Discussion on Kerchoff's principle
Fundamentals of Cryptography Week 5
1
Agenda
Week 5 Overview
Reading
Lecture
Discussion Question
Algorithms and Ciphers
Week 6 Pre-view
2
Week 5 Overview
Reading – Chapter 4 – Algorithms and Ciphers
Lecture – You are watching/listening to it now!
3
Discussion Question 4
4
Peer Response(s): Peer Response(s) are due by Sunday (11:59:59pm ET)
Primary Task Response:
Please provide a detailed response to the below to include specific details and examples.
Auguste Kerchoff put forth a set of guidelines in the development of new algorithms or the evaluation of existing ones. While they are not required to be followed, they are still considered to be good advice or guidance. Please explain Kerchoff’s six principles and make a case for both following them and not following them. Please use sources to support your positions.
Primary Response: Primary Discussion Response is due by Wednesday (11:59:59pm Eastern Time Zone (ET))
Kerchoff’s Principles
Discussion Question 4
5
- Read the responses from your peers and offer a constructive critique or additional information that adds substantively to the discussions.
Peer Response
- Remember, a response that simply states that their post was good or that you liked it is not considered substantive.
- You should contribute to the learning via your posts and responses.
- Be sure to acknowledge any outside sources you use.
Categories of Cryptosystems
Organization of Cryptosystems
Two-Way Cryptography
Symmetric
Asymmetric
Steganography
Message Integrity Controls
Stream
Block
Factoring the Product of Large Primes
Discrete Logarithms
Symmetric Key Algorithms
Same key used for both the encryption and decryption operations
Document
to Be Encrypted
Encryption Algorithm
(i.e., AES)
Encrypted
Document
Decrypted Document
Encryption Algorithm
Encrypted
Document
Key
7
Stream Ciphers
A keystream (sequence of bits used as a key) is generated and combined with the plaintext using an Exclusive-OR (XOR) operation:
Statistically unpredictable and unbiased
Not linearly related to the key
Operates on individual bits or bytes
Functionally complex
Long periods with no repeats
Stream Ciphers: Advantages and Disadvantages
Advantages:
Emulates a one-time pad
No size difference between plaintext and ciphertext
Very suitable for hardware implementation and serial communications
Disadvantages:
Can be difficult to implement correctly
Generally weaker than a block-mode cipher
Difficult to generate a truly random unbiased keystream
Stream Cipher Uses
Wireless:
WEP, WPA
Audio/video streaming
GSM
Examples of Stream-based Algorithms
RC-4: Ron Rivest of RSA Security (1987)
One of the most widely used stream ciphers today
TLS (Transport Layer Security), WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), TKIP (Temporal Key Integrity Protocol), Microsoft XBox, Oracle SQL, Microsoft PPTP, Microsoft Office, and Adobe Acrobat.
SEAL: Software-optimized Encryption Algorithm
A5/1, A5/2, A5/3: These are stream ciphers used in GSM (Global Systems for Mobile Communications) systems.
