Secret-Key Encryption Lab-seed labs

computer_science
Chapter9SecretKeyEncryption.pdf

Network Security- Cryptography

Shared Secret-Key Encryption

Network Security- Cryptography

• Encryption is done by replacing units of plaintext with ciphertext, according to a fixed

system.

• Units may be single letters, pairs of letters, triplets of letters, mixtures of the above, and

so forth

• Decryption simply performs the inverse substitution.

• Two typical substitution ciphers:

– monoalphabetic - fixed substitution over the entire message

– Polyalphabetic - a number of substitutions at different positions in the message

Liu 2

Substitution Cipher

Network Security- Cryptography

monoalphabetic single letter replacement

• Each letter is uniquely replaced by another.

• There are 26! possible substitution ciphers.

• There are more than 4.03 x 1026 such ciphers.

• https://cryptii.com/pipes/caesar-cipher

• One popular substitution “cipher” for some Internet posts is ROT13.

Liu 3

Substitution Cipher- An example

Network Security- Cryptography

• Encryption and decryption

Liu 4

Monoalphabetic Substitution Cipher

Network Security- Cryptography

• Common 2-letter combinations (bigrams): TH, HE, IN, ER

• Common 3-letter combinations (trigrams): THE, AND, and ING

• Letters in a natural language, like English, are not uniformly distributed.

• Knowledge of letter frequencies, including pairs and triples can be used in cryptologic attacks against substitution ciphers.

Liu 5

Breaking Monoalphabetic

Substitution Cipher

Network Security- Cryptography

• Letter Frequency Analysis results:

Liu 6

Breaking Monoalphabetic

Substitution Cipher

Network Security- Cryptography

• Bigram Frequency Analysis results:

Liu 7

Breaking Monoalphabetic

Substitution Cipher

Network Security- Cryptography

• Trigram Frequency analysis results:

Liu 8

Breaking Monoalphabetic

Substitution Cipher

Network Security- Cryptography

• Applying the partial mappings…

Liu 9

Breaking Monoalphabetic

Substitution Cipher

Network Security- Cryptography

• Substitution can also be done on binary numbers.

• Such substitutions are usually described by substitution boxes, or S-boxes.

A 4-bit S-box (a) An S-box in binary. (b) The same-S-box in decimal.

Liu 10

Substitution Boxes

Network Security- CryptographyLiu 11

Vulnerability

Network Security- Cryptography

One-Time Pads

• There is one type of substitution cipher that is absolutely unbreakable.

– The one-time pad was invented in 1917 by Joseph Mauborgne and Gilbert Vernam

– We use a block of shift keys, (k1, k2, . . . , kn), to encrypt a plaintext, M, of length n, with each

shift key being chosen uniformly at random.

• Since each shift is random, every ciphertext is equally likely for any plaintext.

Liu 12

Polyalphabetic – An example

Network Security- Cryptography

• In spite of their perfect security,

one-time pads have some

weaknesses

• The key has to be as long as the

plaintext

• Keys can never be reused

– Repeated use of one-time pads

allowed the U.S. to break some of

the communications of Soviet spies

during the Cold War.

Public domain declassified government image from

https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/venona-soviet-espionage-and-the-american-response-1939-1957/part2.htmLiu 13

Weaknesses of the One Time Pad

Network Security- Cryptography

key

 

m1 m2

c1 c2

Liu 14

An exercise

Network Security- Cryptography

• If you have c1 and c2

• What will be the result picture of c1 c2?

• Will that release information of m1 and m2?

• If you don’t know m1 and m2, what could be m1 and m2?

In computer graphic, white color = #FFFFFF and black color = #000000

Hint: you can treat each white pixel as 1 and black pixel as 0.

Liu 15

An exercise

Network Security- Cryptography

(both m1 and m2) information released!

We can easily know that between m1 and m2, most probably

one is a surprise face and the other is Ksun.

Liu 16

An exercise

Network Security- Cryptography

• DES is a block cipher - can only encrypt a block of data

• Block size for DES is 64 bits

• DES uses 56-bit keys although a 64-bit key is fed into the algorithm

• DES-64 was attacked and can be decrypted with 90 minutes

• Triple DES can solve DES’s key size problem

• DES-192 can also be cracked within 23 hours.

Liu 17

Data Encryption Standard (DES)

Network Security- Cryptography

• AES is a block cipher

• 128-bit block size.

• Three different key sizes: 128, 192, and 256 bits

Liu 18

Advanced Encryption Standard (AES)

Network Security- Cryptography

• Encryption mode or mode of operation refers to the many ways to make the input of an

encryption algorithm different.

