Symmetric EncryptionFunctions
Download
Report
Transcript Symmetric EncryptionFunctions
Symmetric
EncryptionFunctions
• Lucifer
• DES
• 3DES
• RC2
• RC4
• Blowfish
• AES
• ...
Symmetric
Functions: The Big
Idea
• M’ = f(M,key)
• M = f’(M’,key)
• Note:
• Same key encrypts and decrypts
• f=f’ or f≠f’ (some algorithms have a
decrypt mode, some don’t need it).
Symmetric
Algorithms: History
• Pencil-and-paper Ciphers, Codebooks,
and encryption machines were all
symmetric.
• Clearly, if you knew how to encrypt a
message, you knew how to decrypt it,
right?
German Enigma Machine
• Set “code of the day”
on dials.
• Later models: Set
additional code with
plugs and wires.
• Press a button with
the letter to encrypt;
the encrypted letter
lights up.
• Each key press
advances the dials
Inside the Enigma
•
http://www.math.miami.edu/~h
arald/enigma/enigma.gif
Cryptography after
WW2
• Academia largely
disinterested
• NSA Largest Employer
of mathematicians in
the world.
Cryptography and
IBM
• IBM hired by Lloyds of London to
arrange security for a cash dispensing
network (early ATM machines.)
• IBM develops “Lucifer” cipher
• Symmetric Algorithm
• explicit encrypt/decrypt
• 112 bit key
• Substitution and transposition within
8-character blocks
Cryptography and
NBS
• National Bureau of Standards request
proposals for a “Data Encryption
Standard.”
• IBM submits Lucifer to NBS
• NBS submits Lucifer to NSA
• NSA returns Lucifer with “tweaks” to
substitution boxes and 56-bit key
Can you trust DES?
• NSA said they made it “better.”
• “Better” for who?
• 56 bit key (was 112)
• new sboxes (what was wrong with old
ones?)
You could trust DES.
• Lucifer was susceptible to differential
cryptanalysis.
• NSA couldn’t tell anybody!
• Technique was secret until
•
•
independently discovered by Adi
Shamir
sbox changes differential cryptanalysis
useless against DES
IBM published a paper on this in the
90s.
DES: A Fiestel
Cipher
H. Feistel, "Cryptography and Computer Privacy," Scientific American, v. 228, n. 5, May 73, pp. 15-23.
DES cracking
• In the 1980s, it was hypothesized that
someone could build a DES-cracking
machine for $1M
• In the 1990s, John Gilmore and & EFF
built one for $250K. “Deep Crack.”
Time to crack a key: 4-7 days.
http://www.eff.org/descracker
• Nevertheless, DES is still widely used.
Why?
Is weak crypto better
than no crypto?
weak crypto
no crypto
stops casual disclosure
doesn’t give people a
false sense of security
gets people used to use gives people incentive to
crypto
move to strong crypto
“Most people don’t need
crypto anyway”
“so why use it?”
Strengthening DES
• Triple DES (3DES)
• Encrypt, Decrypt, Encrypt
• M’ = f(f’(f(M,K ),K ),K )
• Set Key =Key for DES compatibility
• 3 keys = 168 bits
1
1
2
2
3
RC2, RC4
• “Ron’s Code” #2 & #4
• Secret, proprietary algorithms from RSA
Security
RC2
• Block cipher. Keysize 40-2048 bites
• Revealed in 1996 in anonymous Usenet
posting
• Probably leaked by reverse engineering
Lotus Notes
• Widely used because of “40-bit
compromise” between Software
Publisher’s Association and Commerce
Department.
RC4
• Very fast stream cipher - generates a
pseudorandom stream used for
XORing.
• Keysize 40-2048 bites
• Revealed in 1994 in anonymous Usenet
posting
• Probably leaked by an engineer at
Apple
• Also part of the “40-bit” compromise.
RC5
• Invented by ... Ron Rivest
• Variable Key Size; Variable # of rounds
• Largely academic curiosity
RC2 & RC4
RC2
RC4
RC5
40-2028
keysize
type
block cipher
stream cipher
block cipher
Where Used
SSL & S/MIME
SSL
n/a
Protection
Trademark &
Trade Secret
Trademark
Trademark
Speed
fast
Extremely fast
immaterial
AES
• Advanced Encryption Standard
• Multi-year open competition
• Requirements:
• Block cipher.
