Slidecast - Workshop
- 1. Network & Application Security (NAS) AUTHENTICATED ENCRYPTION S AM A N T K H AJ U R I A A S S I S T A N T P R O F E S S O R , C M I S K H @ C M I . A A U . D K
- 2. Computer security objectives • Confidentiality • Data Confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized users. • Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. • Integrity • Data integrity: Assures that information and programs are changed only in a specified and authorized manner • System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system • Availability • Assures that the system work promptly and service is not denied to authorized users
- 3. Additional Concepts / Objectives • Authenticity • Property of being genuine ; able to be verified and trusted • Confidence in the validity of a message or message originator • Meaning – Verifying that the users are who they say they are and each transmission arriving at the system came from a trusted party. • Accountability • The security goal that generates the requirements for actions of an entity to be traced uniquely to that entity • Supports – nonrepudiation, fault isolation, intrusion detection and prevention, and after action recovery and legal action
- 4. Symmetric Encryption • Also referred to as conventional encryption, secret-key, or single-key encryption. • Only type of encryption in use prior to the development of public-key encryption in the late 1970’s. • Symmetric encryption remains by far the most widely used of the two types of encryption. • All classical encryption algorithms are private-key • Common key is used by sender and recipient
- 5. Simplified Model of Symmetric Encryption
- 6. Requirements • Two requirements for secure use of algorithm • A STRONG Encryption algorithm • Both the parties i.e., Sender and the receiver have obtained the copy of the secret key in a secure fashion and must keep the key secure • IMPORTANT !!! The security of symmetric encryption depends on the secrecy of the key, not the secrecy of the algorithm • Practical reasons – makes it feasible for widespread use. • Manufacturers can and have developed low-cost chip implementations of data encryption algorithms. • These chips are widely available and incorporated into a number of products.
- 7. Cryptography • Cryptographic systems are generically classified along three independent dimensions: • The type of operations used for transforming plaintext to ciphertext • Substitution - Each element in the plaintext is mapped into another element • Transposition - Elements in the plaintext are rearranged ; Fundamental requirement is that no information be lost • Product systems - Involve multiple stages of substitutions and transpositions • The number of keys used • Referred to as symmetric, single-key, secret-key, or conventional encryption if both sender and receiver use the same key • Referred to as asymmetric, two-key, or public-key encryption if the sender and receiver each use a different key • The way in which the plaintext is processed • Block cipher processes the input one block of elements at a time, producing an output block for each input block • Stream cipher processes the input elements continuously, producing output one element at a time, as it goes along
- 8. Advanced Encryption Standard (AES)
- 9. AES • Symmetric, block cipher • Key size: 128, 192, or 256 bits • Block size: 128 • Processed as 4 groups of 4 bytes (state) • Operates on the entire block in every round • Number of rounds depending on key size: • Key=128 -> 9 rounds • Key=192 -> 11 rounds • Key=256 -> 13 rounds
- 11. Cipher Block Modes of Operation
- 12. Cipher block Modes of Operation • A symmetric block cipher processes one block of data at a time • In the case of DES and 3DES, the block length is b=64 bits • For AES, the block length is b=128 • For longer amounts of plaintext, it is necessary to break the plaintext into b- bit blocks, padding the last block if necessary • Five modes of operation have been defined by NIST • Intended to cover virtually all of the possible applications of encryption for which a block cipher could be used • Intended for use with any symmetric block cipher, including triple DES and AES
- 13. Cipher Feedback (CFB) Block Cipher Block Cipher Block Cipher Plaintext 1 Plaintext 2 Plaintext n Ciphertext 1 Ciphertext 2 Ciphertext n Initialization Vector (IV) Block Cipher Block Cipher Block Cipher Plaintext 1 Ciphertext 2Ciphertext 1 Plaintext 2 Plaintext n Initialization Vector (IV) Ciphertext n DECRYPTENCRYPT
- 14. ASC-1 : An Authenticated Encryption Stream Cipher
- 15. Algorithm Analysis & Development • Authenticated Encryption • Generic Composition • Two Pass Combined mode • One pass Combined mode • Cryptographic schemes that provide both confidentiality and authenticity are called authenticated encryption schemes. • AE consists of a key generation, an encryption and a decryption algorithm.
- 16. Generic Composition • Traditional approach to solve both privacy and authenticity problems has been to combine them in a straightforward manner. • Results – Not very efficient, twice as slow as either encryption or authentication. • Pitfalls – • Use of non-cryptographic non-keyed hash function and good encryption scheme • Use of same key for encryption scheme and the MAC scheme . • To analyze the security of the Authenticated Encryption Scheme three “Generic Composition” methods are considered. • Black Box use of a given symmetric encryption scheme and a given MAC • Each case uses two different keys i.e., K1 and K2
- 17. ASC-1 : An Authenticated Encryption Stream Cipher • To achieve faster encryption and message authentication by performing both in a single pass as opposed to the traditional encrypt-then-mac approach • Similar to LEX (Leak EXtraction) stream cipher selected to phase 3 of the eSTREAM competition, ASC-1 uses leak extraction • Bits are extracted from intermediate rounds to generate the key that is XOR-ed with the message to compute the ciphertext. • Operates in a Cipher Feedback (CFB) fashion
- 18. Leak Positions in ASC-1 • Crucial part – location of the four bytes of the internal state • Frequency of outputs (every round, every second round etc.) b0,0 b0,1 b0,2 b0,3 b1,0 b1,1 b1,2 b1,3 b2,0 b2,1 b2,2 b2,3 b3,0 b3,1 b3,2 b3,3 b0,0 b0,1 b0,2 b0,3 b1,0 b1,1 b1,2 b1,3 b2,0 b2,1 b2,2 b2,3 b3,0 b3,1 b3,2 b3,3 b0,0 b0,1 b0,2 b0,3 b1,0 b1,1 b1,2 b1,3 b2,0 b2,1 b2,2 b2,3 b3,0 b3,1 b3,2 b3,3 Odd Rounds Even Rounds
- 19. ASC-1 Specification (2/4) ASC-1 DecryptionASC-1 Encryption ),100( ),010( ),000( 70 0,2 70 0,1 70 0 CntrEK CntrEK CntrEX K K K )110))(( 6 0,3 CntrMlEK K