Chapter 20 Symmetric Encryption and Message Confidentiality Symmetric Encryption • Also referred to as: o o Conventional encryption Secret-key or single-key encryption • Only alternative before public-key encryption in 1970’s o Still most widely used alternative • Has five ingredients: o o o o o Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm Cryptography Classified along three independent dimensions: The type of operations used for transforming plaintext to ciphertext • Substitution – each element in the plaintext is mapped into another element • Transposition – elements in plaintext are rearranged The number of keys used • Sender and receiver use same key – symmetric • Sender and receiver each use a different key - asymmetric The way in which the plaintext is processed • Block cipher – processes input one block of elements at a time • Stream cipher – processes the input elements continuously Computationally Secure Encryption Schemes • Encryption is computationally secure if: o Cost of breaking cipher exceeds value of information o Time required to break cipher exceeds the useful lifetime of the information • Usually very difficult to estimate the amount of effort required to break • Can estimate time/cost of a brute-force attack Plaintext (2w bits) Round L0 wbits wbits R0 K1 F L1 R1 Round i Ki F Li Ri Round n Kn F Ln Rn Ln+1 Rn+1 Ciphertext (2wbits) Figure20.1 Classical Feistel Network Block Cipher Structure • Symmetric block cipher consists of: o A sequence of rounds o With substitutions and permutations controlled by key • Parameters and design features: Block size Key size Number of rounds Subkey generatio n algorithm Ease of analysis Fast software encryption /decryptio n Round function  Most widely used encryption scheme  Adopted in 1977 by National Bureau of Standards (Now NIST)  FIPS PUB 46  Algorithm is referred to as the Data Encryption Algorithm (DEA)  Minor variation of the Feistel network Data Encryption Standard (DES) K1 P E K2 A D K3 B E C (a) Encryption K3 C D K2 B E K1 A D (b) Decryption Figure20.2 TripleDES P Table 20.2 Table 20.2 AES S-Boxes AES S-Boxes (b) InverseS-box y x 0 52 09 6A D5 30 36 A5 38 BF 40 A A3 B 9E C 81 D F3 E D7 F FB 7C E3 39 82 9B 2F FF 87 34 8E 43 44 C4 DE E9 CB 54 08 7B 2E 94 A1 32 66 A6 28 C2 D9 23 24 3D B2 EE 76 4C 5B 95 A2 0B 49 42 6D FA 8B C3 D1 4E 25 72 F8 F6 64 86 68 98 16 D4 A4 5C CC 5D 65 B6 92 6C 90 70 D8 48 AB 50 00 FD 8C ED BC B9 D3 DA 0A 5E F7 15 E4 46 58 57 05 A7 B8 8D B3 9D 45 84 06 D0 2C 1E 8F CA 3F 0F 02 C1 AF BD 03 01 13 8A 6B 3A 96 91 AC 11 74 41 22 4F E7 67 AD DC 35 EA 85 97 E2 F2 F9 CF 37 CE E8 F0 1C B4 75 E6 DF 73 6E A 47 F1 1A 71 1D 29 C5 89 6F B7 62 0E AA 18 BE 1B B C FC 1F 56 DD 3E A8 4B 33 C6 88 D2 07 79 C7 20 31 9A B1 DB 12 C0 10 FE 59 78 27 CD 80 5A EC F4 5F D 60 51 7F A9 19 B5 4A 0D 2D E5 7A 9F 93 C9 9C EF E F A0 17 E0 2B 3B 04 4D 7E AE BA 2A 77 F5 D6 B0 26 C8 E1 EB 69 BB 14 3C 63 83 55 53 21 99 0C 61 7D Shift Rows Decryption does reverse On encryption left rotate each row of State by 0,1,2,3 bytes respectively Mix Columns and Add Key • Mix columns o Operates on each column individually o Mapping each byte to a new value that is a function of all four bytes in the column o Use of equations over finite fields o To provide good mixing of bytes in column • Add round key o Simply XOR State with bits of expanded key o Security from complexity of round key expansion and other stages of AES Stream Ciphers Processes input elements continuously Key input to a pseudorandom bit generator • Produces stream of random like numbers • Unpredictable without knowing input key • XOR keystream output with plaintext bytes Table20.3 Speed Comparisons of Symmetric Ciphers on a Pentium Cipher Key Length Speed (Mbps) DES 56 21 3DES 168 10 AES 128 61 RC4 Variable Source: http://www.cryptopp.com/benchmarks.html 113 S 253 253 255 