Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Similar documents
How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Network Security. Modes of Operation. Steven M. Bellovin February 3,

Network Security - ISA 656 Introduction to Cryptography

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

CS 758: Cryptography / Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Chapter 6 CDMA/802.11i

The Misuse of RC4 in Microsoft Word and Excel

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13


TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Overview of Symmetric Encryption

Network Security: Secret Key Cryptography

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

IT Networks & Security CERT Luncheon Series: Cryptography

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Table of Contents. Bibliografische Informationen digitalisiert durch

Wireless Networks. Welcome to Wireless

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: Web:

Talk announcement please consider attending!

Modes of Operation of Block Ciphers

EXAM questions for the course TTM Information Security May Part 1

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Cryptography and Network Security Block Cipher

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

Cryptographic Engine

The Advanced Encryption Standard (AES)

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

AES Cipher Modes with EFM32

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Evaluation of the RC4 Algorithm for Data Encryption

1 Data Encryption Algorithm

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Lecture 9: Application of Cryptography

Cryptography and Network Security Chapter 12

Properties of Secure Network Communication

Wireless security (WEP) b Overview

CS549: Cryptography and Network Security

Vulnerabilities in WEP Christopher Hoffman Cryptography

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

MAC. SKE in Practice. Lecture 5

Wireless Security. Jason Bonde ABSTRACT. 2. BACKGROUND In this section we will define the key concepts used later in the paper.

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

SSL A discussion of the Secure Socket Layer

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Lecture 4 Data Encryption Standard (DES)

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

CSci 530 Midterm Exam. Fall 2012

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Wireless LAN Security Mechanisms

Security in IEEE WLANs

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

IronKey Data Encryption Methods

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

CS155. Cryptography Overview

CRYPTOGRAPHY IN NETWORK SECURITY

Password-based encryption in ZIP files

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Netzwerksicherheit: Anwendungen

Chapter 8. Network Security

CSE/EE 461 Lecture 23

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

EDA385 Embedded Systems Design. Advanced Course

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Wireless Security: Token, WEP, Cellular

Key Management (Distribution and Certification) (1)

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

Network Security Technology Network Management

Basic Security. Security Service. Authentication. Privacy. Authentication. Data privacy & Data integrity

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

AVR2027: AES Security Module. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

AN3270 Application note

Tutorial 3. June 8, 2015

Overview. SSL Cryptography Overview CHAPTER 1

Message Authentication

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

Secure Sockets Layer

How Things Goes Wrong: Misuse of Cryptography in Secure System Design

Wireless Local Area. Network Security

The Encryption Technology of Automatic Teller Machine Networks

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

Message Authentication Codes. Lecture Outline

Wireless security. Any station within range of the RF receives data Two security mechanism

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Security Protocols/Standards

A Comprehensive Review of Wireless LAN Security and the Cisco Wireless Security Suite

CS Computer Security Third topic: Crypto Support Sys

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Lecture 9 - Network Security TDTS (ht1)

Transcription:

CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1

Secret Key Cryptography Modes of operation Stream cipher 2

Encrypting A Large Message How to encrypt a message > 64 bits? Electronic Code Book (ECB) Cipher Block Chaining (CBC) Output Feedback Mode (OFB) Cipher Feedback Mode (CFB) Counter Mode (CTR) 3

ECB Mode ECB Encryption ECB Decryption Message is broken into 64-bit blocks Each block is independently encoded with the same secret key 4

Pros and Cons of ECB Suitable for use in secure transmission of single values (e.g. an encryption key) Error in one received ciphertext block does not affect the correct decryption of other ciphertext blocks Identical plaintext blocks produce identical ciphertext blocks resulting in recognizable pattern Ciphertext blocks can be easily rearranged or modified 5

CBC Mode CBC Encryption CBC Decryption Selects a random number: IV (initialization vector) that is XORed with the first plaintext block. Why? Then generates its own random numbers: the ciphertext from the previous block, XORed with the next plaintext block 6

Pros and Cons of CBC Suitable for use in general-purpose block-oriented transmission, and authentication The same block repeating in the plaintext will not cause repeats in the ciphertext Subject to modification attack: (but error propagates) Subject to ciphertext block rearranging attack IV: needs to be shared between sender and receiver, either a fixed value or sent encrypted (How to encrypt?) 7

