Discussion on Kerchoff's principle

profileanithareddy
Kerchoffsprincipal.pptx

Fundamentals of Cryptography Week 5

1

Agenda

Week 5 Overview

Reading

Lecture

Discussion Question

Algorithms and Ciphers

Week 6 Pre-view

2

Week 5 Overview

Reading – Chapter 4 – Algorithms and Ciphers

Lecture – You are watching/listening to it now!

3

Discussion Question 4

4

Peer Response(s):  Peer Response(s) are due by Sunday (11:59:59pm ET)

Primary Task Response:

Please provide a detailed response to the below to include specific details and examples.

Auguste Kerchoff put forth a set of guidelines in the development of new algorithms or the evaluation of existing ones. While they are not required to be followed, they are still considered to be good advice or guidance. Please explain Kerchoff’s six principles and make a case for both following them and not following them. Please use sources to support your positions.

Primary Response: Primary Discussion Response is due by Wednesday (11:59:59pm Eastern Time Zone (ET))

Kerchoff’s Principles

Discussion Question 4

5

- Read the responses from your peers and offer a constructive critique or additional information that adds substantively to the discussions.

Peer Response

- Remember, a response that simply states that their post was good or that you liked it is not considered substantive.

- You should contribute to the learning via your posts and responses.

- Be sure to acknowledge any outside sources you use.

Categories of Cryptosystems

Organization of Cryptosystems

Two-Way Cryptography

Symmetric

Asymmetric

Steganography

Message Integrity Controls

Stream

Block

Factoring the Product of Large Primes

Discrete Logarithms

Symmetric Key Algorithms

Same key used for both the encryption and decryption operations

Document

to Be Encrypted

Encryption Algorithm

(i.e., AES)

Encrypted

Document

Decrypted Document

Encryption Algorithm

Encrypted

Document

Key

7

Stream Ciphers

A keystream (sequence of bits used as a key) is generated and combined with the plaintext using an Exclusive-OR (XOR) operation:

Statistically unpredictable and unbiased

Not linearly related to the key

Operates on individual bits or bytes

Functionally complex

Long periods with no repeats

Stream Ciphers: Advantages and Disadvantages

Advantages:

Emulates a one-time pad

No size difference between plaintext and ciphertext

Very suitable for hardware implementation and serial communications

Disadvantages:

Can be difficult to implement correctly

Generally weaker than a block-mode cipher

Difficult to generate a truly random unbiased keystream

Stream Cipher Uses

Wireless:

WEP, WPA

Audio/video streaming

GSM

Examples of Stream-based Algorithms

RC-4: Ron Rivest of RSA Security (1987)

One of the most widely used stream ciphers today

TLS (Transport Layer Security), WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), TKIP (Temporal Key Integrity Protocol), Microsoft XBox, Oracle SQL, Microsoft PPTP, Microsoft Office, and Adobe Acrobat.

SEAL: Software-optimized Encryption Algorithm

A5/1, A5/2, A5/3: These are stream ciphers used in GSM (Global Systems for Mobile Communications) systems.

Block Cipher

Blocks of plaintext are encrypted into ciphertext blocks

Multiple modes of operation

Variable key size, block size, rounds

dark

On a

ptuf

NeQj

Data Block

2

Data Block

1

Cryptosystem

Cipher Block

2

Cipher Block

1

Ciphertext

Key

IV

Block Cipher Uses

Data transport

AES (Advanced Encryption Standard): Created by NIST in 2001

Triple DES (Data Encryption Standard)

Data storage

AES in counter mode

Advanced Encryption Standard (AES)

Based on Rijndael algorithm:

Developed by Daemen and Rijmen in 1998

Rijndael

Block Options

AES

Block Options

128,192,256

Key Options

128, 192, 256

Rounds

10, 12, 14

128, 192, 256

Rounds

10, 12, 14

Key Options

128

Examples of Block Mode Algorithms

AES (Rijndael)

IDEA

RC2

RC5

RC6

Blowfish

Twofish

CAST

SAFER

Data Encryption Standard (DES)

