ch02 netsec5e
TRANSCRIPT
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 1/38
Network
SecurityEssentials
Fifth Edition
by William Stallings
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 2/38
Chapter 2Symmetric Encryption and
Message Condentiality
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 3/38
“I have solved other ciphers of an abstruseness tenthousand times greater. Circumstances, and a certainbias of mind, have led me to take interest in suchriddles, and it may well be doubted whether humaningenuity can construct an enigma of the kind whichhuman ingenuity may not, by proper application,
resolve.”
—The Gold Bug, Edgar Allen Poe
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 4/38
Amongst the tribes of Central Australia every man,woman, and child has a secret or sacred name whichis bestowed by the older men upon him or her soon
after birth, and which is known to none but the fullyinitiated members of the group. This secret name isnever mentioned ecept upon the most solemnoccasions! to utter it in the hearing of men of anothergroup would be a most serious breach of tribal
custom. "hen mentioned at all, the name is spokenonly in a whisper, and not until the most elaborate
precautions have been taken that it shall be heard byno one but members of the group. The native thinks
that a stranger knowing his secret name would haves ecial ower to work him ill b means of ma ic.
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 5/38
Some asic !erminology
" #lainte$t % original message
" Cipherte$t % coded message
" Cipher % algorithm for transforming plainte$t to cipherte$t
" &ey % info used in cipher known only to sender'recei(er
" Encipher )encrypt* % con(erting plainte$t to cipherte$t
" +ecipher )decrypt* % reco(ering cipherte$t from plainte$t
" Cryptography % study of encryption principles'methods
" Cryptanalysis )code breaking* % study of principles'methods of
deciphering cipherte$t without knowing key
" Cryptology % eld of both cryptography and cryptanalysis
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 6/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 7/38
,e-uirements
" !here are two re-uirements for secure use ofsymmetric encryption.
" / strong encryption algorithm
" Sender and recei(er must ha(e obtained copies of thesecret key in a secure fashion and must keep the keysecure
" !he security of symmetric encryption depends on thesecrecy of the key0 not the secrecy of the algorithm
" !his makes it feasible for widespread use" Manufacturers can and ha(e de(eloped low%cost chip
implementations of data encryption algorithms
" !hese chips are widely a(ailable and incorporated into anumber of products
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 8/38
Cryptography
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 9/38
!able 21
!ypes of /ttacks on Encrypted Messages
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 10/38
cryptanalysis
" /n encryption scheme is computationallysecure if the cipherte$t generated by thescheme meets one or both of the following
criteria." !he cost of breaking the cipher e$ceeds the
(alue of the encrypted information
" !he time re-uired to break the cipher e$ceeds
the useful lifetime of the information
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 11/38
rute Force attack
" 3n(ol(es trying e(ery possible key until an intelligibletranslation of the cipherte$t into plainte$t is obtained
" 4n a(erage0 half of all possible keys must be tried to
achie(e success
" 5nless known plainte$t is pro(ided0 the analyst mustbe able to recogni6e plainte$t as plainte$t
" !o supplement the brute%force approach
" Some degree of knowledge about the e$pected plainte$tis needed
" Some means of automatically distinguishing plainte$tfrom garble is also needed
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 12/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 13/38
Feistel Cipher +esignElements
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 14/38
Symmetric lock encryptionalgorithms
" lock cipher
" !he most commonlyused symmetricencryptionalgorithms
" #rocesses theplainte$t input in
$ed%si6ed blocksand produces ablock of cipherte$tof e-ual si6e foreach plainte$t block
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 15/38
+ata EncryptionStandard )+ES*
" Most widely used encryption scheme
" 3ssued in 788 as Federal 3nformation#rocessing Standard 9: )F3#S 9:* by theNational 3nstitute of Standards and
!echnology )N3S!*
" !he algorithm itself is referred to as the +ata
Encryption /lgorithm )+E/*
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 16/38
+ES algorithm
" +escription of the algorithm.
" #lainte$t is :9 bits in length
" &ey is ;: bits in length
" Structure is a minor (ariation of the Feistel network
" !here are : rounds of processing
" #rocess of decryption is essentially the same as theencryption process
" !he strength of +ES.
" Concerns fall into two categories" !he algorithm itself
" ,efers to the possibility that cryptanalysis is possible by e$ploitingthe characteristics of the algorithm
" !he use of a ;:%bit key
" Speed of commercial0 o<%the%shelf processors threatens the security
! bl 2 2
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 17/38
!able 212 /(erage !ime ,e-uired for E$hausti(e &ey
Search
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 18/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 19/38
=+ES guidelines
" F3#S 9:%= includes the following guidelines for=+ES.
" =+ES is the F3#S%appro(ed symmetric
encryption algorithm of choice" !he original +ES0 which uses a single ;:%bit key0
is permitted under the standard for legacysystems only> new procurements should support=+ES
" ?o(ernment organi6ations with legacy +ESsystems are encouraged to transition to =+ES
" 3t is anticipated that =+ES and the /d(ancedEncryption Standard )/ES* will coe$ist as F3#S%
appro(ed algorithms0 allowing for a gradual
/d d i
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 20/38
/d(anced encryptionstandard )/ES*
" 3n 778 N3S! issued a call for proposals for a new /ES.
" Should ha(e a security strength e-ual to or better than=+ES and signicantly impro(ed e@ciency
" Must be a symmetric block cipher with a block length of
2A bits and support for key lengths of 2A0 720 and 2;:bits
" E(aluation criteria included security0 computationale@ciency0 memory re-uirements0 hardware and softwaresuitability0 and Be$ibility
" N3S! selected ,indael as the proposed /ES algorithm
" F3#S #5 78
" +e(elopers were two cryptographers from elgium. +r1 Doan +aemen and +r1 incent ,imen
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 21/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 22/38
, d d d d
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 23/38
,andom and pseudorandomNumbers
" / number of network security algorithms based oncryptography make use of random numbers
" E$amples.
" ?eneration of keys for the ,S/ public%key encryption algorithm
and other public%key algorithms" ?eneration of a symmetric key for use as a temporary session
key> used in a number of networking applications such as !ransport ayer Security0 Wi%Fi0 e%mail security0 and 3# security
" 3n a number of key distribution scenarios0 such as &erberos0random numbers are used for handshaking to pre(ent replay
attacks
" !wo distinct and not necessarily compatiblere-uirements for a se-uence of random numbers are.
" ,andomness
" 5npredictability
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 24/38
,andomness
" !he following criteria are used to (alidate thata se-uence of numbers is random.
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 25/38
unpredictability
" 3n applications such as reciprocal authenticationand session key generation0 the re-uirement isnot so much that the se-uence of numbers bestatistically random but that the successi(emembers of the se-uence are unpredictable
" With GtrueH random se-uences0 each number isstatistically independent of other numbers in these-uence and therefore unpredictable
" Care must be taken that an opponent not be ableto predict future elements of the se-uence on thebasis of earlier elements
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 26/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 27/38
/lgorithm design
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 28/38
St Ci h d i
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 29/38
Stream Cipher designconsiderations
" !he encryption se-uence should ha(e a large period
" !he longer the period of repeat0 the more di@cult it will be to docryptanalysis
" !he keystream should appro$imate the properties of a true
random number stream as close as possible" !he more random%appearing the keystream is0 the more
randomi6ed the cipherte$t is0 making cryptanalysis more di@cult
" !he pseudorandom number generator is conditioned on the(alue of the input key
" !o guard against brute%force attacks0 the key needs to besu@ciently long
" With current technology0 a key length of at least 2A bits isdesirable
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 30/38
,C9 algorithm
" / stream cipher designed in 7A8 by ,on ,i(est for ,S/Security
" 3t is a (ariable key%si6e stream cipher with byte%oriented
operations" !he algorithm is based on the use of a random
permutation
" 3s used in the Secure Sockets ayer'!ransport ayerSecurity )SS'!S* standards that ha(e been dened forcommunication between Web browsers and ser(ers
" /lso used in the Wired E-ui(alent #ri(acy )WE#* protocoland the newer WiFi #rotected /ccess )W#/* protocol thatare part of the 3EEE AI21 wireless /N standard
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 31/38
Cipher block Modes of
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 32/38
Cipher block Modes of4peration
" / symmetric block cipher processes one block of dataat a time
" 3n the case of +ES and =+ES0 the block length is bJ:9bits
" For /ES0 the block length is bJ2A
" For longer amounts of plainte$t0 it is necessary to breakthe plainte$t into b%bit blocks0 padding the last block ifnecessary
" Fi(e modes of operation ha(e been dened by N3S!" 3ntended to co(er (irtually all of the possible applications
of encryption for which a block cipher could be used
" 3ntended for use with any symmetric block cipher0including triple +ES and /ES
Electronic Codebook
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 33/38
Electronic CodebookMode )EC*
" #lainte$t is handled b bits at a time and each block of plainte$tis encrypted using the same key
" !he term GcodebookH is used because0 for a gi(en key0 there isa uni-ue cipherte$t for e(ery b%bit block of plainte$t
" 4ne can imagine a gigantic codebook in which there is an entry fore(ery possible b%bit plainte$t pattern showing its correspondingcipherte$t
" With EC0 if the same b%bit block of plainte$t appears morethan once in the message0 it always produces the same
cipherte$t" ecause of this0 for lengthy messages0 the EC mode may not be
secure
" 3f the message is highly structured0 it may be possible for acryptanalyst to e$ploit these regularities
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 34/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 35/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 36/38
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 37/38
/d(antages of C!, mode
" Kardware e@ciency
" Encryption'decryption can be done in parallel on multiple blocks of plainte$t or cipherte$t
" !hroughput is only limited by the amount of parallelism that is achie(ed
" Software e@ciency
" ecause of the opportunities for parallel e$ecution0 processors that support parallel
features can be e<ecti(ely utili6ed" #reprocessing
" !he e$ecution of the underlying encryption algorithm does not depend on input of the
plainte$t or cipherte$t %%% when the plainte$t or cipherte$t input is presented0 the onlycomputation is a series of L4,s0 greatly enhancing throughput
" ,andom access
" !he ith block of plainte$t or cipherte$t can be processed in random%access fashion
" #ro(able security
" 3t can be shown that C!, is at least as secure as the other modes discussed in thissection
" Simplicity
" ,e-uires only the implementation of the encryption algorithm and not the decryptionalgorithm
7/26/2019 Ch02 NetSec5e
http://slidepdf.com/reader/full/ch02-netsec5e 38/38
summary
" ,andom and pseudorandomnumbers
" !he use of random numbers
" !,N?s0 #,N?s0 #,Fs
" /lgorithm design
" Stream ciphers and ,C9
" Stream cipher structure
" ,C9 algorithm
" Cipher block modes of
operation
" EC
" CC
" CF
" C!,
" Symmetric encryptionprinciples
" Cryptography
" Cryptanalysis
" Feistel cipher structure
" Symmetric blockencryption algorithms
" +ata encryption
standard" !riple +ES
" /d(anced encryptionstandard