3 Symmetric Key Cryptography

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

136 εμφανίσεις

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
1

Internet Security 1 (IntSec1)


Prof. Dr. Andreas Steffen


Institute for Internet Technologies and Applications (ITA)

3 Symmetric Key
Cryptography

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
2

Cryptographical Building Blocks

Block

Ciphers

Stream

Ciphers

Symmetric Key

Cryptography

Authentication

Confidentiality

Encryption

Hash

Functions

Challenge

Response

IVs

MACs

MICs

Message

Digests

Nonces

Pseudo

Random

Random

Sources

Secret
Keys

Smart

Cards

DH

RSA

Public Key

Cryptography

Elliptic

Curves

Digital
Signatures

Data

Integrity

Secure Network Protocols

Non
-
Repudiation

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
3

open channel

Shannon‘s Model of a Secrecy System

Symmetric or Secret Key Cryptosystems


Same key used for encryption and decryption


Key must be kept absolutely secret


Same key can be used for several messages, but should be
changed periodically


secure key distribution problem!




Encryption

E
K
(P) = C

plaintext

P




Decryption

D
K
(C) = P

ciphertext

plaintext

P

C

key

K

key

K

distribution of secret
-
key over secure channel

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
4

Internet Security 1 (IntSec1)

3.1 Block Ciphers

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
5

Symmetric Key Cryptosystems

Block Ciphers

ciphertext blocks

n bits

n bits

plaintext blocks

n bits

n bits

Common Block Sizes:

n = 64, 128, 256 bits

Common Key Sizes:


k =

40
,

56
,

64
,

80
, 128,


168, 192, 256 bits

k bits

Key

Block Cipher

n bits

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
6

Deep

Crack


56
bit

DES
-
Key
cracked

in
22
hours


72,057,594,037,927,936 possible keys (2
56
)


Total cost < 250'000 $US in 1998


Project sponsored by the Electronic Frontier Foundation (EFF)


Proof that the NSA was able to crack DES from the very beginning

24 boards with 64 chips each

90 billion keys per second

designed by Paul Kocher

financed by John Gilmore

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
7


Assumed effort:


40 million
dollardays

= 40M x 1 day = 100k x 400 days


Moore’s Law:


2 bits every 3
years





56 bits in 1982



64 bits in 1994



72 bits in
2006



76 bits in 2012



80 bits in 2018



88 bits in 2030



96 bits in 2042


104 bits in 2054


112 bits in 2066


120
bits

in 2078


128
bits

in 2090

Security of Symmetric Keys follows Moore's Law

Source:

Arjen

K.
Lenstra
, “Key Lengths",


in
Handbook of Information Security, June 2004

www.keylength.com

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
8

Block Cipher Modes I

Electronic Code Book Mode (ECB)

P
1

P
2

P
3

C
1

E

D

P
1

C
1

E

C
3

C
3

D

P
3

Sender

Receiver

E

C
2

D

P
2

C
2

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
9

C
1

E

E

C
2

E

P
1

P
2

P
3

C
3

Block Cipher Modes II

Cipher Block Chaining Mode (CBC)

IV

D

P
2

C
2

IV

D

P
1

C
1

C
3

D

P
3

Sender

Receiver

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
10

Some Popular Block Ciphers

Block Size

Name of Algorithm

Key Size

DES (Data Encryption Standard,
IBM)
1


64

56

3DES
(Triple DES)

64

168

IDEA (Lai / Massey, ETH Zürich)

64

128

Camellia

(Mitsubishi/NTT, Japan)

128

128 ... 256

Blowfish

(Bruce
Schneier
)

64

128 ... 448

AES (
Advanced

Encryption Standard
)

2


128

128 ... 256

1

U.S. FIPS PUB 46
-
3,
withdrawn

in 2005

2

U.S. FIPS PUB 197,
published

in 2001

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
11

168 bits

Triple

DES (3DES)

DES

E
K1

Key K1

56 bits

DES

D
K2

Key K2

56 bits

P

64 bits

DES

E
K3

Key K3

56 bits

C

64 bits


Cipher
-
Block
-
Chaining based encryption: DES
-
EDE3
-
CBC


True cryptographic strength of 3DES key is 2x56 bits = 112 bits

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
12

Advanced

Encryption Standard (AES
)


Evaluation
of

an
Advanced

Encryption Standard


The National Institute
of

Standards
and

Technology (NIST)
started

a
public

contest

for

AES in 1997
and

in
October

2000
selected

Rijndael

invented

by

Vincent
Rijmen

and

Joan
Daemen

from

K.U. Leuven in
Belgium
.


