ECE 454CS 594 Computer and Network Security Dr
![ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-1.jpg)
![Secret Key Cryptography Modes of operation • Stream cipher • 2 Secret Key Cryptography Modes of operation • Stream cipher • 2](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-2.jpg)
![Encrypting A Large Message How to encrypt a message > 64 bits? Electronic Code Encrypting A Large Message How to encrypt a message > 64 bits? Electronic Code](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-3.jpg)
![ECB Mode ECB Encryption ECB Decryption • Message is broken into 64 -bit blocks ECB Mode ECB Encryption ECB Decryption • Message is broken into 64 -bit blocks](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-4.jpg)
![Pros and Cons of ECB • Suitable for use in secure transmission of single Pros and Cons of ECB • Suitable for use in secure transmission of single](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-5.jpg)
![ECB Rearranging and Modification Attacks 10, 000’s digit of salary easily modified • 10, ECB Rearranging and Modification Attacks 10, 000’s digit of salary easily modified • 10,](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-6.jpg)
![CBC Mode CBC Encryption CBC Decryption Selects a random number: IV (initialization vector) that CBC Mode CBC Encryption CBC Decryption Selects a random number: IV (initialization vector) that](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-7.jpg)
![Pros and Cons of CBC Suitable for use in general-purpose block-oriented transmission, and authentication Pros and Cons of CBC Suitable for use in general-purpose block-oriented transmission, and authentication](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-8.jpg)
![CBC Modification Attack Original message Decrypted message after modification • Solution? 9 CBC Modification Attack Original message Decrypted message after modification • Solution? 9](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-9.jpg)
![CBC Rearranging Attack If the ciphertext blocks are rearranged as: C 1, C 5, CBC Rearranging Attack If the ciphertext blocks are rearranged as: C 1, C 5,](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-10.jpg)
![AES Example: ECB vs. CBC AES in ECB mode AES in CBC mode Similar AES Example: ECB vs. CBC AES in ECB mode AES in CBC mode Similar](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-11.jpg)
![Output Feedback Mode (OFB) k-bit OFB • OFB is a stream cipher: encryption is Output Feedback Mode (OFB) k-bit OFB • OFB is a stream cipher: encryption is](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-12.jpg)
![Pros and Cons of OFB • • • Suitable for use in stream-oriented transmission Pros and Cons of OFB • • • Suitable for use in stream-oriented transmission](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-13.jpg)
![Cipher Feedback Mode (CFB) k-bit CFB • Similar to OFB • k bits shifted Cipher Feedback Mode (CFB) k-bit CFB • Similar to OFB • k bits shifted](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-14.jpg)
![Pros and Cons of CFB • Suitable for use in general-purpose stream-oriented transmission, and Pros and Cons of CFB • Suitable for use in general-purpose stream-oriented transmission, and](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-15.jpg)
![Counter Mode (CTR) Counter Mode • Similar to OFB • Instead of chaining the Counter Mode (CTR) Counter Mode • Similar to OFB • Instead of chaining the](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-16.jpg)
![Pros and Cons of CTR • Suitable for use in general-purpose block-oriented transmission, and Pros and Cons of CTR • Suitable for use in general-purpose block-oriented transmission, and](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-17.jpg)
![Generating MACs • Integrity: protect against undetected modifications, cannot be guaranteed by any mode Generating MACs • Integrity: protect against undetected modifications, cannot be guaranteed by any mode](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-18.jpg)
![Privacy and Integrity: The Don’ts • Privacy: CBC encryption • Integrity: CBC residue • Privacy and Integrity: The Don’ts • Privacy: CBC encryption • Integrity: CBC residue •](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-19.jpg)
![Ciphertext + CBC Residue • Problem? 20 Ciphertext + CBC Residue • Problem? 20](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-20.jpg)
![Encrypt {plaintext + CBC residue} • Problem? 21 Encrypt {plaintext + CBC residue} • Problem? 21](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-21.jpg)
![Encrypt {plaintext + CRC} • Longer CRC maybe Okay 22 Encrypt {plaintext + CRC} • Longer CRC maybe Okay 22](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-22.jpg)
![Privacy and Integrity: The Do’s • Privacy: CBC encryption + Integrity: CBC residue, but Privacy and Integrity: The Do’s • Privacy: CBC encryption + Integrity: CBC residue, but](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-23.jpg)
![3 DES: CBC Outside vs. Inside CBC on the outside (Why this one? ) 3 DES: CBC Outside vs. Inside CBC on the outside (Why this one? )](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-24.jpg)
