Computer and Information Security Fall 2020 Cryptography Tyler - PowerPoint PPT Presentation

ECE560 Computer and Information Security Fall 2020 Cryptography Tyler Bletsch Duke University Some slides adapted from slideware accompanying “Computer Security: Principles and Practice” by William Stallings and Lawrie Brown

REAL advice for using cryptography • I’m about to teach cryptography basics, which you should know • However, you should not reach for these functions in most real- world programming scenarios!! • Repeat after me: I’ll provide more detailed advice after we understand the theory... 2

Introducing the “grey slides” • From the textbook publisher • Perfectly fine for the most part, except... ▪ A bit out of date (you’ll see me address this with my slides) ▪ Diagrams haven’t been updated since the 90s (lol) ▪ Randomly wraps words in needless colored shapes like a drunk preshooler (why???) 3

Crypto basics summary • Symmetric (secret key) cryptography c = ciphertext p = plaintext ▪ c = E s (p,k) k = secret key E s = Encryption function (symmetric) ▪ p = D s (c,k) D s = Decryption function (symmetric) • Message Authentication Codes (MAC) ▪ Generate and append: H(p+k), E(H(p),k), or tail of E(p,k) H = Hash function ▪ Check: A match proves sender knew k • Asymmetric (public key) cryptography E a = Encryption function (asymmetric) ▪ c = E a (p,k pub ) D a = Decryption function (asymmetric) k pub = public key ▪ p = D a (c,k priv ) k priv = private key ▪ k pub and k priv generated together, mathematically related • Digital signatures ▪ Generate and append: s = E a (H(p),k priv ) s = signature ▪ Check: D a (s,k pub )==H(p) proves sender knew k priv 4

Symmetric (Secret Key) Encryption 5

Symmetric Encryption • The universal technique for providing confidentiality for transmitted or stored data • Also referred to as conventional encryption or single-key encryption • Two requirements for secure use: • Need a strong encryption algorithm • Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure

Secret key shared by Secret key shared by sender and recipient sender and recipient K K Transmitted X ciphertext Y = E[ K , X ] X = D[ K , Y ] Plaintext Plaintext Encryption algorithm Decryption algorithm input output (e.g., DES) (reverse of encryption algorithm) Figure 2.1 Simplified Model of Symmetric Encryption

Attacking Symmetric Encryption Cryptanalytic Attacks Brute-Force Attacks ⚫ Rely on: ⚫ Try all possible keys on some Nature of the algorithm ⚫ ciphertext until an intelligible Some knowledge of the translation into plaintext is ⚫ general characteristics of the obtained plaintext On average half of all possible ⚫ keys must be tried to achieve Some sample plaintext- ⚫ success ciphertext pairs ⚫ Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used If successful all future and past ⚫ messages encrypted with that key are compromised

Hypothetical bad symmetric encryption algorithm: XOR • A lot of encryption algorithms rely on properties of XOR A B A^B 0 0 0 ▪ Can think of A^B as “Flip a bit in A if corresponding bit in B is 1” 0 1 1 ▪ If you XOR by same thing twice, you get the data back 1 0 1 ▪ XORing by a random bit string yields NO info about original data 1 1 0 • Each bit has a 50% chance of having been flipped >>> a=501 >>> b=199 >>> a ^= b >>> print a 306 • Could consider XOR itself to be a symmetric encryption >>> a ^= b >>> print a algorithm (but it sucks at it!) – can be illustrative to explore 501 • Simple XOR encryption algorithm: ▪ E(p,k) = p ^ k (keep repeating k as often as needed to cover p) ▪ D(c,k) = c ^ k (same algorithm both ways!) 9

XOR “encryption” demo Plaintext: 'Hello' Key : 'key' H e l l o Plaintext : 01001000 01100101 01101100 01101100 01101111 k e y k e Key repeats> Key : 01101011 01100101 01111001 01101011 01100101 Ciphertext: 00100011 00000000 00010101 00000111 00001010 ^ XOR result Ciphertext: 00100011 00000000 00010101 00000111 00001010 Key : 01101011 01100101 01111001 01101011 01100101 Decrypted : 01001000 01100101 01101100 01101100 01101111 ^ XOR result H e l l o 10

Attacking XOR • Known plaintext attack: ▪ Given plaintext : 01001000 01100101 01101100 01101100 01101111 ▪ Given ciphertext : 00100011 00000000 00010101 00000111 00001010 ▪ XOR result : 01101011 01100101 01111001 01101011 01100101 ^^ it's the key!!! • Chosen plaintext attack: ▪ Chosen plaintext : 00000000 00000000 00000000 00000000 00000000 ▪ Given ciphertext : 01101011 01100101 01111001 01101011 01100101 ▪ XOR result : 01101011 01100101 01111001 01101011 01100101 ^^ it's the key!!! • Ciphertext only attack: ▪ Ciphertext: 00100011 00000000 00010101 00000111 00001010 ▪ "I assume the plaintext had ASCII text with lowercase letters, and in all such letters bit 6 is 1, but none of the ciphertext has bit 6 set, so i bet the key is most/all lower case letters" ▪ "The second byte is all zeroes, which means the second byte of the key and plaintext are equal" ▪ etc.... • Conclusion: XOR is a sucky encryption algorithm 12

Table 2.1 DES Triple DES AES Plaintext block size (bits) 64 64 128 Ciphertext block size (bits) 64 64 128 Key size (bits) 56 112 or 168 128, 192, or 256 DES = Data Encryption Standard AES = Advanced Encryption Standard Comparison of Three Popular Symmetric Encryption Algorithms

Data Encryption Standard (DES) 1999 Until recently was the most widely used encryption scheme FIPS PUB 46 Referred to as the Data Encryption Algorithm (DEA) Uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block Strength concerns: Concerns about the algorithm itself DES is the most studied encryption algorithm in existence Concerns about the use of a 56-bit key The speed of commercial off-the-shelf processors makes this key length woefully inadequate

Table 2.2 Number of Time Required Alternative Time Required at 10 9 at 10 13 Key size Keys decryptions/s decryptions/s (bits) Cipher 2 56 ≈ 7.2 ´ 10 16 56 DES 2 55 ns = 1.125 years 1 hour 2 128 ≈ 3.4 ´ 10 38 2 127 ns = 5.3 ´ 10 21 AES 5.3 ´ 10 17 years 128 years 2 168 ≈ 3.7 ´ 10 50 2 167 ns = 5.8 ´ 10 33 Triple DES 5.8 ´ 10 29 years 168 years 2 192 ≈ 6.3 ´ 10 57 2 191 ns = 9.8 ´ 10 40 9.8 ´ 10 36 years 192 AES years 2 256 ≈ 1.2 ´ 10 77 2 255 ns = 1.8 ´ 10 60 1.8 ´ 10 56 years 256 AES years Average Time Required for Exhaustive Key Search

Triple DES (3DES) ⚫ Repeats basic DES algorithm three times using either two or three unique keys ⚫ First standardized for use in financial applications in ANSI standard X9.17 in 1985 ⚫ Attractions: ⚫ 168-bit key length overcomes the vulnerability to brute-force attack of DES ⚫ Underlying encryption algorithm is the same as in DES ⚫ Drawbacks: ⚫ Algorithm is sluggish in software ⚫ Uses a 64-bit block size

Advanced Encryption Standard (AES) Needed a NIST called for Selected replacement for proposals for a Rijndael in 3DES new AES in 1997 November 2001 Should have a security strength equal to or better than 3DES Significantly improved 3DES was not efficiency Published as reasonable for FIPS 197 long term use Symmetric block cipher 128 bit data and 128/192/256 bit keys

Computationally Secure Encryption Schemes • Encryption is computationally secure if: • Cost of breaking cipher exceeds value of information • Time required to break cipher exceeds the useful lifetime of the information • Usually very difficult to estimate the amount of effort required to break algorithm (cryptanalysis) • Can estimate time/cost of a brute-force attack

⚫ Typically symmetric encryption is applied to a unit of data larger than a single 64-bit or 128-bit block ⚫ Electronic codebook (ECB) mode is the simplest approach to multiple-block encryption ⚫ Each block of plaintext is encrypted using the same key ⚫ Cryptanalysts may be able to exploit regularities in the plaintext ⚫ Modes of operation ⚫ Alternative techniques developed to increase the security of symmetric block encryption for large sequences ⚫ Overcomes the weaknesses of ECB

Modes of operation are critical! • Electronic Codebook (ECB) is what you’d come up with naively: “Just apply the key to each block” • But this means that identical blocks give identical ciphertext, which can be informative to an attacker... See PoC||GTFO 4:13 for a poem about this  20 ☺ Figures from Wikipedia “Block cipher mode of operation”

Block & Stream Ciphers Block Cipher • Processes the input one block of elements at a time • Produces an output block for each input block • Can reuse keys • More common Stream Cipher • Processes the input elements continuously • Produces output one element at a time • Primary advantage is that they are almost always faster and use far less code • Encrypts plaintext one byte at a time • Pseudorandom stream is one that is unpredictable without knowledge of the input key