Ch02 NetSec5e

7/26/2019 Ch02 NetSec5e

http://slidepdf.com/reader/full/ch02-netsec5e 1/38

Network

SecurityEssentials

Fifth Edition

by William Stallings

7/26/2019 Ch02 NetSec5e


Chapter 2Symmetric Encryption and

Message Condentiality

7/26/2019 Ch02 NetSec5e


“I have solved other ciphers of an abstruseness tenthousand times greater. Circumstances, and a certainbias of mind, have led me to take interest in suchriddles, and it may well be doubted whether humaningenuity can construct an enigma of the kind whichhuman ingenuity may not, by proper application,

resolve.”

—The Gold Bug, Edgar Allen Poe

7/26/2019 Ch02 NetSec5e


Amongst the tribes of Central Australia every man,woman, and child has a secret or sacred name whichis bestowed by the older men upon him or her soon

after birth, and which is known to none but the fullyinitiated members of the group. This secret name isnever mentioned ecept upon the most solemnoccasions! to utter it in the hearing of men of anothergroup would be a most serious breach of tribal

custom. "hen mentioned at all, the name is spokenonly in a whisper, and not until the most elaborate

precautions have been taken that it shall be heard byno one but members of the group. The native thinks

that a stranger knowing his secret name would haves ecial ower to work him ill b means of ma ic.

7/26/2019 Ch02 NetSec5e


Some asic !erminology

" #lainte$t % original message

" Cipherte$t % coded message

" Cipher % algorithm for transforming plainte$t to cipherte$t

" &ey % info used in cipher known only to sender'recei(er

" Encipher )encrypt* % con(erting plainte$t to cipherte$t

" +ecipher )decrypt* % reco(ering cipherte$t from plainte$t

" Cryptography % study of encryption principles'methods

" Cryptanalysis )code breaking* % study of principles'methods of

deciphering cipherte$t without knowing key

" Cryptology % eld of both cryptography and cryptanalysis

7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


,e-uirements

" !here are two re-uirements for secure use ofsymmetric encryption.

" / strong encryption algorithm

" Sender and recei(er must ha(e obtained copies of thesecret key in a secure fashion and must keep the keysecure

" !he security of symmetric encryption depends on thesecrecy of the key0 not the secrecy of the algorithm

" !his makes it feasible for widespread use" Manufacturers can and ha(e de(eloped low%cost chip

implementations of data encryption algorithms

" !hese chips are widely a(ailable and incorporated into anumber of products

7/26/2019 Ch02 NetSec5e


Cryptography

7/26/2019 Ch02 NetSec5e


!able 21

!ypes of /ttacks on Encrypted Messages

7/26/2019 Ch02 NetSec5e


cryptanalysis

" /n encryption scheme is computationallysecure if the cipherte$t generated by thescheme meets one or both of the following

criteria." !he cost of breaking the cipher e$ceeds the

(alue of the encrypted information

" !he time re-uired to break the cipher e$ceeds

the useful lifetime of the information

7/26/2019 Ch02 NetSec5e


rute Force attack

" 3n(ol(es trying e(ery possible key until an intelligibletranslation of the cipherte$t into plainte$t is obtained

" 4n a(erage0 half of all possible keys must be tried to

achie(e success

" 5nless known plainte$t is pro(ided0 the analyst mustbe able to recogni6e plainte$t as plainte$t

" !o supplement the brute%force approach

" Some degree of knowledge about the e$pected plainte$tis needed

" Some means of automatically distinguishing plainte$tfrom garble is also needed

7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


Feistel Cipher +esignElements

7/26/2019 Ch02 NetSec5e


Symmetric lock encryptionalgorithms

" lock cipher

" !he most commonlyused symmetricencryptionalgorithms

" #rocesses theplainte$t input in

$ed%si6ed blocksand produces ablock of cipherte$tof e-ual si6e foreach plainte$t block

7/26/2019 Ch02 NetSec5e


+ata EncryptionStandard )+ES*

" Most widely used encryption scheme

" 3ssued in 788 as Federal 3nformation#rocessing Standard 9: )F3#S 9:* by theNational 3nstitute of Standards and

!echnology )N3S!*

" !he algorithm itself is referred to as the +ata

Encryption /lgorithm )+E/*

7/26/2019 Ch02 NetSec5e


+ES algorithm

" +escription of the algorithm.

