department of computer science southern illinois university...
TRANSCRIPT
Wireless & Network Security 1Kemal Akkaya
Department of Computer ScienceSouthern Illinois University Carbondale
CS 591 – Wireless & Network Security
Lecture 5: Security Basics-1
Dr. Kemal AkkayaE-mail: [email protected]
Slides are courtesy of Kenny Fong
Wireless & Network Security 2Kemal Akkaya
CryptographyCryptography is the study of mathematical techniques in the provision of information security services. It is the strongest and most widely used tool for defending against many kinds of security threats.Goals of cryptography
Confidentiality: keeping information secret from all but those who are authorized to see itIntegrity: ensuring information has not been altered by unauthorized or unknown meansAuthentication: corroborating the source of information or the identity of an entityNon-repudiation: preventing the denial of previous commitments or actions
Wireless & Network Security 3Kemal Akkaya
Symmetric-Key Encryption
A symmetric-key encryption scheme, or a cipher, consists of:
a secret key K shared by the sender and the receiver,an encryption algorithm EK that, with a message M(called the plaintext) and the secret key K as input, produces the encrypted message C = EK(M) as output (called the ciphertext), anda decryption algorithm DK that, with a ciphertext C and the secret key K as input, outputs the original message M = DK(C); i.e., given any key K,
DK(EK(M)) = Mfor all messages M.
Wireless & Network Security 4Kemal Akkaya
Symmetric-Key Encryption
Wireless & Network Security 5Kemal Akkaya
CryptanalysisCryptanalysis is the science of recovering the plaintext or deducing the key without access to the key.A brute-force attack, also called exhaustive key search, attempts to decrypt a given ciphertext message with every possible key until the resulting plaintext is meaningful (identified by means of frequency analysis).In general, a brute-force attack on a cipher with an n-bit key requires at most 2n trials. Therefore, the longer the key length, the more secure the cipher.
Wireless & Network Security 6Kemal Akkaya
Caesar CipherThe Caesar cipher (also called the shift cipher) replaces each letter of a message with another letter a fixed number of places after it in the alphabet (the alphabet is wrapped around).
Mathematical descriptionAssign a numerical equivalent to each letter: A – 0, B – 1, C – 2, …, Y – 24, Z – 25Encrypt: for each plaintext letter Mi, the ciphertext letter is
Ci = EK(Mi) = (Mi + K) mod 26where the secret key K is the shift amount (which is a number between 1 and 25)Decrypt: Mi = DK(Ci) = (Ci – K) mod 26
Example: M = KENNYFONG, C = NHQQBIRQJ, K = 3 Cryptanalysis: brute-force attack (there are only 25 possible keys)
Wireless & Network Security 7Kemal Akkaya
Vigenère CipherThe Vigenère cipher, invented by Giovan Batista Belaso in 1553 (but misattributed to Blaise de Vigenère in the 19th century), works as follows:
Let K = K0 K1 … Kd-1, where d is the number of letters in K. The key K is usually a word with 5 –8 letters.Encrypt: Ci = (Mi + Ki mod d) mod 26Decrypt: Mi = (Ci – Ki mod d) mod 26
Example: K = FALSEPlaintext KENNYISTHEGREATESTMANINTHEWORLDKey FALSEFALSEFALSEFALSEFALSEFALSEF
Ciphertext PEYFCNSEZILRPSXJSEEESIYLLJWZJPI
Wireless & Network Security 8Kemal Akkaya
Block CiphersA block cipher encrypts the plaintext message one block at a time (every block has the same fixed size).Most contemporary ciphers are block ciphers:
Data Encryption Standard (DES)Key length: 56 bits, block length: 64 bits
Advanced Encryption Standard (AES)Key length: 128/192/256 bits, block length: 128 bits
Triple DESInternational Data Encryption Algorithm (IDEA)BlowfishRon’s Code 5 (RC5)
Wireless & Network Security 9Kemal Akkaya
Block CiphersBlock ciphers generally apply the techniques of substitution and permutation to complicate the statistical relationship between the ciphertext and the plaintext, thereby thwarting cryptanalysis based on statistical analysis.A mode of operation specifies how a block cipher with a fixed block size (e.g., 128 bits for AES) can be extended to process messages of arbitrary length. Most of the modes of operation partition a message P in the most straightforward way: P = P1 P2 … PN, where Pi is an m-bit block for all 1 ≤ i ≤ N and m is the block size of the block cipher used, padding the last block PN if necessary.5 modes:
ECB, CBC, CFB, OFB, CTR
Wireless & Network Security 10Kemal Akkaya
Electronic Codebook Mode (ECB)Encrypt: The ciphertext to be sent is <C1, C2, …, CN>, where Ci = EK(Pi) for all 1 ≤ i ≤ N.
Decrypt: Pi = DK(Ci) for all 1 ≤ i ≤ N.
Though ECB is simple, it suffers the problem that if the same plaintext block appears more than once in the message, ECB always produces the same ciphertext block, allowing an adversary to gain some knowledge by observing repetitions in lengthy messages.
Wireless & Network Security 11Kemal Akkaya
Cipher Block Chaining Mode (CBC)Precomputation: an m-bit initialization vector IV is randomly selected, where m is the block size.Encrypt: The ciphertext to be sent is <IV, C1, C2, …, CN>, where C0= IV and Ci = EK(Ci-1 ⊕ Pi) for all 1 ≤ i ≤ N.
Decrypt: Pi = Ci-1 ⊕ DK(Ci) for all 1 ≤ i ≤ N, where C0 = IV.
The same plaintext block may not be encrypted to the same ciphertext block in CBC, because the ith ciphertext block depends on the ith plaintext block and all the previous plaintext blocks. However, unlike ECB, CBC encryption is not parallelizable (but CBC decryption is parallelizable).
Wireless & Network Security 12Kemal Akkaya
Cipher Feedback (CFB)
Wireless & Network Security 13Kemal Akkaya
Counter (CTR)
Wireless & Network Security 14Kemal Akkaya
Data Encryption Standard (DES)
Adopted in 1977 by NISTBlock cipher with 64 bits of blocks56 bits key length16 Rounds
Wireless & Network Security 15Kemal Akkaya
Triple DES (3DES)
first used in financial applicationsin DES FIPS PUB 46-3 standard of 1999uses three keys & three DES executions:
C = E(K3, D(K2, E(K1, P)))decryption same with keys reverseduse of decryption in second stage gives compatibility with original DES userseffective 168-bit key length, slow, secureAES will eventually replace 3DES
Wireless & Network Security 16Kemal Akkaya
Advanced Encryption Standard
(AES)
Wireless & Network Security 17Kemal Akkaya
AES Round Structure
Wireless & Network Security 18Kemal Akkaya
Stream CiphersProcesses input elements continuously
Bit by bit (or byte)
Key input to a pseudorandom bit generatorProduces stream of random like numbersUnpredictable without knowing input key
Are faster and use far less codeDesign considerations:
Encryption sequence should have a large periodKeystream approximates random number propertiesUses a sufficiently long key (i.e., 128 bits)
RC4 is the most commonOthers
A5/1, A5/2, FISH, Helix, ISAAC, MUGI, Panama, Phelix, Pike
Wireless & Network Security 19Kemal Akkaya
Diffie-Hellman Key Exchange
First practical scheme to exchange a secret key
Used in symmetric ciphersProposed by Diffie & Hellman in 1976
note: now know that Williamson (UK CESG) secretly proposed the concept in 1970
Practical method to exchange a secret keyUsed in a number of commercial productsSecurity relies on difficulty of computing discrete logarithms
Wireless & Network Security 20Kemal Akkaya
Diffie-Hellman
Algorithm
Wireless & Network Security 21Kemal Akkaya
Diffie-Hellman Example
Haveprime number q = 353 primitive root α = 3
A and B each compute their public keysA computes YA = 397 mod 353 = 40B computes YB = 3233 mod 353 = 248
Then exchange and compute secret key:for A: K = (YB)XA mod 353 = 24897 mod 353 = 160for B: K = (YA)XB mod 353 = 40233 mod 353 = 160
Attacker must solve:3a mod 353 = 40 which is hardDesired answer is 97, then compute key as B does
Wireless & Network Security 22Kemal Akkaya
Key Exchange Protocols