Cryptography and Key Management
Unit - 3
1
Outline
Basics of cryptography
Symmetric Cryptography (DES, Triple DES, AES, Key
distribution)
Asymmetric cryptography
 Public and private keys
 RSA
 Elliptic curve
 Hash function
 Digital signatures
 PKI
Applied cryptography
2
Why Cryptography?
Cryptography is a component of many security systems
It applies to numerous aspects of the security models (
Confidentiality, Authentication, Integrity, Authorization, Nonrepudiation)
Desired Property
Threat
Solution
Confidentiality
Disclosure
Encryption for secrecy
Disguising traffic
patterns
Authentication
Spoofing
Digital signature
Integrity
Modification,
replay
Message digests, hashing,
time stamps
Non-repudiation
Denial
Digital signature
3
Cryptosystem
A cryptosystem is a 5-tuples consisting of
(E,D,M,K,C)
Where
E : Encryption Algorithm
D: Decryption Algorithm
M: Set of planetext
K: Set of Keys
C: Set of Ciphers
E: M X K -> C, D: C X K -> M
4
Encryption Terms and Operations
Plaintext – an original message
Ciphertext – an encrypted message
Encryption – the process of transforming plaintext
into ciphertext (also encipher)
Decryption – the process of transforming
ciphertext into plaintext (also decipher)
Encryption key – the text value required to encrypt
and decrypt data
5
Key
 A key is an input to a cryptographic algorithm used
to obtain confidentiality, integrity, Authenticity or
other property over some data
 The security of the cryptosystem often depends on keeping
the key secret to some set of parties
 The keyspace is the set of all possible keys
 Entropy is a measure of the variance in keys (typically
measured in bits)
Keys are often stored in some secure place:
passwords, disk keyrings, smartcards, certificates…
6
What Is Cryptography
Cryptography is the science of hiding information in
plain sight, in order to conceal it from unauthorized
parties.
Substitution cipher first used by Caesar
for battlefield communications
7
Secure Communications
Encryption Key
Alice
plaintext
Encrypt
Mallory/
Oscar
Decryption Key
ciphertext
Eve
Decrypt
Bob
Enemy or
Adversary
Fig. Basic Communication Scenario
8
Eve’s Goals
1. Read the message
2. Figure out the key Alice is using and read all the messages
encrypted with that key
3. Modify the content of the message in such a way that
Bob will think Alice sent the altered message.
4. Impersonate(imitate) Alice and communicate with Bob who
thinks: he is communicating with Alice.
Oscar is a passive observer who is trying to perform (1) and (2).
Mallory is more active and evil who is trying to perform
(3) And (4).
9
Attack Methods
1. Ciphertext only: Alice has only a copy of ciphertext
2. Known Plaintext: Eve has a copy of ciphertext and the
corresponding plaintext and tries to deduce the key.
3. Chosen Plaintext: Eve has a copy of ciphertext
corresponding to a copy of plaintext selected by Alice who
believes it is useful to deduce the key.
4. Chosen Ciphertext: Eve has a copy of plaintext
corresponding to a copy of ciphertext selected by Alice
who believes it is useful to deduce the key.
10
Encryption
Methodologies
11
Types of Encryption
Block cipher
Encrypts blocks of data, often 128 bits
Stream cipher
Operates on a continuous stream of data
12
Block Ciphers
Encrypt and decrypt a block of data at a time
Typically 128 bits
Typical uses for block ciphers
Files, e-mail messages, text communications, web
Well known encryption algorithms
DES, 3DES, AES, CAST, Twofish, Blowfish, Serpent
13
Stream Ciphers
Used to encrypt a continuous stream
of data, such as an audio or video transmission
A stream cipher is a substitution cipher that typically uses an exclusive-or
(XOR) operation that can be performed very quickly by a computer.
