Post on 24-Dec-2015
1
Chapter 4
Encryption
2
Objectives
In this chapter, you will:
• Learn the basics of encryption technology
• Recognize popular symmetric encryption algorithms
• Recognize popular asymmetric encryption algorithms
• Understand a variety of hash encryption algorithms
• Identify a variety of cryptanalytic attacks
3
Encryption Basics
4
Encryption Basics
5
Encryption Basics
• Transposition vs. substitution– With transposition ciphers, data is rearranged– With substitution ciphers, data is replaced
• Block vs. stream– With block ciphers, data is broken into chunks
• The encryption algorithm and key are then applied to each chunk
– With stream ciphers, the encryption algorithm and key are applied to each piece of data continuously until the entire message is transformed into ciphertext
6
Encryption Basics
• General Problems– Algorithm privacy
– Randomness
– Performance
– Processing power
– Key security
7
Symmetric Encryption
• A symmetric encryption algorithm is generally defined as a system that uses the same key for both encryption and decryption
8
Symmetric Encryption
9
Symmetric Encryption
• Digital Encryption Standard (DES)• Consists of both an algorithm and a key• 56-bit key• 16-bit blocks• 16 rounds
• Four operating modes• ECB (Electronic Codebook)• CBC (Cipher Block Chaining)• CFB (Cipher Feedback)• OFB (Output Feedback)
10
Symmetric Encryption
11
Symmetric Encryption
• DES • Electronic Codebook (ECB)
• Block cipher• 64-bit blocks• 48-bit key• Each 48-bit block XORed with 48-bit key
12
Symmetric Encryption
• DES • Cipher Block Chaining (CBC)
• Block cipher• 64-bit blocks• 48-bit key• First block XORed with random block of
data then encrypted• Each block XORed with previous 64-bit
encrypted block
13
Symmetric Encryption
• DES• Cipher Feedback (CFB)
• Block cipher• 64-bit blocks• 48-bit key• Random block of 64-bit data encrypted by
DES• First block of data then XORed with
encrypted random data then encrypted using DES
• Each block XORed with previous 64-bit encrypted block
14
Symmetric Encryption
• DES• Output Feedback (OFB)
• Block cipher• 64-bit blocks• 48-bit key• Similar to CFB, but does not chain
ciphertext• Previous DES output is used as input
15
Symmetric Encryption
• 3DES• 168-bit key (effective length)• 16-bit blocks• 16 rounds
• Four operation modes• DES-EEE3• DES-EDE3• DES-EEE2• DES-EDE2
16
Symmetric Encryption
• 3DES • DES-EEE3
• Data encrypted with 3 different keys
17
Symmetric Encryption
• 3DES • DES-EDE3
• Data encrypted with Key 1• Data decrypted with Key 2• Data encrypted with Key 3
18
Symmetric Encryption
• 3DES• DES-EEE2
• Data encrypted with Key 1• Data encrypted with Key 2• Data encrypted with Key 1
19
Symmetric Encryption
• 3DES • DES-EDE2
• Data encrypted with Key 1• Data decrypted with Key 2• Data encrypted with Key 1
20
Symmetric Encryption
• Advanced Encryption Standard (AES)• Rijndael algorithm• Variable length key• Variable length blocks
21
Symmetric Encryption
• Commercial algorithms• RC2• RC4• RC5• RC6• IDEA• Blowfish• Twofish
22
Symmetric Encryption
• Key Management• Password-based encryption (PBE)• Hardware-based keys• Smart cards• Biometrics
23
Asymmetric Encryption
24
Asymmetric Encryption
25
Asymmetric Encryption
RSA1. Computes the product of two large primary numbers of equal length: (n =
p * q). The length is usually 154-bit or 512-bit.
2. Chooses a random public key, e, so that e < n and relatively prime to the product of (p-1)(q-1).
3. Chooses a random public key component, e, so that e < n and relatively prime to the product of (p-1)(q-1).
4. Computes the private key component, d, using the equation: d = e-1 mod [(p-1)(q-1)].
5. The private key is then expressed as (d,n) and the public key is expressed as (e,n).
To encrypt a message, p, the formula is c = pe mod n where c is the final ciphertext. To decrypt a message, the formula is p = cd mod n.
26
Asymmetric Encryption
• Digital Signature Standard (DSS)• RSA• DSA• ECDSA
27
Asymmetric Encryption• Public-key Infrastructure (PKI)
• Digital certificate
28
Asymmetric Encryption
• Public-key Infrastructure (PKI) • Certificate authority (CA)• Registration authority (RA)• Certificate directory• Key backup and recovery server
29
Hash Algorithms
• Message Digest algorithms• MD• MD2• MD3• MD4• MD5
30
Hash Algorithms
31
Hash Algorithms
• Secure Hash Algorithm (SHA-1)• NIST standard• 160-bit digest
32
Cryptanalytic Attacks
• Ciphertext-only• Known-plaintext• Chosen-plaintext• Chosen-ciphertext• Brute force• Dictionary
33
Cryptanalytic Attacks
• Man-in-the-middle• Meet-in-the-middle• Recreate the key• Rubber hose
34
Summary
• Encryption algorithms produce ciphertext through transposition or substitution.
• There are two major categories of encryption algorithms: block and stream.
• Four major problems apply to encryption algorithms: algorithms are not tested sufficiently when kept private, computers do not adequately produce random numbers by default, encryption results in reduced performance, and increased processing power can ultimately break encryption.
35
Summary• Symmetric encryption uses the same key for both the
encryption and decryption processes. DES, 3DES, AES, RC, IDEA, Blowfish, and Twofish are popular symmetric encryption algorithms.
• PBE, tokens, smart cards, and biometrics offer a number of ways to protect symmetric keys.
• Asymmetric encryption uses two keys, one key to encrypt the plaintext and the other to decrypt.
• The Diffie-Hellman Key Exchange, RSA algorithm, and DSS are robust foundations for public-key encryption.
36
Summary
• PKI is designed to manage the keys necessary to perform public-key encryption.
• PKI consists of digital certificates, a certificate authority (CA), a registration authority (RA), certificate directory, and a key backup and recovery server.
• Hash algorithms take a variable plaintext input and produce a fixed length output.
• The most popular hash algorithms are the MD series and SHA-1 algorithms.
• Many cryptanalytic attacks pose threats to today’s encryption systems.