03-SymmetricCryptography(3).pdf - CS458 Introduction to Information Security Notes 3 Symmetric Cryptography Yousef M Elmehdwi Department of Computer

03-SymmetricCryptography(3).pdf - CS458 Introduction to...

This preview shows page 1 - 12 out of 90 pages.

CS458: Introduction to Information Security Notes 3: Symmetric Cryptography Yousef M. Elmehdwi Department of Computer Science Illinois Institute of Technology [email protected] January 29 th , 2019 Slides: Modified from Computer Security: Principles and Practice, 4th Edition & Stephen R. Tate UNC Greensboro 1 / 90
Image of page 1
Outline Threat Model Symmetric encryption principles Data Encryption Standard (DES) Advanced Encryption Standard (AES) Cipher block modes of operation Key distribution 2 / 90
Image of page 2
Cryptography: Threat Model What does the adversary know? Algorithms? Typical user behavior? What can the adversary access? Access communication contents? What can the adversary do? Passive or active? Computing power? 3 / 90
Image of page 3
Threat Model : Adversary Knowledge - Algorithms Saltzer and Schroeder Design Principles: Open Design Much older idea than Saltzer and Schroeder... Kerckhoff’s Principle (1883) : The security of a cryptosystem depends on the strength of the algorithm and the secrecy of the key. Trying to keep algorithms secret (“security through obscurity”) almost never works. Bottom Line: Better to use a system that experts have tried (and failed) to break 4 / 90
Image of page 4
Threat Model : Adversary Knowledge - Behavior Some things an attacker might know: Language of messages (e.g., English) Common phrases (email headers, signatures, ...) Likely keys/pass-phrases (names, birthdays, etc.) 5 / 90
Image of page 5
Threat Model : Adversary Access and Power For now: Access: Attacker can intercept/modify all communication content Power: “Probabilistic Polynomial-Time Algorithms” This is really important if you get into crypto - not so much here How to model crypto use for confidential communication? 6 / 90
Image of page 6
Modern Cryptography Symmetric cryptography Public key (asymmetric) cryptography. We will cover it next 7 / 90
Image of page 7
Symmetric Encryption Also referred to as: Conventional encryption Secret-key or single-key encryption Only alternative before public-key encryption in 1970’s Still most widely used alternative Two requirements for secure use: Need a strong encryption algorithm Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure Has five ingredients: Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm 8 / 90
Image of page 8
Simplified Model of Symmetric Encryption 9 / 90
Image of page 9
Symmetric Encryption: Stream Cipher Encrypts a digital data stream one bit or one byte at a time One time pad is example; but practical limitations Typical approach for stream cipher: Key ( K ) used as input to bit-stream generator algorithm Algorithm generates cryptographic bit stream ( k i ) used to encrypt plaintext Users share a key; use it to generate keystream 10 / 90
Image of page 10
Symmetric Encryption: Block Cipher Most common type of symmetric cipher Encrypt a block of plaintext as a whole to produce same sized ciphertext Properties of a block cipher Must supply a full block of input bits in order to evaluate Partial block? Use padding More than one block?
Image of page 11
Image of page 12

You've reached the end of your free preview.

Want to read all 90 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture