Symmetric Encryption • Also referred to as: • Only alternative before public-key encryption in 1970’s • Has five ingredients:... • Sender and receiver use same key – symmetric • Sender
Trang 2Chapter 20
Symmetric Encryption and Message Confidentiality
Trang 3Symmetric Encryption
• Also referred to as:
• Only alternative before public-key
encryption in 1970’s
• Has five ingredients:
Trang 4• Sender and receiver use same key –
symmetric
• Sender and receiver each use a different key - asymmetric
The number of keys used
• Sender and receiver use same key –
symmetric
• Sender and receiver each use a different key - asymmetric
The way in which the plaintext is processed
• Block cipher – processes input one block of elements at a time
• Stream cipher – processes the input elements
continuously
The way in which the plaintext is processed
• Block cipher – processes input one block of elements at a time
• Stream cipher – processes the input elements
continuously
Trang 6Computationally Secure
Encryption Schemes
• Encryption is computationally secure if:
o Cost of breaking cipher exceeds value of information
o Time required to break cipher exceeds the useful lifetime of the information
• Usually very difficult to estimate the
amount of effort required to break
• Can estimate time/cost of a brute-force
attack
Trang 8Block Cipher Structure
• Symmetric block cipher consists of:
o A sequence of rounds
o With substitutions and permutations controlled by key
• Parameters and design features:
Block size Key size Number of Number of rounds rounds
Subkey generatio
n algorithm
Subkey generatio
n algorithm
Round function Round function
Fast software encryption /decryptio
n
Fast software encryption /decryptio
n
Ease of analysis Ease of analysis
Trang 9 Most widely used
(DES)
Trang 11Add round key
Inverse mix cols Add round key Inverse sub bytes Inverse shift rows Add round key Ciphertext (b) Decryption w[36, 39]
w[40, 43]
Trang 12S SubBytes
Trang 13Table 20.2 AES S-Boxes
Trang 15Shift Rows
On encryption left rotate each row of State by 0,1,2,3 bytes respectively
On encryption left rotate each row of State by 0,1,2,3 bytes respectively
Decryption does
reverse
Decryption does
reverse
Trang 16Mix Columns and Add Key
• Mix columns
o Operates on each column individually
o Mapping each byte to a new value that is a function of all four bytes in the column
o Use of equations over finite fields
o To provide good mixing of bytes in column
• Add round key
o Simply XOR State with bits of expanded key
o Security from complexity of round key expansion and other stages of AES
Trang 17Key input to a pseudorandom bit generator
• Produces stream of random like
numbers
• Unpredictable without knowing input key
• XOR keystream output with plaintext bytes
Trang 18Table 20.3 Speed Comparisons of Symmetric Ciphers on a Pentium 4
Trang 19255 253 253 4
3 2 1
Trang 20Table 20.4 Block Cipher Modes of Operation
Trang 21Electronic Codebook
(ECB)
block is encrypted using the same key
value for each plaintext block
o Not secure for long messages since repeated plaintext is seen
in repeated ciphertext
technique where the same plaintext block, if
repeated, produces different ciphertext blocks
Trang 25Frame relay network
= end-to-end encryption device
= link encryption device
FRN = frame relay node
Figure 20.9 Encryption Across a Frame Relay Network
F R N
F R N
F R N
F R N
Trang 26Key Distribution
wish to exchange data without allowing others to see the key
1 •• A key could be selected by A and physically delivered to BA key could be selected by A and physically delivered to B
2 •• A third party could select the key and physically deliver it to A and BA third party could select the key and physically deliver it to A and B3
• If A and B have previously and recently used a key, one party could transmit the new key to the other, encrypted using the old key
• If A and B have previously and recently used a key, one party could transmit the new key to the other, encrypted using the old key
4
• If A and B each have an encrypted connection to a third party C,
C could deliver a key on the encrypted links to A and B
• If A and B each have an encrypted connection to a third party C,
C could deliver a key on the encrypted links to A and B
Trang 27Key distribution center
Network
1 Host sends packet requesting connection.
2 Security service buffers packet; asks
KDC for session key.
3 KDC distributes session key to both hosts.
4 Buffered packet transmitted.
Figure 20.10 Automatic Key Distribution for Connection-Oriented Protocol
2
3
4 1
Trang 28• Stream ciphers and RC4
o Stream cipher structure
o The RC4 algorithm
• Cipher block modes of
operation
o Electronic codebook mode
o Cipher block chaining mode
o Cipher feedback mode
o Counter mode
• Location of symmetric encryption devices