Computer Security: Principles and Practice, 1/e
Human – is the most complex factor in computer security
Skim read the news blog listed below– while we are waiting to start session
URL is also in the chat
https://www.bbc.co.uk/news/technology-54591761
Introduction to computer security: Symmetric key
By.
Dr. Imran Ullah Khan
Informatics, University of Sussex
Resources ref: Computer Security: Principles and Practice”, 4/e, GE, by William Stallings and Lawrie Brown, Chapter 3 User Authentication
2
For further reading
1)
Information on these slides is taken from Chapter 02
Cryptography online book written by Bill Buchanan available online in Sussex Library
http://asecuritysite.com/crypto02
http://asecuritysite.com/encryption
2) Computer Security by William Stallings and Lawrie Brown
Part of chapter 20
Completed last week Today Next
4
Classified along three independent dimensions:
The type of operations used for transforming plaintext to ciphertext
Substitution – each element in the plaintext is mapped into another element
Transposition – elements in plaintext are rearranged
The number of keys used
Sender and receiver use same key – symmetric
Sender and receiver each use a different key – asymmetric
The way in which the plaintext is processed
Block cipher – processes input one block of elements at a time
Stream cipher – processes the input elements continuously
Overview
All forms of encryption
Block versus stream
Block cipher: Padding
Salting
Time to crack an encrypted asset
Parallel Computing
Quantum computing
General scenario
All forms of encryption
Thumbprint
Block & Stream cipher
Block cipher
Stream Ciphers
10
A block cipher processes the input one block of elements at a time, producing an
output block for each input block. A stream cipher processes the input elements
continuously, producing output one element at a time, as it goes along. Although
block ciphers are far more common, there are certain applications in which a
stream cipher is more appropriate.
A typical stream cipher encrypts plaintext 1 byte at a time, although a stream cipher
may be designed to operate on 1 bit at a time or on units larger than a byte at a time.
In stream cipher, a key is input to a pseudorandom bit generator that produces a stream of 8-bit
numbers that are apparently random. A pseudorandom stream is one that is unpredictable
without knowledge of the input key and that has an apparently random
character. The output of the generator, called a keystream, is combined 1 byte at
a time with the plaintext stream using the bitwise exclusive-OR (XOR) operation.
Processes input elements continuously
Key input to a pseudorandom bit generator
Produces stream of random like numbers
Unpredictable without knowing input key
XOR keystream output with plaintext bytes
Stream cipher
Stream cipher: RC4 example
Block cipher: Padding
Padding
ASCII Check values here http://www.asciitable.com/
Error this is actually 20……
Electronic Codebook (ECB)
Simplest mode
Plaintext is handled b bits at a time and each block is encrypted using the same key
“Codebook” is used because there is an unique ciphertext for every b-bit block of plaintext
Not secure for long messages since repeated plaintext is seen in repeated ciphertext
To overcome security deficiencies you need a technique where the same plaintext block, if repeated, produces different ciphertext blocks
19
The simplest way to proceed is what is known as electronic codebook (ECB) mode,
in which plaintext is handled b bits at a time and each block of plaintext is encrypted
using the same key The term codebook is used because, for a given
key, there is a unique ciphertext for every b -bit block of plaintext. Therefore, one
can imagine a gigantic codebook in which there is an entry for every possible b -bit
plaintext pattern showing its corresponding ciphertext.
With ECB, if the same b -bit block of plaintext appears more than once in
the message, it always produces the same ciphertext. Because of this, for lengthy
messages, the ECB mode may not be secure. If the message is highly structured,
it may be possible for a cryptanalyst to exploit these regularities. For example, if
it is known that the message always starts out with certain predefined fields, then
the cryptanalyst may have a number of known plaintext-ciphertext pairs to work
with. If the message has repetitive elements, with a period of repetition a multiple
of b bits, then these elements can be identified by the analyst. This may help in the
analysis or may provide an opportunity for substituting or rearranging blocks.
To overcome the security deficiencies of ECB, we would like a technique in
which the same plaintext block, if repeated, produces different ciphertext blocks.
Salting
Block Cipher Modes of Operation
22
A symmetric block cipher processes one block of data at a time. In the case of DES
and 3DES, the block length is 64 bits. For longer amounts of plaintext, it is necessary
to break the plaintext into 64-bit blocks (padding the last block if necessary).
To apply a block cipher in a variety of applications, five modes of operation have
been defined by NIST SP 800-38A (Recommendation for Block Cipher Modes of Operation: Methods and Techniques, December 2001).
The five modes are intended to cover virtually all the possible applications of encryption for which a block cipher
could be used. These modes are intended for use with any symmetric block cipher,
including triple DES and AES.
Salting: OFB and CFB
Cracking an encrypted asset: time consideration
Time to crack
Clock speed measures the number of cycles your CPU executes per second
Hertz – one cycle per second is known as 1 hertz.
For example, a CPU with a clock speed of 2 gigahertz (GHz) can carry out two thousand million (or two billion) cycles per second.
The higher the clock speed a CPU has, the faster it can process instructions.
Some kali Linux tools do provide some estimation, may not be 100% accurate still good enough
oclhashcat and john the ripper
26
Number of keys: the larger the key, the greater the key space
Use online exponent calculator to find total possible keys
e.g. 2 exponent 1 = 2
https://www.rapidtables.com/calc/math/Exponent_Calculator.html
Time to crack.
Why is it important to understand the length of time that a message takes to crack as it may need to be secret for a certain time period.
1 Billionth of a second = nanosecond =
Average Time = (Total combination of keys X CPU Speed) / 2
Why divide by 2? Because base used to cal total keys was 2
Time to crack
Moore’s Law
Time to crack
Time to crack: Parallel processing
Time to crack: parallel processing
Quantum computing
Important read
Key points
1)Read the white paper provided in Week 4 folder
2)
https://www.cryptomathic.com/news-events/blog/quantum-computing-and-its-impact-on-cryptography
Bits versus qubits
qubits store multiple states
E-commerce depend on encryption
asymmetric cryptography:
(a) Integer factorisation
(b) Discrete logarithm
(c) Elliptic curve discrete
logarithm
Difficult to break but quantum computing will make it possible
/docProps/thumbnail.jpeg
Mode
Description
Typical Application
Electronic Codebook (ECB)
Each block of 64 plaintext bits is encoded independently using the same key.
•Secure transmission of single values (e.g., an encryption key)
Cipher Block Chaining (CBC)
The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext.
•General-purpose block-oriented transmission
•Authentication
Cipher Feedback (CFB)
Input is processed s bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext.
•General-purpose stream-oriented transmission
•Authentication
Output Feedback (OFB)
Similar to CFB, except that the input to the encryption algorithm is the preceding DES output.
•Stream-oriented transmission over noisy channel (e.g., satellite communication)
Counter (CTR)
Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block.
•General-purpose block-oriented transmission
•Useful for high-speed requirements
/docProps/thumbnail.jpeg