![Stream Ciphers �A key is input into a pseudorandom generator to produce a pseudorandom Stream Ciphers �A key is input into a pseudorandom generator to produce a pseudorandom](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-25.jpg)
![Design Considerations � The encryption sequence should have a large period without repetitions � Design Considerations � The encryption sequence should have a large period without repetitions �](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-26.jpg)
![RC 4 � Designed by Ron Rivest in 1987 for RSA security � Variable RC 4 � Designed by Ron Rivest in 1987 for RSA security � Variable](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-27.jpg)
![RC 4 (Cont’d) 28 RC 4 (Cont’d) 28](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-28.jpg)
![RC 4 Keystream Generation 29 RC 4 Keystream Generation 29](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-29.jpg)
![Strength of RC 4 �No practical attack on RC 4 is known �Must not Strength of RC 4 �No practical attack on RC 4 is known �Must not](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-30.jpg)
![Reading Assignments �[Kaufman] Chapter 4 31 Reading Assignments �[Kaufman] Chapter 4 31](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-31.jpg)
- Slides: 31
![ECE 454CS 594 Computer and Network Security Dr Jinyuan Stella Sun Dept of Electrical ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-1.jpg)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011 1
![Secret Key Cryptography Modes of operation Stream cipher 2 Secret Key Cryptography Modes of operation • Stream cipher • 2](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-2.jpg)
Secret Key Cryptography Modes of operation • Stream cipher • 2
![Encrypting A Large Message How to encrypt a message 64 bits Electronic Code Encrypting A Large Message How to encrypt a message > 64 bits? Electronic Code](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-3.jpg)
Encrypting A Large Message How to encrypt a message > 64 bits? Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Output Feedback Mode (OFB) • Cipher Feedback Mode (CFB) • Counter Mode (CTR) • 3
![ECB Mode ECB Encryption ECB Decryption Message is broken into 64 bit blocks ECB Mode ECB Encryption ECB Decryption • Message is broken into 64 -bit blocks](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-4.jpg)
ECB Mode ECB Encryption ECB Decryption • Message is broken into 64 -bit blocks Each block is independently encoded with the same secret key • 4
![Pros and Cons of ECB Suitable for use in secure transmission of single Pros and Cons of ECB • Suitable for use in secure transmission of single](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-5.jpg)
Pros and Cons of ECB • Suitable for use in secure transmission of single values (e. g. an encryption key) • Error in one received ciphertext block does not affect the correct decryption of other ciphertext blocks • Identical plaintext blocks produce identical ciphertext blocks resulting in recognizable pattern Ciphertext blocks can be easily rearranged or modified • 5
![ECB Rearranging and Modification Attacks 10 000s digit of salary easily modified 10 ECB Rearranging and Modification Attacks 10, 000’s digit of salary easily modified • 10,](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-6.jpg)
ECB Rearranging and Modification Attacks 10, 000’s digit of salary easily modified • 10, 000’s digit blocks easily swapped • 6
![CBC Mode CBC Encryption CBC Decryption Selects a random number IV initialization vector that CBC Mode CBC Encryption CBC Decryption Selects a random number: IV (initialization vector) that](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-7.jpg)
CBC Mode CBC Encryption CBC Decryption Selects a random number: IV (initialization vector) that is XORed with the first plaintext block. Why? • Then generates its own random numbers: the ciphertext from the previous block, XORed with the next plaintext block • 7
![Pros and Cons of CBC Suitable for use in generalpurpose blockoriented transmission and authentication Pros and Cons of CBC Suitable for use in general-purpose block-oriented transmission, and authentication](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-8.jpg)
Pros and Cons of CBC Suitable for use in general-purpose block-oriented transmission, and authentication • The same block repeating in the plaintext will not cause repeats in the ciphertext • Subject to modification attack: (but error propagates) • Subject to ciphertext block rearranging attack • IV: needs to be shared between sender and receiver, either a fixed value or sent encrypted (How to encrypt? ) • 8
![CBC Modification Attack Original message Decrypted message after modification Solution 9 CBC Modification Attack Original message Decrypted message after modification • Solution? 9](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-9.jpg)
CBC Modification Attack Original message Decrypted message after modification • Solution? 9
![CBC Rearranging Attack If the ciphertext blocks are rearranged as C 1 C 5 CBC Rearranging Attack If the ciphertext blocks are rearranged as: C 1, C 5,](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-10.jpg)
CBC Rearranging Attack If the ciphertext blocks are rearranged as: C 1, C 5, C 3, C 2, C 4, C 6 • The resulting plaintext blocks can be deduced… • 10
![AES Example ECB vs CBC AES in ECB mode AES in CBC mode Similar AES Example: ECB vs. CBC AES in ECB mode AES in CBC mode Similar](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-11.jpg)
AES Example: ECB vs. CBC AES in ECB mode AES in CBC mode Similar plaintext blocks produce similar ciphertext blocks (not good!) 11
![Output Feedback Mode OFB kbit OFB OFB is a stream cipher encryption is Output Feedback Mode (OFB) k-bit OFB • OFB is a stream cipher: encryption is](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-12.jpg)
Output Feedback Mode (OFB) k-bit OFB • OFB is a stream cipher: encryption is done by XORing plaintext with one-time pad • One-time pad: b 0|b 1|b 2|b 3…, where b 0 is a random 64 -bit IV, b 1 is the secret key encrypted b 0, and so on… 12
![Pros and Cons of OFB Suitable for use in streamoriented transmission Pros and Cons of OFB • • • Suitable for use in stream-oriented transmission](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-13.jpg)
Pros and Cons of OFB • • • Suitable for use in stream-oriented transmission over noisy channel (e. g. , satellite communication) One-time pad can be generated in advance, only XOR operations are performed in real-time Bit errors do not propagate: error in one ciphertext block only garbles the corresponding plaintext block Message can arrive in arbitrarily sized chunks, get encrypted and transmitted immediately Plaintext modification attack: if attacker knows <plaintext, ciphertext>, he can XOR the plaintext and ciphertext, and XOR the result with any message of his choosing Must not reuse the same IV or secret key (Why? ) 13
![Cipher Feedback Mode CFB kbit CFB Similar to OFB k bits shifted Cipher Feedback Mode (CFB) k-bit CFB • Similar to OFB • k bits shifted](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-14.jpg)
Cipher Feedback Mode (CFB) k-bit CFB • Similar to OFB • k bits shifted in the register are the k bits of ciphertext from the previous block (k can be any number: 1, 8, 64, 128, etc. ) 14
![Pros and Cons of CFB Suitable for use in generalpurpose streamoriented transmission and Pros and Cons of CFB • Suitable for use in general-purpose stream-oriented transmission, and](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-15.jpg)
Pros and Cons of CFB • Suitable for use in general-purpose stream-oriented transmission, and authentication • Less subject to tampering: with k-bit CFB, the change of any k-bit of plaintext in a predictable way will cause unpredictably garbling the next b/k blocks • One-time pad cannot be pre-computed, encryption needs to be done in real-time • Error in a k-bit ciphertext block propagates: it garbles the next b/k plaintext blocks 15
![Counter Mode CTR Counter Mode Similar to OFB Instead of chaining the Counter Mode (CTR) Counter Mode • Similar to OFB • Instead of chaining the](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-16.jpg)
Counter Mode (CTR) Counter Mode • Similar to OFB • Instead of chaining the encryption of one-time pad, the IV is incremented and encrypted to get successive blocks of the one-time pad 16
![Pros and Cons of CTR Suitable for use in generalpurpose blockoriented transmission and Pros and Cons of CTR • Suitable for use in general-purpose block-oriented transmission, and](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-17.jpg)
Pros and Cons of CTR • Suitable for use in general-purpose block-oriented transmission, and high speed encryption • One-time pad can be pre-computed • Decrypting at any point rather than the beginning: ideal for random access applications • Hardware/software efficiency: parallel encryption/decryption on multiple blocks of plaintext or ciphertext • Provable security: at least as secure as other modes • Simplicity: unlike ECB and CBC, no decryption algorithm is needed in CTR (also true for OFB and CFB) • Must not reuse the same IV or key, same as OFB • Because: An attacker could get the XOR of two plaintext blocks by XORing the two corresponding ciphertext blocks 17
![Generating MACs Integrity protect against undetected modifications cannot be guaranteed by any mode Generating MACs • Integrity: protect against undetected modifications, cannot be guaranteed by any mode](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-18.jpg)
Generating MACs • Integrity: protect against undetected modifications, cannot be guaranteed by any mode of operation if attacker knows the plaintext • Plaintext + CBC residue (when message not secret) 18
![Privacy and Integrity The Donts Privacy CBC encryption Integrity CBC residue Privacy and Integrity: The Don’ts • Privacy: CBC encryption • Integrity: CBC residue •](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-19.jpg)
