03-SymmetricCryptography(3).pdf - CS458 Introduction to Information Security Notes 3 Symmetric Cryptography Yousef M Elmehdwi Department of Computer

# 03-SymmetricCryptography(3).pdf - CS458 Introduction to...

This preview shows page 1 - 12 out of 90 pages.

CS458: Introduction to Information Security Notes 3: Symmetric Cryptography Yousef M. Elmehdwi Department of Computer Science Illinois Institute of Technology [email protected] January 29 th , 2019 Slides: Modified from Computer Security: Principles and Practice, 4th Edition & Stephen R. Tate UNC Greensboro 1 / 90
Outline Threat Model Symmetric encryption principles Data Encryption Standard (DES) Advanced Encryption Standard (AES) Cipher block modes of operation Key distribution 2 / 90
Cryptography: Threat Model What does the adversary know? Algorithms? Typical user behavior? What can the adversary access? Access communication contents? What can the adversary do? Passive or active? Computing power? 3 / 90
Threat Model : Adversary Knowledge - Algorithms Saltzer and Schroeder Design Principles: Open Design Much older idea than Saltzer and Schroeder... Kerckhoff’s Principle (1883) : The security of a cryptosystem depends on the strength of the algorithm and the secrecy of the key. Trying to keep algorithms secret (“security through obscurity”) almost never works. Bottom Line: Better to use a system that experts have tried (and failed) to break 4 / 90
Threat Model : Adversary Knowledge - Behavior Some things an attacker might know: Language of messages (e.g., English) Common phrases (email headers, signatures, ...) Likely keys/pass-phrases (names, birthdays, etc.) 5 / 90
Threat Model : Adversary Access and Power For now: Access: Attacker can intercept/modify all communication content Power: “Probabilistic Polynomial-Time Algorithms” This is really important if you get into crypto - not so much here How to model crypto use for confidential communication? 6 / 90
Modern Cryptography Symmetric cryptography Public key (asymmetric) cryptography. We will cover it next 7 / 90
Symmetric Encryption Also referred to as: Conventional encryption Secret-key or single-key encryption Only alternative before public-key encryption in 1970’s Still most widely used alternative Two requirements for secure use: Need a strong encryption algorithm Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure Has five ingredients: Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm 8 / 90
Simplified Model of Symmetric Encryption 9 / 90
Symmetric Encryption: Stream Cipher Encrypts a digital data stream one bit or one byte at a time One time pad is example; but practical limitations Typical approach for stream cipher: Key ( K ) used as input to bit-stream generator algorithm Algorithm generates cryptographic bit stream ( k i ) used to encrypt plaintext Users share a key; use it to generate keystream 10 / 90
Symmetric Encryption: Block Cipher Most common type of symmetric cipher Encrypt a block of plaintext as a whole to produce same sized ciphertext Properties of a block cipher Must supply a full block of input bits in order to evaluate Partial block? Use padding More than one block?

#### You've reached the end of your free preview.

Want to read all 90 pages?