click below
click below
Normal Size Small Size show me how
CS 2365
Extra Credit Quiz
Question | Answer |
---|---|
Security Goals (CIA triad): Confidentiality | Assets accessed by authorized parties Read type access - Read, view, print, know existence of object Cryptosystem Symmetric Cryptosystem - DES, AES Asymmetric Cryptosystem - Diffie Hellman, RSA |
Security Goals (CIA triad): Integrity | Assets modified by authorized parties or in authorized ways Modifications - write, change, delete, or create |
Security Goals (CIA triad): Availability | Assets available when users want to access |
Cryptosystem: | System for encryption and decryption |
Encryption: | Message encoded to no obvious message Encrypt, encipher, encode |
Decryption: | Encrypted message transformed into “normal” form Decrypt, decipher, decode |
Cryptosystem (Code): Plaintext | P = (p1, p2,…, pn): original form of a message |
Cryptosystem (Code): Ciphertext | C = (c1, c2, …, Cm): encrypted form |
Cryptosystem (Code): Transformation between P and C | C = E (P) and P = D (C) Cryptosystem: P = D (E(P)) |
Stream Cipher: | Convert one symbol of plaintext to a symbol of ciphertext Advantages: Speed of transformation |
Block Cipher: | Encrypts a group of plaintext symbols as one block Advantages: High diffusion |
Symmetric Cryptosystem: Secret Key Cryptosystem (Single Key) | Encryption and Decryption keys are the same Confidentially depends only on secrecy of the key Secret key systems do not scale well |
Secret Key Cryptosystem (Single Key): code | P = D (K, C) where C = E (K, P) P = D (K, E (K, P)) |
Symmetric Cryptosystem: Secret Key Cryptosystem (Single Key) Diagram --> | Attacker is assumed to know E and D With N parties we need to generate and distribute N*(N-1)/2 Keys A and B can be people and computers |
Data Encryption Standard (DES): | A symmetric-key block cipher Uses 16 round Feistel structure. The block size is 64-bit Effective key length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption algorithm à (Function as check bits only) --> E and D are public |
Data Encryption Standard (DES): modes | Electronic Code Book Ciphertext Block Chaining Cipher Feedback Output Feedback modes |
DES Encryption process --> | Initial and final permutation Round function Key schedule |
Initial and final permutation | Straight Permutation boxes (P-boxes) that are inverses of each other Permutation Box (P-box): A bit-shuffling technique used in cryptography to permute or transpose bits Has no cryptography significance in DES |
Round function | DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output. |
Expansion Step - | Since right input is 32-bit and round key is a 48-bit, we first need to expand right input to 48 bits |
XOR (Whitener) with key – | After the expansion permutation, DES does XOR operation on the expanded right section and the round key (only used in this operation) |
S-box – | Total of eight S-box tables. The output of all eight s-boxes is then combined in to 32-bit section |
Principles of S-box: | Each S-box must have 6-bits of input and 4-bits of output There is no output bit of an S-box should be too near to a linear function of the input bits. (S-boxes are non-linear) Each ‘row’ of an S-box should include all possible outputs |
Straight P-box – | 32-bit output of S-boxes is then subjected to the straight permutation. A Permutation box (P-box) shuffles the bits used in cryptography (transpose bits) |
Key schedule | Algorithm implements 16 rounds of encryption and for each round, a unique key is produced In plaintext, the bits are labeled from 1 to 64 where 1 is the MSB and 64 is the LSB |
Round Key Generation - | The Round Key generation produces sixteen 48-bit keys out of a 56-bit cipher key. Cipher key is provided as 64-bit key in which 8 extra bits are parity bits, discarded before the actual key generation process |
Round Key Generation (Process) - 1 | Parity Bit drop process drops the parity bits (bit 8, 16, 24, 32 .. 64) from the 64-bit key and permutes the remaining bit Remaining 56-bits are generally used for key generation |
Round Key Generation (Process) - 2 | After the permutation, the keys are divided into two 28 bits parts. Each part is changed left one or two bits and is depended on the rounds In round 1, 2, 9, and 16 .. shifting is one bit and in the other rounds it is two bits. |
Compression D-box: | Both parts are integrated to build a 56-bit part (1 & 2) The Compression D-box transforms it into 48-bits, 48-bits are being utilized as a key for a round. |
Asymmetric Cryptosystem: | (Two Keys) A pair of keys for encryption and decryption P = D(KD , E(KE , P)) |
Public Key (Asymmetric) Encryption: | Diffie and Hellman [1976] Proposed a public key encryption system Motivation – n*(n-1)/2 for secret keys among n-users Each user has two keys – a public key and a private key |
Public Key (Asymmetric) Encryption: CODE | P = D(KPRIV, E(KPUB, P)) Alice encrypts messages with Bob’s public key Bob encrypts a message with a private key |
Advanced Encryption Standard (AES): | NIST selected AES of the Rijndael family in 2001 Symmetric key cryptography as a block cipher – Block sizes of 128 bits – Key sizes of 128, 192, and 256 bits |
Advanced Encryption Standard (AES): Integrity | Protect against unauthorized changes to data Message digest (MD) or Message Authentication Code (MAC) MD with secret-key technology MD with public-key technology |
Advanced Encryption Standard (AES): Message Digest: | One-way function – m = H(M) is easy to compute M = H-1 (m) is hard to compute |
Advanced Encryption Standard (AES): Digital Signature | A mark that only the sender can make But other people recognize Person P signs message M, generates signature S(P, M), and sends [M, S(P, M)] to R Two primary properties : – It must be unforgeable – It must be authentic |
Advanced Encryption Standard (AES): Non-repudiation | – Protect against one party to a transaction or communication activity – later falsely denying that the transaction or activity occurred |
Advanced Encryption Standard (AES): characteristics | AES is a block cipher. • The key size can be 128/192/256 bits. • Encrypts data in blocks of 128 bits each |
AES encryption process: (1) | AES is an iterative process. It is based on ‘substitution–permutation network’. It comprises of a series of linked operations, some of which involve replacing inputs by (substitutions) and others involve shuffling bits around (permutations). |
AES encryption process: (2) | AES performs all its computations on bytes. Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as a matrix (2) |
AES encryption process: four sub-processes. | • SubBytes • ShiftRows • MixColumns • Add Round Key |
AES encryption process (SubBytes): | This step implements the substitution. In this step each byte is substituted by another byte. Its performed using a lookup table also called the S-box The result of this step is a 16 byte (4 x 4 ) matrix like before |
AES encryption process (ShiftRows): | The first row is not shifted The second row is shifted once to the left. The third row is shifted twice to the left. The fourth row is shifted thrice to the left |
AES encryption process (MixColumns): | This step is basically a matrix multiplication. Each column is multiplied with a specific matrix and thus the position of each byte in the column is changed as a result. |
AES encryption process (Add Round Keys): | The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key If this is the last round then the output is the ciphertext. Otherwise, 128 bits are interpreted as 16 bytes and we begin another similar round. |