程序代写代做代考 algorithm chain Computer Security: Principles and Practice, 1/e

Computer Security: Principles and Practice, 1/e

Human – is the most complex factor in computer security
Skim read the news blog listed below– while we are waiting to start session
URL is also in the chat

https://www.bbc.co.uk/news/technology-54591761

Introduction to computer security: Symmetric key

By.
Dr. Imran Ullah Khan
Informatics, University of Sussex

Resources ref: Computer Security: Principles and Practice”, 4/e, GE, by William Stallings and Lawrie Brown, Chapter 3 User Authentication

2

For further reading
1)
Information on these slides is taken from Chapter 02
Cryptography online book written by Bill Buchanan available online in Sussex Library
http://asecuritysite.com/crypto02
http://asecuritysite.com/encryption

2) Computer Security by William Stallings and Lawrie Brown
Part of chapter 20

Completed last week Today Next

4

Classified along three independent dimensions:

The type of operations used for transforming plaintext to ciphertext

Substitution – each element in the plaintext is mapped into another element

Transposition – elements in plaintext are rearranged

The number of keys used

Sender and receiver use same key – symmetric

Sender and receiver each use a different key – asymmetric

The way in which the plaintext is processed

Block cipher – processes input one block of elements at a time

Stream cipher – processes the input elements continuously

Overview
All forms of encryption
Block versus stream
Block cipher: Padding
Salting
Time to crack an encrypted asset
Parallel Computing
Quantum computing

General scenario

All forms of encryption
Thumbprint

Block & Stream cipher

Block cipher

Stream Ciphers

10
A block cipher processes the input one block of elements at a time, producing an
output block for each input block. A stream cipher processes the input elements
continuously, producing output one element at a time, as it goes along. Although
block ciphers are far more common, there are certain applications in which a
stream cipher is more appropriate.

A typical stream cipher encrypts plaintext 1 byte at a time, although a stream cipher
may be designed to operate on 1 bit at a time or on units larger than a byte at a time.
In stream cipher, a key is input to a pseudorandom bit generator that produces a stream of 8-bit
numbers that are apparently random. A pseudorandom stream is one that is unpredictable
without knowledge of the input key and that has an apparently random
character. The output of the generator, called a keystream, is combined 1 byte at
a time with the plaintext stream using the bitwise exclusive-OR (XOR) operation.

Processes input elements continuously

Key input to a pseudorandom bit generator

Produces stream of random like numbers

Unpredictable without knowing input key

XOR keystream output with plaintext bytes

Stream cipher

Stream cipher: RC4 example

Block cipher: Padding

Padding

ASCII Check values here http://www.asciitable.com/

Error this is actually 20……

Electronic Codebook (ECB)
Simplest mode
Plaintext is handled b bits at a time and each block is encrypted using the same key
“Codebook” is used because there is an unique ciphertext for every b-bit block of plaintext
Not secure for long messages since repeated plaintext is seen in repeated ciphertext

To overcome security deficiencies you need a technique where the same plaintext block, if repeated, produces different ciphertext blocks

19
The simplest way to proceed is what is known as electronic codebook (ECB) mode,
in which plaintext is handled b bits at a time and each block of plaintext is encrypted
using the same key The term codebook is used because, for a given
key, there is a unique ciphertext for every b -bit block of plaintext. Therefore, one
can imagine a gigantic codebook in which there is an entry for every possible b -bit
plaintext pattern showing its corresponding ciphertext.

With ECB, if the same b -bit block of plaintext appears more than once in
the message, it always produces the same ciphertext. Because of this, for lengthy
messages, the ECB mode may not be secure. If the message is highly structured,
it may be possible for a cryptanalyst to exploit these regularities. For example, if
it is known that the message always starts out with certain predefined fields, then
the cryptanalyst may have a number of known plaintext-ciphertext pairs to work
with. If the message has repetitive elements, with a period of repetition a multiple
of b bits, then these elements can be identified by the analyst. This may help in the
analysis or may provide an opportunity for substituting or rearranging blocks.

To overcome the security deficiencies of ECB, we would like a technique in
which the same plaintext block, if repeated, produces different ciphertext blocks.

Salting

Block Cipher Modes of Operation

22
A symmetric block cipher processes one block of data at a time. In the case of DES
and 3DES, the block length is 64 bits. For longer amounts of plaintext, it is necessary
to break the plaintext into 64-bit blocks (padding the last block if necessary).
To apply a block cipher in a variety of applications, five modes of operation have
been defined by NIST SP 800-38A (Recommendation for Block Cipher Modes of Operation: Methods and Techniques, December 2001).
The five modes are intended to cover virtually all the possible applications of encryption for which a block cipher
could be used. These modes are intended for use with any symmetric block cipher,
including triple DES and AES.

Salting: OFB and CFB

Cracking an encrypted asset: time consideration

Time to crack
Clock speed measures the number of cycles your CPU executes per second

Hertz – one cycle per second is known as 1 hertz.

For example, a CPU with a clock speed of 2 gigahertz (GHz) can carry out two thousand million (or two billion) cycles per second.

The higher the clock speed a CPU has, the faster it can process instructions.

Some kali Linux tools do provide some estimation, may not be 100% accurate still good enough
oclhashcat and john the ripper

26

Number of keys: the larger the key, the greater the key space

Use online exponent calculator to find total possible keys
e.g. 2 exponent 1 = 2
https://www.rapidtables.com/calc/math/Exponent_Calculator.html

Time to crack.
Why is it important to understand the length of time that a message takes to crack as it may need to be secret for a certain time period.

1 Billionth of a second = nanosecond =

Average Time = (Total combination of keys X CPU Speed) / 2
Why divide by 2? Because base used to cal total keys was 2

Time to crack

Moore’s Law

Time to crack

Time to crack: Parallel processing

Time to crack: parallel processing

Quantum computing
Important read
Key points
1)Read the white paper provided in Week 4 folder

2)
https://www.cryptomathic.com/news-events/blog/quantum-computing-and-its-impact-on-cryptography
Bits versus qubits
qubits store multiple states
E-commerce depend on encryption
asymmetric cryptography:
(a) Integer factorisation
(b) Discrete logarithm
(c) Elliptic curve discrete
logarithm
Difficult to break but quantum computing will make it possible

/docProps/thumbnail.jpeg

Mode
Description
Typical Application

Electronic Codebook (ECB)
Each block of 64 plaintext bits is encoded independently using the same key.
•Secure transmission of single values (e.g., an encryption key)

Cipher Block Chaining (CBC)
The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext.
•General-purpose block-oriented transmission
•Authentication

Cipher Feedback (CFB)
Input is processed s bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext.
•General-purpose stream-oriented transmission
•Authentication

Output Feedback (OFB)
Similar to CFB, except that the input to the encryption algorithm is the preceding DES output.
•Stream-oriented transmission over noisy channel (e.g., satellite communication)

Counter (CTR)
Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block.
•General-purpose block-oriented transmission
•Useful for high-speed requirements

/docProps/thumbnail.jpeg