Plaintext 1
1
0
1
0
0
1
1
0
1
0
0
1
1
0
0
Key 0
1
1
0
1
0
0
1
0
1
1
0
1
0
1
0
Ciphertext 1
0
1
1
1
0
1
0
0
0
1
0
0
1
1
0
Encryption: simple XOR with key
Ciphertext 1
0
1
1
1
0
1
0
0
0
1
0
0
1
1
0
Key 0
1
1
0
1
0
0
1
0
1
1
0
1
0
1
0
Plaintext 1
1
0
1
0
0
1
1
0
1
0
0
1
1
0
0
Decryption: simple XOR with the same key
14
Encryption Algorithm
Algorithm used to make content unreadable by all
but the intended receivers
 E(key, plaintext) = ciphertext
 D(key, ciphertext) = plaintext
Block vs. Stream Ciphers
 Block: input is fixed blocks of same length
 Stream: stream of input
15
Substitution Cipher
Plaintext characters are substituted to form ciphertext
“A” becomes “R”, “B” becomes “G”, etc.
Character rotation
 Caesar rotated three to the right
(A > D, B > E, C > F, etc.)
A table or formula is used
ROT13 is a Caesar cipher
Subject to frequency analysis
attack
16
Caesar Cipher
 Substitution cipher
Every character is replaced with the character
three slots to the right
17
Transposition Cipher
Plaintext messages are transposed into ciphertext,
Scrambles the symbols to produce output
The key is the permutation of symbols
Plaintext:
Write into columns going down
Read from columns to the right
Ciphertext:
AKCNBTAEORTTVRIAOITDCNAHG
A
K
C
N
B
T
A
E
O
R
T
T
V
R
I
A
O
I
T
D
C
N
A
H
G
Subject to frequency analysis
attack
18
Mono-alphabetic Cipher
One alphabetic character is substituted
or another
Caesar right-three shift:
Or a more random scheme:
A B C D E F G H I J … Z
A B C D E F G H I J … Z
D E F G H I J K L M… C
W E R T B N P Q C U … X
Subject to frequency analysis attack
19
Polyalphabetic Cipher
Two or more substitution alphabets
… Z
Plaintext A B C
D
E
F
G H
I
Alpha 1 W E R
T
B
N
P
Q
C … X
Alpha 2 R B
I
K
Q D
X
U
N … E
Alpha 3 V B D
R
H W A
X
I
Alpha 4 M U T
X
D G
P
O
W … F
Alpha 5 Y D V
B
J
K
E
Z
I
… U
… O
CAGED becomes RRADB
Not subject to frequency attack
20
Running-key Cipher
Plaintext letters converted to numeric (A=0, B=1, etc.)
Plaintext values “added” to key values giving ciphertext
Modulo arithmetic is used to keep results in range 0-26
 Add 26 if results < 0; subtract 26 if results > 26
Plaintext
A
T
T
A
C
K
A
T
O
N
C
E
V
I
A
N
Key
S
E
C
R
E
T
S
E
C
R
E
T
S
E
C
R
Plaintext
0
19
19
0
2
10
0
19
14
13
2
4
21
8
0
13
Key 18
4
2
17
4
19
18
4
2
17
4
19
18
4
2
17
Sum
18
23
21
17
6
3
18
23
16
4
7
23
11
12
2
4
Ciphertext
S
X
V
R
G
D
S
X
Q
E
H
X
L
M
C
E
21
One-time Pad
Assume you have a secret bit string s of length n
known only to two parties, Alice and Bob
Alice sends a message m of length of n to bob
Alice uses the following encryption function to
generate ciphertext c
forall i=1 to n : ci = mi ⊕ si
XOR the data with the secret bit string
Plaintext
A
T
T
A
C
K
A
T
O
N
C
E
V
I
A
N
Key
X
V
G
J
E
R
I
O
Q
W
J
P
E
K
A
F
Plaintext
0
19
19
0
2
10
0
19
14
13
2
4
21
8
0
13
Key
23
21
6
9
3
17
8
14
16
22
9
15
4
10
0
5
Sum
23
14
25
9
5
1
8
7
4
9
11
19
25
18
0
18
Ciphertext
X
O
Z
J
F
B
I
H
E
J
L
T
Z
U
A
U
22
Cryptography-Types
23
Symmetric key
A common secret that all parties must know
Difficult to distribute key securely
Used by DES, 3DES, AES, Twofish, Blowfish, IDEA, RC5
Secret Key
Secure Channel
Cleartext
Message
Encrypt
Ciphertext
Decrypt
Cleartext
Message
0954D-1
Fig. Symmetric cryptography
24
Asymmetric key
Public / private key
Keys mathematically tied together
Openly distribute public key to all parties
Keep private key secret
Anyone can use your public key to send you a message
Used by RSA. El Gamal, Elliptic Curve
Recipient’s
Public Key
Cleartext
Message
Originator
Encrypt
Recipient’s
Private Key
Ciphertext
Decrypt
Cleartext
Message
Recipient
Fig. Asymmetric cryptography
25
Adding Authenticity
Digital signatures
used to verify authenticity of origin
Originator’s
Private Key
Cleartext
Message
Originator
Sign
Originator’s
Public Key
Originator’s
Signed Message
Verify
Cleartext
Message
Recipient
27
Using Symmetric and Asymmetric Together
Key exchange using
asymmetric
cryptography
Uses asymmetric keys to
distribute bulk encryption
keys
Allows rapid distribution
of short-term keys
Recipient’s
Public Key
Session
Key
Cleartext
Message
Originator
Encrypt
Encrypt
Recipient’s
Private Key
Ciphertext
Ciphertext
Decrypt
Decrypt
Session
Key
Cleartext
Message
Recipient
28
Symmetric
Cryptography
29
Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-key block
cipher published by the National Institute of Standards and
Technology (NIST).