3DES

Serpent

Mars

Skipjack

Microsoft Online Clipart

15

Modes of Symmetric Block Ciphers

Different modes of symmetric block ciphers

Electronic Code Book (ECB)

Cipher Block Chaining (CBC)

Cipher Feed Back (CFB)

Output Feed Back (OFB)

Counter (CTR)

Counter with CBC-MAC (CCM)  

Page 357

16

Electronic Code Book (ECB)

Each block of plaintext is encrypted independently using the same key

Ciphertext

Block 1

Algorithm

Ciphertext

Block 2

Algorithm

Ciphertext

Block 3

Algorithm

Plaintext

Block 1

Plaintext

Block 2

Plaintext

Block 3

Cipher Block Chaining (CBC)

The first plaintext block is XOR’d with an Initialization Vector (IV)

Resulting ciphertext is chained into the next plaintext block

Ciphertext

Block 1

Algorithm

Ciphertext

Block 2

Algorithm

Ciphertext

Block 3

Algorithm

Plaintext

Block 1

Plaintext

Block 2

Plaintext

Block 3

IV

Cipher Feed Back (CFB)

Similar to CBC

IV is encrypted and then XOR’d with the first plaintext block

Plaintext

Block 1

Ciphertext

Block 1

Algorithm

IV

Keystream

Plaintext

Block 2

Ciphertext

Block 2

Algorithm

Keystream

Ciphertext

Block 1

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Output Feed Back (OFB)

Operates very much like CFB

Only the RESULT of encrypting the IV is fed back to the next operation

Plaintext

Block 1

Ciphertext

Block 1

Algorithm

IV

Keystream 1

Plaintext

Block 2

Ciphertext

Block 2

Algorithm

Keystream 1

Keystream 2

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Counter (CTR)

Similar to OFB

A counter value is used instead of an IV

Plaintext

Block 1

Ciphertext

Block 1

Algorithm

Counter

Keystream 1

Plaintext

Block 2

Ciphertext

Block 2

Algorithm

Counter + 1

Keystream 2

Cryptography

(ISC)2® CISSP® CBK® Review Seminar v10.0

Symmetric Algorithms

Strengths:

Very fast

Very difficult to break

Freely available tools

Highly efficient, serial communications

Multiple modes

Weaknesses:

Key negotiation/ exchange/distribution

Poor scalability

Limited security

Noisy channels and error connecting

Asymmetric Key Algorithms

Pair of mathematically related keys (A and B) used separately for encryption and decryption

Key B

Key A

Document

to Be Encrypted

Decrypted Document

Encrypted

Document

Encrypted

Document

Encryption Algorithm

Encryption Algorithm

(i.e., RSA)

23

Asymmetric Algorithms

Methods:

Hard problems

Factoring the product of two large prime numbers

Discrete logarithms in a finite field

Asymmetric Algorithms Examples

Key Agreement

Diffie-Hellman

MQV

Digital Signature

DSS

Schnorr

Used for Both

Oakley

RSA

ECC

Elgamal

Confidentiality/Key Exchange

Message

Message

CT

CT

Key

Key

Bob’s Public Key

Bob’s Private Key

Alice

Bob

E

D

\

Proof of Origin

Message

Message

CT

CT

Key

Key

Alice’s Private Key

Alice’s Public Key

Alice

Bob

E

D

Sign

Verify

Asymmetric Strengths and Weaknesses

Strengths:

Confidentiality

Key management

Proof of origin

Integrity

Non-repudiation

Access control and authentication

Weaknesses:

Computationally intensive:

Key size is generally 1024, 2048, 4096 bits

Significantly slower

Hybrid Systems

Message

Message

CT

CT

Symmetric Key

Alice

Bob

E

Symmetric Key

E

D

D

CT

CT

Bob’s Public Key

Bob’s Private Key

Week 6 Overview

Reading – Chapter 5 – Hashing and Message Digests

Lecture

Quiz 4

Intentional Change

Accidental Change

30

Questions?

31