Scribd
Upload
76 views

IS364 - Lecture 09 - Symmetric Encryption

Symmetric encryption algorithms use secret keys to encrypt and decrypt data. Conventional encryption, also known as symmetric encryption, uses a single secret key that is known to both the sender and receiver. The key is used by an encryption algorithm to encrypt plaintext into ciphertext, and by a decryption algorithm to decrypt the ciphertext back into plaintext. Common symmetric encryption algorithms include the Data Encryption Standard (DES) and its stronger variant Triple DES. Modes of operation like Electronic Code Book (ECB) and Cipher Block Chaining (CBC) specify how block ciphers encrypt large amounts of data. Stream ciphers encrypt data bit-by-bit using a pseudo-random keystream.

Uploaded by

samwel sitta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
76 views

IS364 - Lecture 09 - Symmetric Encryption

Symmetric encryption algorithms use secret keys to encrypt and decrypt data. Conventional encryption, also known as symmetric encryption, uses a single secret key that is known to both the sender and receiver. The key is used by an encryption algorithm to encrypt plaintext into ciphertext, and by a decryption algorithm to decrypt the ciphertext back into plaintext. Common symmetric encryption algorithms include the Data Encryption Standard (DES) and its stronger variant Triple DES. Modes of operation like Electronic Code Book (ECB) and Cipher Block Chaining (CBC) specify how block ciphers encrypt large amounts of data. Stream ciphers encrypt data bit-by-bit using a pseudo-random keystream.

Uploaded by

samwel sitta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

Symmetric Encryption

Algorithms
Contents

History
Conventional Encryption
Hash Function
History
Caesar Cipher
plain: abcdefghijklmnopqrstuvwxyz
key: defghijklmnopqrstuvwxyzabc

cipher: PHHW PH DIWHU WKH WRJD SDUWB


plain: MEET ME AFTER THE TOGA PARTY
History
Basic Types of Ciphers
Transposition ciphers –
rearrange bits or characters in the
data
Substitution ciphers – replace
bits, characters, or blocks of
characters with substitutes
History

“Rail-Fence” Cipher
DISGRUNTLED EMPLOYEE

D R L E O
I G U T E M L Y E
S N D P E

DRLEOIGUTE MLYESNDPE
History

Encryption Methods
The essential technology underlying
virtually all automated network and
computer security applications is
cryptography
Two fundamental approaches are in
use:
Conventional Encryption, also known as
symmetric encryption
Public-key Encryption, also known as
asymmetric encryption
Conventional
Encryption Model
Conventional
Encryption
The only form of encryption prior to late
1970s
Long history
Most widely used
Conventional
Encryption
Five components to the algorithm
Plaintext: The original message or data
Encryption algorithm: Performs various
substitutions and transformations on the
plaintext
Secret key: Input to the encryption algorithm.
Substitutions and transformations performed
depend on this key
Ciphertext: Scrambled message produced as
output. depends on the plaintext and the secret
key
Decryption algorithm: Encryption algorithm
run in reverse. Uses ciphertext and the secret
key to produce the original plaintext
Conventional
Encryption
More rigorous definition
Five components to the algorithm
A Plaintext message space, M
A family of enciphering transformations, EK:M →
C, where K∈K
A key space, K
A ciphertext message space, C
A family of deciphering transformations, DK: C →
M, where K∈K
Conventional
Encryption
M EK C DK M

EK defined by an encrypting algorithm E


DK defined by an decrypting algorithm D

For given K, DK is the inverse of EK, i.e.,


DK(EK(M))=M
for every plain text message M
Requirements &
Weaknesses
Requirements
A strong encryption algorithm
Secure process for sender & receiver
to obtain secret keys
Methods of Attack
Cryptanalysis
Brute force
Cryptanalysis
The process of attempting to discover
the plaintext or key
Alan Turing broke the
Enigma Code in WWII
Cryptanalysis

Security depends on the key...


...NOT the secrecy of the algorithm
Low cost chips are possible
Principal security problem is
maintaining the secrecy of the key!
Cryptographic Systems
Type of Transformation – substitution
and/or transposition; no information
must be lost, i.e., reversible
Number of Keys Used – symmetric,
single key, conventional; asymmetric,
two-key, public-key encryption
Plaintext Processing – block or
stream cipher
Attacks On Encrypted Msgs
Computationally Secure

Cost of breaking cipher exceeds


value of encrypted information
Time to break cipher exceeds useful
lifetime of the information
Exhaustive Key Search