" #lainte$t is :9 bits in length

" &ey is ;: bits in length

" Structure is a minor (ariation of the Feistel network

" !here are : rounds of processing

" #rocess of decryption is essentially the same as theencryption process

" !he strength of +ES.

" Concerns fall into two categories" !he algorithm itself

" ,efers to the possibility that cryptanalysis is possible by e$ploitingthe characteristics of the algorithm

" !he use of a ;:%bit key

" Speed of commercial0 o<%the%shelf processors threatens the security

! bl 2 2

7/26/2019 Ch02 NetSec5e


!able 212 /(erage !ime ,e-uired for E$hausti(e &ey

Search

7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


=+ES guidelines

" F3#S 9:%= includes the following guidelines for=+ES.

" =+ES is the F3#S%appro(ed symmetric

encryption algorithm of choice" !he original +ES0 which uses a single ;:%bit key0

is permitted under the standard for legacysystems only> new procurements should support=+ES

" ?o(ernment organi6ations with legacy +ESsystems are encouraged to transition to =+ES

" 3t is anticipated that =+ES and the /d(ancedEncryption Standard )/ES* will coe$ist as F3#S%

appro(ed algorithms0 allowing for a gradual

/d d i

7/26/2019 Ch02 NetSec5e


/d(anced encryptionstandard )/ES*

" 3n 778 N3S! issued a call for proposals for a new /ES.

" Should ha(e a security strength e-ual to or better than=+ES and signicantly impro(ed e@ciency

" Must be a symmetric block cipher with a block length of

2A bits and support for key lengths of 2A0 720 and 2;:bits

" E(aluation criteria included security0 computationale@ciency0 memory re-uirements0 hardware and softwaresuitability0 and Be$ibility

" N3S! selected ,indael as the proposed /ES algorithm

" F3#S #5 78

" +e(elopers were two cryptographers from elgium. +r1 Doan +aemen and +r1 incent ,imen

7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


, d d d d

7/26/2019 Ch02 NetSec5e


,andom and pseudorandomNumbers

" / number of network security algorithms based oncryptography make use of random numbers

" E$amples.

" ?eneration of keys for the ,S/ public%key encryption algorithm

and other public%key algorithms" ?eneration of a symmetric key for use as a temporary session

key> used in a number of networking applications such as !ransport ayer Security0 Wi%Fi0 e%mail security0 and 3# security

" 3n a number of key distribution scenarios0 such as &erberos0random numbers are used for handshaking to pre(ent replay

attacks

" !wo distinct and not necessarily compatiblere-uirements for a se-uence of random numbers are.

" ,andomness

" 5npredictability

7/26/2019 Ch02 NetSec5e


,andomness

" !he following criteria are used to (alidate thata se-uence of numbers is random.

7/26/2019 Ch02 NetSec5e


unpredictability

" 3n applications such as reciprocal authenticationand session key generation0 the re-uirement isnot so much that the se-uence of numbers bestatistically random but that the successi(emembers of the se-uence are unpredictable

" With GtrueH random se-uences0 each number isstatistically independent of other numbers in these-uence and therefore unpredictable

" Care must be taken that an opponent not be ableto predict future elements of the se-uence on thebasis of earlier elements

7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


/lgorithm design

7/26/2019 Ch02 NetSec5e


St Ci h d i

7/26/2019 Ch02 NetSec5e


Stream Cipher designconsiderations

" !he encryption se-uence should ha(e a large period

" !he longer the period of repeat0 the more di@cult it will be to docryptanalysis

