Post on 16-Jan-2016
LuciferDES3DESRC2RC4BlowfishAES...
Symmetric EncryptionFunctions
•M’ = f(M,key)•M = f’(M’,key)•Note:
•Same key encrypts and decrypts
•f=f’ or f≠f’ (some algorithms have a decrypt mode, some don’t need it).
Symmetric Functions: The Big
Idea
•Pencil-and-paper Ciphers, Codebooks, and encryption machines were all symmetric.
•Clearly, if you knew how to encrypt a message, you knew how to decrypt it, right?
Symmetric Algorithms:
History
•Set “code of the day” on dials.
•Later models: Set additional code with plugs and wires.
•Press a button with the letter to encrypt; the encrypted letter lights up.
•Each key press advances the dials
German Enigma Machine
• http://www.math.miami.edu/~harald/enigma/enigma.gif
Inside the Enigma
•Academia largely disinterested
•NSA Largest Employer of mathematicians in the world.
Cryptography after WW2
•IBM hired by Lloyds of London to arrange security for a cash dispensing network (early ATM machines.)
•IBM develops “Lucifer” cipher
•Symmetric Algorithm
•explicit encrypt/decrypt
•112 bit key
•Substitution and transposition within
8-character blocks
Cryptography and IBM
•National Bureau of Standards request proposals for a “Data Encryption Standard.”
•IBM submits Lucifer to NBS
•NBS submits Lucifer to NSA
•NSA returns Lucifer with “tweaks” to substitution boxes and 56-bit key
Cryptography and NBS
•NSA said they made it “better.”•“Better” for who?•56 bit key (was 112)•new sboxes (what was wrong
with old ones?)
Can you trust DES?
•Lucifer was susceptible to differential cryptanalysis.
•NSA couldn’t tell anybody!•Technique was secret until
independently discovered by Adi Shamir
•sbox changes differential cryptanalysis useless against DES
•IBM published a paper on this in the 90s.
You could trust DES.
DES: A Fiestel Cipher
H. Feistel, "Cryptography and Computer Privacy," Scientific American, v. 228, n. 5, May 73, pp. 15-23.
•In the 1980s, it was hypothesized that someone could build a DES-cracking machine for $1M
•In the 1990s, John Gilmore and & EFF built one for $250K. “Deep Crack.” Time to crack a key: 4-7 days. http://www.eff.org/descracker
•Nevertheless, DES is still widely used.
DES cracking
Why?
Is weak crypto better than no
crypto?weak crypto no crypto
stops casual disclosure
doesn’t give people a false sense of
security
gets people used to use crypto
gives people incentive to move to
strong crypto“Most people don’t
need crypto anyway”“so why use it?”
Strengthening DES
•Triple DES (3DES)
•Encrypt, Decrypt, Encrypt
•M’ = f(f’(f(M,K1),K2),K3)
•Set Key1=Key2 for DES compatibility
•3 keys = 168 bits
•“Ron’s Code” #2 & #4
•Secret, proprietary algorithms from RSA Security
RC2, RC4
•Block cipher. Keysize 40-2048 bites
•Revealed in 1996 in anonymous Usenet posting
•Probably leaked by reverse engineering Lotus Notes
•Widely used because of “40-bit compromise” between Software Publisher’s Association and Commerce Department.
RC2
•Very fast stream cipher - generates a pseudorandom stream used for XORing.
•Keysize 40-2048 bites
•Revealed in 1994 in anonymous Usenet posting
•Probably leaked by an engineer at Apple
•Also part of the “40-bit” compromise.
RC4
•Invented by ... Ron Rivest
•Variable Key Size; Variable # of rounds
•Largely academic curiosity
RC5
RC2 & RC4
RC2 RC4 RC5keysize 40-2028
type block cipher stream cipher block cipher
Where Used SSL & S/MIME SSL n/a
ProtectionTrademark & Trade Secret
Trademark Trademark
Speed fast Extremely fast immaterial
AES
•Advanced Encryption Standard
•Multi-year open competition
•Requirements:
•Block cipher.
•Variable-length keys and blocks (128, 192, 256, etc.)
•Good in hardware or software.
AES Finalists
Twofish - Bruce Schneier
RC5 - Ron Rivest
MARS
Rijndael - Vincent Rijmen and Joan Daemen
Interesting things to note about AES
•US picked a foreign-designed cipher as its standard.
•Not a Fiestel cipher. “New Math”
•AES is faster than DES, even with longer keys!
Other Block Ciphers
•CAST-128 (RFC-2144), 64-bit block, 16-round, 128-bit key
•Blowfish (Schneider, 64-bit block, 40-448 bit key)
Openness in Design
•“Finally, I should note that publishing the design of a cipher inherently weakens it by providing an attacker with details of its operation. The most secure approach would be to design a cipher from scratch and keep both the algorithm and the keys secret. While designing a cryptosystem is fairly easy, evaluating it for loopholes is not. Governments and other very large institutions may have the resources to design and evaluate their own cryptosystem, but the rest of us are probably well advised to use published ciphers that have been publicly evaluated for weaknesses.”
http://www.freesoft.org/CIE/Topics/145.htm
Modes of Operation
•Defines how a block cipher is used on data longer than a block.
•A strong cipher can be made less secure (not secure) with a bad mode of operation
Most Important Modes
•ECB - Electronic Code Book
•CBC - Cipher Block Chaining
•CFB - Cipher Feed Back (XOR generator)
•Counter Mode
Electronic Code Book
http://www.freesoft.org/CIE/Topics/143.htm
ECB Demo
original ECB CBC
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Other problems with ECB
•Replay attacks
•Mauling
To: Bank From: ATMAction: DepositAmount: $100.00
To: Bank From: ATMAction: DepositAmount: $900.00
“1” = 0011001“9” = 0011101
Cipher Block Chaining
Cipher Feedback Mode
http://members.chello.at/s.peer/
Counter Mode
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Privacy vs. Integrity
•Need for the two to be distinguished was not evident back in the 1970s.
•In some cases, the ability to change encrypted data may be sufficient.
APIs!
RC4: Easiest there Is
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata);
Note: Decrypt and Encrypt are the same operation!
RC4 in Perl # Functional Style use Crypt::RC4; $encrypted = RC4( $passphrase, $plaintext ); $decrypt = RC4( $passphrase, $encrypted );
# OO Style use Crypt::RC4; $ref = Crypt::RC4->new( $passphrase ); $encrypted = $ref->RC4( $plaintext );
$ref2 = Crypt::RC4->new( $passphrase ); $decrypted = $ref2->RC4( $encrypted );
# process an entire file, $ref3 = Crypt::RC4->new( $passphrase ); while (<FILE>) { print $ref3->RC4($_); }
RC2: Block Encryption is
Harder!void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *key, int enc);void RC2_encrypt(unsigned long *data,RC2_KEY *key);void RC2_decrypt(unsigned long *data,RC2_KEY *key);void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int enc);
EVP: OpenSSL Generic Cipher Algorithms
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
Perl Modules for Symmetric Encryption•Crypt::Blowfish
•Crypt::CAST5
•Crypt::DES
•Crypt::RC4
•Crypt::RC5
•Crypt::RC6
•Crypt::TripleDES
•Crypt::Twofish