Signaled the beginning of the modern area of cryptography
In 1973, NIST published a request for proposals for a national
symmetric-key cryptosystem.
Block cipher - Fixed sized input
8-byte input and a 8-byte key (56-bits+8 parity bits)
30
DES Overview
Figure Encryption and decryption with DES
31
DES Structure
The encryption process is made of two permutations (P-boxes),
which we call initial and final permutations, and sixteen rounds of
complex key dependent calculation.
32
DES - Basics
Fundamentally DES performs only two operations on
its input, bit shifting (permutation), and bit substitution.
The key controls exactly how this process works.
By doing these operations repeatedly and in a nonlinear manner you end up with a result which can not
be used to retrieve the original without the key.
By applying relatively simple operations repeatedly a
system can achieve a state of near total randomness.
33
DES
Initial round permutes input,
then 16 rounds
Each round key (ki) is 48 bits of
input key
Function f is a substitution
table (s-boxes)
34
DES Key Processing
The key is usually stored as a 64-bit number, where every
eighth bit is a parity bit.
The parity bits are pitched during the algorithm, and the
56-bit key is used to create 16 different 48-bit subkeys - one
for each round.
Subkeys Generation
 First, the key is loaded according to the PC-1 and then halved.
 Then each half is rotated by 2 bits in every round except the first,
second, 9th and last rounds.
 The reason for this is that it makes it secure against related-key
cryptanalysis.
 Then 48 of the 56 bits are chosen according to a compression
permutation.
35
The Key Schedule
The subkeys used by the 16 rounds are formed by
the key schedule which consists of:
 An initial permutation of the key (PC1) which selects 56bits in two 28-bit halves
 16 stages consisting of
selecting 24-bits from each half and permuting them
by PC2 for use in function f,
rotating each half either 1 or 2 places depending on
the key rotation schedule KS
36
Security of DES
DES, as the first important block cipher, has gone
through much scrutiny. Among the attempted
attacks, three are of interest: brute-force,
differential cryptanalysis, and linear cryptanalysis.
1. Brute-Force Attack
2. Differential Cryptanalysis
3. Linear Cryptanalysis
6.37
DES- Current State
Currently DES is no longer certified for US federal use.
The availability of faster hardware, and access to large
distributed systems meant that 56-bit DES keys could be
recovered by brute force searches in an unreasonably short
time (days or even hours).
DES should almost certainly not be used in any new product,
and should not be used in existing products to protect
information with a lifetime of more than a few minutes.
38
3DES or Triple-DES
Triple-DES is a block cipher, which applies the Data
Encryption Standard (DES) cipher algorithm three
times to each data block.
 DES used a single 56-bit key.
3DES uses three 56-bit keys (often just referred to as a
3DES key), and performs three rounds of DES operations on
the data.
The result is that DES technology could be used until long
term solution (the Advanced Encryption Standard) is found.
39
3DES
A typical process of 3DES is known as EDE (EncryptDecrypt-Encrypt).
In this case, the first and third keys are equal, so the
effective key length is 112-bits.
In the first operation, the plaintext is encrypted with the
first DES key, K1.
40
3DES
In the second step, the results of the first step, C1, is
decrypted using the second key, K2
Since K2 ≠ K1, this does not result in the original
plaintext message.
41
3DES
In the final step, the results of the second step, C2, is
encrypted using the third key, K3
The output ciphertext C3 is the final encrypted
message.
Recall that K3 = K1 in this case, so even though there
are three 56-bit keys, the effective key length is only
112-bits.
42
3DES or Triple-DES
Decryption in this case follows the reverse of the encryption process, as
shown below.
43
3DES or Triple-DES
Although the length of the key has doubled, there
are 256 (= 72,057,594,037,927,936) times as many
keys.
Therefore a brute force search for a 3DES-EDE key would
take 256 times longer on the same hardware than a brute
force search for a DES key.
3DES is still an acceptable encryption method.
44
AES
DES is near end of useful life
NIST has begun process to look for successor to DES
The Advanced Encryption Standard (AES) was the result of an
open international search organized by NIST for a replacement
for DES.
AES Process:
Proposals submitted 3/98
AES Workshop - 8/98
15 proposals selected
Key sizes of 128, 192, and 256 bits
45
AES Features
The features of AES are as follows
 Symmetric key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java
46
AES Algorithm – High Level
KeyExpansion—round keys are derived from the cipher
key using Rijndael's key schedule
Initial Round
AddRoundKey—each byte of the state is combined with the
round key using bitwise xor
Each consists of 4-subprocess
SubBytes: The 16 input bytes are substituted by looking up a
fixed table (S-box) given in design. The result is in a matrix of
four rows and four columns.
ShiftRows—a transposition step where each row of the state
is shifted cyclically a certain number of steps.
MixColumns—a mixing operation which operates on the
columns of the state, combining the four bytes in each
column.
AddRoundKey: The 16 bytes of the matrix are now considered
as 128 bits and are XORed to the 128 bits of the round key.
Final Round (no MixColumns)
SubBytes
ShiftRows
AddRoundKey
47
The State and Key Schedule
Input is a 128 bit block (16 bytes) that is placed in the
state array
The key is entered in a block and divided into key
schedule words of 4 bytes/word.
The key schedule is an expansion of the key—eg, a 128
bit key is expanded into 44 key schedule words.
A square matrix of bytes is used by the standard to
describe the state.
48
Rounds and Transformation Stages
The encryption process
executes a round function, Nr
times, with the number of
rounds (Nr) being dependent
on key size.
The round function consists of
four transformation stages.
SubBytes()
ShiftRows()
MixColumns()
AddRoundKey()
49
Rounds and Transformation Stages
The cipher begins with an AddRoundKey().
All rounds then execute each of the transformations except
the last round.
The MixColumns( ) transformation is not executed in the
final round.
For a 128 bit key, there are 10 rounds.
12 and 14 rounds are used with keys of 192 and 256.
50
AES Decryption
AES decryption is accomplished using inverses of
the transformations, in the appropriate order.
The AddRoundKey( ) is its own inverse when
(since A  B  B = A).
51
The Key Exchange Problem
Although symmetric encryption is commonly used due to its
historical position in the cryptography and its speed, it suffers
from a serious problem of how to safely and secretly deliver a
secret key from the sender to the recipient. This problem forms
the basis for the key exchange problem.
The key exchange problem involves:
ensuring that keys are exchanged so that the sender and receiver can
perform encryption and decryption,
ensuring that an eavesdropper or outside party cannot break the code,
ensuring the receiver that a message was encrypted by the sender.
52
Manual Key Distribution
Manually distributed symmetric keys should be
either encrypted or use split knowledge
The distribution mechanism should assure
The authorized distribution of keys
That the entity distributing the keys is trusted by both
the transmitter and recipient
The keys are protected according to relevant
standards (e.g. FIPS=>Federal Information Processing
Standard)
The keys are received by the authorized recipient
53
Electronic Key Distribution/Transport
of Symmetric Keys
Requires other secret or public keys to have been previously
distributed
Mechanism should insure that
The distributed key is not disclosed or modified
The key is protected in accordance with industry standards ( e.g. FIPS)
The recipient has received the correct key
Keys in this category are the secret authentication key, long
and short term data encryption keys, key encrypting key for
wrapping, master key for key derivation, and secret
authorization key.
54
References:
http://www.garykessler.net/library/crypto.html
Audio-Video Lectures on: http://www.cse.wustl.edu/~jain/cse571-11/
55