MyTutorialON Cryptography.ppt

1/17/2024
Tutorial on Network Security: Sep
2003
1
Network Security
Bijendra Jain
(bnj@cse.iitd.ernet.in)

1/17/2024
2003
2
Lecture 1: Introduction

1/17/2024
2003
3
Top-level issues
 Safety, security and privacy
 Security policy
– threats, both external and internal
– economic gains
– cost of securing resources
– cryptographic methods vs. physical security
 Information security:
– nature of resources (HW, SW, information)
– during storage, access and communication
– limited to a single computer vs. network security
– various layers (physical through application layers)

1/17/2024
2003
4
Security threats
 Intentional vs. accidental
 Various forms of violations:
– Non-destructive
– Destructive
– Repudiation
– Denial of service
 Threat techniques:
– crypt-analysis
– snooping
– masquerading
– replay attacks
– virus, worms
– etc.

1/17/2024
2003
5
Security services
 Services (or functions) vs. mechanisms
 Security functions:
– confidentiality
– authentication
– integrity
– non-repudiation
– access control
– availability

1/17/2024
2003
6
Security mechanisms
 Physical controls
 Audit trails
 Fraud detection (data mining)
 Steganography
 Encryption:
– private-key vs. public-key encryption
– key generation, exchange, and management
– certification
 Firewalls
 etc.

1/17/2024
2003
7
Lecture 2: Symmetric-key
encryption

1/17/2024
2003
8
Cryptographic systems
 Symmetric vs. asymmetric encryption
 Number of keys used
 Key lengths
 Block vs. stream cipher
 Crypt-analysis (assume algorithm is known)
– ciphertext (only)
– plaintext + ciphertext
– chosen plaintext + ciphertext
– chosen ciphertext + plaintext
Key size Possible
no. of keys
Time to crack
(1 encryption/microsec)
Time to crack (106
encryptions/microsec)
32 109
36 min 2. msec
56 1016
1100 years 10 hrs
128 1038
5 x 1024
years 5 x 1018
years
26 character
permutation
1026
6 x 1012
years 6 x 106
years

1/17/2024
2003
9
Symmetric cryptographic system
 Symmetric encryption
– Plaintext, X
– Ciphertext, Y
– Secret keys for encryption, decryption, K
Secret
key, K
Encrypt
EK(X)
Decrypt
DK(X)
Crypt-
analysis
X Y X
K K
Secure channel
Insecure
channel

1/17/2024
2003
10
Asymmetric cryptographic system
 Asymmetric encryption
– Plaintext, X
– Ciphertext, Y
– Two keys K1, and K2. One is secret, other is public
– One of them (secret or public) is used to encrypt, the other for decryption
– Helps with confidentiality, digital signatures
Key generation, management
Encrypt
EK(X)
Decrypt
DK(X)
Crypt-
analysis
X Y X
K1 K2
Insecure
channel

1/17/2024
2003
11
Symmetric encryption
 Substitution cipher
 Transposition cipher
 DES
 Triple DES
 Blowfish, RC5, RC4, etc.

1/17/2024
2003
12
Substitution cipher
 Ceasar cipher
– encrypt C  (p+k) mod n
– decrypt p  (C-k) mod n
– assumes set of n characters
– easily breakable in n-1 steps
 Substitute using n x n table
– encrypt Ci  lookup_encrypt(pi)
– decrypt pj  lookup_decrypt(Cj)
– 26! Different keys
– may be broken using known “relative frequency” of each character
– To counter:
 use multiple symbols to substitute
 substitute multiple symbols at a time
– e.g. two letter strings at a time

1/17/2024
2003
13
Transposition cipher
 Transposition example:
 To make it more secure:
– transposition it multiple times
– combine it with substitution ciphers
Key 4 3 1 2 5 6 7
Plaintext a t t a c k p
o s t p o n e
d u n t I l t
w o a m x y z
Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLYPETZ

1/17/2024
2003
14
DES
 Combination of several substitution and transposition ops
– Applied to each block of size 64 bits
– Key is 56 bits
– Uses portions of key at different steps
– Uses techniques referred to by “diffusion and confusion”
 Developed by IBM 1971-73, accepted by NBS (USA) as a
standard in 1977
 Primarily a block cipher
Decrypt
DK(X)
P1
K
C1
Encypt
EK(X)
C1
K
P1

1/17/2024
2003
15
DES encryption algorithm
Initial permutation
Round 1
Round 2
Round 16
32-bit swap
Inverse permute
K1
K2
K16
Permuted key
Permuted key
Permuted key
Left circular shift
Left circular shift
Left circular shift
Permuted key
64-bit plaintext
64-bit ciphertext
56-bit key

1/17/2024
2003
16
Cipher Block Chaining
Encrypt
EK(X)
C1
IV
K
+
P1
Encrypt
EK(X)
C2
+
P2
K
Decrypt
DK(X)
P1
IV
K
+
C1
P2
C2
Decrypt
DK(X)
K
+
Primarily a block cipher
–May be used in “block chaining mode”

1/17/2024
2003
17
Strength of DES
 Key size of 56 bits appears to be too small
– In 1993 Weiner developed HW device for $100K with 5760 search
engines to break it in 35 hours
– In 1997, 70,000 systems on Internet discovered the key in less than
96 days (part of plaintext is given)
– Automating the process is difficult, unless plaintext is known
 Perhaps breakable by studying and exploiting weakness
– Differential cryptanalysis
– Linear cryptanalysis
 Trapdoor
– US Govt changed the original design
 Continues to enjoy wide acceptibility
– Particularly with triple-DES (used in PGP)

1/17/2024
2003
18
Double-DES
 Two stages of encryption, using two different keys
Decrypt
EK2(X)
X
K2
Encypt
EK1(X)
C
P
K1

1/17/2024
2003
19
Double-DES
 “two stages cannot be reduced to one stage”:
– for given K1, K2, there is no K s.t. EK2(EK1(P)) = EK(P)
 Meet-in-the-middle attack
– Let C = EK2(EK1(P)), and X = EK1(P) = DK2(C)
– Let known P and C
– Search for K1 and K2 such that X = EK1(P) = DK2(C)
– Complexity is O(256 + 256), not O(2128)

1/17/2024
2003
20
Triple-DES
 Three stages of encryption, using two different keys
Decrypt
EK2(X)
X1
K2
Encypt
EK1(X)
C
P
K1
X2
Decrypt
EK3(X)
K3

1/17/2024
2003
21
IDEA
 International data encryption algorithm (IDEA)
 developed in 1991, gaining ground
 block cipher
 better understood
 US government has had no role in its design
 design principle:
– block size 64 bits
– key length 128 bits
– more emphasis on “diffusion” and “confusion”
 uses three operations:
– “exclusive-OR”, “addition”, “multiplication”
– some effort to make HW implementation easier

1/17/2024
2003
22
RC5
 developed by Rivest, in 1994
 suitable for HW or SW implementation on
microprocessors
– simple
– different word length
– low memory
 high level of security
– simpler determination of strength
– variable no. of “rounds”, key length

1/17/2024
2003
23
Blowfish
 Developed in 1993
 block cipher
 up to 448 bit keys
 no known attacks
 simple, fast and compact
algorithm cycles/"round" No. of rounds cycles/byte encrypted
Blowfish 9 16 18
RC5 12 16 23
DES 18 16 45
IDEA 50 8 50
Triple-DES 18 48 108

1/17/2024
2003
24
Summary: symmetric key encryption
 Since the same key is used to encrypt and decrypt,
the system is also know as private-key encryption
 Symmetric key encryption
– uses shared secret keys
– also known as “private-key” encryption
 Primarily used for purpose of confidentiality
– but may be used to authenticate as well, but may be
“repudiated”
 Key sharing or management is an issue
– particularly when the no. of clients sharing the key is “large”

1/17/2024
2003
25
Application to confidentiality
 Private-key encryption may be used to provide
confidentiality of messages during transfer over LANs
and/or WANs
 At issue:
– what information:
 User data vs. headers
 Identity of correspondents vs. node/route identity
– in what layer, and between what points
 Link-layer vs. end-to-end vs. application level
 Assumption: data over physical network is accessible
– Wireless links
– Employee of the network service provider
– Your own colleagues

1/17/2024
2003
26
Link-level vs. end-to-end
confidentiality
Host
A
Host
B
R
R
R
Link-level
enrypt/ decrypt
End-to-end
enrypt/ decrypt

1/17/2024
2003
27
Link-level vs. end-to-end
confidentiality
Link-level encryption End-to-end encryption
Security within nodes, hosts
Exposed in intermediate nodes
Exposed in end hosts
Encrypted in intermediate nodes
Encrypted/Decrypted by end hosts
Role of end devices, intermediate nodes
Intermediate nodes require encryption
One key for each link
Done in hardware
Only end hosts need encryption One key
per session/connection
Perhaps done in software

1/17/2024
2003
28
Traffic confidentiality
 Issues:
– Identity of communicating entities
– Identity of hosts, routers
– Traffic volumes, patterns
 Link-level encryption offers better confidentiality
 Padding may be used to “hide” patterns and volumes

1/17/2024
2003
29
Key distribution
 Secret key must be distributed between the communicating
entities, say A and B
 Link level encryption requires L number of keys to be distributed,
one for each device at the end of a link
 Host-to-host encryption requires N*(N-1)/2 keys to be distributed
 Two techniques:
– Physical delivery (works only in a very limited environs)
 A delivers it to B
 A trusted third party C delivers the key to A and to B
– Electronic delivery using an established secure connection or
session
 A delivers it to B after suitably encrypting it
 A trusted third party C delivers the key to A and to B using secure
channels to A and to B.

1/17/2024
2003
30
Key distribution
 Electronic distribution by B to A, though process initiated by A
 Above:
– N1 and N2 are “nonce”,
– MKm is the “master key” used by A and B
– KS is the new “session key”
– F is a well-known function, such as ADD 1

1/17/2024
2003
31
Key distribution
 Electronic distribution by trusted third party C to A and to B

1/17/2024
2003
32
Key distribution
 Above:
– KA and KB are keys used by A and B, respectively, to communicate
with C
– IDA identifies entity A

1/17/2024
2003
33
Key distribution
 Secure operation of these schemes, against:
– Masquerade
– replay attacks
 Other issues:
– Hierarchy of keys
– Lifetime of a session key
– Generation of Nonce or Random numbers

1/17/2024
2003
34
Thanks

MyTutorialON Cryptography.ppt

More Related Content

Similar to MyTutorialON Cryptography.ppt (20)

More from halosidiq1 (18)

Recently uploaded (20)

MyTutorialON Cryptography.ppt