• Examples include:

– Electronic Codebook (ECB)

– Cipher Block Chaining (CBC)

– Propagating CBC (PCBC)

– Cipher Feedback (CFB)

– Output Feedback (OFB)

– Counter (CTR)

Liu 19

Encryption Modes

Network Security- CryptographyLiu 20

Electronic Codebook (ECB) Mode

Network Security- Cryptography

• Using openssl enc command:

• We use the 128-bit (key size) AES algorithm

• The -aes-128-ecb option specifies ECB mode

• The -e option indicates encryption

• The -d option indicate decryption

• The -K option is used to specify the encryption/decryption key

Liu 21

Electronic Codebook (ECB) Mode

Network Security- Cryptography

• The main purpose of IV is to

ensure that even if two

plaintexts are identical, their

ciphertexts are still different,

because different IVs will be

used. • Decryption can be parallelized

• Encryption cannot be parallelized

Liu 22

Cipher Block Chaining (CBC) Mode

Network Security- Cryptography

• Using openssl enc command to encrypt the same plaintext, same key, different IV:

• We use the 128-bit (key size) AES algorithm

• The -aes-128-cbc option specifies CBC mode

• The -e option indicates encryption

• The -iv option is used to specify the Initialization Vector (IV)

Liu 23

Cipher Block Chaining (CBC) Mode

Network Security- Cryptography

• A block cipher is turned into a stream

cipher.

• Ideal for encrypting real-time data.

• Padding not required for the last

block.

• decryption using the CFB mode can

be parallelized, while encryption can

only be conducted sequentially

Liu 24

Cipher Feedback (CFB) Mode

Network Security- Cryptography

• Plaintext size is 21 bytes

• CBC mode: ciphertext is 32 bytes due padding

• CFB mode: ciphertext size is same as plaintext size (21 bytes)

Liu 25

Comparing encryption with CBC and CFB

Network Security- Cryptography

• Similar to CFB

– Used as stream cipher

– Does not need padding

– Decryption can parallelized

• Encryption in the OFB mode can be

parallelized

Liu 26

Output Feedback (OFB) Mode

Network Security- Cryptography

• It basically uses a counter to generate the key streams

• no key stream can be reused, hence the counter value for each block is prepended with a randomly generated value called nonce

• This nonce serves the same role as the IV does to the other encryption modes.

• both encryption and decryption can be parallelized

• the key stream in the CTR mode can be calculated in parallel during the encryption

Liu 27

Counter (CTR) Mode

Network Security- Cryptography

• Block cipher encryption modes divide plaintext into blocks and the size of each block

should match the cipher’s block size.

• No guarantee that the size of the last block matches the cipher’s block size.

• Last block of the plaintext needs padding i.e. before encryption, extra data needs to be

added to the last block of the plaintext, so its size equals to the cipher’s block size.

• Padding schemes need to clearly mark where the padding starts, so decryption can

remove the padded data.

• Commonly used padding scheme is PKCS#5

Liu 28

Padding

Network Security- Cryptography

• Plaintext size is 9 bytes.

• Size of ciphertext (cipher.bin) becomes 16 bytes

Liu 29

Padding Experiment

Network Security- Cryptography

• How does decryption software know where padding starts?

7 bytes of 0x07 are added

as the padding data

Liu 30

Padding Experiment

Network Security- Cryptography

• What if the size of the plaintext is already a multiple of the block size (so no

padding is needed), and its last seven bytes are all 0x07

• Size of plaintext (plain3.txt) is 16 bytes

• Size of decryption output (plaint3_new.txt) is 32 bytes ( a full block is added as the padding).

• Therefore, in PKCS#5, if the input length is already an exact multiple of the block size B, then B bytes of

value B will be added as the padding.

Liu 31

Padding Experiment – Special case

Network Security- Cryptography

• Initial vectors have the following requirements:

– IV is supposed to be stored or transmitted in plaintext

– IV should not repeat (uniqueness).

– IV should not be predictable.

Liu 32

Initial Vector and Common Mistakes

Network Security- Cryptography

• Eve calculates the next IV

Liu 33

Experiment – IV should not be predictable

Network Security- Cryptography

• Eve guesses that Bob voted for John Smith, so she creates P1_guessed and XOR it with IV_bob

and IV_next, and finally constructs the name for a write-in candidate.

Liu 34

Experiment – IV should not be predictable

Network Security- Cryptography

• Eve gives her write-in candidate’s name (stored in P2) to the voting machine,

which encrypts the name using IV_next as the IV. The result is stored in C2.

• If C1 (Bob’s encrypted vote) == C2, then Eve knows for sure that Bob has voted

for “John Smith”.

Liu 35

Experiment – IV should not be predictable

Network Security- Cryptography

• None of the Encryption modes discussed so far can be used to achieve message

authentication

• A number of modes of operation have been designed to combine message

authentication and encryption.

• Examples include

– GCM (Galois/Counter Mode)

– CCM (Counter with CBC-MAC)

– OCB mode (Offset Codebook Mode)

Liu 38

Modes for Authenticated Encryption

Network Security- Cryptography

Attack on ciphertext’s integrity

• Attacker makes changes to ciphertext (Line 2)

• Result

Liu 39

Network Security- Cryptography

Authenticated Encryption

• To protect the integrity, the sender needs to generate a Message Authentication

Code (MAC) from the ciphertext using a secret shared by the sender and the

receiver.

• The MAC and the ciphertext will be sent to the receiver, who will compute a

MAC from the received ciphertext.

• If the MAC is the same as the one received, the ciphertext is not modified.

• Two operations are needed to achieve integrity of ciphertext: one for encrypting

data and other for generating MAC.

• Authenticated encryption combines these two separate operations into one

encryption mode. E.g GCM, CCM, OCB

Liu 40