secret key encryption introduction
play

Secret-Key Encryption Introduction Encryption is the process of - PowerPoint PPT Presentation

Nov 05, 2022 •152 likes •533 views

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

  1. Secret-Key Encryption

  2. Introduction • Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message • History of encryption dates back to 1900 BC • Two types of encryption • secret-key encryption : same key for encryption and decryption • pubic-key encryption : different keys for encryption and decryption • We focus on secret-key encryption in this chapter

  3. Substitution Cipher • Encryption is done by replacing units of plaintext with ciphertext, according to a fixed system. • Units may be single letters, pairs of letters, triplets of letters, mixtures of the above, and so forth • Decryption simply performs the inverse substitution. • Two typical substitution ciphers: • monoalphabetic - fixed substitution over the entire message • Polyalphabetic - a number of substitutions at different positions in the message

  4. Monoalphabetic Substitution Cipher • Encryption and decryption

  5. Breaking Monoalphabetic Substitution Cipher • Frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. • Common letters : T, A, E, I, O • Common 2-letter combinations (bigrams): TH, HE, IN, ER • Common 3-letter combinations (trigrams): THE, AND, and ING

  6. Breaking Monoalphabetic Substitution Cipher • Letter Frequency Analysis results:

  7. Breaking Monoalphabetic Substitution Cipher • Bigram Frequency Analysis results:

  8. Breaking Monoalphabetic Substitution Cipher • Trigram Frequency analysis results:

  9. Breaking Monoalphabetic Substitution Cipher • Applying the partial mappings…

  10. Data Encryption Standard (DES) • DES is a block cipher - can only encrypt a block of data • Block size for DES is 64 bits • DES uses 56-bit keys although a 64-bit key is fed into the algorithm • Theoretical attacks were identified. None was practical enough to cause major concerns. • Triple DES can solve DES’s key size problem

  11. Advanced Encryption Standard (AES) • AES is a block cipher • 128-bit block size. • Three different key sizes: 128, 192, and 256 bits

  12. Encryption Modes

  13. Encryption Modes • Encryption mode or mode of operation refers to the many ways to make the input of an encryption algorithm different. • Examples include: • Electronic Codebook (ECB) • Cipher Block Chaining (CBC) • Propagating CBC (PCBC) • Cipher Feedback (CFB) • Output Feedback (OFB) • Counter (CTR)

  14. Electronic Codebook (ECB) Mode

  15. Electronic Codebook (ECB) Mode • Using openssl enc command: • We use the 128-bit (key size) AES algorithm • The -aes-128-ecb option specifies ECB mode • The -e option indicates encryption • The -d option indicate decryption • The -K option is used to specify the encryption/decryption key

  16. Cipher Block Chaining (CBC) Mode The main purpose of IV is to • ensure that even if two plaintexts are identical, their ciphertexts are still different, because different IVs will be used. Decryption can be parallelized • • Encryption cannot be parallelized

  17. Cipher Block Chaining (CBC) Mode • Using openssl enc command to encrypt the same plaintext, same key, different IV : • We use the 128-bit (key size) AES algorithm • The -aes-128-cbc option specifies CBC mode • The -e option indicates encryption • The -iv option is used to specify the Initialization Vector (IV)

  18. Cipher Feedback (CFB) Mode • A block cipher is turned into a stream cipher. • Ideal for encrypting real-time data. • Padding not required for the last block. • decryption using the CFB mode can be parallelized, while encryption can only be conducted sequentially

  19. Comparing encryption with CBC and CFB • Plaintext size is 21 bytes • CBC mode: ciphertext is 32 bytes due padding • CFB mode: ciphertext size is same as plaintext size (21 bytes)

  20. Output Feedback (OFB) Mode • Similar to CFB • Used as stream cipher • Does not need padding • Decryption can parallelized • Encryption in the OFB mode can be parallelized

  21. Counter (CTR) Mode • It basically uses a counter to generate the key streams • no key stream can be reused, hence the counter value for each block is prepended with a randomly generated value called nonce • This nonce serves the same role as the IV does to the other encryption modes. • both encryption and decryption can be parallelized • the key stream in the CTR mode can be calculated in parallel during the encryption

  22. Modes for Authenticated Encryption • None of the Encryption modes discussed so far cannot be used to achieve message authentication • A number of modes of operation have been designed to combine message authentication and encryption. • Examples include • GCM (Galois/Counter Mode) • CCM (Counter with CBC-MAC) • OCB mode (Offset Codebook Mode)

  23. Padding • Block cipher encryption modes divide plaintext into blocks and the size of each block should match the cipher’s block size. • No guarantee that the size of the last block matches the cipher’s block size. • Last block of the plaintext needs padding i.e. before encryption, extra data needs to be added to the last block of the plaintext, so its size equals to the cipher’s block size. • Padding schemes need to clearly mark where the padding starts, so decryption can remove the padded data. • Commonly used padding scheme is PKCS#5

  24. Padding Experiment • Plaintext size is 9 bytes. • Size of ciphertext (cipher.bin) becomes 16 bytes

  25. Padding Experiment • How does decryption software know where padding starts? 7 bytes of 0x07 are added as the padding data

  26. Padding Experiment – Special case • What if the size of the plaintext is already a multiple of the block size (so no padding is needed), and its last seven bytes are all 0x07 • Size of plaintext (plain3.txt) is 16 bytes • Size of decryption output (plaint3_new.txt) is 32 bytes ( a full block is added as the padding). • Therefore, in PKCS#5, if the input length is already an exact multiple of the block size B, then B bytes of value B will be added as the padding.

  27. Initial Vector and Common Mistakes • Initial vectors have the following requirements: • IV is supposed to be stored or transmitted in plaintext • IV should not repeat (uniqueness). • IV should not be predictable.

  28. Experiment - IV should not be predictable • Eve calculates the next IV

  29. Experiment - IV should not be predictable • Eve guesses that Bob voted for John Smith, so she creates P1_guessed and XOR it with IV_bob and IV_next, and finally constructs the name for a write-in candidate.

  30. Experiment - IV should not be predictable • Eve gives her write-in candidate’s name (stored in P2) to the voting machine, which encrypts the name using IV_next as the IV. The result is stored in C2. • If C1 (Bob’s encrypted vote) == C2, then Eve knows for sure that Bob has voted for “John Smith”.

  31. Programming using Cryptography APIs • We use PyCryptodome package’s APIs. • Line: 1. Initialize cipher 2. Encrypts first 32 bytes of data 3. Encrypts the rest of the data 4. Initialize cipher (start new chain) 5. Encrypt the entire data 6. Initialize cipher for decryption 7. Decrypt

  32. Programming using Cryptography APIs • Modes that do not need padding include CFB, OFB, and CTR. • For these modes, the data fed into the encrypt() method can have an arbitrary length, and no padding is needed. • Example below shows OFB encryption

  33. Attack on ciphertext’s integrity • Attacker makes changes to ciphertext (Line 2) • Result

  34. Authenticated Encryption • To protect the integrity, the sender needs to generate a Message Authentication Code (MAC) from the ciphertext using a secret shared by the sender and the receiver. • The MAC and the ciphertext will be sent to the receiver, who will compute a MAC from the received ciphertext. • If the MAC is the same as the one received, the ciphertext is not modified. • Two operations are needed to achieve integrity of ciphertext: one for encrypting data and other for generating MAC. • Authenticated encryption combines these two separate operations into one encryption mode. E.g GCM, CCM, OCB

  35. The GCM Mode

  36. Programming using the GCM Mode The unique part of the above code is the tag generation and verification. In Line 3 , we use the digest() to get the authentication tag, which is generated from the ciphertext.

  37. Programming using the GCM Mode In Line 6 , after feeding the ciphertext to the cipher, we invoke verify() to verify whether the tag is still valid.

  38. Experiment - GCM Mode • We modify the ciphertext by changing the 10 th byte to (0x00) • Decrypt the modified ciphertext and verify tag

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key. The ciphertext can be replicated. Even if one replicated copy is lost, or stolen, Secret Sharing the information

181 views • 6 slides
Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University

Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University

Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University of Technology 17 June 2019 Secret key encryption MAC Main primitives of secret key / symmetric cryptography High-level primitives Low-level

1.51k views • 114 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange David

Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange David

Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange David Derler , Tibor Jager , Daniel Slamanig , Christoph Striecks May 3, 2018E urocrypt 2018, Tel Aviv, Israel Key Establishment

1k views • 46 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
Base64 is not encryption A better story for Kubernetes secrets @sethvargo Developer Relations

Base64 is not encryption A better story for Kubernetes secrets @sethvargo Developer Relations

Base64 is not encryption A better story for Kubernetes secrets @sethvargo Developer Relations Engineer What's a secret? Secret (noun) Credentials, configurations, API keys, or other pieces of information needed by an application at build

594 views • 44 slides
Obfustopia Built on Secret-Key Functional Encryption Fuyuki Kitagawa (Tokyo Institute of

Obfustopia Built on Secret-Key Functional Encryption Fuyuki Kitagawa (Tokyo Institute of

Obfustopia Built on Secret-Key Functional Encryption Fuyuki Kitagawa (Tokyo Institute of Technology) Ryo Nishimaki (NTT Secure Platform Laboratories) Keisuke Tanaka(Tokyo Institute of Technology) Our results Focus Constructing

962 views • 55 slides
Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in

Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in

Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in Stinson (optional) 1 Encryp Enc yption n Princ ncipl ples A cryptosystem has (at least) five ingredients: Plaintext Secret Key

945 views • 70 slides
A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20

How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20

How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20 november 2019 1 Outline 1 Introduction 2 How to find 1st failure 3 How to find next failure 4 Recovering the secret 5 Conclusion 1 1 LWE hard

1.07k views • 81 slides
VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

NEW YORK LONDON SHANGHAI VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret Sport WE ARE MISSION VISION VALUES 8.1% GROWTH BY 2022 3BN DOMESTIC VALUE STATS WE OFFER LINGERIE PANTIES

340 views • 30 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Update on Diagnosis of Myelodysplastic Syndromes Jay L. Patel, MD Disclosure None

Update on Diagnosis of Myelodysplastic Syndromes Jay L. Patel, MD Disclosure None

Update on Diagnosis of Myelodysplastic Syndromes Jay L. Patel, MD Disclosure None Objectives Review current diagnostic criteria pertaining to myelodysplastic syndromes Understand the relevance of selected somatic gene mutations

737 views • 25 slides
Lucky 13, BEAST, CRIME,... Is TLS dead, or just resting?

Lucky 13, BEAST, CRIME,... Is TLS dead, or just resting?

Lucky 13, BEAST, CRIME,... Is TLS dead, or just resting? Kenny Paterson Information Security Group Overview Introduction to TLS (and why YOU

1.25k views • 76 slides
CBC Steering Committee Virtual meeting, 15 September 2020 Please write your name, organization

CBC Steering Committee Virtual meeting, 15 September 2020 Please write your name, organization

CBC Steering Committee Virtual meeting, 15 September 2020 Please write your name, organization and country in the chat Function: Example: Peter Pan, Office of the Auditor General, Never Never Land Please use the chat function to communicate

373 views • 34 slides
Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block

Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block

Background Collision attack on CBC and CFB Impossible plaintext cryptanalysis of CTR Conclusions Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes David McGrew mcgrew@cisco.com Fast

554 views • 43 slides
A Surfeit of SSH Cipher Suites Martin R. Albrecht, Jean Paul Degabriele, Torben B. Hansen and

A Surfeit of SSH Cipher Suites Martin R. Albrecht, Jean Paul Degabriele, Torben B. Hansen and

A Surfeit of SSH Cipher Suites Martin R. Albrecht, Jean Paul Degabriele, Torben B. Hansen and Kenneth G. Paterson ACM CCS - 27/10/2016 Outline of this talk Overview of SSH and related work. SSH deployment statistics. A new attack on

356 views • 25 slides
Symmetric and Password-based encrypDon CS642: Computer

Symmetric and Password-based encrypDon CS642: Computer

Symmetric and Password-based encrypDon CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University

330 views • 29 slides
https://xkcd.com/538/ Cryptocurrencies & Security on the Blockchain Cryptography Review

https://xkcd.com/538/ Cryptocurrencies & Security on the Blockchain Cryptography Review

https://xkcd.com/538/ Cryptocurrencies & Security on the Blockchain Cryptography Review Prof. Tom Austin San Jos State University Goals of Cryptography Confidentiality Protecting secrets Integrity Notice when something

980 views • 42 slides
Midterm 3 Review Slides Coordinate Systems on R n Recall: A set of n vectors { v 1 , v 2 , . . . ,

Midterm 3 Review Slides Coordinate Systems on R n Recall: A set of n vectors { v 1 , v 2 , . . . ,

Midterm 3 Review Slides Coordinate Systems on R n Recall: A set of n vectors { v 1 , v 2 , . . . , v n } form a basis for R n if and only if the matrix C with columns v 1 , v 2 , . . . , v n is invertible. If x = c 1 v 1 + c 2 v 2 + + c n

529 views • 16 slides

More recommend