On Nov. 26 2001, AES was
officially

published

as

the

U.S. Federal
Information Processing Standard
FIPS PUBS
197
.


Requirements

for

AES


AES
shall

be

publicly

defined
.


AES
shall

be

a
symmetric

block
cipher
.


AES
shall

be

implementable

in
both

hardware

and

software
.


AES
shall

have

a block
size

of

n = 128
bits


AES
shall

have

flexible
key

sizes

of

k = 128, 192,
and

256
bits
.

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
13

AES Algorithm

16 input bytes


In
each

round

the

state

array

is

processed

using

the

functions

SubBytes
(),
ShiftRows
(),
MixColumns
(),
and

AddRoundKey
()


AES
-
128 (10
rounds
), AES
-
192 (12
rounds
), AES
-
256 (14
rounds
)

out
12

out
13

out
14

out
15

out
8

out
9

out
10

out
11

out
4

out
5

out
6

out
7

out
0

out
1

out
2

out
3

s
0,3

s
1,3

s
2,3

s
3,3

s
0,2

s
1,2

s
2,2

s
3,2

s
0,1

s
1,1

s
2,1

s
3,1

s
0,0

s
1,0

s
2,0

s
3,0

in
12

in
13

in
14

in
15

in
8

in
9

in
10

in
11

in
4

in
5

in
6

in
7

in
0

in
1

in
2

in
3

state array

16 output bytes

b
7

b
6

b
5

b
4

b
3

b
2

b
1

b
0

b
7
x
7

+ b
6
x
6
+ b
5
x
5

+ b
4
x
4

+ b
3
x
3

+ b
2
x
2

+ b
1
x+b
0

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
14

Internet Security 1 (IntSec1)

3.2 Stream Ciphers

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
15

Symmetric Key Cryptosystems

Stream Ciphers

Pseudo
-
Random

Sequence Generator

Plaintext Bitstream

Ciphertext Bitstream

Key

1 1 1 1 1 1 1 1 0 0 0 0 0 0 …

1 0 0 1 1 0 1 0 1 1 0 1 0 0 …

0 1 1 0 0 1 0 1 1 1 0 1 0 0 …

Plaintext Stream

Pseudo
-
Random Stream

Ciphertext Stream

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
16

Stream Ciphers

Linear Feedback Shift Registers (LFSRs)


Maximum possible sequence length is 2
n
-

1 with n registers


LFSRs are often used as building blocks for stream ciphers


GSM A5 is a cipher with 3 LFSRs of lengths 19, 22, and 23

Key

1

1

0

1

0

Load Key

R
0

R
1

R
2

R
n
-
2

R
n
-
1

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
17

Block Cipher Modes III

Output Feedback Mode (OFB)

IV

Sender

Receiver

S
1

E

E

S
2

E

S
3

IV

P
1

P
2

P
3

C
2

C
1

C
3

C
2

C
2

C
1

P
1

P
2

P
3

S
1

S
2

S
3

E

E

E

Andreas Steffen,
10.10.2011, 3
-
SymmetricKey.pptx
18

Block Cipher Modes IV

Counter Mode (CTR)

Sender

Receiver

P
1

P
2

P
3

C
2

C
1

C
3

C
2

C
2

C
1

P
1

P
2

P
3

S
1

E

E

S
2

E

S
3

IV

IV

+1

IV

+2

IV

S
1

S
2

S
3

E

E

E

IV

+1

IV

+2