LuciferDES3DESRC2RC4BlowfishAES...

Symmetric EncryptionFunctions

•M’ = f(M,key)•M = f’(M’,key)•Note:

•Same key encrypts and decrypts

•f=f’ or f≠f’ (some algorithms have a decrypt mode, some don’t need it).

Symmetric Functions: The Big

Idea

•Pencil-and-paper Ciphers, Codebooks, and encryption machines were all symmetric.

•Clearly, if you knew how to encrypt a message, you knew how to decrypt it, right?

Symmetric Algorithms:

History

•Set “code of the day” on dials.

•Later models: Set additional code with plugs and wires.

•Press a button with the letter to encrypt; the encrypted letter lights up.

•Each key press advances the dials

German Enigma Machine

• http://www.math.miami.edu/~harald/enigma/enigma.gif

Inside the Enigma

•Academia largely disinterested

•NSA Largest Employer of mathematicians in the world.

Cryptography after WW2

•IBM hired by Lloyds of London to arrange security for a cash dispensing network (early ATM machines.)

•IBM develops “Lucifer” cipher

•Symmetric Algorithm

•explicit encrypt/decrypt

•112 bit key

•Substitution and transposition within

8-character blocks

Cryptography and IBM

•National Bureau of Standards request proposals for a “Data Encryption Standard.”

•IBM submits Lucifer to NBS

•NBS submits Lucifer to NSA

•NSA returns Lucifer with “tweaks” to substitution boxes and 56-bit key

Cryptography and NBS

•NSA said they made it “better.”•“Better” for who?•56 bit key (was 112)•new sboxes (what was wrong

with old ones?)

Can you trust DES?

•Lucifer was susceptible to differential cryptanalysis.

•NSA couldn’t tell anybody!•Technique was secret until

independently discovered by Adi Shamir

•sbox changes differential cryptanalysis useless against DES

•IBM published a paper on this in the 90s.

You could trust DES.

DES: A Fiestel Cipher

H. Feistel, "Cryptography and Computer Privacy," Scientific American, v. 228, n. 5, May 73, pp. 15-23.

•In the 1980s, it was hypothesized that someone could build a DES-cracking machine for $1M

•In the 1990s, John Gilmore and & EFF built one for $250K. “Deep Crack.” Time to crack a key: 4-7 days. http://www.eff.org/descracker

•Nevertheless, DES is still widely used.

DES cracking

Why?

Is weak crypto better than no

crypto?weak crypto no crypto

stops casual disclosure

doesn’t give people a false sense of

security

gets people used to use crypto

gives people incentive to move to

strong crypto“Most people don’t

need crypto anyway”“so why use it?”

Strengthening DES

•Triple DES (3DES)

•Encrypt, Decrypt, Encrypt

•M’ = f(f’(f(M,K1),K2),K3)

•Set Key1=Key2 for DES compatibility

•3 keys = 168 bits

•“Ron’s Code” #2 & #4

•Secret, proprietary algorithms from RSA Security

RC2, RC4

•Block cipher. Keysize 40-2048 bites

•Revealed in 1996 in anonymous Usenet posting

•Probably leaked by reverse engineering Lotus Notes

•Widely used because of “40-bit compromise” between Software Publisher’s Association and Commerce Department.

RC2

•Very fast stream cipher - generates a pseudorandom stream used for XORing.

•Keysize 40-2048 bites

•Revealed in 1994 in anonymous Usenet posting

•Probably leaked by an engineer at Apple

•Also part of the “40-bit” compromise.

RC4

•Invented by ... Ron Rivest

•Variable Key Size; Variable # of rounds

•Largely academic curiosity

RC5

RC2 & RC4

RC2 RC4 RC5keysize 40-2028

type block cipher stream cipher block cipher

Where Used SSL & S/MIME SSL n/a

ProtectionTrademark & Trade Secret

Trademark Trademark

Speed fast Extremely fast immaterial

AES

•Advanced Encryption Standard

•Multi-year open competition

•Requirements:

•Block cipher.

•Variable-length keys and blocks (128, 192, 256, etc.)

•Good in hardware or software.

AES Finalists

Twofish - Bruce Schneier

RC5 - Ron Rivest

MARS

Rijndael - Vincent Rijmen and Joan Daemen

Interesting things to note about AES

•US picked a foreign-designed cipher as its standard.

•Not a Fiestel cipher. “New Math”

•AES is faster than DES, even with longer keys!

Other Block Ciphers

•CAST-128 (RFC-2144), 64-bit block, 16-round, 128-bit key

•Blowfish (Schneider, 64-bit block, 40-448 bit key)

Openness in Design

•“Finally, I should note that publishing the design of a cipher inherently weakens it by providing an attacker with details of its operation. The most secure approach would be to design a cipher from scratch and keep both the algorithm and the keys secret. While designing a cryptosystem is fairly easy, evaluating it for loopholes is not. Governments and other very large institutions may have the resources to design and evaluate their own cryptosystem, but the rest of us are probably well advised to use published ciphers that have been publicly evaluated for weaknesses.”

http://www.freesoft.org/CIE/Topics/145.htm

Modes of Operation

•Defines how a block cipher is used on data longer than a block.

•A strong cipher can be made less secure (not secure) with a bad mode of operation

Most Important Modes

•ECB - Electronic Code Book

•CBC - Cipher Block Chaining

•CFB - Cipher Feed Back (XOR generator)

•Counter Mode

Electronic Code Book

http://www.freesoft.org/CIE/Topics/143.htm

ECB Demo

original ECB CBC

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

Other problems with ECB

•Replay attacks

•Mauling

To: Bank From: ATMAction: DepositAmount: $100.00

To: Bank From: ATMAction: DepositAmount: $900.00

“1” = 0011001“9” = 0011101

Cipher Block Chaining

Cipher Feedback Mode

http://members.chello.at/s.peer/

Counter Mode

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

Privacy vs. Integrity

•Need for the two to be distinguished was not evident back in the 1970s.

•In some cases, the ability to change encrypted data may be sufficient.

APIs!

RC4: Easiest there Is

void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);

void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata);

Note: Decrypt and Encrypt are the same operation!

RC4 in Perl # Functional Style use Crypt::RC4; $encrypted = RC4( $passphrase, $plaintext ); $decrypt = RC4( $passphrase, $encrypted );

# OO Style use Crypt::RC4; $ref = Crypt::RC4->new( $passphrase ); $encrypted = $ref->RC4( $plaintext );

$ref2 = Crypt::RC4->new( $passphrase ); $decrypted = $ref2->RC4( $encrypted );

# process an entire file, $ref3 = Crypt::RC4->new( $passphrase ); while (<FILE>) { print $ref3->RC4($_); }

RC2: Block Encryption is

Harder!void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);

void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *key, int enc);void RC2_encrypt(unsigned long *data,RC2_KEY *key);void RC2_decrypt(unsigned long *data,RC2_KEY *key);void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int enc);

EVP: OpenSSL Generic Cipher Algorithms

int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *key, unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);

Perl Modules for Symmetric Encryption•Crypt::Blowfish

•Crypt::CAST5

•Crypt::DES

•Crypt::RC4

•Crypt::RC5

•Crypt::RC6

•Crypt::TripleDES

•Crypt::Twofish