symmetric key cryptography
play

Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca - PowerPoint PPT Presentation

Feb 16, 2024 •150 likes •491 views

Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris too

  1. Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016

  2. Announcements • Project due Sept 20

  3. Special guests • Alice • Bob • The attacker (Eve - “eavesdropper”, Malice) • Sometimes Chris too

  4. Cryptography • Narrow definition: secure communication over insecure communication channels • Broad definition: a way to provide formal guarantees in the presence of an attacker

  5. Three main goals • Confidentiality: preventing adversaries from reading our private data, • Integrity: preventing attackers from altering some data, • Authenticity: determining who created a given document

  6. Modern Cryptography • Symmetric-key cryptography – The same secret key is used by both endpoints of a communication = • Public-key (asymmetric-key) cryptography – Sender and receiver use different keys =

  7. Today: Symmetric-key Cryptography Whiteboard & notes: - Symmetric encryption definition - Security definition - One time pad (OTP) - Block cipher

  8. Advanced Encryption Standard (AES) - Block cipher developed in 1998 by Joan Daemen and Vincent Rijmen - Recommended by US National Institute for Standard and Technology (NIST) - Block length n = 128, key length k = 256

  9. AES ALGORITHM • 14 cycles of repetition for 256-bit keys. AES slides, credit Kevin Orr

  10. Algorithm Steps - Sub bytes • each byte in the state matrix is replaced with a SubByte using an 8-bit substitution box • b ij = S(a ij )

  11. Shift Rows • Cyclically shifts the bytes in each row by a certain offset • The number of places each byte is shifted differs for each row

  12. Uses • Government Standard – AES is standardized as Federal Information Processing Standard 197 (FIPS 197) by NIST – To protect classified information • Industry – SSL / TLS – SSH – WinZip – BitLocker – Mozilla Thunderbird – Skype But used as part of symmetric-key encryption or other crypto tools

  13. Symmetric-key encryption from block ciphers

  14. Why block ciphers not enough for encryption by themselves? • Can only encrypt messages of a certain size • If message is encrypted twice, attacker knows it is the same message

  15. Original image

  16. Eack block encrypted with a block cipher

  17. Later (identical) message again encrypted

  18. Symmetric key encryption scheme • Can be reused (unlike OTP) • Builds on block ciphers: – Can be used to encrypt long messages – Wants to hide that same block is encrypted twice • Uses block ciphers in certain modes of operation

  19. Electronic Code Book (ECB) • Split message M in blocks P 1 , P 2 , … • Each block is a value which is substituted, like a codebook • Each block is encoded independently of the other blocks 𝐷 𝑗 = 𝐹𝐿(𝑄𝑗)

  20. Encryption P 1 P 2 P 3 C 1 C 2 C 3 KeyGen = key gen of block cipher Enc(K, P1|P2|P3) = (IV, C1, C2, C3) Dec(K, (IV,C1,C2,C3)) = (P1, P2, P3)

  21. Decryption C 1 C 2 C 3 P 1 P 2 P 3 What is the problem with ECB?

  22. Does this achieve IND-KPA? No, attacker can tell if P i =P j

  23. Original image

  24. Encrypted with ECB

  25. Later (identical) message again encrypted with ECB

  26. CBC: Encryption P 1 P 2 P 3 C 1 C 2 C 3 IV may not repeat for messages with same P 1, choose it at random

  27. CBC: Decryption C 1 C 2 C 3 P 1 P 2 P 3

  28. Original image

  29. Encrypted with CBC

  30. CBC Popular, still widely used Achieves IND-KPA, and more (IND-CPA) Caveat: sequential encryption, hard to parallelize CTR mode gaining popularity

  31. CTR: Encryption Enc(K, P1|P2|P3) = (nonce, C1, C2, C3) P 1 P 2 P 3 C 1 C 2 C 3 Nonce is similar to IV for CBC, one should not use the same nonce for two messages; choose it at random

  32. CTR: Decryption Dec(K, (nonce,C1,C2,C3)) = (P1, P2, P3) C 1 C 2 C 3 P 1 P 2 P 3 Note, CTR decryption uses block cipher’s encryption , not decryption

  33. CBC vs CTR Security : Both IND-KPA, and even IND-CPA If you ever reuse the same nonce, CBC might leak some information about the initial plaintext blocks up to a first difference between two messages. CTR can leak information about various blocks in the message. Speed: Both modes require the same amount of computation, but CTR is parallelizable

  34. Summary • Encryption protects confidentiality • IND-KPA is a security game expressing message indistinguishability • OTP is secure if used only once • Block ciphers help build symmetric-key encryption schemes with reusable sizes and arbitrary message lengths by chaining them in cipher modes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko Chair, Symmetric-Key Cryptography Subcommittee (Science University of Tokyo) 1 Symmetric-Key Cryptography Subcommittee(2002) K.Araki (TIT)

998 views • 20 slides
Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

CSE 127: Computer Security Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko and Dan Boneh Cryptography Cryptography Is: A tremendous tool The basis for many security mechanisms

783 views • 67 slides
Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

794 views • 62 slides
Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

882 views • 62 slides
CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric Cryptosystems Course Technicalities Renate Scheidler 1 Department of Mathematics & Statistics Overview of Cryptography 2 Department of Computer

222 views • 9 slides
Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Online Cryptography Course

1.02k views • 62 slides
ARTIFICIAL INTELLIGENCE Uncertainty: probabilistic reasoning Lecturer: Silja Renooij These slides

ARTIFICIAL INTELLIGENCE Uncertainty: probabilistic reasoning Lecturer: Silja Renooij These slides

Utrecht University INFOB2KI 2019-2020 The Netherlands ARTIFICIAL INTELLIGENCE Uncertainty: probabilistic reasoning Lecturer: Silja Renooij These slides are part of the INFOB2KI Course Notes available from

3.39k views • 49 slides
Towards a Science of Parallel Programming Keshav Pingali The University of Texas at Austin

Towards a Science of Parallel Programming Keshav Pingali The University of Texas at Austin

Towards a Science of Parallel Programming Keshav Pingali The University of Texas at Austin Problem Statement Community has worked on parallel programming for more than 30 years programming models machine models

670 views • 31 slides
Poncelet Coefficients of Granular Media S.Bless*, R.Peden, I. Guzman, M.Omdivar *sbless@poly.edu

Poncelet Coefficients of Granular Media S.Bless*, R.Peden, I. Guzman, M.Omdivar *sbless@poly.edu

Poncelet Coefficients of Granular Media S.Bless*, R.Peden, I. Guzman, M.Omdivar *sbless@poly.edu Background The mechanics of sand and other heterogeneous materials are of great interest nowadays. Data for high speed penetra;on of granular

371 views • 20 slides
Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

633 views • 47 slides
Clarification about attacker power Block ciphers used to encode messages longer than block size

Clarification about attacker power Block ciphers used to encode messages longer than block size

ECB ECB CBC CBC CTR CTR Cryptomeria cipher Cryptomeria cipher Security for Block ciper modes Security for Block ciper modes Clarification about attacker power Block ciphers used to encode messages longer than block size In security

405 views • 4 slides
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and

MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and

MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified in transit Mihir Bellare

989 views • 46 slides
So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity separately: Goal Primitive Security notion Data privacy symmetric encryption IND-CPA Data authenticity MAC UF-CMA Mihir Bellare UCSD 1

105 views • 9 slides

More recommend