keylen K T (a) Initial stateof S and T T T[i] j =j +S[i] +T[i] S S[i] S[j] i Swap (b) Initial permutation of S j =j +S[i] S S[i] i S[j] S[t] Swap t =S[i] +S[j] (c) Stream Generation Figure20.5 RC4 k Table 20.4 Block Cipher Modes of Operation Electronic Codebook (ECB) • Simplest mode • Plaintext is handled b bits at a time and each block is encrypted using the same key • “Codebook” because have unique ciphertext value for each plaintext block o Not secure for long messages since repeated plaintext is seen in repeated ciphertext • To overcome security deficiencies you need a technique where the same plaintext block, if repeated, produces different ciphertext blocks IV Time=1 P1 Time=2 P2 Time=N PN CN–1 Encrypt K K C1 Encrypt K C2 Encrypt CN (a) Encryption C1 Decrypt K C2 K CN Decrypt K Decrypt CN–1 IV P1 P2 (b) Decryption Figure20.6 Cipher Block Chaining(CBC) Mode PN CM–1 IV Shift register b – s bits s bits Shift register b – s bits s bits 64 K 64 K Encrypt P1 64 K Encrypt 64 Select s bits Shift register b – s bits s bits Encrypt 64 Discard b – s bits Select s bits P2 s s 64 Discard b– s bits Select s bits PM s s Discard b– s bits s s s C1 C2 (a) Encryption CM CM–1 IV Shift register b – s bits s bits Shift register b – s bits s bits 64 K 64 K Encrypt 64 Select s bits Discard b – s bits 64 K Encrypt Select s bits 64 Discard b– s bits Select s bits s s C1 Encrypt 64 s s P1 Shift register b – s bits s bits Discard b– s bits s s s C2 P2 (b) Decryption Figure20.7 s-bit Cipher Feedback (CFB) Mode PM CM Counter Encrypt K Counter +1 Encrypt K P1 Counter +N – P2 C1 Encrypt K PN C2 CN (a) Encryption Counter Encrypt K C1 Counter +1 Encrypt K C2 P1 Counter +N – Encrypt K CN P2 (b) Decryption Figure20.8 Counter (CTR) Mode PN FRN FRN Framerelay network FRN FRN = end-to-end encryption device = link encryption device FRN = frame relay node Figure20.9 Encryption Across a FrameRelay Network Key Distribution • The means of delivering a key to two parties that wish to exchange data without allowing others to see the key • Two parties (A and B) can achieve this by: • A key could be selected by A and physically delivered to B • A third party could select the key and physically deliver it to A and B • If A and B have previously and recently used a key, one party could transmit the new key to the other, encrypted using the old key • If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B Key distribution center Host sends packet requestingconnection Security servicebufferspacket; asks KDC for session key KDC distributes session key to both hosts Buffered packet transmitted Application Application Security service HOST Security service Network HOST Figure20.10 Automatic Key Distribution for Connection-Oriented Protocol Summary • Symmetric encryption principles o Cryptography o Cryptanalysis o Feistel cipher structure • Data encryption standard o Data encryption standard o Triple DES • Advanced encryption standard o Overview of the algorithm o Algorithm details • Stream ciphers and RC4 o Stream cipher structure o The RC4 algorithm • Cipher block modes of operation o Electronic codebook mode o Cipher block chaining mode o Cipher feedback mode o Counter mode • Location of symmetric encryption devices • Key distribution ... parties (A and B) can achieve this by: • A key could be selected by A and physically delivered to B • A third party could select the key and physically deliver it to A and B • If A and B have... of State by 0,1,2,3 bytes respectively Mix Columns and Add Key • Mix columns o Operates on each column individually o Mapping each byte to a new value that is a function of all four bytes in... fields o To provide good mixing of bytes in column • Add round key o Simply XOR State with bits of expanded key o Security from complexity of round key expansion and other stages of AES Stream Ciphers