network security. outline conventional encryption principles conventional encryption algorithms...

NETWORK SECURITY

OutlineOutline

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Conventional Encryption Conventional Encryption PrinciplesPrinciples

An encryption scheme has five ingredients: Plaintext: The original message or data

Encryption algorithm: Performs various substitutions and

transformations on the plaintext

Secret Key: Input to the encryption algorithm

Ciphertext: Scrambled message produced as output

Decryption algorithm: Encryption algorithm run in reverse

Security depends on the secrecy of the key, not

the secrecy of the algorithm

Conventional Encryption Conventional Encryption PrinciplesPrinciples

CryptographyCryptography

Classified along three independent dimensions: The type of operations used for transforming plaintext to

ciphertext

substitution / transposition 代换 / 置换 The number of keys used

symmetric (single key)

asymmetric (two-keys, or public-key encryption)

The way in which the plaintext is processed

block / stream

CryptanalysisCryptanalysis

Process of attempting to discover the

plaintext or key

An encryption scheme is computationally

secure if the ciphertext meets one of

these criteria cost of breaking the cipher exceeds the value of

the information

time requires to break the cipher exceeds the

useful lifetime of the information

Attacks On Encrypted MsgsAttacks On Encrypted Msgs

Average time required for Average time required for exhaustiveexhaustive key search key search

Key Size (bits)

Number of Alternative Keys

Time required at 106 Decryption/µs

32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours

128 2128 = 3.4 x 1038 5.4 x 1018 years

168 2168 = 3.7 x 1050 5.9 x 1030 years

Feistel Cipher StructureFeistel Cipher Structure

Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973

The realisation of a Fesitel Network depends on the choice of the following parameters and design features .

第 i 轮加密变换： Li ＝ Ri － 1

Ri ＝ Li － 1 F(Ri － 1,Ki)

Feistel Cipher StructureFeistel Cipher Structure

Block size: larger block sizes mean greater security Key Size: larger key size means greater security Number of rounds: multiple rounds offer

increasing security Subkey generation algorithm: greater complexity

will lead to greater difficulty of cryptanalysis. Fast software encryption/decryption: the speed

of execution of the algorithm becomes a concern

Conventional Encryption Conventional Encryption AlgorithmsAlgorithms

Data Encryption Standard (DES) The most widely used encryption scheme DES is a block cipher The plaintext is processed in 64-bit blocks The key is 56-bits in length

数据加密标准 DES

C = DES (K, M)• Block size = 64 bits• Key size = 56 bits• Number of rounds = 16• IP - Initial Permutation• IP-1 - The inverse of IP• f - A nonlinear

function

• Ki - Round i subkey (48 bits)

• Each Feistel block can be described as

Li = Ri-1

Ri = Li-1 f (Ri-1, Ki)

32-bit Swap

数据加密标准 DES

明文 64 位输入

初始置换 IP

Feistel Cipher

初始逆置换 IP － 1

密文 64 位输出

初始密钥 64 位

移位变换 16 次

产生 16 个 48 位子密钥

DES 简化示意图

数据加密标准 DES-The Initial Permutation

How to read this table?The 58th bit of input x will be the 1st bit of output IP(x), the 50th bit of x is the second bit of IP(x), etc.

even bits to LH half, odd bits to RH half Do not affect security

数据加密标准 DES － Feistel Block

In Round i, Separate message block into two 32-bit halves, Li and Ri

Introduce a “complex” nonlinear function f f has two inputs: Ri and a 48-bit round key, Ki

“adding” Li and the output of f

Li+1 = Ri

Ri+1 = Li f(Ri, Ki+1)

Li-1 Ri-1

f

Li Ri

Ki+1

数据加密标准 DES － Nonlinear Function

f(Ri-1, Ki) : (32 bits, 48 bits) 32 bits

expand R to 48 bits R’ using permutation and repetition

R’ XOR with K subdivide the result into 8 blocks of 6 bits

each each 6-bit block goes through a S-box to

produce 4 bits permute the 32-bit string


f(Ri-1, Ki) : (32 bits, 48 bits) 32 bits


f(Ri-1, Ki) : (32 bits, 48 bits) 32 bitsRi － 1 （ 32bit ）

数据加密标准 DES － Expansion

数据加密标准 DES － S-Box

• There are eight S-boxes.• Each takes 6 bits to 4 bits.

• Take the 6-bit input b1, b2, b3, b4, b5, b6

• Interpret b1 b6 as a row number, between 0 and 3.

• Interpret b2 b3 b4 b5 as a column number, 0 through 15.

S-box 1: Bit Bits 2, 3, 4, 5: 1 6 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 1 0 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 1 1 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13


example:

S2(010010)= 0111

S5(111101)= 0101

数据加密标准 DES － Permutation

置换函数 P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

How to read this table? The 16th bit of input x will be the 1st bit of output P(x),

the 7th bit of x is the second bit of P(x), etc.

数据加密标准 DES － Key Schedule

8-byte key has 8 parity check bits ：8 ， 16 ， 24 ， 32 ， 40 ， 48 ， 56 ， 64

Each has 28 bits

Number of shifts are dependent on i for each Ki

56-bit key K

Permutation PC1

Permutation PC2

C0 D0

Cyclic L Shift Cyclic L Shift

K1

C1 D1

56

48

数据加密标准 DES － Key Schedule

PC1

PC2

9,18,22,25

35,38,43,54

数据加密标准 DES － example

设明文M=(0123456789ABCDEF)16=

K=(133457799BBCDFF1)16=

0 0 0 0 0 0 0 10 0 1 0 0 0 1 10 1 0 0 0 1 0 10 1 1 0 0 1 1 11 0 0 0 1 0 0 11 0 1 0 1 0 1 11 1 0 0 1 1 0 11 1 1 0 1 1 1 1

0 0 0 1 0 0 1 10 0 1 1 0 1 0 00 1 0 1 0 1 1 10 1 1 1 1 0 0 11 0 0 1 1 0 1 11 0 1 1 1 1 0 01 1 0 1 1 1 1 11 1 1 1 0 0 0 1

数据加密标准 DES － example

第 1 轮： [R1,L1]=(EF4A6544F0AAF0AA)16

第 2 轮： [R2,L2]=(CC017709EF4A6544)16

第 3 轮： [R3,L3]=(A25C0BF4CC017709)16

第 4 轮： [R4,L4]=(77220045A25C0BF4)16

第 5 轮： [R5,L5]=(8A4FA63777220045)16

……

第 16 轮： [R16,L16]=(0A4CD99543423234)16

C=(85E813540F0AB405) 16

Triple DEATriple DEA

Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)

C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K

Effective key length of 168 bits

C = EK3[DK2[EK1[P]]]

Triple DEATriple DEA

Other Symmetric Block Other Symmetric Block CiphersCiphers

Advanced Encryption Standard

NIST （国家标准技术协会） call for proposals in

1997

Nov, 2001 – Rijndael

Symmetric block cipher (128 bits) and key

lengths 128, 192, 256


4Transformations: Substitute Bytes Shift Rows Mix Columns Add Round Key

flash 演示


International Data Encryption Algorithm (IDEA) 128-bit key Used in PGP

Blowfish Easy to implement High execution speed Run in less than 5K of memory


RC5 Suitable for hardware and software 适合软硬件实现 Fast, simple 快速、简单 Adaptable to processors of different word lengths

适合不同字长的处理器 Variable number of rounds 可变循环次数 Variable-length key 可变密钥长度 Low memory requirement 低存储器要求 High security 高安全性 Data-dependent rotations 依赖于数据的循环

Cipher Block Modes of Cipher Block Modes of OperationOperation

Electronic Codebook Book 电码本模式 (ECB) message is broken into independent

blocks which are encrypted 将信息划分成独立的分组进行加密

each block is encoded independently of the other blocks 每一分组单独进行加密 Ci = DESK1 (Pi)

uses: secure transmission of single values

Cipher Block Modes of Cipher Block Modes of OperationOperation(ECB)

Cipher Block Modes of Cipher Block Modes of OperationOperation

Cipher Block Chaining Mode (CBC)

The input to the encryption algorithm is the XOR

of the current plaintext block and the preceding

ciphertext block.

Repeating pattern of 64-bits are not exposed

Cipher Block Modes of OperationCipher Block Modes of Operation CFB

Cipher FeedBack 密码反馈模式 (CFB)

message is treated as a stream of bits

result is feed back for next stage

standard allows any number of bit (1,8 or

64 or whatever) to be feed back denoted CFB-1, CFB-8, CFB-64 etc

Cipher FeedBack (CFB)Cipher FeedBack (CFB)

Location of Encryption Location of Encryption DeviceDevice

Link encryption: A lot of encryption devices High level of security Decrypt each packet at every switch

End-to-end encryption The source encrypt and the receiver decrypts Payload encrypted Header in the clear

High Security: Both link and end-to-end encryption are needed (see Figure 2.9)

Key DistributionKey Distribution

1. A key could be selected by A and physically delivered to B.

2. A third party could select the key and physically deliver it to A and B.

3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key.

4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

Key DistributionKey Distribution

Session key: Data encrypted with a one-time session key. At

the conclusion （结束） of the session the key is

destroyed

Permanent key: Used between entities for the purpose of

distributing session keys

network security. outline conventional encryption principles conventional encryption algorithms...

Documents