csce 790 secure computer systems symmetric cryptography
play

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor - PowerPoint PPT Presentation

Sep 24, 2023 •250 likes •527 views

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

  1. 
 CSCE 790 
 Secure Computer Systems 
 Symmetric Cryptography Professor Qiang Zeng Spring 2020

  2. Previous Class • Classical Cryptography – Frequency analysis – Never use home-made cryptography • Goals of Cryptography – Confidentiality, data integrity, authentication, non- repudiation • Building blocks of Cryptography – Cryptographic hash, encryption, MAC, digital signature • Cryptographic Hash – Password storage, verifying data integrity – Do not use MD5 and SHA-1 CSCE 790 – Computer Systems Security 2

  3. Previous class… By sending m and Hash(m), can the receiver verify the integrity of m, i.e., to verify whether m has been manipulated during the transmission? If not, what should you do? No, cryptographic hash can be used to verify data integrity only if the integrity of the hash value itself is assured. Typically, if the message and the digest value are transmitted in the same channel, it is in vain as the adversary can replace both the message and the corresponding hash value. Message Authentication Code and Digital Signature are used when the hash value can also be attacked (discussed later) CSCE 790 – Computer Systems Security 3

  4. Cryptography Primitives Cryptography Primitives Symmetric Cryptographic Asymmetric Cryptography Hash Cryptography Asymmetric Message Digital Signature Symmetric Encryption Authentication (sign using PR; Encryption (encryption using PU; Code verify using PU) decryption using PR) Stream Cipher Block Cipher CSCE 790 – Computer Systems Security 4

  5. Notation • C: ciphertext • P: plaintext • K: key • PR: private key • PU: public key • E: encryption; e.g., C = E (K, P) • D: decryption; e.g., P = D(K, C) • H: hash • ||: e.g., x || y means x concatenated with y CSCE 790 – Computer Systems Security 5

  6. Symmetric Block Cipher - DES • DES: Data Encryption Standard • NIST symmetric encryption standard 1976-2001 • Already broken; 56-bit key size is too small • Block size: 64 bits – 64-bit plaintext input; 64-bit ciphertext output • How it works? – Feistel structure: input block is divided into halves and processed alternatively – XOR, Substitution (using the S-box), and Permutation (using the P-box) CSCE 790 – Computer Systems Security 6

  7. Feistel Structure CSCE 790 – Computer Systems Security 7

  8. Symmetric Block Cipher – Triple-DES • Triple-DES: still widely used – C 1 = E(K 1 , P), C 2 = D(K 2 , C 1 ), C 3 = E(K 3, C 2 ) – Key size: 3 x 56 = 168 bits; secure – Due to meet-in-the-middle attack, the actual key strength is 112 bits • When k 1 = k 2 = k 3 , 3-DES becomes DES, since the second operation (D) offsets the first (E) – It provides compatibility with DES when needed • Disadvantage: slow CSCE 790 – Computer Systems Security 8

  9. Symmetric Block Cipher - AES • Advanced Encryption Standard (or Rijndael) • Superseded DES as the NIST symmetric encryption standard since 2001 • Block size: 128 bits (16 bytes) • Key size: 128, 192 or 256 bits • DES vs. AES – Longer key size -> more secure – AES is faster than DES – AES is suitable for parallel processing • Encryption based on substitution and permutation – https://youtu.be/evjFwDRTmV0 CSCE 790 – Computer Systems Security 9

  10. Serious Issue with Block Ciphers • DES can only process 64-bit blocks • AES can only process 128-bit blocks • If you simply divide a long message into 64-bit or 128-bit blocks, and process them independently (this strategy is called “Electronic Codebook”) – Identical plaintext blocks lead the same ciphertext blocks CSCE 790 – Computer Systems Security 10

  11. Serious Issue with Block Ciphers • The simple strategy Electronic Codebook (ECB) leaks too much information • By applying ECB encryption to the left bitmap image, you get the right one *-ECB CSCE 790 – Computer Systems Security 11

  12. Modes of Operation for Block Ciphers • A Mode of Operation describes how block ciphers are applied to a message longer than a block; usually, it is simply called Mode – E.g., ECB (do not use it), CBC (Cipher Block Chaining), CFB (Cipher Feedback) • How to interpret “AES128-CBC”? – AES128: cipher block with 128-bit key – CBC: mode of operation • Similarly, you can interpret “3DES-CFB” CSCE 790 – Computer Systems Security 12

  13. CBC (Cipher Block Chaining) • Even identical plaintext blocks will produce different ciphertext (as long as their preceding ciphertext blocks are different) • Initialization Vector (IV) has the same size as the plaintext; by varying the IV, even if the same key is applied to encrypting two identical messages, the ciphertext is different • Thus the adversary cannot infer whether the two messages are identical CSCE 790 – Computer Systems Security 13

  14. Effect of Applying CBC *-CBC CSCE 790 – Computer Systems Security 14

  15. Decryption based on CBC • If you provide an incorrect IV, will you get wrong decryption results? – Only the first block is corrupted; you still get correct results for other blocks – This property is NOT necessarily true with other modes of operations CSCE 790 – Computer Systems Security 15

  16. Stream Cipher - RC4 • In stream ciphers, the key is used to generate a keystream (a key-seeded pseudorandom stream of bits), which is XORed with the plaintext CSCE 790 – Computer Systems Security 16

  17. Stream Cipher - RC4 • Rivest Cipher 4 (considered insecure) • Key size: 40 – 2048 bits • Warning: The first few bytes of the keystream leak the information of the key; so discard the first, say 1024, bytes of the keystream before using it CSCE 790 – Computer Systems Security 17

  18. Block Cipher vs. Stream Cipher • Stream Cipher is faster • Stream Cipher is simpler to implement in h/w • Stream Cipher can operate on a single bit – In streaming, it is beneficial for reducing the latency • Stream Cipher works well even if the length of the plaintext is unknown • Stream Cipher does not need mode of operation • Stream Cipher does not need padding (e.g., 120-bit data block is padded to 128 bits) CSCE 790 – Computer Systems Security 18

  19. Block Cipher vs. Stream Cipher • Stream Ciphers have security problems that Block Ciphers do not have – Key cannot be reused • C 1 = P 1 XOR K; C 2 = P 2 XOR K; • C 1 XOR C 2 = (P 1 XOR K) XOR (P 2 XOR K) = P 1 XOR P 2 – Bit-flipping attack • Assume P 1 = 1000, P 2 = 9999, C 1 = P 1 XOR K • You can get C 2 = P 2 XOR K by • C 1 XOR P 1 XOR P 2 = (P 1 XOR K) XOR P 1 XOR P 2 = P 2 XOR K CSCE 790 – Computer Systems Security 19

  20. Previous class… By sending m and Hash(m) on Internet, can the receiver verify the integrity of m, i.e., to verify whether m has been manipulated during the transmission? If not, what should you do? No, cryptographic hash can be used to verify data integrity only if the integrity of the hash value itself is assured. Typically, if the message and the digest value are transmitted in the same channel, it is in vain as the adversary can replace both the message and the corresponding hash value. Message Authentication Code and Digital Signature are used when the hash value can also be attacked (discussed later) CSCE 790 – Computer Systems Security 20

  21. MAC (Message Authentication Code) • The digest h = H(m) is generated without any key, such that anyone (including the adversary) can create it • What if a key is used? Now the adversary cannot forge a keyed-hash value without the key – This is the purpose of MAC • A MAC is a short string used to verify the message integrity and authentication • mac = MAC(k, m) – To prevent the replay attack, the message should contain timestamp, sequence number CSCE 790 – Computer Systems Security 21

  22. A Popular MAC Algorithm: HMAC • Hash-based Message Authentication Code • A typical wrong design:MAC(k, m) = H(k || m) – Susceptible to “ length extension attacks ” if the hash uses the Merkle–Damgård Construction – Based on H(k || m) the adversary can extend the message and still get a valid MAC: H(k || m || m’) CSCE 790 – Computer Systems Security 22

  23. A Popular MAC Algorithm: HMAC • To resist Length Extension Attack – HMAC(m, k) = H( k || H( k || m) ) // nested hash • The hash function uses MD5, SHA-1, SHA-2 – MD5 and SHA-1 are insecure – Only SHA-2 is recommended now – E.g., if SHA256 is used, it is called HMAC-SHA256 • The key size >= the block size to make full use of the hash resistance – In HMAC-SHA256, the key size should be 256 bit CSCE 790 – Computer Systems Security 23

  24. KMAC – SHA-3 Derived MAC • SHA-3 does not use the Merkle-Damgård Construction, so is not vulnerable to the Length Extension Attack – Can still use SHA-3 in HMAC (the nested hash), but it is over-kill • KMAC (Keccak MAC) – H(k || m) – Uses SHA-3 (Keccak) – Simpler and faster than HMAC; – Arbitrary-length output – NIST in 2016 • http://csrc.nist.gov/publications/drafts/800-185/sp800_185_draft.pdf CSCE 790 – Computer Systems Security 24

  25. Summary Cryptography Primitives Symmetric Cryptographic Asymmetric Cryptography Hash Cryptography Asymmetric Message Digital Signature Symmetric Encryption Authentication (sign using PR; Encryption (encryption using PU; Code verify using PU) decryption using PR) Stream Cipher Block Cipher CSCE 790 – Computer Systems Security 25

  26. Writing Assignments • When to use Stream Ciphers? • Can MAC be used to achieve non-repudiation? CSCE 790 – Computer Systems Security 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public Key to the world

273 views • 26 slides
CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Symmetric Encryption Block Ciphers DES (dont use it), 3-DES, AES Mode of operation: ECB (dont use it), CBC,

563 views • 24 slides
1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

Cryptography security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication & Communication system secure Protocols Paul Krzyzanowski Distributed Systems

753 views • 23 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know Sending the

302 views • 26 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Quantum-secure symmetric-key cryptography based on Hidden Shifts Gorjan Alagic Alexander Russell

Quantum-secure symmetric-key cryptography based on Hidden Shifts Gorjan Alagic Alexander Russell

Quantum-secure symmetric-key cryptography based on Hidden Shifts Gorjan Alagic Alexander Russell QMATH, Department of Mathematical Sciences Department of Computer Science & Engineering University of Copenhagen University of Connecticut

418 views • 21 slides
Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn

Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn

Computer Security Course. Dawn Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn Overview Cryptography: secure communication over insecure communication channels Three goals

475 views • 30 slides
Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

794 views • 62 slides
Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

882 views • 62 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Distributed Systems Secure Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Secure Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Secure Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Symmetric cryptography Both parties

860 views • 60 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
Symmetric-Key Cryptography CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Symmetric-Key Cryptography CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Symmetric-Key Cryptography CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 10, 2011 M 1 M 2 M 3 C 1 C 2 C 3 C 2 C 3 C 1 M 1 M 2 M 3 Original

291 views • 14 slides
Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University Motivation Certificate Authorities (CA) issue certificates

454 views • 30 slides
Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas

Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas

Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas Joglekar* Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy Microsoft Research Stanford University* Cloud Data Security Concerns Data in the cloud

658 views • 36 slides
Message Integrity CBC-MAC and NMAC Dan Boneh MACs and

Message Integrity CBC-MAC and NMAC Dan Boneh MACs and

Online Cryptography Course

158 views • 13 slides
Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

CSS441 Block Cipher Operation Modes ECB Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn International Institute of Technology XTS-AES Thammasat University Prepared by Steven Gordon on 20

871 views • 32 slides
Derandomised lattice rules for high dimensional integration Ian Sloan i.sloan@unsw.edu.au

Derandomised lattice rules for high dimensional integration Ian Sloan i.sloan@unsw.edu.au

Derandomised lattice rules for high dimensional integration Ian Sloan i.sloan@unsw.edu.au University of New South Wales, Sydney, Australia RICAM, December, 2018 Joint with Yoshihito Kazashi (EPFL) and Frances Kuo (UNSW) We want to approximate

822 views • 45 slides
Space-Efficient Block Storage Integrity Alina Oprea, Michael Reiter, and Ke Yang NDSS 05

Space-Efficient Block Storage Integrity Alina Oprea, Michael Reiter, and Ke Yang NDSS 05

Space-Efficient Block Storage Integrity Alina Oprea, Michael Reiter, and Ke Yang NDSS 05 Presented by Lucas Ballard and Josh Mason Outline Description of the problem Related Work Background Material Proposed Schemes /

718 views • 71 slides
Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University

Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University

Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Baileys ECE 422 Randomness and Pseudorandomness Review Problem:

1.69k views • 33 slides
Curve Sketching Since we have graphing calculators, we can find the graph easily of any function,

Curve Sketching Since we have graphing calculators, we can find the graph easily of any function,

Mt020.02 Slide 1 3/24/2000 Curve Sketching Since we have graphing calculators, we can find the graph easily of any function, presumably. Lets see if we can reconstruct of the graph of some function, f(x), if we only know the formula for

519 views • 9 slides

More recommend