network security network security essentials essentials
play

Network Security Network Security Essentials Essentials Chapter 2 - PowerPoint PPT Presentation

Network Security Network Security Essentials Essentials Chapter 2 Chapter 2 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown Encryption Encryption


  1. Network Security Network Security Essentials Essentials Chapter 2 Chapter 2 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown

  2. Encryption Encryption  What What is is encryption? Why do we need it? encryption? Why do we need it?  No, seriously, let's discuss this. Why do we No, seriously, let's discuss this. Why do we need it? need it?

  3. Symmetric Encryption Symmetric Encryption  or conventional / or conventional / private-key private-key / single-key / single-key  sender and recipient share a common key sender and recipient share a common key  all classical encryption algorithms are all classical encryption algorithms are private-key private-key  was only type prior to invention of public- was only type prior to invention of public- key in 1970’s key in 1970’s  and by far most widely used and by far most widely used

  4. Some Basic Terminology Some Basic Terminology  plaintext plaintext - original message - original message  ciphertext ciphertext - coded message - coded message  cipher cipher - algorithm for transforming plaintext to ciphertext - algorithm for transforming plaintext to ciphertext  key key - info used in cipher known only to sender/receiver - info used in cipher known only to sender/receiver  encipher (encrypt) encipher (encrypt) - converting plaintext to ciphertext - converting plaintext to ciphertext  decipher (decrypt) decipher (decrypt) - recovering ciphertext from plaintext - recovering ciphertext from plaintext  cryptography cryptography - study of encryption principles/methods - study of encryption principles/methods  cryptanalysis (codebreaking) cryptanalysis (codebreaking) - study of principles/ - study of principles/ methods of deciphering ciphertext without without knowing key knowing key methods of deciphering ciphertext  cryptology cryptology - field of both cryptography and cryptanalysis - field of both cryptography and cryptanalysis

  5. Some Basic Terminology Some Basic Terminology  cleartext cleartext - is this the same as plaintext? - is this the same as plaintext?  Also, do all ciphers need a key? Also, do all ciphers need a key? – Is a password the same as a key? Is a password the same as a key? – Are there ciphers that use neither? Are there ciphers that use neither?

  6. Symmetric Cipher Model Symmetric Cipher Model

  7. Requirements Requirements  two requirements for secure use of two requirements for secure use of symmetric encryption: symmetric encryption:  a strong encryption algorithm a strong encryption algorithm  a secret key known only to sender / receiver a secret key known only to sender / receiver  mathematically have: mathematically have: Y = E(K, = E(K, X X ) ) Y X = D(K, = D(K, Y Y ) ) X  assume encryption algorithm is known assume encryption algorithm is known  implies a secure channel to distribute implies a secure channel to distribute key key

  8. Cryptography Cryptography  can characterize cryptographic system by: can characterize cryptographic system by:  type of encryption operations used type of encryption operations used • substitution substitution • transposition transposition • product product  number of keys used number of keys used • single-key or private single-key or private • two-key or public two-key or public  way in which plaintext is processed way in which plaintext is processed • block block • stream stream

  9. Cryptanalysis Cryptanalysis  objective to recover key not just message objective to recover key not just message  general approaches: general approaches:  cryptanalytic attack cryptanalytic attack  brute-force attack brute-force attack  if either succeed all key use compromised if either succeed all key use compromised  Hence the value of Hence the value of perfect forward secrecy perfect forward secrecy

  10. Cryptanalytic Attacks Cryptanalytic Attacks  ciphertext only ciphertext only  only know algorithm & ciphertext, is statistical, only know algorithm & ciphertext, is statistical, know or can identify plaintext know or can identify plaintext  known plaintext known plaintext  know/suspect plaintext & ciphertext know/suspect plaintext & ciphertext  chosen plaintext chosen plaintext  select plaintext and obtain ciphertext select plaintext and obtain ciphertext  chosen ciphertext chosen ciphertext  select ciphertext and obtain plaintext select ciphertext and obtain plaintext  chosen text chosen text  select plaintext or ciphertext to en/decrypt select plaintext or ciphertext to en/decrypt

