computer Science

Cont. …
Dilla University,
Department of Computer
Science
Encryption Decryption
plaintext
Original
plaintext
ciphertext
Keyless
plaintext
Original
plaintext
ciphertext
Symmetric key
plaintext
Original
plaintext
ciphertext
Asymmetric key

Symmetric Cryptosystem
Computer Science
• Also called secret-key/private-key cryptosystem
• The same key is used to encrypt and decrypt a
message
– P = DK [EK (P) ]
• Have been used for centuries in a variety of forms
• The key has to be kept secret
• The key has to be communicated using a secure
channel
• They are still in use in combination with public key
cryptosystems due to some of their advantages

One-Time Pads
• Name → set of sheets of paper with
keys, glued into a pad
• The sender would tear off enough
number of pages
• The receiver needs a pad identical to
the one used by the sender
Dilla University,
Science

One-Time Pads (cont.)
• The sender would write the keys one at a time
above the letters of the plaintext.
K1 k2 k3 k4 ... Kn
p1 p2 p3 p4 ... pn
• The plaintext is enciphered using a pre-arranged
chart
– Vignere Tableau
– all 26 letters in each column in some scrambled order
– select the substitution in row pi, column Ki
• Problems:
– Unlimited number of keys & Absolute
synchronization between sender and receiver
Dilla University,
Science

Cont. …
Computer Science

Vernam Cipher Example
Computer Science
Plaintext
V E R N A M C I P H E R
21 4 17 13 0 12 2 8 15 7 4 17
Random numbers
76 48 16 82 44 3 58 11 60 5 48 88
Sum
97 52 33 95 44 15 60 19 75 12 52 105
Sum mod 26
19 0 7 17 18 15 8 19 23 12 0 1
Ciphertext
t a h r s p i t x m a b

Vernam Cipher
Computer Science
• Encryption method is completely unbreakable
for a ciphertext only attack.
• it requires a very long key which is
expensive to produce and expensive to
transmit.
• Once a key is used, it is dangerous to reuse
it for a second message; any knowledge on
the first message would give knowledge of
the second.

TRANSPOSITION TECHNIQUES
• Rail fence: is simplest of such cipher, in which the
plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows.
• E.g Plaintext = meet at the school house, depth=2
Row Transposition Ciphers: A more complex scheme
is to write the message in a rectangle, row by row,
and read the message off, column by column, but
permute the order of the columns.
• E.g Plaintext = meet at the school house, Order of
the column becomes the key of the algorithm.
Computer Science

TRANSPOSITION TECHNIQUES
• A pure transposition cipher is easily recognized
because it has the same letter frequencies as the
original plaintext.
•
Computer Science

Computer Science
Block and Stream Ciphers
Block Ciphers
• Block ciphers break messages into fixed
length blocks, and encrypt each block
using the same key.
• The Data Encryption Standard (DES) is
an example of a block cipher, where
blocks of 64 bits are encrypted using a
56-bit key.

Computer Science
Formal Definition of a Block Cipher
• Let E be an encipherment algorithm, and
let Ek(b) be the encipherment of the
message b with key k.
• Let a message m=b1b2...where each bi is
of a fixed length.
• A block cipher is a cipher for which
Ek(m) = Ek(b1)Ek(b2)...

Computer Science
Stream Ciphers
• Stream ciphers, like block ciphers,
break message into fixed length
blocks, but use a sequence of keys to
encrypt the blocks.

Computer Science
Formal Definition of a Stream
Cipher
• Let E be an encipherment algorithm, and
let Ek(b) be the encipherment of the
message b with key k.
• Let a message m=b1b2...where each bi is
of a fixed length, and let k = k1k2....
• A stream cipher is a cipher for which
Ek(m) = Ek1 (b1)Ek2
(b2)...

Dilla University,
Science
Block Cipher Modes
• We discuss 3 (many others)
• Electronic Codebook (ECB) mode
– Encrypt each block independently
– There is a serious weakness
• Cipher Block Chaining (CBC) mode
– Chain the blocks together
– Better than ECB, virtually no extra work
• Counter Mode (CTR) mode
– Like a stream cipher (random access)

Dilla University,
Science
ECB Mode
• Notation: C=E(P,K)
• Given plaintext P0,P1,…,Pm,…
• Obvious way to use a block cipher is
Encrypt Decrypt
C0 = E(P0, K), P0 = D(C0, K),
C1 = E(P1, K), P1 = D(C1, K),
C2 = E(P2, K),… P2 = D(C2, K),…
• For a fixed key K, this is an electronic
version of a codebook cipher (no additive)

Dilla University,
Science
ECB Cut and Paste Attack
• Suppose plaintext is
Alice digs Bob. Trudy digs Tom.
• Assuming 64-bit blocks and 8-bit ASCII:
P0 = “Alice di”, P1 = “gs Bob. ”,
P2 = “Trudy di”, P3 = “gs Tom. ”
• Ciphertext: C0,C1,C2,C3
• Trudy cuts and pastes: C0,C3,C2,C1
• Decrypts as
Alice digs Tom. Trudy digs Bob.

Dilla University,
Science
ECB Weakness
• Suppose Pi = Pj
• Then Ci = Cj and Trudy knows Pi = Pj
• This gives Trudy some information, even
if she does not know Pi or Pj
• Trudy might know Pi
• Is this a serious issue?

Dilla University,
Science
CBC Mode
• Blocks are “chained” together
• A random initialization vector, or IV, is
required to initialize CBC mode
• IV is random, but need not be secret
C0 = E(IV  P0, K), P0 = IV  D(C0, K),
C1 = E(C0  P1, K), P1 = C0  D(C1, K),
C2 = E(C1  P2, K),… P2 = C1  D(C2, K),…

Dilla University,
Science
CBC Mode
• Identical plaintext blocks yield different
ciphertext blocks
• Cut and paste is still possible, but more
complex (and will cause garbles)
• If C1 is garbled to, say, G then
P1  C0  D(G, K), P2  G  D(C2, K)
• But P3 = C2  D(C3, K), P4 = C3  D(C4, K),…
• Automatically recovers from errors!

Dilla University,
Science
Counter Mode (CTR)
• CTR is popular for random access
• Use block cipher like stream cipher
C0 = P0  E(IV, K), P0 = C0  E(IV, K),
C1 = P1  E(IV+1, K), P1 = C1  E(IV+1, K),
C2 = P2  E(IV+2, K),… P2 = C2  E(IV+2, K),…
• CBC can also be used for random access!!!

Popular Example of Symmetric
Cryptosystem:DES
• In 1973, the NBS (National Bureau of Standards, now called
NIST - National Institute of Standards and Technology)
published a request for an encryption algorithm that would
meet the following criteria:
– have a high security level
– be easily understood
– not depend on the algorithm's confidentiality
– be adaptable and economical
– be efficient and exportable
• In late 1974, IBM proposed "Lucifer", which was then modified
by NSA (National Security Agency) in 1976 to become the DES
(Data Encryption Standard). DES was approved by the NBS in
1978. The DES was standardized by the ANSI under the name
of ANSI X3.92, also known as DEA (Data Encryption
Algorithm).
Computer Science

DES- Example of Symmetric Cryptosystem …
• DES Utilizes block cipher, which means that during the
encryption process, the plaintext is broken into fixed
length blocks of 64 bits.
• The key is 56 bits wide. 8-bit out of the total 64-bit
block key is used for parity check (for example, each
byte has an odd number of bits set to 1).
• 56-bit key gives 256 ( 7.2*1016) possible key
variations.
• DES algorithm involves carrying out combinations,
substitutions and permutations between the text to be
encrypted and the key, while making sure the operations
can be performed in both directions (for decryption).
• The combination of substitutions and permutations is
called a product cipher.
Computer Science

• DES was best suited for implementation in hardware,
probably to discourage implementations in software,
which tend to be slow by comparison during that time.
• Modern computers are so fast that satisfactory
software implementations for DES are possible.
• DES is the most widely used symmetric algorithm
despite claims whether 56 bits is long enough to
guarantee security.
• Using current technology, 56-bit key size is vulnerable
to a brute force attack.
Computer Science

• DES Encryption starts with an initial permutation (IP) of the 64
input bits. These bits are then divided into two 32-bit halves
called L and R. The encryption then proceeds through 16 rounds,
each using the L and R parts, and a subkey.
• The R and subkeys are processed in the so called f-function, and
exclusive-or of the output of the f-function with the existing L
part to create the new R part. The new L part is simply a copy of
the incoming R part.
• In the final round, the L and R parts are swapped once more
before the final permutation (FP) producing the output block.
• Decryption is identical to encryption, except that the subkeys are
used in the opposite order. That is, subkey 16 is used in round 1,
subkey 15 is used in round 2, etc., ending with subkey 1 being used
in round 16.
Computer Science

Cryptography
DES
Algorithm
-
Overall
and
Detail
Structure
Computer Science

• The f-function mixes the bits of the R portion using
the Subkey for the current round. First the 32-bit R
value is expanded to 48 bits using a permutation E.
That value is then exclusive-or'ed with the subkey.
• The 48 bits are then divided into eight 6-bit chunks,
each of which is fed into an S-Box that mixes the bits
and produces a 4-bit output. A little bit funny
operation!!
• Those 4-bit outputs are combined into a 32-bit value,
and permuted once again to produce the f-function
output.
Computer Science

S-Box
The
S-Box
If S1 is the function defined in this table and B is a block of 6 bits, then S1(B) is determined as
follows: The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The middle 4 bits of B represent in base 2 a number in the
decimal range 0 to 15 (binary 0000 to 1111). Let that number be j. Look up in the table the number in
the i-th row and j-th column. It is a number in the range 0 to 15 and is uniquely represented by a 4 bit
block. That block is the output S1(B) of S1 for the input B. For example, for input block B = 011011
the first bit is "0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits are
"1101". This is the binary equivalent of decimal 13, so the column is column number 13. In row 1, column
13 appears 5. This determines the output; 5 is binary 0101, so that the output is 0101. Hence
S1(011011) = 0101. Dilla University, Department of
Computer Science

Cryptography
DES- Algorithm, the f-function
Computer Science

DES- Generating Subkey
• To generate the subkeys, start with the 56-bit
key (64 bits if you include the parity bits).
These are permuted and divided into two
halves called C and D.
• For each round, C and D are each shifted left
circularly one or two bits (the number of bits
depending on the round).
• The 48-bit subkey is then selected from the
current C and D bits.
Computer Science

Cont. …
DES- Algorithm - Key Schedule and Subkey Generation
Computer Science

DES- Permutation principles
IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
IP
-1
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
Initial Permutation (IP) Final Permutation(FP)
“First Bit of the output is taken from the 58th bit of the input, etc...”

DES- Permutation principles
E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
PC-2
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
Expansion/Permutation Contraction/Permuted Choice (PC-2)
Selects/Extracts the 48-bit subkey for
each round from the 56-bit key-schedule
state.
The 32-bit half-block of data is
expanded to 48 bits.

Attack on DES
• Cracking: The most basic method of attack for any
cypher is brute force - trying every possible key in
turn.
• The length of the key determines the number of
possible keys, and hence the feasibility of the
approach.
• DES is not adequate with this regard due to its key size
• In academia, various proposals for a DES-cracking
machine were advanced.
In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million
which could find a DES key in a single day.
By 1993, Wiener had proposed a key-search machine costing US$1 million which would
find a key within 7 hours.
However, none of these early proposals were ever
implemented. Dilla University, Department of
Computer Science

Cont. …
• The vulnerability of DES was practically demonstrated in 1997,
where RSA Security sponsored a series of contests, offering a
$10,000 prize to the first team that broke a message encrypted
with DES for the contest. That contest was won by the DESCHALL
Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using
idle cycles of thousands of computers across the Internet.
• The feasibility of cracking DES quickly was demonstrated in 1998
when a custom DES-cracker was built by the Electronic Frontier
Foundation (EFF), a cyberspace civil rights group, at the cost of
approximately US$250,000. Their motivation was to show that
DES was breakable in practice as well as in theory.
Computer Science

Cont. …
The EFF's US$250,000 DES
cracking machine
contained 1,856 custom
chips and could brute force
a DES key in a matter of
days - the photo shows a
DES Cracker circuit board
fitted with several Deep
Crack chips.
Computer Science

Example of Symmetric
Cryptosystem: Triple DES
Computer Science
…
• A variant of DES, Triple DES (3-DES), provides enhanced security
by executing the core algorithm three times in a row.
• With triple length key of three 56-bit keys K1, K2 & K3,
encryption is:
Encrypt with K1
Decrypt with K2
Encrypt with K3
• Decryption is the reverse process:
Decrypt with K3
Encrypt with K2
Decrypt with K1
• Setting K3 equal to K1 in these processes gives us a double length
key K1, K2.
• Setting K1, K2 and K3 all equal to K has the same effect as using a
single-length (56-bit key).
• Thus it is possible for a system using triple-DES to be compatible
with a system using single-DES.

Advanced Encryption Standard
"It seems very simple."
"It is very simple. But if you don't know
what the key is it's virtually
indecipherable."
—Talking to Strange Men, Ruth Rendell
Computer Science

Origins
• clear a replacement for DES was needed
– have theoretical attacks that can break it
– have demonstrated exhaustive key search attacks
• can use Triple-DES – but slow, has small
blocks
• US NIST issued call for ciphers in 1997
• 15 candidates accepted in Jun 98
• 5 were shortlisted in Aug-99
• Rijndael was selected as the AES in Oct-2000
• issued as FIPS PUB 197 standard in Nov-2001
Computer Science

The AES Cipher - Rijndael
• designed by Rijmen-Daemen in Belgium
• has 128/192/256 bit keys, 128 bit data
• an iterative rather than feistel cipher
– processes data as block of 4 columns of 4 bytes
– operates on entire data block in every round
• designed to be:
– resistant against known attacks
– speed and code compactness on many CPUs
– design simplicity
Computer Science

AES
Encryption
Process
Computer Science

AES Structure
➢ data block of 4 columns of 4 bytes is state
➢ key is expanded to array of words
➢ has 9/11/13 rounds in which state undergoes:
⚫ byte substitution (1 S-box used on every byte)
⚫ shift rows (permute bytes between
groups/columns)
⚫ mix columns (subs using matrix multiply of groups)
⚫ add round key (XOR state with key material)
⚫ view as alternating XOR key & scramble data bytes
➢ initial XOR key material & incomplete last
round
➢ with fast XOR & table lookup implementation
Computer Science

AES Structure
Computer Science

Some Comments on AES
1. an iterative rather than feistel cipher
2. key expanded into array of 32-bit words
1. four words form round key in each round
3. 4 different stages are used as shown
4. has a simple structure
5. only AddRoundKey uses key
6. AddRoundKey a form of Vernam cipher
7. each stage is easily reversible
8. decryption uses keys in reverse order
9. decryption does recover plaintext
10.final round has only 3 stages
Computer Science

Substitute Bytes
• a simple substitution of each byte
• uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
• each byte of state is replaced by byte
indexed by row (left 4-bits) & column (right
4-bits)
– eg. byte {95} is replaced by byte in row 9 column 5
– which has value {2A}
• S-box constructed using defined
transformation of values in
• designed to be resistant to all known attacks
Computer Science

Substitute Bytes
Computer Science

Substitute Bytes Example
Computer Science

Shift Rows
• a circular byte shift in each each
– 1st row is unchanged
– 2nd row does 1 byte circular shift to left
– 3rd row does 2 byte circular shift to left
– 4th row does 3 byte circular shift to left
• decrypt inverts using shifts to right
• since state is processed by columns, this step
permutes bytes between the columns
Computer Science

Shift Rows
Computer Science

Mix Columns
• each column is processed separately
• each byte is replaced by a value
dependent on all 4 bytes in the column
• effectively a matrix multiplication in
using prime poly m(x) =x8+x4+x3+x+1
Computer Science

Mix Columns
Computer Science

Add Round Key
➢XOR state with 128-bits of the round key
➢again processed by column (though
effectively a series of byte operations)
➢inverse for decryption identical
⚫since XOR own inverse, with reversed keys
➢designed to be as simple as possible
⚫a form of Vernam cipher on expanded key
⚫requires other stages for complexity /
security
Computer Science

Add Round Key
Computer Science

AES Round
Computer Science

AES Key Expansion
➢takes 128-bit (16-byte) key and expands
into array of 44/52/60 32-bit words
➢start by copying key into first 4 words
➢then loop creating words that depend on
values in previous & 4 places back
⚫in 3 of 4 cases just XOR these together
⚫1st word in 4 has rotate + S-box + XOR
round constant on previous, before XOR 4th
back
Computer Science

AES Key Expansion
Computer Science

AES S-BOX
Computer Science

AES round constant
Computer Science

Key Expansion Rationale
• designed to resist known attacks
• design criteria included
– knowing part key insufficient to find many
more
– invertible transformation
– fast on wide range of CPU’s
– use round constants to break symmetry
– diffuse key bits into round keys
– enough non-linearity to hinder analysis
– simplicity of description
Computer Science

AES
Example
Key
Expansion
Computer Science

AES Decryption
• AES decryption is not identical to
encryption since steps done in reverse
• but can define an equivalent inverse
cipher with steps as for encryption
– but using inverses of each step
– with a different key schedule
• works since result is unchanged when
– swap byte substitution & shift rows
– swap mix columns & add (tweaked) round
key
Computer Science

AES Decryption
Computer Science

Implementation Aspects
• can efficiently implement on 8-bit CPU
– byte substitution works on bytes using a
table of 256 entries
– shift rows is simple byte shift
– add round key works on byte XOR’s
– mix columns requires matrix multiply which
works on byte values, can be simplified to
use table lookups & byte XOR’s
Computer Science

Implementation Aspects
➢can efficiently implement on 32-bit CPU
⚫redefine steps to use 32-bit words
⚫can precompute 4 tables of 256-words
⚫then each column in each round can be
computed using 4 table lookups + 4 XORs
⚫at a cost of 4Kb to store tables
➢designers believe this very efficient
implementation was a key factor in its
selection as the AES cipher
Computer Science

Summary: AES
• have considered:
– the AES selection process
– the details of Rijndael – the AES cipher
– looked at the steps in each round
– the key expansion
– implementation aspects
Computer Science

Other Symmetric Block Ciphers
(Reading Assignment I: Network Security
Essentials Applicationa and Standards,2nd
Ed.,William Stalling, page:42-46)
– IDEA (International Data Encryption Algorithm)
– Blowfish
– RC5
Computer Science

Public/Asymmetric key
cryptography
• Also called public-key cryptosystem
– keys for encryption and decryption are different but form a unique
pair
– P = DKD [EKE (P) ]
– Only one of the keys need to be private while the other can be
public
• Invented by Diffie and Hellman in 1976
• Uses Mathematical functions whose inverse is not known by
Mathematicians of the day
• It is a revolutionary concept since it avoids the need of using
a secure channel to communicate the key
• It has made cryptography available for the general public
and made many of today’s on-line application feasible
Computer Science

Cont. …
• Which one of the encryption or decryption key is
made public depends on the use of the key
– If Hana wants to send a confidential message to
Ahmed
– She encrypts the message using Ahmed’s public
key
– Send the message
– Ahmed will then decode it using his own private
key
– On the other hand, if Ahmed needs to make sure
that a message sent by Hana really comes from
her, how can he make that?
Computer Science

Cont. …
• Using digital signature
– Hana has to first encrypt a digital signature using
her private key
– Then encrypt the message (signature included) with
Ahmed’s public key
– Sends the encrypted message to Ahmed
– Ahmed decrypts the message using his private key
– Ahmed then decrypts the signature using Hana’s
public key
– If successful, he insures that it comes from Hana
Computer Science

Public-key Cryptosystem: Example
RSA
• RSA is from R. Rivesh, A. Shamir and L. Aldermen
• Principle: No mathematical method is yet known to efficiently
find the prime factors of large numbers
• In RSA, the private and public keys are constructed from
very large prime numbers (consisting of hundred of decimal
digits)
• One of the keys can be made public
• Breaking RSA is equivalent to finding the prime factors: this
is know to be computationally infeasible
• It is only the person who has produced the keys from the
prime number who can easily decrypt the messages
Computer Science

Cont. …
Public-key Cryptosystem: Average time
required for exhaustive key search
Key Size
(bits)
Number of
Alternative Keys
Time required at 106
Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years
Computer Science

Summary
Public-key Cryptosystem
– A pair of keys (private, public)
– If you have the private key, you can easily
decrypt what is encrypted by the public
key
– Otherwise, it is computationally infeasible
to decrypt what has been encrypted by the
public key
Computer Science

Hash functions
• One application of cryptography in distributed
systems is the use of hash functions
• A hash function H takes a message m of
arbitrary length and produces a bit string h,
h= H (m)
• When the hash value h is sent with the
message m, it enables to determine whether m
has been modified or not
Computer Science

Cont. …
• Properties of hash functions
One-way function: It is computationally infeasible to
find m that corresponds to a known output of h
• Collision resistance
• Weak-collision resistance: It is computationally
infeasible, given m and H, to find m’ ≠ m such
that H(m) = H(m’)
• Strong-collision resistance: Given H, it is
computationally infeasible to find any two
different input values m and m’, such that H(m)
= H(m’)
Computer Science

RSA- Example of Asymmetric/Public-Key Cryptosystem
• The RSA algorithm
• Used for both public key encryption and digital
signatures.
• Security is based on the difficulty of factoring large
integers.
• Major Activities
• Key Generation (Algorithm)
• Encryption
• Digital signing
• Decryption
• Signature verification
Computer Science

RSA: Cont. …
• Generate two large random primes, p and q
• Compute n = pq and (φ) phi = (p-1)(q-1)
• Choose an integer e, 1 < e < φ, such that gcd(e,
phi) = 1
• Compute the secret exponent d, 1 < d < φ, such
that
d = e-1 mod φ , i.e. φ divides (ed-1)
• The public key is (n, e) and the private key is
(n, d).
Keep all the values d, p, q and φ secret
n is known as the modulus
e is known as the public exponent or encryption exponent
d is known as the secret exponent or decryption exponent.
Computer Science

RSA: Cont. …
RSA- Encryption
• Sender A does the following
• Obtains the recipient B's public key (n, e)
• Represents the plaintext message as a positive integer m
• Computes the ciphertext c = m^e mod n
• Sends the ciphertext c to B
RSA- Decryption
• Recipient B does the following
• Uses his private key (n, d) to compute m = c^d mod n
• Extracts the plaintext from the message representative m
Computer Science

RSA: Cont. …
• RSA- Digital signing
• Recipient B does the following
• Uses sender A's public key (n, e) to compute integer v = se mod n
• Extracts the message digest from this integer
• Independently computes the message digest of the information that
has been signed
• If both message digests are identical, the signature is valid
• RSA- Signature verification
• Sender A does the following
• Creates a message digest of the information to be sent
• Represents this digest as an integer m between 0 and n-1
• Uses her private key (n, d) to compute the signature
s = md mod n.
• Sends this signature s to the recipient, B.
Computer Science

RSA: Cont. …
• RSA- Key Generation Simple Example
• Select primes p=11, q=3.
• n = pq = 11*3 = 33
phi = (p-1)(q-1) = 10*2 = 20
• Choose e=3
Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 are relatively prime - have
no common factors except 1) and check gcd(e, q-1) = gcd(3, 2) = 1,
therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1
• Compute d (1<d<phi) such that d = e-1 mod phi = 3-1 mod 20
i.e. find a value for d such that phi divides ed-1 (20 divides 3d-1.)
Simple testing (d = 2, 3 ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20).
• Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7).
Computer Science

Cryptography
RSA- Encryption Example
• Now say we want to encrypt the message m = 7
c = m^e mod n = 7^3 mod 33 = 343 mod 33 = 13
Hence the ciphertext c = 13
• To check decryption we compute
m = c^d mod n = 13 ^ 7 mod 33 = 62748517 mod 33 =7
RSA- Decryption Example
Given
Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7)
Computer Science

Cryptography
RSA- More Meaningful Example
Message: ATTACKxATxSEVEN
• Grouping the characters into blocks of three and computing a
message representative integer for each block:
ATT ACK XAT XSE VEN
• In the same way that a decimal number can be represented as the
sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could
represent our blocks of three characters in base 26 using A=0,
B=1, C=2, ..., Z=25
• ATT = 0 x 262 + 19 x 261 + 19 = 513
ACK = 0 x 262 + 2 x 261 + 10 = 62
XAT = 23 x 262 + 0 x 261 + 19 = 15567
XSE = 23 x 262 + 18 x 261 + 4 = 16020
VEN = 21 x 262 + 4 x 261 + 13 = 14313
Computer Science

Cryptography
RSA- More Meaningful Example – Key Generation
• We "generate" primes p=137 and q=131 (we cheat by
looking for suitable primes around √n)
• n = pq = 137*131 = 17,947
phi = (p-1)(q-1) = 136*130 = 17680
• Select e = 3
check gcd(e, p-1) = gcd(3, 136) = 1, OK and
check gcd(e, q-1) = gcd(3, 130) = 1, OK.
• Compute d = e-1 mod phi = 3-1 mod 17680 = 11787.
d = e-1 mod phi , i.e. phi divides (ed-1)
• Hence
public key, (n, e) = (17947, 3) and
private key (n, d) = (17947, 11787).
Computer Science

Cryptography
RSA- More Meaningful Example – Encryption/Decryption
• To encrypt the first integer that represents "ATT“ (513), we
have
• c = m^e mod n = 5133 mod 17947 = 8363
• We can verify that our private key is valid by decrypting
• m = c^d mod n = 836311787 mod 17947 = 513
Given
Public key = (n, e) = (17947, 3)
Private key = (n, d) = (17947, 11787)
• Overall, our plaintext is represented by the set of integers m
• (513, 62, 15567, 16020, 14313)
• We compute corresponding cipher text integers c = m^e mod n
• (8363, 5017, 11884, 9546, 13366)
Computer Science

Attack on cryptography
• Types of attacks
– The attacker has only the ciphertext and
his goal is to find the corresponding
plaintext
– The attacker has a ciphertext and the
corresponding plaintext and his goal is to
find the key
• A good cryptosystem protects against all
types of attacks
• Attackers use both Mathematics and
Statistics Dilla University, Department of
Computer Science

Cont. …
• Cryptography and Intruders
– Eavesdropping (listening/spying the
message)
An intruder may try to read the message
If it is well encrypted the intruder will not know the
content
However, just the fact the intruder knows that there is
communication may be a threat (Traffic analysis)
– Modification
Modifying a plaintext is easy, but modifying encrypted
messages is more difficult
– Insertion of messages
Inserting new message into a cipher-text is difficult
Computer Science

Cont. …
Cryptography and Intruders
Computer Science

Chapter_three - Computer Security.pdf

Recommandé

Recommandé

Contenu connexe

Similaire à Chapter_three - Computer Security.pdf

Similaire à Chapter_three - Computer Security.pdf (20)

Plus de AschalewAyele2

Plus de AschalewAyele2 (11)

Dernier

Dernier (20)

Chapter_three - Computer Security.pdf