Brute Force with massively parallel processors


20 th
Century Encryption

20’s & 30’s bootleggers made


heavy use of cryptography
FBI create an office for code-
breaking
Japanese Purple Machine
German Enigma Machine
Data Encryption Standard
(DES)
Adopted in 1977, reaffirmed for 5 years
in 1994, by NBS(NIST)
Plaintext is 64 bits (or blocks of 64 bits),
key is 56 bits
Plaintext goes through 16 iterations,
each producing an intermediate value
that is used in the next iteration
DES is now too easy to crack to be a
useful encryption method
DES
The DES algorithm uses a 56 bit key and operates on blocks of 64 bits
of data (Message). In other words, DES specifies a collection of 2^56
functions
of {0,1}^64 to itself and their inverse.
The data undergoes 16 iterations, each driven by a 48b iteration key;
for the iteration key a selection of the 56 master bits is made (which
bits are used in each iteration is fixed and public).
In each iteration, half of the data is passed unchanged
and combined with the key to mess up the other half; so
Y1 = X1
Y2 = X2 XOR f(X1,K)
And this iteration is self-inversive; indeed, with
Z1 = Y1
Z2 = Y2 XOR f(Z1,K)
we find Z1,Z2 = X1,X2.
DES
Strength of DES
DES is the most studied encryption
algorithm in existence
1998, DES Cracker from Electronic
Frontier Foundation, built for
$250,000
Solution: Use a bigger key
Triple DES
C = EK3 [DK2 [EK1 [P ]]]
P = Message
Triple DES
Alternative to DES, uses multiple
encryption with DES and multiple keys
With three distinct keys, 3DES has an
effective key length of 168 bits, so it is
essentially immune to brute force
attacks
Backward compatible with DES
Principal drawback of DES is that the
algorithm is relatively sluggish in
software
Modes of Cipher
Operation
block ciphers encrypt fixed size
blocks
eg. DES encrypts 64-bit blocks with 56-
bit key
need some way to en/decrypt
arbitrary amounts of data in practise
subsequently 5 defined for DES

have block and stream modes
Electronic Code Book (ECB)
message is broken into independent
blocks which are encrypted
each block is a value which is
substituted, like a codebook, hence
name
each block is encoded independently of
the other blocks
Ci = DESK1(Pi)
uses: secure transmission of single
values
Electronic Code Book (ECB)
Cipher Block Modes of
Operation

Block ciphers process one n-bit block
of data at a time

Break long amounts of plaintext into
64-bit blocks

Use Electronic Code Book (ECB)
Each block of plaintext is encrypted using
the same key
Entry for every possible 64-bit plaintext
pattern
Block appears more than once, produce
same ciphertext
Repeating patterns become a problem
Cipher Block Chaining
Mode (CBC)
Input to algorithm is the XOR of
current plaintext block and
preceding ciphertext block
Repeating patterns are not
exposed
Cipher Block Chaining
(CBC)
message is broken into blocks

Block ciphers process one n-bit block of data at a time

Break long amounts of plaintext into 64-bit blocks
linked together in encryption operation
each previous cipher blocks is chained with current
plaintext block, hence name
use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
uses: bulk data encryption, authentication
Cipher Block Chaining
Mode
Advantages and Limitations of
CBC

a ciphertext block depends on all
blocks before it
any change to a block affects all
following ciphertext blocks

need Initialization Vector (IV)
which must be known to sender & receiver
if sent in clear, attacker can change bits of first
block, and change IV to compensate
hence IV must either be a fixed value

or must be sent encrypted in ECB mode before
rest of message
Stream Ciphers
process message bit by bit (as a
stream)

have a pseudo random keystream
combined (XOR) with plaintext bit by
bit

randomness of stream key
completely destroys statistically
properties in message
• Ci = Mi XOR StreamKeyi

but must never reuse stream key


Stream Cipher Structure
Stream Cipher Properties
some design considerations are:
long period with no repetitions
statistically random
depends on large enough key
large linear complexity
properly designed, can be as secure
as a block cipher with same size key
but usually simpler & faster
Stream Cipher Properties
some design considerations are:
long period with no repetitions
statistically random
depends on large enough key
large linear complexity
properly designed, can be as secure
as a block cipher with same size key
but usually simpler & faster
Location of Encryption
Devices
Link Encryption
Each vulnerable communications link is
equipped on both ends with an
encryption device
All traffic over all communications links
is secured
Vulnerable at each switch
Location of Encryption
Devices
End-to-end Encryption
The encryption process is carried out at
the two end systems
Encrypted data are transmitted
unaltered across the network to the
destination, which shares a key with the
source to decrypt the data
Packet headers cannot be secured
Reading

1. Decryption of monoalphabetic
substitution ciphers by using frequency
analysis
2. Double DES encryption

3. Triple DES encryption

4. Modes DES operation


References
Cryptography and Network Security
(Principles and Practice); William
Stallings;

Internet

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy