# Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

Save this PDF as:

Size: px
Start display at page:

Download "Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)"

## Transcription

1 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 3 Symmetric Cryptography General Description Modes of ion Data ion Standard (DES) Advanced ion Standard (AES) The Stream Cipher RC4 Symmetric ion General description: The same key A,B is used for enciphering and deciphering of messages: Notation If P denotes the plaintext message, E( A,B, P) denotes the cipher text and it holds D( A,B, E( A,B, P)) = P Alternatively we sometimes write {P} A,B or E A,B (P) for E( A,B, P) Symmetric encryption E A,B is a bijective function D A,B is the inverse function of E A,B : D A,B = (E A,B ) -1 Examples: DES, 3DES, AES, RC4 Decrypt Plaintext Ciphertext Ciphertext Plaintext Network Security, WS 2008/09 2 Modes of ion Symmetric Block Ciphers - Modes of ion ECB (1) Block cipher modes A plaintext p is segmented in blocks p 1, p 2, each of length b or j, respectively, where b denotes the block size of the encryption algorithm and j < b The ciphertext c is the combination of c 1, c 2, where c i denotes the result of the encryption of the i th block of the plaintext message The entities encrypting and decrypting a message have agreed upon a key. E.g. Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Stream cipher modes A pseudorandom stream of bytes, called key stream is generated from the symmetric key The key stream is XORed with the plain text to generate the cipher text. E.g. Output Feedback Mode (OFB) Counter Mode (CTR) Electronic Code Book Mode (ECB): Every block p i of length b is encrypted independently: c i = E(, p i ) A bit error in one ciphertext block c i results in a completely wrongly recovered plaintext block p i (subsequent blocks are not affected) Loss of synchronization does not have any effect if integer multiples of the block size b are lost. If any other number of bits are lost, explicit re-synchronization is needed. Drawback: identical plaintext blocks are encrypted to identical ciphertext! ECB Time = 1 Time = 2 Time = n P n C n Network Security, WS 2008/09 3 Network Security, WS 2008/09 4

2 Symmetric Block Ciphers - Modes of ion ECB (2) Symmetric Block Ciphers - Modes of ion CBC (1) Original ed using ECB mode Source: ed using other modes Cipher Block Chaining Mode (CBC): Before encrypting a plaintext block p i, it is XORed ( ) with the preceding ciphertext block c i-1 : c i = E(, c i-1 p i ) p i = c i-1 D(, c i ) Both parties agree on an initial value for c i called Initialization Vector (IV) c 0 = IV Properties: Advantage: identical plaintext blocks are encrypted to non-identical ciphertext. Error propagation: A distorted ciphertext block results in two distorted plaintext blocks, as p i is computed using c i-1 and c i Synchronisation: If the number of lost bits is a multiple integer of b, one additional block p i+1 is misreprensted before synchronization is re-established. If any other number of bits are lost explicit re-synchronization is needed. Applicable for ion Integrity check: use last block of CBC as Message Authentication Code (MAC) Network Security, WS 2008/09 5 Network Security, WS 2008/09 6 Symmetric Block Ciphers - Modes of ion CBC (2) CBC Error Propagation CBC Time = 1 Time = 2 Time = n A distorted ciphertext block results in two distorted plaintext blocks, as p i is computed using c i-1 and c i P n IV + + C n-1 + C n C n Decrypt Decrypt Decrypt Decrypt IV + + C n-1 + P n Source: Network Security, WS 2008/09 7 Network Security, WS 2008/09 8

3 Symmetric Block Ciphers - Modes of ion OFB (1) Symmetric Block Ciphers - Modes of ion OFB (2) Output Feedback Mode (OFB): The block encryption algorithm is used to generate a key stream that depends only on and IV 0 = IV i = E(, i-1 ) C i = P i i OFB Time = 1 Time = 2 Time = m IV n n The plaintext is XORed with the pseudo-random sequence to obtain the ciphertext and vice versa + + P n + C n Decrypt IV n n + + C n + P n Network Security, WS 2008/09 9 Network Security, WS 2008/09 10 Symmetric Block Ciphers - Modes of ion OFB (3) Symmetric Block Ciphers Modes of ion - CTR (1) Properties of OFB: Error propagation: Single bit errors result only in single bit errors no error multiplication Synchronisation: If some bits are lost explicit re-synchronization is needed Advantage: The pseudo-random sequence can be pre-computed in order to keep the impact of encryption to the end-to-end delay low Drawbacks: It is possible for an attacker to manipulate specific bits of the plaintext However, this is not a problem, since an additional cryptographic mean is required for message integrity anyway Counter Mode (CTR) The block encryption algorithm is used to generate a key stream that depends on and a counter function ctr i. The counter function can be simply an increment modulo 2 w, where w is a convenient register width, e.g. ctr i = Nonce i The counter function does not provide any security other than the uniqueness of the input of to the block cipher function E The plaintext is XORed with the pseudo-random sequence to obtain the ciphertext and vice versa Putting everything together: i = E(, Nonce i) C i = P i i Network Security, WS 2008/09 11 Network Security, WS 2008/09 12

4 Symmetric Block Ciphers Modes of ion - CTR (2) Symmetric Block Ciphers Modes of ion - CTR (3) CTR Properties of CTR: Error propagation: c59bc c59bc c59bc Single bit errors result only in single bit errors no error multiplication Synchronisation: If some bits are lost explicit re-synchronization is needed Decrypt 0 P 0 + c59bc C c59bc c59bc Advantage: The key stream can be pre-computed in order to keep the impact of encryption to the end-to-end delay low The computation of the key stream can be even parallelized Drawbacks: It is possible for an attacker to manipulate specific bits of the plaintext However, this is not a problem, since an additional cryptographic mean is required for message integrity anyway C 0 + P Network Security, WS 2008/09 13 Network Security, WS 2008/09 14 Symmetric Block Ciphers - Algorithm Overview The Data ion Standard (DES) History Some popular algorithms: Data ion Standard (DES) Triple encryption with DES: Triple-DES Advanced ion Standard (AES) Stream Cipher Algorithm RC the National Bureau of Standards (NBS, now National Institute of Standards and Technology, NIST) issued a request for proposals for a national cipher standard, demanding the algorithm to: provide a high level of security, be completely specified and easy to understand, provide security only by its key and not by its own secrecy, be available to all users, be adaptable for use in diverse applications, be economically implementable in electronic devices, be efficient to use, be able to be validated, and be exportable. None of the submissions to this first call came close to these criteria. In response to a second call, IBM submitted its algorithm LUCIFER, a symmetric block cipher, which works on blocks of length 128 bit using keys of length 128 bit and that was the only promising candidate Network Security, WS 2008/09 15 Network Security, WS 2008/09 16

5 DES History continued The NBS requested the help of the National Security Agency (NSA) in evaluating the algorithm s security: The NSA reduced the block size to 64 bit, the size of the key to 56 bit and changed details in the algorithm s substitution boxes. Many of the NSA s reasoning for these modifications became clear in the early 1990 s, but raised great concern in the late 1970 s. Despite all criticism the algorithm was adopted as Data ion Standard in the series of Federal Information Processing Standards in 1977 (FIPS PUB 46) and authorized for use on all unclassified government communications. DES has been widely adopted in the years to follow DES Algorithm Outline 64 bit plaintext 56 bit key Initial Permutation Iteration 1 Iteration 2 Iteration bit Swap Permuted Choice 2 Permuted Choice 2 Permuted Choice 2 Permuted Choice 1 Left Circular Shift / 2 Left Circular Shift / 2 Left Circular Shift / 2 Inverse Initial Permutation 64 bit ciphertext Network Security, WS 2008/09 17 Network Security, WS 2008/09 18 DES Single Iteration DES Security R i-1 f(r i-1, i ) i Data to be encrypted ey used for encryption 32 bit 32 bit 28 bit 28 bit L i-1 R i-1 Expansion Permutation i 48 S-Box: Choice Substitution 32 Permutation 32 + C i-1 D i-1 Left Shift Left Shift Permutation Contraction (Perm. Choice 2) Main weakness is the key length: As a 56 bit key can be searched in hours when being able to perform 10 6 encryptions / μs (which is feasible today), DES can no longer be considered as sufficiently secure Differential cryptanalysis: In 1990 E. Biham and A. Shamir published a cryptoanalysis method for DES It looks specifically for differences in ciphertexts whose plaintexts have particular differences and tries to guess the correct key The basic approach needs chosen plaintext together with its ciphertext DES with 16 rounds is immune against this attack, as the attack needs 2 47 chosen plaintexts or (when converted to a known plaintext attack) 2 55 known plaintexts. The designers of DES told in the 1990 s that they knew about this kind of attacks in the 1970 s and that the s-boxes were designed accordingly L i R i C i D i Network Security, WS 2008/09 19 Network Security, WS 2008/09 20

6 Extending the ey-length of DES by Multiple ion The Advanced ion Standard AES (1) Triple encryption scheme, as proposed by W. Tuchman in 1979: C = E( 3, D( 2, E( 1, P))) The use of the decryption function D in the middle allows to use triple encryption devices with peers that only own single encryption devices by setting 1 = 2 = 3 (backwards compatibility with DES) Triple encryption can be used with two (set 1 = 3 ) or three different keys There are no known practical attacks against this scheme up to now Drawback: the performance is only 1/3 of that of single encryption, so it should be a better idea to use a different cipher, which offers a bigger keylength right away Jan. 1997: the National Institute of Standards and Technology (NIST) of the USA announces the AES development effort. The overall goal is to develop a Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive government information well into the next century. The algorithm(s) is expected to be used by the U.S. Government and, on a voluntary basis, by the private sector. Sep. 1997: formal call for algorithms, open to everyone on earth AES would specify an unclassified, publicly disclosed encryption algorithm(s), available royalty-free, worldwide. The algorithm(s) must implement symmetric key cryptography as a block cipher and (at a minimum) support block sizes of 128-bits and key sizes of 128-, 192-, and 256-bits. Aug. 1998: first AES candidate conference NIST announces the selection of 15 candidate algorithms Demand for public comments Network Security, WS 2008/09 21 Network Security, WS 2008/09 22 The Advanced ion Standard AES (2) The Advanced ion Standard AES (3) Mar. 1999: second AES candidate conference Discussion of results of the analysis conducted by the global cryptographic community on the candidate algorithms. April 1999: Using the analyses and comments received, NIST selects five algorithms as finalist candidates: MARS, RC6, Rijndael, Serpent, and Twofish Demand for public comments on any aspect of the finalists: Cryptanalysis Implementation issues Intellectual property & Overall recommendations May 2000: third AES candidate conference October 2000: Rijndael is announced as NIST s proposal for AES 28. February 2001: draft FIPS standard is published [AES01a] 29. May 2001: comment period ends 26. November 2001: official announcement of the AES standard ey and block lengths: ey Length: 128, 192, or 256 bit Block Length: 128, 192, or 256 bit In the following only 128 bit is considered Number of rounds: 10 (for block and key size of 128 bit) Rounds 1-9 make use of four different operations: ByteSub: a non-linear byte substitution (basically an s-box) ShiftRow: the rows of the state are cyclically shifted by various offsets MixColumn: an operation based on polynomial algebra Roundey: a round-key is XORed with the state Round 10 does not make use of the MixColumn operation Network Security, WS 2008/09 23 Network Security, WS 2008/09 24

7 The Advanced ion Standard AES (4) Structure of one Round in Rijndael Properties of AES No successful attacks known so far. Roughly 3 times the speed of DES (200 MBit/s vs. 80 MBit/s) Can be used in CBC of CTR modes in communication. Elegant algebraic structure: uses properties of GF(2 8 ). Highly parallel architecture. (source: Rijndael, a presentation by J. Daemen and V. Rijmen) Network Security, WS 2008/09 25 Network Security, WS 2008/09 26 The Stream Cipher Algorithm RC4 RC4 ion RC4 is a stream cipher that has been invented by Ron Rivest in 1987 It was proprietary until 1994 when someone posted it anonymously to a mailing list RC4 runs in OFB mode It uses a pseudo-random number generator (PRNG) for generating a key stream of arbitrary length An initial state S 0 of a pseudo-random-bit generator is set using the key and an initialization vector IV. At each iteration a pseudo-random key k j and a new state s j+1 is generated. The k j are concatenated together in order to build the key stream The plaintext P is XORed with the key stream to obtain the cipher text and vice versa: C= P RC4(IV,) P = C RC4(IV,) IV, P RC4 Pseudorandom-bit-generator ey stream RC4 ion Block Diagram C Network Security, WS 2008/09 27 Network Security, WS 2008/09 28

8 Security of RC4 (In)security of RC4 (1) RC4 uses a variable length key up to 2048 bit The key serves as the seed for a pseudo-random-bit-generator The variable key length of up to 2048 bit allows to make brute force attacks impractical (at least with the resources available in our universe) RSA Data Security, Inc. claims that RC4 is immune to differential and linear cryptanalysis Moreover, no small cycles in the generated pseudo-numbers are known: Analysis shows that the period of the cipher is overwhelmingly likely to be greater than ( The IV must be different for each message P i Otherwise a simple known plaintext attack is possible: Assume an attacker can guess a plain text Note: It can happen quite often that the plain text can be guessed although it is encrypted. e.g. DNS requests, ARP requests. IP headers can be also easily guessed. Let the same IV being used for encrypting occur again when a later message needs to be encrypted: IV 1 = IV 2 Then = RC4(IV 1, ) RC4(IV 2, ) = RC4(IV 1, ) RC4(IV 2, ) = RC4(IV 1, ) RC4(IV 1, ) = Then = Network Security, WS 2008/09 29 Network Security, WS 2008/09 30 (In)security of RC4 (2) ey length RC4 with a 40 bit key was a default algorithm for the Secure Socket Layer (SSL) protocol, which has been designed to secure HTTP transfers. 40-bit key length is not immune against brute-force attacks Currently, the use of RC4 with 40-bits keys is deprecated (In)security of RC4 (2) Fluhrer-Mantin-Shamir Attack [FMS01a] : Over all possible RC4 keys, the statistics for the first few bytes of output keystream are strongly non-random, leaking information about the key. If the long-term key and nonce are simply concatenated to generate the RC4 key, this long-term key can be discovered by analysing large number of messages encrypted with this key. The reaction of Ron Rivest to this attack was that applications using RC4 can defend against it by discarding the initial portion of the keystream (say the first 1024 bytes) before using it (RC4drop[n]). lein s attack: There are correlations between the internal state of RC4 and the bytes in the key stream. As a result, the key can be recovered from a sufficiently large number of observed cipher text messages. Used to break WEP encryption Network Security, WS 2008/09 31 Network Security, WS 2008/09 32

9 Additional References [AES01a] National Institute of Standards and Technology (NIST). Specification for the Advanced ion Standard (AES). Federal Information Processing Standards Publication, February [DR97a] J. Daemen, V. Rijmen. AES Proposal: Rijndael [FMS01a] S. Fluhrer, I. Mantin, A. Shamir. Weaknesses in the ey Scheduling Algorithm of RC4. Eighth Annual Workshop on Selected Areas in Cryptography, August [Riv01a] R. Rivest. RSA Security Response to Weaknesses in ey Scheduling Algorithm of RC [SIR01a] A. Stubblefield, J. Ioannidis, A. D. Rubin. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. AT&T Labs Technical Report TD-4ZCPZZ, August Network Security, WS 2008/09 33

### Network Security. Chapter 2 Basics 2.1 Symmetric Cryptography. Cryptographic algorithms: outline. Basic Terms: Block cipher and Stream cipher

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Cryptographic algorithms: outline Network Security Cryptographic Algorithms Chapter 2 Basics 2.1 Symmetric

### F3 Symmetric Encryption

F3 Symmetric Encryption Cryptographic Algorithms: Overview During this course two main applications of cryptographic algorithms are of principal interest: Encryption of data: transforms plaintext data

### The Data Encryption Standard (DES)

The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric

### Shift Cipher. Ahmet Burak Can Hacettepe University. Substitution Cipher. Enigma Machine. How perfect secrecy can be satisfied?

One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Basic Ciphers Shift Cipher Brute-force attack can easily break Substitution Cipher Frequency analysis

### Stream Ciphers. Example of Stream Decryption. Example of Stream Encryption. Real Cipher Streams. Terminology. Introduction to Modern Cryptography

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function

### Chapter 10 Security of Wireless LAN

Chapter 10 Security of Wireless LAN WEP WPA WPA2 [NetSec], WS 2008/2009 10.1 WLAN Authentication and Encryption WEP (Wired Equivalent Privacy) First Generation One way shared key authentication RC4 encryption

### 1 Data Encryption Algorithm

Date: Monday, September 23, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on the Data Encryption Standard (DES) The Data Encryption Standard (DES) has been

### Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Network Security Chapter 15 Security of Wireless Local Area Networks Network Security WS 2002: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control MAC and physical characteristics

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard

### Lecture 4 Data Encryption Standard (DES)

Lecture 4 Data Encryption Standard (DES) 1 Block Ciphers Map n-bit plaintext blocks to n-bit ciphertext blocks (n = block length). For n-bit plaintext and ciphertext blocks and a fixed key, the encryption

### The Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) All of the cryptographic algorithms we have looked at so far have some problem. The earlier ciphers can be broken with ease on modern computation systems. The DES

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### The Advanced Encryption Standard: Four Years On

The Advanced Encryption Standard: Four Years On Matt Robshaw Reader in Information Security Information Security Group Royal Holloway University of London September 21, 2004 The State of the AES 1 The

### Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

### Applied Cryptology. Ed Crowley

Applied Cryptology Ed Crowley 1 Basics Topics Basic Services and Operations Symmetric Cryptography Encryption and Symmetric Algorithms Asymmetric Cryptography Authentication, Nonrepudiation, and Asymmetric

### 6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a

### Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction

### Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

### Computer Science A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

### EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

### CRYPTOGRAPHIC ALGORITHMS (AES, RSA)

CALIFORNIA STATE POLYTECHNIC UNIVERSITY, POMONA CRYPTOGRAPHIC ALGORITHMS (AES, RSA) A PAPER SUBMITTED TO PROFESSOR GILBERT S. YOUNG IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE COURSE CS530 : ADVANCED

### Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon

### CRYPTOGRAPHIC PRIMITIVES AN INTRODUCTION TO THE THEORY AND PRACTICE BEHIND MODERN CRYPTOGRAPHY

CRYPTOGRAPHIC PRIMITIVES AN INTRODUCTION TO THE THEORY AND PRACTICE BEHIND MODERN CRYPTOGRAPHY Robert Sosinski Founder & Engineering Fellow Known as "America's Cryptologic Wing", is the only Air Force

### Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

### The Misuse of RC4 in Microsoft Word and Excel

The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft

### Network Security. Chapter 15. Security of Wireless Local Area Networks. Network Security (WS 2005): 15 Wireless LAN Security 1 Dr.-Ing G.

Network Security Chapter 15 Security of Wireless Local Area Networks Network Security (WS 2005): 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control (MAC) and physical

### A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR William Stallings Copyright 20010 H.1 THE ORIGINS OF AES...2 H.2 AES EVALUATION...3 Supplement to Cryptography and Network Security, Fifth Edition

ADVANCED ENCRYPTION STANDARD (AES) Tran Song Dat Phuc Department of Computer Science and Engineering Seoul National University of Science and Technology 2013-2014 Outline AES History AES Operations Advanced

### CS 392/681 Computer Security. Module 1 Private Key Cryptography

CS 392/681 Computer Security Module 1 Private Key Cryptography Logistics Office hours - Thursday 5 to 6 (tentative). Welcome to walk in anytime. Emails until midnight. AIM: evilproffy. Lab 0 due date postponed

### Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

Network Security Chapter 15 Security of Wireless Local Area Networks Network Security (WS 2003: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control (MAC and physical characteristics

### The Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) Conception - Why A New Cipher? Conception - Why A New Cipher? DES had outlived its usefulness Vulnerabilities were becoming known 56-bit key was too small Too slow

### Secret File Sharing Techniques using AES algorithm. C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002

Secret File Sharing Techniques using AES algorithm C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002 1. Feature Overview The Advanced Encryption Standard (AES) feature adds support

### APNIC elearning: Cryptography Basics. Contact: esec02_v1.0

APNIC elearning: Cryptography Basics Contact: training@apnic.net esec02_v1.0 Overview Cryptography Cryptographic Algorithms Encryption Symmetric-Key Algorithm Block and Stream Cipher Asymmetric Key Algorithm

### Network Security - ISA 656 Introduction to Cryptography

Network Security - ISA 656 Angelos Stavrou September 18, 2007 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let

### Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

### IJESRT. [Padama, 2(5): May, 2013] ISSN: 2277-9655

IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY Design and Verification of VLSI Based AES Crypto Core Processor Using Verilog HDL Dr.K.Padama Priya *1, N. Deepthi Priya 2 *1,2

### Network Security. Modes of Operation. Steven M. Bellovin February 3, 2009 1

Modes of Operation Steven M. Bellovin February 3, 2009 1 Using Cryptography As we ve already seen, using cryptography properly is not easy Many pitfalls! Errors in use can lead to very easy attacks You

### Cryptography and Network Security Block Cipher

Cryptography and Network Security Block Cipher Xiang-Yang Li Modern Private Key Ciphers Stream ciphers The most famous: Vernam cipher Invented by Vernam, ( AT&T, in 1917) Process the message bit by bit

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

### Security of Wireless Local Area Network (WLAN)

Adrián Lachata, Štefan Pero Abstract. This paper deals with security of WLAN. This network uses standard IEEE 802.11. We will explain cipher algorithm RC4 and communication between client and Access Point

### Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm

Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers

### ARCHIVED PUBLICATION

ARCHIVED PUBLICATION The attached publication, FIPS Publication 46-3 (reaffirmed October 25, 1999), was withdrawn on May 19, 2005 and is provided here only for historical purposes. For related information,

### Password-based encryption in ZIP files

Password-based encryption in ZIP files Dmitri Gabbasov December 15, 2015 Abstract In this report we give an overview of the encryption schemes used in the ZIP file format. We first give an overview of

### Symmetric and asymmetric cryptography overview

Symmetric and asymmetric cryptography overview Modern cryptographic methods use a key to control encryption and decryption Two classes of key-based encryption algorithms symmetric (secret-key) asymmetric

### AES Cipher Modes with EFM32

AES Cipher Modes with EFM32 AN0033 - Application Note Introduction This application note describes how to implement several cryptographic cipher modes with the Advanced ion Standard (AES) on the EFM32

### Design and Verification of Area-Optimized AES Based on FPGA Using Verilog HDL

Design and Verification of Area-Optimized AES Based on FPGA Using Verilog HDL 1 N. Radhika, 2 Obili Ramesh, 3 Priyadarshini, 3 Asst.Profosser, 1,2 M.Tech ( Digital Systems & Computer Electronics), 1,2,3,

6.857 Computer and Network Security Fall Term, 1997 Lecture 4 : 16 September 1997 Lecturer: Ron Rivest Scribe: Michelle Goldberg 1 Conditionally Secure Cryptography Conditionally (or computationally) secure

### Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

CS-4920: Lecture 7 Secret key cryptography Reading Chapter 3 (pp. 59-75, 92-93) Today s Outcomes Discuss block and key length issues related to secret key cryptography Define several terms related to secret

### A Secure Software Implementation of Nonlinear Advanced Encryption Standard

IOSR Journal of VLSI and Signal Processing (IOSR-JVSP) ISSN: 2319 4200, ISBN No. : 2319 4197 Volume 1, Issue 5 (Jan. - Feb 2013), PP 44-48 A Secure Software Implementation of Nonlinear Advanced Encryption

### Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.

Introduction Within the last ten years, there has been a vast increase in the accumulation and communication of digital computer data in both the private and public sectors. Much of this information has

### Network Security. Omer Rana

Network Security Omer Rana CM0255 Material from: Cryptography Components Sender Receiver Plaintext Encryption Ciphertext Decryption Plaintext Encryption algorithm: Plaintext Ciphertext Cipher: encryption

### Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key

Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key Julia Juremi Ramlan Mahmod Salasiah Sulaiman Jazrin Ramli Faculty of Computer Science and Information Technology, Universiti Putra

### lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are

### CCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE 802.11i): A Comparison with DES and RSA

Journal of Computer Science Original Research Paper CCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE 802.11i): A Comparison with DES and RSA 1 Velayutham, R. and 2 D. Manimegalai

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Implementation of Full -Parallelism AES Encryption and Decryption

Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption

### 7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

### AN RC4 BASED LIGHT WEIGHT SECURE PROTOCOL FOR SENSOR NETWORKS

AN RC4 BASED LIGHT WEIGHT SECURE PROTOCOL FOR SENSOR NETWORKS Chang N. Zhang and Qian Yu Department of Computer Science, University of Regina 3737 Wascana Parkway, Regina, SK S4S 0A2 Canada {zhang, yu209}@cs.uregina.ca

### Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer

### Properties of Secure Network Communication

Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,

### Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

### Lecture 5 - Cryptography

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

### AT&T Labs Technical Report TD-4ZCPZZ. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP

AT&T Labs Technical Report TD-4ZCPZZ Using the Fluhrer, Mantin, and Shamir Attack to Break WEP August 6, 2001 Adam Stubblefield John Ioannidis Aviel D. Rubin Rice University AT&T Labs Research, Florham

### Cryptography and Network Security Chapter 6

Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 6 Block Cipher Operation Many savages at the present day regard

### Crypto Basics. Ed Crowley. Spring 2010

Crypto Basics Ed Crowley Spring 2010 Kerckhoff s Principle Symmetric Crypto Overview Key management problem Attributes Modes Symmetric Key Algorithms DES Attributes Modes 3DES AES Other Symmetric Ciphers

### Overview of Symmetric Encryption

CS 361S Overview of Symmetric Encryption Vitaly Shmatikov Reading Assignment Read Kaufman 2.1-4 and 4.2 slide 2 Basic Problem ----- ----- -----? Given: both parties already know the same secret Goal: send

### IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

### Network Security: Secret Key Cryptography

1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 c 1999-2000, Henning Schulzrinne Last modified September

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Overview of Classification of Encryption Methods and Survey on the Different Block Ciphers

Overview of Classification of Encryption Methods and Survey on the Different Block Ciphers Smitha Dept. of CSE, SSE Srinivas school of Engineering Mangalore, Karnataka, India Prof. Kishore Baglodi Dept.

### 9/17/2015. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics IT443 Network Security Administration Instructor: Bo Sheng Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions 1 2 Encryption/Decryption

### IEEE P Wireless Sensor Interface Working Group. Security Proposal Revision 1.10

Document number: P1451.5-Prop1_V1 IEEE P1451.5 Wireless Sensor Interface Working Group Security Proposal Revision 1.10 Updated 4/8/03 Prepared by: R. K. Coleman 3e Technologies International, Inc. 700

### CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

### AES1. Ultra-Compact Advanced Encryption Standard Core. General Description. Base Core Features. Symbol. Applications

General Description The AES core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. Basic core is very small (start at 800 Actel tiles). Enhanced versions

### Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

Cryptography some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) modern secret key cryptography DES, AES public key cryptography RSA, digital signatures cryptography in practice

### Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We

### A Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.

A Comparative Study Of Two Symmetric Algorithms Across Different Platforms. Dr. S.A.M Rizvi 1,Dr. Syed Zeeshan Hussain 2 and Neeta Wadhwa 3 Deptt. of Computer Science, Jamia Millia Islamia, New Delhi,

### Network Security Technology Network Management

COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission

### Chapter 8. Network Security

Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### Data Encryption A B C D E F G H I J K L M N O P Q R S T U V W X Y Z. we would encrypt the string IDESOFMARCH as follows:

Data Encryption Encryption refers to the coding of information in order to keep it secret. Encryption is accomplished by transforming the string of characters comprising the information to produce a new

### encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit

Overview of the DES Introduction to Computer Security Lecture 6 Cryptography October 2, 2003 A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher

### AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

HYBRID RSA-AES ENCRYPTION FOR WEB SERVICES AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES Kalyani Ganesh

### Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

### Today ENCRYPTION. Cryptography example. Basic principles of cryptography

Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use

### The Encryption Technology of Automatic Teller Machine Networks

Software Engineering 4C03 Winter 2005 The Encryption Technology of Automatic Teller Machine Networks Researcher: Shun Wong Last revised: April 2nd, 2005 1 Introduction ATM also known as Automatic Teller

### WLAN Security. 1. WEP Problems

WLAN Security 1. WEP Problems 2006/4/1 Content In this chapter a detailed overview about today's WLAN security problems and solutions are presented. This subchapter provides an introduction into WEP, the

### The design objectives of WEP as per section on of the 1999 IEEE standard states the following:

IEEE 802.11 WEP (Wired Equivalent Privacy) Concepts and Vulnerability by Shivaputrappa Vibhuti San Jose State University, CA, USA. Shivu.Vibhuti@sun.com CS265 Spring 2005 Abstract The wireless networking

### Improving Performance of Secure Data Transmission in Communication Networks Using Physical Implementation of AES

Improving Performance of Secure Data Transmission in Communication Networks Using Physical Implementation of AES K Anjaneyulu M.Tech Student, Y.Chalapathi Rao, M.Tech, Ph.D Associate Professor, Mr.M Basha,

### MAC. SKE in Practice. Lecture 5

MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve

### The Elements of Cryptography

The Elements of Cryptography (March 30, 2016) Abdou Illia Spring 2016 Learning Objectives Discuss Cryptography Terminology Discuss Symmetric Key Encryption Discuss Asymmetric Key Encryption Distinguish

### Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

### CIS433/533 - Computer and Network Security Cryptography

CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and

### Wireless security (WEP) 802.11b Overview

Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set

### Survey on Enhancing Cloud Data Security using EAP with Rijndael Encryption Algorithm

Global Journal of Computer Science and Technology Software & Data Engineering Volume 13 Issue 5 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

### Talk announcement please consider attending!

Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically

### Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/

Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP