EEC-484/584 Computer Networks - PowerPoint PPT Presentation


PPT – EEC-484/584 Computer Networks PowerPoint presentation | free to download - id: 203ceb-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

EEC-484/584 Computer Networks


EEC-484/584: Computer Networks. Wenbing Zhao. 6. Cryptography Terminology ... Cryptography Terminology. Plaintext: message to be encrypted. Ciphertext: ... – PowerPoint PPT presentation

Number of Views:11
Avg rating:3.0/5.0
Slides: 32
Provided by: wenbin


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: EEC-484/584 Computer Networks

EEC-484/584Computer Networks
  • Lecture 17
  • Wenbing Zhao
  • (Part of the slides are based on materials
    supplied by Dr. Louise Moser at UCSB and

  • Quiz4 results
  • Introduction to cryptography

  • Max 100
  • Min 93
  • Average 97
  • Q1 avg 19/20
  • Q2 avg 30/30
  • Q3 avg 19/20
  • Q4 avg 10/10
  • Q5 avg 19/20

EEC584 (MW)
  • Max 97
  • Min 48
  • Average 79
  • Q1 avg 19/20
  • Q2 avg 29/30
  • Q3 avg 10/20
  • Q4 avg 8/10
  • Q5 avg 13/20

EEC584 (TTh)
  • Max 98
  • Min 60
  • Average 88
  • Q1 avg 19/20
  • Q2 avg 29/30
  • Q3 avg 16/20
  • Q4 avg 5/10
  • Q5 avg 18/20

Cryptography Terminology
  • Encryption is the process of encoding a message
    so that its meaning is not obvious
  • Equivalent terms encode, encipher
  • Encryption addresses the need for confidentiality
    of data
  • Encryption can also be used to ensure integrity
    (i.e., unauthorized change can be detected)
  • Encryption is the basis of protocols that enable
    us to provide security while accomplishing system
    or network tasks

Cryptography Terminology
  • Decryption is the reverse process, transforming
    an encrypted message back into its normal,
    original form
  • Equivalent terms decode, decipher
  • A system for encryption and decryption is called
    a cryptosystem

Cryptography Terminology
  • The encryption and decryption rules are called
    encryption and decryption algorithms
  • Encryption/decryptions algorithms often use a
    device called a key, denoted by K, so that the
    resulting ciphertext depends on the original
    plaintext message, the algorithm, and the key
  • An encryption scheme that does not require the
    use of a key is called a keyless cipher

Cryptography Terminology
  • Plaintext message to be encrypted
  • Ciphertext encrypted message
  • DK(EK(P)) P

Symmetric Encryption
  • The encryption and decryption keys are the same,
    so P D(K, E(K,P))
  • D and E are closely related. They are
    mirror-image processes
  • The symmetric systems provide a two-way channel
    to their users
  • The symmetry of this situation is a major
    advantage of this type of encryption, but it also
    leads to a problem key distribution

Asymmetric Encryption
  • Encryption and decryption keys come in pairs. The
    decryption key, KD, inverts the encryption of key
    KE, so that P D(KD, E(KE,P))
  • Asymmetric encryption systems excel at key

  • Cryptology is the research into and study of
    encryption and decryption it includes both
    cryptography and cryptanalysis
  • Cryptography art of devising ciphers
  • Comes from Greek words for secret writing. It
    refers to the practice of using encryption to
    conceal text
  • Cryptanalysis art of breaking ciphers
  • Study of encryption and encrypted messages,
    hoping to find the hidden meanings

Basic Encryption Methods
  • Substitution ciphers one letter is exchanged for
  • Transposition ciphers order of letters is

Substitution Ciphers
  • Idea each letter or group of letters is replaced
    by another letter or group of letters
  • Caesar cipher circularly shift by 3 letters
  • a -gt D, b -gt E, z -gt C
  • More generally, shift by k letters, k is the key
  • Monoalphabetic cipher map each letter to some
    other letter
  • A b c d e f w x y z
  • Q W E R T Y V B N M lt the key

Substitution Ciphers
  • Not difficult to determine the key using
    frequencies of letters, pairs of letter etc., or
    by guessing a probable word or phrase
  • Most frequently occurred
  • Letters e, t, o, a, n,
  • Digrams th, in, er, re, an,
  • Trigrams the, ing, and, ion, ent
  • Words the, of, and, to, a, in, that,

Transposition Ciphers
  • Transposition cipher reorders (rearrange)
    symbols but does not disguise them. It is also
    called permutation
  • Transpositions try to break established patterns
  • Both substitution and transport ciphers can be
    broken using language statistical information

Columnar Transposition
  • Plaintext written in rows, number of columns
    key length
  • Key is used to number the columns
  • Ciphertext read out by columns, starting with
    column whose key letter is lowest

Columnar Transposition
  • A transposition cipher example

One-Time Pads
  • One-time pad construct an unbreakable cipher
  • Choose a random bit string as the key
  • Convert the plaintext into a bit string
  • Compute the XOR of these two strings, bit by bit
  • The resulting ciphertext cannot be broken,
    because in a sufficiently large sample of
    ciphertext, each letter will occur equally often
  • gt there is simply no information in the message
    because all possible plaintexts of the given
    length are equally likely

One-Time Pads
Original one-time pad used
Y O U .
If someone tries to decrypt using another
one-time pad
One-Time Pads
  • Disadvantages
  • The key cannot be memorized, both sender and
    receiver must carry a written copy with them
  • Total amount of data can be transmitted is
    limited by the amount of key available
  • Sensitive to lost or inserted characters

Stream Ciphers
  • Stream ciphers convert one symbol of plaintext
    immediately into a symbol of ciphertext
  • The transformation depends only on the symbol,
    the key, and the control information of the
    encryption algorithm

Some kinds of errors affect the encryption of all
future characters
Block Ciphers
  • Block cipher encrypts a group of plaintext
    symbols as one block
  • Block ciphers work on blocks of plaintext and
    produce blocks of ciphertext
  • The columnar transposition is an example of block

Cryptanalysis Breaking Encryption Schemes
  • Ciphertext-only cryptanalyst has a quantity of
    ciphertext and no plaintext
  • Known plaintext cryptanalyst has some matched
    ciphertext and plaintext
  • Chosen plaintext cryptanalyst has the ability to
    encrypt pieces of plaintext of his own choosing

Symmetric-Key Algorithms
  • DES The Data Encryption Standard
  • AES The Advanced Encryption Standard
  • Cipher Modes
  • Other Ciphers

Data Encryption Standard
  • Developed by IBM. US standard for unclassified
    info (1977)
  • Same key for encryption as for decryption
  • Encrypts in 64-bit blocks
  • Uses 56-bit key
  • Has 19 stages, 16 parameterized by different
    functions of the key

Data Encryption Standard
  • Building blocks
  • P-box (permutation box) used to implement
    transposition in hardware
  • S-box (substitution box) used to implement
    substitution in hardware

Triple DES
  • Triple DES effectively increases the key
    length. It uses two keys and three stages
  • In first stage, the plaintext is encrypted using
    DES in the usual way with K1
  • In second stage, DES is run in decryption mode,
    using K2 as the key
  • In third stage, another DES encryption is done
    with K1

Triple DES encryption
Triple DES decryption
AES The Advanced Encryption Standard
  • AES is a result of a cryptographic contest
  • Organized by NIST in 1997
  • Rules for AES proposals
  • The algorithm must be a symmetric block cipher
  • The full design must be public
  • Key lengths of 128, 192, and 256 bits supported
  • Both software and hardware implementations
  • The algorithm must be public or licensed on
    nondiscriminatory terms
  • Winner Rijndael (from two Belgian
    cryptographers Joan Daemen and Vincent Rijmen)

  • Creating of the state and rk arrays

Cipher Modes
  • Despite all the complexity, AES and DES (or any
    block cipher) is basically a monoalphabetic
    substitution cipher using big characters
  • Whenever the same plaintext block goes in the
    front end, the same ciphertext block comes out
    the back end
  • If you encrypt the plaintext abcdefgh 100 times
    with same DES key, you get the same ciphertext
    100 times
  • An intruder can exploit this property to help
    subvert the cipher

Electronic Code Book Mode
  • In ECB mode, each plaintext block is encrypted
    independently with the block cipher
  • ECB allows easy parallelization to yield higher
    performance. However, no processing is possible
    before a block is seen

Electronic Code Book Mode - Problems
  • In ECB, plaintext patterns are not concealed
  • Each identical block of plaintext gives an
    identical block of ciphertext. The plaintext can
    be easily manipulated by removing, repeating, or
    interchanging blocks
  • Example

Cipher Block Chaining Mode
  • To avoid the ECB mode problem replacing a block
    will cause the plaintext decrypted starting at
    the replaced to become garbage
  • Exclusive OR the encrypted text with the next
    block of plaintext before encryption C0 E(P0
    XOR IV), C1 E(P1 XOR C0), etc.
  • Drawback must wait until full 64-bit (128-bit)
    block to arrive to decrypt

Cipher Block Chaining Mode
  • Exclusive OR the encrypted text with the next
    block of plaintext before encryption C0 E(P0
    XOR IV), C1 E(P1 XOR C0), etc.

Initialization Vector
Cipher Feedback Mode
  • To enable byte-by-byte encryption
  • When plaintext byte n (Pn) arrives, DES algorithm
    operates a 64-bit register to generate a 64-bit
    ciphertext (128-bit register needed for AES)
  • Leftmost byte of that ciphertext is extracted and
    XORed with Pn
  • That byte is transmitted on the transmission line
  • The shift register is shifted left 8 bits,
    causing Cn-8 to fall off the left end, and Cn is
    inserted in the position just vacated at the
    right end by C9
  • Drawback One byte of transmission error will
    ruin 8 bytes of data

Cipher Feedback Mode
Stream Cipher Mode
  • To be insensitive to transmission error, an
    arbitrarily large sequence of output blocks,
    called the keystream, is treated like a one-time
    pad and XORed with the plaintext to get the
  • It works by encrypting an IV, using a key to get
    an output block
  • The output block is then encrypted, using the key
    to get a second output block
  • This block is then encrypted to get a third
    block, and so on

Stream Cipher Mode
  • The keystream is independent of the data
  • It can be computed in advance
  • It is completely insensitive to transmission

Stream Cipher Mode
  • It is essential never to use the same (key, IV)
    pair twice with a stream cipher because doing so
    will generate the same keystream each time
  • Using the same keystream twice exposes the
    ciphertext to a keystream reuse attack
  • Stream cipher mode is also called output feedback

Keystream Reuse Attack
  • Plaintext block, P0, is encrypted with the
    keystream to get P0 XOR K0
  • Later, a second plaintext block, Q0, is encrypted
    with the same keystream to get Q0 XOR K0
  • An intruder who captures both ciphertext blocks
    can simply XOR them together to get P0 XOR Q0,
    which eliminates the key
  • The intruder now has the XOR of the two plaintext
  • If one of them is known or can be guessed, the
    other can also be found
  • In any event, the XOR of two plaintext streams
    can be attacked by using statistical properties
    of the message

Counter Mode
  • To allow random access to encrypted data
  • The IV plus a constant is encrypted, and the
    resulting ciphertext XORed with the plaintext
  • By stepping the IV by 1 for each new block, it is
    easy to decrypt a block anywhere in the file
    without first having to decrypt all of its