AES Example: ECB vs. CBC AES in ECB mode AES in CBC mode Similar plaintext blocks produce similar ciphertext blocks (not good!) 8

Output Feedback Mode (OFB) k-bit OFB OFB is a stream cipher: encryption is done by XORing plaintext with one-time pad One-time pad: b0 b1 b2 b3, where b0 is a random 64- bit IV, b1 is the secret key encrypted b0, and so on 9

Pros and Cons of OFB Suitable for use in stream-oriented transmission over noisy channel (e.g., satellite communication) One-time pad can be generated in advance, only XOR operations are performed in real-time Bit errors do not propagate: error in one ciphertext block only grables the corresponding plaintext block Message can arrive in arbitrarily sized chunks, get encrypted and transmitted immediately Plaintext modification attack: if attacker knows <plaintext, ciphertext>, he can XOR the plaintext and ciphertext, and XOR the result with any message of his choosing Must not reuse the same IV or secret key (Why?) 10

Cipher Feedback Mode (CFB) k-bit CFB Similar to OFB k bits shifted in the register are the k bits of ciphertext from the previous block (k can be any number: 1, 8, 64, 128, etc.) 11

Pros and Cons of CFB Suitable for use in general-purpose stream-oriented transmission, and authentication Less subject to tampering: with k-bit CFB, the change of any k-bit of plaintext in a predictable way will cause unpredictably garbling the next b/k blocks One-time pad cannot be pre-computed, encryption needs to be done in real-time Error in a k-bit ciphertext block propagates: it garbles the next b/k plaintext blocks 12

Counter Mode (CTR) Counter Mode Similar to OFB Instead of chaining the encryption of one-time pad, the IV is incremented and encrypted to get successive blocks of the one-time pad 13

Pros and Cons of CTR Suitable for use in general-purpose block-oriented transmission, and high speed encryption One-time pad can be pre-computed Decrypting at any point rather than the beginning: ideal for random access applications Hardware/software efficiency: parallel encryption/decryption on multiple blocks of plaintext or ciphertext Provable security: at least as secure as other modes Simplicity: unlike ECB and CBC, no decryption algorithm is needed in CTR Must not reuse the same IV or key, same as OFB An attacker could get the XOR of two plaintext blocks by XORing the two corresponding ciphertext blocks 14

Generating MACs Integrity: protect against undetected modifications, cannot be guaranteed by any mode of operation if attacker knows the plaintext Plaintext + CBC residue (when message not secret) 15

Privacy and Integrity Privacy: CBC encryption Integrity: CBC residue Ciphertext + CBC residue? Encrypt {plaintext + CBC residue}? Encrypt {plaintext + CRC}? 16

Privacy and Integrity (Cont d) Privacy: CBC encryption + Integrity: CBC residue, but with different keys CBC + weak cryptographic checksum CBC + CBC residue with related keys CBC + cryptographic hash OCB: offset codebook mode 17

3DES: CBC Outside vs. Inside CBC on the outside (Why this one?) CBC on the inside 18

Stream Ciphers A key is input into a pseudorandom generator to produce a pseudorandom keystream Pseudorandom stream: unpredictable without knowing key Keystream is bitwise XORed with plaintext stream 19

Design Considerations The encryption sequence should have a large period without repetitions The keystream should approximate the properties of a true random number stream as close as possible Input key need be sufficiently long When properly designed, a stream cipher can be as secure as block cipher of comparable key length Advantage of stream ciphers: almost always faster and use far less code than block ciphers 20

RC4 Designed by Ron Rivest in 1987 for RSA security Variable key-size stream cipher with byte-oriented applications Popular uses: SSL/TLS (Secure Sockets Layer/Transport Layer Security), WEP (Wired Equivalent Privacy) protocol and the newer WiFi Protected Access (WPA) A variable-length key is used to initialize a 256-byte state vector S A byte k is generated from S by selecting one of the 255 entries for encryption/decryption The entries in S are permuted after generating each k 21

RC4 (Cont d) 22

RC4 Keystream Generation 23

Strength of RC4 No practical attack on RC4 is known Must not reuse key A known vulnerability in WEP: relevant to the generation of the key input to RC4 but not RC4 iteself 24

Reading Assignments [Kaufman] Chapter 4 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information