• Variable-length keys and blocks (128,
192, 256, etc.)
• Good in hardware or software.
AES Finalists
Twofish - Bruce Schneier
RC5 - Ron Rivest
MARS
Rijndael - Vincent Rijmen and Joan
Daemen
Interesting things to
note about AES
• US picked a foreign-designed cipher as its
standard.
• Not a Fiestel cipher. “New Math”
• AES is faster than DES, even with longer
keys!
Other Block Ciphers
• CAST-128 (RFC-2144), 64-bit block, 16round, 128-bit key
• Blowfish (Schneider, 64-bit block, 40448 bit key)
Openness in Design
•“Finally, I should note that publishing the design of a cipher
inherently weakens it by providing an attacker with details of its
operation. The most secure approach would be to design a cipher from
scratch and keep both the algorithm and the keys secret. While
designing a cryptosystem is fairly easy, evaluating it for loopholes is
not. Governments and other very large institutions may have the
resources to design and evaluate their own cryptosystem, but the rest of
us are probably well advised to use published ciphers that have been
publicly evaluated for weaknesses.”
http://www.freesoft.org/CIE/Topics/145.htm
Modes of Operation
• Defines how a block cipher is used on
data longer than a block.
• A strong cipher can be made less
secure (not secure) with a bad mode of
operation
Most Important
Modes
• ECB - Electronic Code Book
• CBC - Cipher Block Chaining
• CFB - Cipher Feed Back (XOR
generator)
• Counter Mode
Electronic Code
Book
http://www.freesoft.org/CIE/Topics/143.htm
ECB Demo
original
ECB
CBC
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Other problems with
ECB To: Bank
• Replay attacks
• Mauling
“1” = 0011001
“9” = 0011101
From: ATM
Action: Deposit
Amount: $100.00
To: Bank
From: ATM
Action: Deposit
Amount: $900.00
Cipher Block
Chaining
Cipher Feedback
Mode
http://members.chello.at/s.peer/
Counter Mode
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Privacy vs. Integrity
• Need for the two to be distinguished
was not evident back in the 1970s.
• In some cases, the ability to change
encrypted data may be sufficient.
RC4: Easiest there Is
void RC4_set_key(RC4_KEY *key, int len,
const unsigned char *data);
void RC4(RC4_KEY *key, unsigned long len,
const unsigned char *indata,
unsigned char *outdata);
Note: Decrypt and Encrypt are the same operation!
RC4 in Perl
# Functional Style
use Crypt::RC4;
$encrypted = RC4( $passphrase, $plaintext );
$decrypt = RC4( $passphrase, $encrypted );
# OO Style
use Crypt::RC4;
$ref = Crypt::RC4->new( $passphrase );
$encrypted = $ref->RC4( $plaintext );
$ref2 = Crypt::RC4->new( $passphrase );
$decrypted = $ref2->RC4( $encrypted );
# process an entire file,
$ref3 = Crypt::RC4->new( $passphrase );
while (<FILE>) {
print $ref3->RC4($_);
}
RC2: Block
Encryption is Harder!
void RC2_set_key(RC2_KEY *key, int len,
const unsigned char *data,int bits);
void RC2_ecb_encrypt(const unsigned char *in,
unsigned char *out,
RC2_KEY *key, int enc);
void RC2_encrypt(unsigned long *data,RC2_KEY *key);
void RC2_decrypt(unsigned long *data,RC2_KEY *key);
void RC2_cbc_encrypt(const unsigned char *in,
unsigned char *out, long length,
RC2_KEY *ks, unsigned char *iv, int enc);
EVP: OpenSSL Generic
Cipher Algorithms
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv, int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
Perl Modules for
Symmetric
Encryption
• Crypt::Blowfish
• Crypt::CAST5
• Crypt::DES
• Crypt::RC4
• Crypt::RC5
• Crypt::RC6
• Crypt::TripleDES
• Crypt::Twofish