EEC-484/584 Computer Networks - PowerPoint PPT Presentation

Loading...

PPT – EEC-484/584 Computer Networks PowerPoint presentation | free to download - id: 203ceb-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

EEC-484/584 Computer Networks

Description:

EEC-484/584: Computer Networks. Wenbing Zhao. 6. Cryptography Terminology ... Cryptography Terminology. Plaintext: message to be encrypted. Ciphertext: ... – PowerPoint PPT presentation

Number of Views:11
Avg rating:3.0/5.0
Slides: 32
Provided by: wenbin
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: EEC-484/584 Computer Networks


1
EEC-484/584Computer Networks
  • Lecture 17
  • Wenbing Zhao
  • wenbing_at_ieee.org
  • (Part of the slides are based on materials
    supplied by Dr. Louise Moser at UCSB and
    Prentice-Hall)

2
Outline
  • Quiz4 results
  • Introduction to cryptography

3
EEC484
  • Max 100
  • Min 93
  • Average 97
  • Q1 avg 19/20
  • Q2 avg 30/30
  • Q3 avg 19/20
  • Q4 avg 10/10
  • Q5 avg 19/20

4
EEC584 (MW)
  • Max 97
  • Min 48
  • Average 79
  • Q1 avg 19/20
  • Q2 avg 29/30
  • Q3 avg 10/20
  • Q4 avg 8/10
  • Q5 avg 13/20

5
EEC584 (TTh)
  • Max 98
  • Min 60
  • Average 88
  • Q1 avg 19/20
  • Q2 avg 29/30
  • Q3 avg 16/20
  • Q4 avg 5/10
  • Q5 avg 18/20

6
Cryptography Terminology
  • Encryption is the process of encoding a message
    so that its meaning is not obvious
  • Equivalent terms encode, encipher
  • Encryption addresses the need for confidentiality
    of data
  • Encryption can also be used to ensure integrity
    (i.e., unauthorized change can be detected)
  • Encryption is the basis of protocols that enable
    us to provide security while accomplishing system
    or network tasks

7
Cryptography Terminology
  • Decryption is the reverse process, transforming
    an encrypted message back into its normal,
    original form
  • Equivalent terms decode, decipher
  • A system for encryption and decryption is called
    a cryptosystem

8
Cryptography Terminology
  • The encryption and decryption rules are called
    encryption and decryption algorithms
  • Encryption/decryptions algorithms often use a
    device called a key, denoted by K, so that the
    resulting ciphertext depends on the original
    plaintext message, the algorithm, and the key
    value
  • An encryption scheme that does not require the
    use of a key is called a keyless cipher

9
Cryptography Terminology
  • Plaintext message to be encrypted
  • Ciphertext encrypted message
  • DK(EK(P)) P

10
Symmetric Encryption
  • The encryption and decryption keys are the same,
    so P D(K, E(K,P))
  • D and E are closely related. They are
    mirror-image processes
  • The symmetric systems provide a two-way channel
    to their users
  • The symmetry of this situation is a major
    advantage of this type of encryption, but it also
    leads to a problem key distribution

11
Asymmetric Encryption
  • Encryption and decryption keys come in pairs. The
    decryption key, KD, inverts the encryption of key
    KE, so that P D(KD, E(KE,P))
  • Asymmetric encryption systems excel at key
    management

12
Cryptology
  • Cryptology is the research into and study of
    encryption and decryption it includes both
    cryptography and cryptanalysis
  • Cryptography art of devising ciphers
  • Comes from Greek words for secret writing. It
    refers to the practice of using encryption to
    conceal text
  • Cryptanalysis art of breaking ciphers
  • Study of encryption and encrypted messages,
    hoping to find the hidden meanings

13
Basic Encryption Methods
  • Substitution ciphers one letter is exchanged for
    another
  • Transposition ciphers order of letters is
    rearranged

14
Substitution Ciphers
  • Idea each letter or group of letters is replaced
    by another letter or group of letters
  • Caesar cipher circularly shift by 3 letters
  • a -gt D, b -gt E, z -gt C
  • More generally, shift by k letters, k is the key
  • Monoalphabetic cipher map each letter to some
    other letter
  • A b c d e f w x y z
  • Q W E R T Y V B N M lt the key

15
Substitution Ciphers
  • Not difficult to determine the key using
    frequencies of letters, pairs of letter etc., or
    by guessing a probable word or phrase
  • Most frequently occurred
  • Letters e, t, o, a, n,
  • Digrams th, in, er, re, an,
  • Trigrams the, ing, and, ion, ent
  • Words the, of, and, to, a, in, that,

16
Transposition Ciphers
  • Transposition cipher reorders (rearrange)
    symbols but does not disguise them. It is also
    called permutation
  • Transpositions try to break established patterns
  • Both substitution and transport ciphers can be
    broken using language statistical information

17
Columnar Transposition
  • Plaintext written in rows, number of columns
    key length
  • Key is used to number the columns
  • Ciphertext read out by columns, starting with
    column whose key letter is lowest

18
Columnar Transposition
  • A transposition cipher example

19
One-Time Pads
  • One-time pad construct an unbreakable cipher
  • Choose a random bit string as the key
  • Convert the plaintext into a bit string
  • Compute the XOR of these two strings, bit by bit
  • The resulting ciphertext cannot be broken,
    because in a sufficiently large sample of
    ciphertext, each letter will occur equally often
  • gt there is simply no information in the message
    because all possible plaintexts of the given
    length are equally likely

20
One-Time Pads
Original one-time pad used
I L O V E
Y O U .
E L V I S
L I V E S
If someone tries to decrypt using another
one-time pad
21
One-Time Pads
  • Disadvantages
  • The key cannot be memorized, both sender and
    receiver must carry a written copy with them
  • Total amount of data can be transmitted is
    limited by the amount of key available
  • Sensitive to lost or inserted characters

22
Stream Ciphers
  • Stream ciphers convert one symbol of plaintext
    immediately into a symbol of ciphertext
  • The transformation depends only on the symbol,
    the key, and the control information of the
    encryption algorithm

Some kinds of errors affect the encryption of all
future characters
23
Block Ciphers
  • Block cipher encrypts a group of plaintext
    symbols as one block
  • Block ciphers work on blocks of plaintext and
    produce blocks of ciphertext
  • The columnar transposition is an example of block
    ciphers

24
Cryptanalysis Breaking Encryption Schemes
  • Ciphertext-only cryptanalyst has a quantity of
    ciphertext and no plaintext
  • Known plaintext cryptanalyst has some matched
    ciphertext and plaintext
  • Chosen plaintext cryptanalyst has the ability to
    encrypt pieces of plaintext of his own choosing

25
Symmetric-Key Algorithms
  • DES The Data Encryption Standard
  • AES The Advanced Encryption Standard
  • Cipher Modes
  • Other Ciphers

26
Data Encryption Standard
  • Developed by IBM. US standard for unclassified
    info (1977)
  • Same key for encryption as for decryption
  • Encrypts in 64-bit blocks
  • Uses 56-bit key
  • Has 19 stages, 16 parameterized by different
    functions of the key

27
Data Encryption Standard
  • Building blocks
  • P-box (permutation box) used to implement
    transposition in hardware
  • S-box (substitution box) used to implement
    substitution in hardware

28
Triple DES
  • Triple DES effectively increases the key
    length. It uses two keys and three stages
  • In first stage, the plaintext is encrypted using
    DES in the usual way with K1
  • In second stage, DES is run in decryption mode,
    using K2 as the key
  • In third stage, another DES encryption is done
    with K1

Triple DES encryption
Triple DES decryption
29
AES The Advanced Encryption Standard
  • AES is a result of a cryptographic contest
  • Organized by NIST in 1997
  • Rules for AES proposals
  • The algorithm must be a symmetric block cipher
  • The full design must be public
  • Key lengths of 128, 192, and 256 bits supported
  • Both software and hardware implementations
    required
  • The algorithm must be public or licensed on
    nondiscriminatory terms
  • Winner Rijndael (from two Belgian
    cryptographers Joan Daemen and Vincent Rijmen)

30
AES
  • Creating of the state and rk arrays

31
Cipher Modes
  • Despite all the complexity, AES and DES (or any
    block cipher) is basically a monoalphabetic
    substitution cipher using big characters
  • Whenever the same plaintext block goes in the
    front end, the same ciphertext block comes out
    the back end
  • If you encrypt the plaintext abcdefgh 100 times
    with same DES key, you get the same ciphertext
    100 times
  • An intruder can exploit this property to help
    subvert the cipher

32
Electronic Code Book Mode
  • In ECB mode, each plaintext block is encrypted
    independently with the block cipher
  • ECB allows easy parallelization to yield higher
    performance. However, no processing is possible
    before a block is seen

33
Electronic Code Book Mode - Problems
  • In ECB, plaintext patterns are not concealed
  • Each identical block of plaintext gives an
    identical block of ciphertext. The plaintext can
    be easily manipulated by removing, repeating, or
    interchanging blocks
  • Example

34
Cipher Block Chaining Mode
  • To avoid the ECB mode problem replacing a block
    will cause the plaintext decrypted starting at
    the replaced to become garbage
  • Exclusive OR the encrypted text with the next
    block of plaintext before encryption C0 E(P0
    XOR IV), C1 E(P1 XOR C0), etc.
  • Drawback must wait until full 64-bit (128-bit)
    block to arrive to decrypt

35
Cipher Block Chaining Mode
  • Exclusive OR the encrypted text with the next
    block of plaintext before encryption C0 E(P0
    XOR IV), C1 E(P1 XOR C0), etc.

Initialization Vector
Encryption
Decryption
36
Cipher Feedback Mode
  • To enable byte-by-byte encryption
  • When plaintext byte n (Pn) arrives, DES algorithm
    operates a 64-bit register to generate a 64-bit
    ciphertext (128-bit register needed for AES)
  • Leftmost byte of that ciphertext is extracted and
    XORed with Pn
  • That byte is transmitted on the transmission line
  • The shift register is shifted left 8 bits,
    causing Cn-8 to fall off the left end, and Cn is
    inserted in the position just vacated at the
    right end by C9
  • Drawback One byte of transmission error will
    ruin 8 bytes of data

37
Cipher Feedback Mode
Decryption
Encryption
38
Stream Cipher Mode
  • To be insensitive to transmission error, an
    arbitrarily large sequence of output blocks,
    called the keystream, is treated like a one-time
    pad and XORed with the plaintext to get the
    ciphertext
  • It works by encrypting an IV, using a key to get
    an output block
  • The output block is then encrypted, using the key
    to get a second output block
  • This block is then encrypted to get a third
    block, and so on

39
Stream Cipher Mode
  • The keystream is independent of the data
  • It can be computed in advance
  • It is completely insensitive to transmission
    errors

Encryption
Decryption
40
Stream Cipher Mode
  • It is essential never to use the same (key, IV)
    pair twice with a stream cipher because doing so
    will generate the same keystream each time
  • Using the same keystream twice exposes the
    ciphertext to a keystream reuse attack
  • Stream cipher mode is also called output feedback
    mode

41
Keystream Reuse Attack
  • Plaintext block, P0, is encrypted with the
    keystream to get P0 XOR K0
  • Later, a second plaintext block, Q0, is encrypted
    with the same keystream to get Q0 XOR K0
  • An intruder who captures both ciphertext blocks
    can simply XOR them together to get P0 XOR Q0,
    which eliminates the key
  • The intruder now has the XOR of the two plaintext
    blocks
  • If one of them is known or can be guessed, the
    other can also be found
  • In any event, the XOR of two plaintext streams
    can be attacked by using statistical properties
    of the message

42
Counter Mode
  • To allow random access to encrypted data
  • The IV plus a constant is encrypted, and the
    resulting ciphertext XORed with the plaintext
  • By stepping the IV by 1 for each new block, it is
    easy to decrypt a block anywhere in the file
    without first having to decrypt all of its
    predecessors
About PowerShow.com