Privacy and Integrity: The Don’ts • Privacy: CBC encryption • Integrity: CBC residue • Ciphertext + CBC residue? • Encrypt {plaintext + CBC residue}? • Encrypt {plaintext + CRC}? 19
![Ciphertext CBC Residue Problem 20 Ciphertext + CBC Residue • Problem? 20](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-20.jpg)
Ciphertext + CBC Residue • Problem? 20
![Encrypt plaintext CBC residue Problem 21 Encrypt {plaintext + CBC residue} • Problem? 21](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-21.jpg)
Encrypt {plaintext + CBC residue} • Problem? 21
![Encrypt plaintext CRC Longer CRC maybe Okay 22 Encrypt {plaintext + CRC} • Longer CRC maybe Okay 22](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-22.jpg)
Encrypt {plaintext + CRC} • Longer CRC maybe Okay 22
![Privacy and Integrity The Dos Privacy CBC encryption Integrity CBC residue but Privacy and Integrity: The Do’s • Privacy: CBC encryption + Integrity: CBC residue, but](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-23.jpg)
Privacy and Integrity: The Do’s • Privacy: CBC encryption + Integrity: CBC residue, but with different keys • CBC + weak cryptographic checksum • CBC + CBC residue with related keys • CBC + cryptographic hash: keyed hash preferred • OCB: offset codebook mode: both privacy and integrity in a single cryptographic pass, desirable 23
![3 DES CBC Outside vs Inside CBC on the outside Why this one 3 DES: CBC Outside vs. Inside CBC on the outside (Why this one? )](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-24.jpg)
3 DES: CBC Outside vs. Inside CBC on the outside (Why this one? ) CBC on the inside 24
![Stream Ciphers A key is input into a pseudorandom generator to produce a pseudorandom Stream Ciphers �A key is input into a pseudorandom generator to produce a pseudorandom](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-25.jpg)
Stream Ciphers �A key is input into a pseudorandom generator to produce a pseudorandom keystream � Pseudorandom stream: unpredictable without knowing key � Keystream is bitwise XORed with plaintext stream 25
![Design Considerations The encryption sequence should have a large period without repetitions Design Considerations � The encryption sequence should have a large period without repetitions �](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-26.jpg)
Design Considerations � The encryption sequence should have a large period without repetitions � The keystream k should approximate the properties of a true random number stream as close as possible � Input key K need be sufficiently long � When properly designed, a stream cipher can be as secure as block cipher of comparable key length � Advantage of stream ciphers: almost always faster and use far less code than block ciphers 26
![RC 4 Designed by Ron Rivest in 1987 for RSA security Variable RC 4 � Designed by Ron Rivest in 1987 for RSA security � Variable](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-27.jpg)
RC 4 � Designed by Ron Rivest in 1987 for RSA security � Variable key-size stream cipher with byte-oriented applications � Popular uses: SSL/TLS (Secure Sockets Layer/Transport Layer Security), WEP (Wired Equivalent Privacy) protocol and the newer Wi. Fi Protected Access (WPA) � A variable-length key (1— 256 bytes) is used to initialize a 256 -byte state vector S � A byte in the keystream k is generated from S by selecting one of the 256 entries for encryption/decryption � The entries in S are permuted after generating each 27 k
![RC 4 Contd 28 RC 4 (Cont’d) 28](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-28.jpg)
RC 4 (Cont’d) 28
![RC 4 Keystream Generation 29 RC 4 Keystream Generation 29](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-29.jpg)
RC 4 Keystream Generation 29
![Strength of RC 4 No practical attack on RC 4 is known Must not Strength of RC 4 �No practical attack on RC 4 is known �Must not](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-30.jpg)
Strength of RC 4 �No practical attack on RC 4 is known �Must not reuse key �A known vulnerability in WEP: relevant to the generation of the key input to RC 4 but not RC 4 itself 30
![Reading Assignments Kaufman Chapter 4 31 Reading Assignments �[Kaufman] Chapter 4 31](https://slidetodoc.com/presentation_image/5433051c3e56d3c3dd5ad5715a0b1801/image-31.jpg)
Reading Assignments �[Kaufman] Chapter 4 31
Wireless security in cryptography
Private security
Computer and network security
The osi security architecture
Security guide to network security fundamentals
Electronic mail security in network security
Security guide to network security fundamentals
Security guide to network security fundamentals
Computer & network security
Network topologies
Upenn cit
Iri zahlen pikas
Criteri di divisibilità tabella
Cit 594
594/841
Upenn cit
Magni 575
Ai 594
Upenn cis courses
Cis classes upenn
Com(2020) 594 final
E commerce security policy
Network reliability and security
Network security design
Module 3: information and network security
Modulo table
криптографический модуль
Number theory in network security
Firewall base layer
Authentication in cryptography and network security
Intruders in cryptography and network security
Primitive root