Block Cipher
Blocks of plaintext are encrypted into ciphertext blocks
Multiple modes of operation
Variable key size, block size, rounds
dark
On a
ptuf
NeQj
Data Block
2
Data Block
1
Cryptosystem
Cipher Block
2
Cipher Block
1
Ciphertext
Key
IV
Block Cipher Uses
Data transport
AES (Advanced Encryption Standard): Created by NIST in 2001
Triple DES (Data Encryption Standard)
Data storage
AES in counter mode
Advanced Encryption Standard (AES)
Based on Rijndael algorithm:
Developed by Daemen and Rijmen in 1998
Rijndael
Block Options
AES
Block Options
128,192,256
Key Options
128, 192, 256
Rounds
10, 12, 14
128, 192, 256
Rounds
10, 12, 14
Key Options
128
Examples of Block Mode Algorithms
AES (Rijndael)
IDEA
RC2
RC5
RC6
Blowfish
Twofish
CAST
SAFER
Data Encryption Standard (DES)
3DES
Serpent
Mars
Skipjack
Microsoft Online Clipart
15
Modes of Symmetric Block Ciphers
Different modes of symmetric block ciphers
Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Cipher Feed Back (CFB)
Output Feed Back (OFB)
Counter (CTR)
Counter with CBC-MAC (CCM)
Page 357
16
Electronic Code Book (ECB)
Each block of plaintext is encrypted independently using the same key
Ciphertext
Block 1
Algorithm
Ciphertext
Block 2
Algorithm
Ciphertext
Block 3
Algorithm
Plaintext
Block 1
Plaintext
Block 2
Plaintext
Block 3
Cipher Block Chaining (CBC)
The first plaintext block is XOR’d with an Initialization Vector (IV)
Resulting ciphertext is chained into the next plaintext block
Ciphertext
Block 1
Algorithm
Ciphertext
Block 2
Algorithm
Ciphertext
Block 3
Algorithm
Plaintext
Block 1
Plaintext
Block 2
Plaintext
Block 3
IV
Cipher Feed Back (CFB)
Similar to CBC
IV is encrypted and then XOR’d with the first plaintext block
Plaintext
Block 1
Ciphertext
Block 1
Algorithm
IV
Keystream
Plaintext
Block 2
Ciphertext
Block 2
Algorithm
Keystream
Ciphertext
Block 1
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Output Feed Back (OFB)
Operates very much like CFB
Only the RESULT of encrypting the IV is fed back to the next operation
Plaintext
Block 1
Ciphertext
Block 1
Algorithm
IV
Keystream 1
Plaintext
Block 2
Ciphertext
Block 2
Algorithm
Keystream 1
Keystream 2
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Counter (CTR)
Similar to OFB
A counter value is used instead of an IV
Plaintext
Block 1
Ciphertext
Block 1
Algorithm
Counter
Keystream 1
Plaintext
Block 2
Ciphertext
Block 2
Algorithm
Counter + 1
Keystream 2
Cryptography
(ISC)2® CISSP® CBK® Review Seminar v10.0
Symmetric Algorithms
Strengths:
Very fast
Very difficult to break
Freely available tools
Highly efficient, serial communications
Multiple modes
Weaknesses:
Key negotiation/ exchange/distribution
Poor scalability
Limited security
Noisy channels and error connecting
Asymmetric Key Algorithms
Pair of mathematically related keys (A and B) used separately for encryption and decryption
Key B
Key A
Document
to Be Encrypted
Decrypted Document
Encrypted
Document
Encrypted
Document
Encryption Algorithm
Encryption Algorithm
(i.e., RSA)
23
Asymmetric Algorithms
Methods:
Hard problems
Factoring the product of two large prime numbers
Discrete logarithms in a finite field
Asymmetric Algorithms Examples
Key Agreement
Diffie-Hellman
MQV
Digital Signature
DSS
Schnorr
Used for Both
Oakley
RSA
ECC
Elgamal
Confidentiality/Key Exchange
Message
Message
CT
CT
Key
Key
Bob’s Public Key
Bob’s Private Key
Alice
Bob
E
D
\
Proof of Origin
Message
Message
CT
CT
Key
Key
Alice’s Private Key
Alice’s Public Key
Alice
Bob
E
D
Sign
Verify
Asymmetric Strengths and Weaknesses
Strengths:
Confidentiality
Key management
Proof of origin
Integrity
Non-repudiation
Access control and authentication
Weaknesses:
Computationally intensive:
Key size is generally 1024, 2048, 4096 bits
Significantly slower
Hybrid Systems
Message
Message
CT
CT
Symmetric Key
Alice
Bob
E
Symmetric Key
E
D
D
CT
CT
Bob’s Public Key
Bob’s Private Key
Week 6 Overview
Reading – Chapter 5 – Hashing and Message Digests
Lecture
Quiz 4
Intentional Change
Accidental Change
30
Questions?
31