  11. Brute Force Search Brute Force Search  always possible to simply try every key always possible to simply try every key  most basic attack, proportional to key size most basic attack, proportional to key size  assume either know / recognize plaintext assume either know / recognize plaintext Key Size (bits) Number of Alternative Time required at 1 Time required at 10 6 Keys decryption/µs decryptions/µs 32 2 32 = 4.3  10 9 2 31 µs = 35.8 minutes 2.15 milliseconds 56 2 56 = 7.2  10 16 2 55 µs = 1142 years 10.01 hours 128 2 128 = 3.4  10 38 = 5.4  10 24 years 5.4  10 18 years 2 127 µs 168 2 168 = 3.7  10 50 2 167 µs = 5.9  10 36 years 5.9  10 30 years 26 characters 26! = 4  10 26 2  10 26 µs = 6.4  10 12 years 6.4  10 6 years (permutation)

  12. Feistel Cipher Structure Feistel Cipher Structure  Horst Feistel devised the Horst Feistel devised the feistel cipher feistel cipher  based on concept of invertible product cipher based on concept of invertible product cipher  partitions input block into two halves partitions input block into two halves  process through multiple rounds which process through multiple rounds which  perform a substitution on left data half perform a substitution on left data half  based on round function of right half & subkey based on round function of right half & subkey  then have permutation swapping halves then have permutation swapping halves  implements Shannon’s S-P net concept implements Shannon’s S-P net concept

  13. Feistel Cipher Structure Feistel Cipher Structure

  14. Feistel Cipher Design Elements Feistel Cipher Design Elements  block size block size  key size key size  number of rounds number of rounds  subkey generation algorithm subkey generation algorithm  round function round function  fast software en/decryption fast software en/decryption  ease of analysis ease of analysis

  15. Data Encryption Standard (DES) Data Encryption Standard (DES)  most widely used block cipher in world most widely used block cipher in world  adopted in 1977 by NBS (now NIST) adopted in 1977 by NBS (now NIST)  as FIPS PUB 46 as FIPS PUB 46  encrypts 64-bit data using 56-bit key encrypts 64-bit data using 56-bit key  has widespread use has widespread use  has been considerable controversy over has been considerable controversy over its security its security

  16. DES History DES History  IBM developed Lucifer cipher IBM developed Lucifer cipher  by team led by Feistel in late 60’s by team led by Feistel in late 60’s  used 64-bit data blocks with 128-bit key used 64-bit data blocks with 128-bit key  then redeveloped as a commercial cipher then redeveloped as a commercial cipher with input from NSA and others with input from NSA and others  in 1973 NBS issued request for proposals in 1973 NBS issued request for proposals for a national cipher standard for a national cipher standard  IBM submitted their revised Lucifer which IBM submitted their revised Lucifer which was eventually accepted as the DES was eventually accepted as the DES

  17. DES Design Controversy DES Design Controversy  although DES standard is public although DES standard is public  was considerable controversy over design was considerable controversy over design  in choice of 56-bit key (vs Lucifer 128-bit) in choice of 56-bit key (vs Lucifer 128-bit)  and because design criteria were classified and because design criteria were classified  subsequent events and public analysis subsequent events and public analysis show in fact design was appropriate show in fact design was appropriate  use of DES has flourished use of DES has flourished  especially in financial applications especially in financial applications  still standardised for legacy application use still standardised for legacy application use

  18. Multiple Encryption & DES Multiple Encryption & DES  clear a replacement for DES was needed clear a replacement for DES was needed  theoretical attacks that can break it theoretical attacks that can break it  demonstrated exhaustive key search attacks demonstrated exhaustive key search attacks  AES is a new cipher alternative AES is a new cipher alternative  prior to this alternative was to use multiple prior to this alternative was to use multiple encryption with DES implementations encryption with DES implementations  Triple-DES is the chosen form Triple-DES is the chosen form

Recommend


More recommend