1、Wireless Networks and SecuritySymmetric Encryption & Message Confidentiality共三十二頁Some Basic TerminologyPlaintext - original message Ciphertext - coded message Cipher - algorithm for transforming plaintext to ciphertext Key - info used in cipher known only to sender/receiver Encipher (encrypt) - conv

2、erting plaintext to ciphertext Decipher (decrypt) - recovering ciphertext from plaintextCryptography - study of encryption principles/methodsCryptanalysis (code breaking) - study of principles/methods of deciphering ciphertext without knowing keyCryptology - field of both cryptography and cryptanaly

3、sis共三十二頁共三十二頁RequirementsThere are two requirements for secure use of symmetric encryption:A strong encryption algorithmSender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secureThe security of symmetric encryption depends on the secrecy of the k

4、ey, not the secrecy of the algorithmThis makes it feasible for widespread useManufacturers can and have developed low-cost chip implementations of data encryption algorithmsThese chips are widely available and incorporated into a number of products共三十二頁CryptographyCryptographic systems are generical

5、ly classified along three independent dimensions:The type of operations used for transforming plaintext to ciphertextSubstitutionEach element in the plaintext is mapped into another elementTranspositionElements in the plaintext are rearrangedFundamental requirement is that no information be lostProd

6、uct systemsInvolve multiple stages of substitutions and transpositionsThe number of keys usedReferred to as symmetric, single-key, secret-key, or conventional encryption if both sender and receiver use the same keyReferred to as asymmetric, two-key, or public-key encryption if the sender and receive

7、r each use a different keyThe way in which the plaintext is processedBlock cipher processes the input one block of elements at a time, producing an output block for each input blockStream cipher processes the input elements continuously, producing output one element at a time, as it goes along共三十二頁c

8、ryptanalysisAn encryption scheme is computationally secure if the ciphertext generated by the scheme meets one or both of the following criteria:The cost of breaking the cipher exceeds the value of the encrypted informationThe time required to break the cipher exceeds the useful lifetime of the info

9、rmation共三十二頁Brute Force attackInvolves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtainedOn average, half of all possible keys must be tried to achieve successUnless known plaintext is provided, the analyst must be able to recognize plaintext as

10、plaintextTo supplement the brute-force approachSome degree of knowledge about the expected plaintext is neededSome means of automatically distinguishing plaintext from garble is also needed共三十二頁共三十二頁Feistel Cipher Design ElementsBlock sizeLarger block sizes mean greater security but reduced encrypti

11、on/decryption speed Key sizeLarger key size means greater security but may decrease encryption/decryption speed Number of rounds The essence of a symmetric block cipher is that a single round offers inadequate security but that multiple rounds offer increasing securitySubkey generation algorithmGrea

12、ter complexity in this algorithm should lead to greater difficulty of cryptanalysisRound function Greater complexity generally means greater resistance to cryptanalysisFast software encryption/decryptionIn many cases, encryption is embedded in applications or utility functions in such a way as to pr

13、eclude a hardware implementation; accordingly, the seed of execution of the algorithm becomes a concernEase of analysisIf the algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance a

14、s to its strength共三十二頁Symmetric Block encryption algorithmsBlock cipherThe most commonly used symmetric encryption algorithmsProcesses the plaintext input in fixed-sized blocks and produces a block of ciphertext of equal size for each plaintext blockThe three most important symmetric block ciphersDa

15、ta Encryption Standard (DES)Triple DES (3DES)Advanced Encryption Standard (AES)共三十二頁Data Encryption Standard (DES)Most widely used encryption schemeIssued in 1977 as Federal Information Processing Standard 46 (FIPS 46) by the National Institute of Standards and Technology (NIST)The algorithm itself

16、is referred to as the Data Encryption Algorithm (DEA)共三十二頁DES algorithm Description of the algorithm:Plaintext is 64 bits in lengthKey is 56 bits in lengthStructure is a minor variation of the Feistel networkThere are 16 rounds of processingProcess of decryption is essentially the same as the encryp

17、tion processThe strength of DES:Concerns fall into two categoriesThe algorithm itselfRefers to the possibility that cryptanalysis is possible by exploiting the characteristics of the algorithmThe use of a 56-bit keySpeed of commercial, off-the-shelf processors threatens the security共三十二頁Table 2.2 Av

18、erage Time Required for Exhaustive Key Search 共三十二頁Triple DES (3DES) 共三十二頁3DES Drawbacks & guidelines3DES drawbacksNo efficient software code; slow due to three times as many rounds as DESA larger block size is desirable for reasons of both efficiency & securityFIPS 46-3 includes the following guide

19、lines for 3DES:3DES is the FIPS-approved symmetric encryption algorithm of choiceThe original DES, which uses a single 56-bit key, is permitted under the standard for legacy systems only; new procurements should support 3DESGovernment organizations with legacy DES systems are encouraged to transitio

20、n to 3DESIt is anticipated that 3DES and the Advanced Encryption Standard (AES) will coexist as FIPS-approved algorithms, allowing for a gradual transition to AES共三十二頁Advanced encryption standard (AES)In 1997 NIST issued a call for proposals for a new AES:Should have a security strength equal to or

21、better than 3DES and significantly improved efficiencyMust be a symmetric block cipher with a block length of 128 bits and support for key lengths of 128, 192, and 256 bitsEvaluation criteria included security, computational efficiency, memory requirements, hardware and software suitability, and fle

22、xibilityNIST selected Rijndael as the proposed AES algorithmFIPS PUB 197Developers were two cryptographers from Belgium: Dr. Joan Daemen and Dr. Vincent Rijmen共三十二頁共三十二頁Random and pseudorandom NumbersA number of network security algorithms based on cryptography make use of random numbersExamples:Gen

23、eration of keys for the RSA public-key encryption algorithm and other public-key algorithmsGeneration of a symmetric key for use as a temporary session key; used in a number of networking applications such as Transport Layer Security, Wi-Fi, e-mail security, and IP securityIn a number of key distrib

24、ution scenarios, such as Kerberos, random numbers are used for handshaking to prevent replay attacksTwo distinct and not necessarily compatible requirements for a sequence of random numbers are:RandomnessUnpredictability共三十二頁RandomnessThe following criteria are used to validate that a sequence of nu

25、mbers is random:Uniform distributionThe distribution of bits in the sequence should be uniformFrequency of occurrence of ones and zeros should be approximately the sameIndependenceNo one subsequence in the sequence can be inferred from the othersThere is no test to “prove” independenceThe general st

26、rategy is to apply a number of tests until the confidence that independence exists is sufficiently strong共三十二頁unpredictabilityIn applications such as reciprocal authentication and session key generation, the requirement is not so much that the sequence of numbers be statistically random but that the

27、 successive members of the sequence are unpredictableWith “true” random sequences, each number is statistically independent of other numbers in the sequence and therefore unpredictableCare must be taken that an opponent not be able to predict future elements of the sequence on the basis of earlier e

28、lements共三十二頁共三十二頁Stream Cipher design considerationsThe encryption sequence should have a large periodThe longer the period of repeat, the more difficult it will be to do cryptanalysisThe keystream should approximate the properties of a true random number stream as close as possibleThe more random-a

29、ppearing the keystream is, the more randomized the ciphertext is, making cryptanalysis more difficultThe pseudorandom number generator is conditioned on the value of the input keyTo guard against brute-force attacks, the key needs to be sufficiently longWith current technology, a key length of at le

30、ast 128 bits is desirable共三十二頁RC4 algorithmA stream cipher designed in 1987 by Ron Rivest for RSA SecurityIt is a variable key-size stream cipher with byte-oriented operationsThe algorithm is based on the use of a random permutationIs used in the Secure Sockets Layer/Transport Layer Security (SSL/TL

31、S) standards that have been defined for communication between Web browsers and serversAlso used in the Wired Equivalent Privacy (WEP) protocol and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard共三十二頁Cipher block Modes of OperationA symmetric bloc

32、k cipher processes one block of data at a timeIn the case of DES and 3DES, the block length is b=64 bitsFor AES, the block length is b=128For longer amounts of plaintext, it is necessary to break the plaintext into b-bit blocks, padding the last block if necessaryFive modes of operation have been de

33、fined by NISTIntended to cover virtually all of the possible applications of encryption for which a block cipher could be usedIntended for use with any symmetric block cipher, including triple DES and AES共三十二頁Electronic Codebook Mode (ECB)Plaintext is handled b bits at a time and each block of plain

34、text is encrypted using the same keyThe term “codebook” is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintextOne can imagine a gigantic codebook in which there is an entry for every possible b-bit plaintext pattern showing its corresponding ciphertextWith

35、ECB, if the same b-bit block of plaintext appears more than once in the message, it always produces the same ciphertextBecause of this, for lengthy messages, the ECB mode may not be secureIf the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities共三十二頁Cip

36、her Block Chaining (CBC) Mode共三十二頁Cipher Block Chaining (CBC) ModeEncryption:Decryption共三十二頁CipherFeedback (CFB) ModeWe can convert any block cipher into a stream cipher by using CFB mode EncryptionDecryption共三十二頁Counter Mode (CTR) 共三十二頁Advantages of CTR modeHardware efficiencyEncryption/decryption can be done in parallel on multiple blocks of plaintext or ciphertextThroughput is only limited by th