ch02 Compsec4e
ch02 Compsec4e
ch02 Compsec4e
K K
Transmitted
X ciphertext
Y = E[K, X] X = D[K, Y]
Plaintext Plaintext
Encryption algorithm Decryption algorithm
input output
(e.g., DES) (reverse of encryption
algorithm)
Strength concerns:
• Concerns about the algorithm itself
•DES is the most studied encryption
algorithm in existence
• Concerns about the use of a 56-bit key
•The speed of commercial off-the-shelf
processors makes this key length woefully
inadequate
Table 2.2
Number of Time Required
Key size Alternative Time Required at 109 at 1013
(bits) Cipher Keys decryptions/s decryptions/s
56 DES 256 ≈ 7.2 ´ 1016 255 ns = 1.125 years 1 hour
AES 2127 ns = 5.3 ´ 1021
128 2128 ≈ 3.4 ´ 1038 5.3 ´ 1017 years
years
Triple DES 2167 ns = 5.8 ´ 1033
168 2168 ≈ 3.7 ´ 1050 5.8 ´ 1029 years
years
192 AES 2192 ≈ 6.3 ´ 1057 2191 ns = 9.8 ´ 1040 9.8 ´ 1036 years
years
256 AES 2256 ≈ 1.2 ´ 1077 2255 ns = 1.8 ´ 1060 1.8 ´ 1056 years
years
Significantly improved
3DES was not efficiency
Published as
reasonable for
long term use FIPS 197
Symmetric block cipher
Encryption
b b b
K Encrypt K Encrypt K Encrypt
b b b
C1 C2 Cn
C1 C2 Cn
Decryption
b b b
K Decrypt K Decrypt K Decrypt
b b b
P1 P2 Pn
Key Key
K K
k kk
Plaintext Ciphertext Plaintext
byte stream byte stream byte stream
M ENCRYPTION C DECRYPTION M
Stream Cipher
• Processes the input elements continuously
• Produces output one element at a time
• Primary advantage is that they are almost always faster
and use far less code
• Encrypts plaintext one byte at a time
• Pseudorandom stream is one that is unpredictable without
knowledge of the input key
Message Authentication
Protects against
active attacks
•Contents have not been
Verifies received altered
message is •From authentic source
•Timely and in correct
authentic sequence
Can use
•Only sender and receiver
conventional share a key
encryption
Message Authentication
Without Confidentiality
• Message encryption by itself does not provide a secure
form of authentication
• It is possible to combine authentication and
confidentiality in a single algorithm by encrypting a
message plus its authentication tag
• Typically message authentication is provided as a
separate function from message encryption
• Situations in which message authentication without
confidentiality may be preferable include:
• There are a number of applications in which the same message is
broadcast to a number of destinations
• An exchange in which one side has a heavy load and cannot afford the
time to decrypt all incoming messages
• Authentication of a computer program in plaintext is an attractive service
MAC
Transmit algorithm
Compare
MAC
algorithm
MAC
Message
Message
Message
H
Compare
H K K
E D
(a) Using symmetric encryption
Message
Message
Message
H
Compare
H PRa PUa
E D
(b) Using public-key encryption
K K
Message
Message
Message
H
K K
Compare
H
Cryptanalysis Passwords
•Exploit logical •Hash of a password is
weaknesses in the stored by an operating
algorithm system
Alice's
public key
ring
Joy
Ted
Mike Bob
X=
X Transmitted D[PUb, Y]
ciphertext
Y = E[PRb, X]
Plaintext Plaintext
Encryption algorithm Decryption algorithm
input output
(e.g., RSA)
Computationally
Useful if either key easy for sender
can be used for knowing public key
each role to encrypt messages
Computationally Computationally
infeasible for easy for receiver
opponent to knowing private key
otherwise recover to decrypt
original message ciphertext
Computationally
infeasible for
opponent to
determine private key
from public key
RSA (Rivest, Block cipher in which the
Most widely accepted and
plaintext and ciphertext
Shamir, Developed in 1977 implemented approach to
public-key encryption
are integers between 0 and
n-1 for some n.
Adleman)
Digital
Provides only a digital Cannot be used for
Signature signature function with
SHA-1
encryption or key
exchange
Standard (DSS)
Elliptic curve
Security like RSA, but with
cryptography much smaller keys
(ECC)
Digital Signatures
NIST FIPS PUB 186-4 defines a digital signature as:
”The result of a cryptographic transformation of data that,
when properly implemented, provides a mechanism for
verifying origin authentication, data integrity and signatory
non-repudiation.”
Thus, a digital signature is a data-dependent bit pattern,
generated by an agent as a function of a file, message, or
other form of data block
Message M Message M S
Cryptographic Cryptographic
hash hash
function function
Bob’s
h Bob’s h
public
private
key
key
Digital Digital
signature signature
generation verification
algorithm algorithm
Message M S Return
signature valid
Bob’s or not valid
signature
for M
H CA
information
SG SV Return signature
valid or not valid
Generate hash Signed certificate
code of unsigned
certificate
Receiver's Encrypted
public symmetric
key key
D M essage
Encrypted
message Random
symmetric
key
Digital
envelope D
Encrypted Receiver's
symmetric private
key key
Handshaking to prevent
replay attacks
Session key
Random Number
Requirements
Randomness Unpredictability
Criteria:
Uniform distribution Each number is
Frequency of occurrence
statistically independent
of each of the numbers
should be approximately of other numbers in the
the same sequence
Independence
No one value in the Opponent should not be
sequence can be inferred
from the others able to predict future
elements of the
sequence on the basis of
earlier elements
Random versus
Pseudorandom
Cryptographic applications typically make use of
algorithmic techniques for random number generation
• Algorithms are deterministic and therefore produce sequences of numbers
that are not statistically random