" !he keystream should appro$imate the properties of a true

random number stream as close as possible" !he more random%appearing the keystream is0 the more

randomi6ed the cipherte$t is0 making cryptanalysis more di@cult

" !he pseudorandom number generator is conditioned on the(alue of the input key

" !o guard against brute%force attacks0 the key needs to besu@ciently long

" With current technology0 a key length of at least 2A bits isdesirable

7/26/2019 Ch02 NetSec5e


,C9 algorithm

" / stream cipher designed in 7A8 by ,on ,i(est for ,S/Security

" 3t is a (ariable key%si6e stream cipher with byte%oriented

operations" !he algorithm is based on the use of a random

permutation

" 3s used in the Secure Sockets ayer'!ransport ayerSecurity )SS'!S* standards that ha(e been dened forcommunication between Web browsers and ser(ers

" /lso used in the Wired E-ui(alent #ri(acy )WE#* protocoland the newer WiFi #rotected /ccess )W#/* protocol thatare part of the 3EEE AI21 wireless /N standard

7/26/2019 Ch02 NetSec5e


Cipher block Modes of

7/26/2019 Ch02 NetSec5e


Cipher block Modes of4peration

" / symmetric block cipher processes one block of dataat a time

" 3n the case of +ES and =+ES0 the block length is bJ:9bits

" For /ES0 the block length is bJ2A

" For longer amounts of plainte$t0 it is necessary to breakthe plainte$t into b%bit blocks0 padding the last block ifnecessary

" Fi(e modes of operation ha(e been dened by N3S!" 3ntended to co(er (irtually all of the possible applications

of encryption for which a block cipher could be used

" 3ntended for use with any symmetric block cipher0including triple +ES and /ES

Electronic Codebook

7/26/2019 Ch02 NetSec5e


Electronic CodebookMode )EC*

" #lainte$t is handled b bits at a time and each block of plainte$tis encrypted using the same key

" !he term GcodebookH is used because0 for a gi(en key0 there isa uni-ue cipherte$t for e(ery b%bit block of plainte$t

" 4ne can imagine a gigantic codebook in which there is an entry fore(ery possible b%bit plainte$t pattern showing its correspondingcipherte$t

" With EC0 if the same b%bit block of plainte$t appears morethan once in the message0 it always produces the same

cipherte$t" ecause of this0 for lengthy messages0 the EC mode may not be

secure

" 3f the message is highly structured0 it may be possible for acryptanalyst to e$ploit these regularities

7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


7/26/2019 Ch02 NetSec5e


/d(antages of C!, mode

" Kardware e@ciency

" Encryption'decryption can be done in parallel on multiple blocks of plainte$t or cipherte$t

" !hroughput is only limited by the amount of parallelism that is achie(ed

" Software e@ciency

" ecause of the opportunities for parallel e$ecution0 processors that support parallel

features can be e<ecti(ely utili6ed" #reprocessing

" !he e$ecution of the underlying encryption algorithm does not depend on input of the

plainte$t or cipherte$t %%% when the plainte$t or cipherte$t input is presented0 the onlycomputation is a series of L4,s0 greatly enhancing throughput

" ,andom access

" !he ith block of plainte$t or cipherte$t can be processed in random%access fashion

" #ro(able security

" 3t can be shown that C!, is at least as secure as the other modes discussed in thissection

" Simplicity

" ,e-uires only the implementation of the encryption algorithm and not the decryptionalgorithm

7/26/2019 Ch02 NetSec5e


summary

" ,andom and pseudorandomnumbers

" !he use of random numbers

" !,N?s0 #,N?s0 #,Fs

" /lgorithm design

" Stream ciphers and ,C9

" Stream cipher structure

" ,C9 algorithm

" Cipher block modes of

operation

" EC

" CC

" CF

" C!,

" Symmetric encryptionprinciples

" Cryptography

" Cryptanalysis

" Feistel cipher structure

" Symmetric blockencryption algorithms

" +ata encryption

standard" !riple +ES

" /d(anced encryptionstandard

Documents

Ch02 NetSec5e