Case Study: A Forensic Lesson for Web Security (MSS, part one)

advertisement
Bishop: Chapter 11
An Overview of
Cipher Techniques
(in the context of networks)
(11.1-11.3)
csci5233 Computer Security
1
Topics
•
Problems with Design of Ciphers
•
Stream and Block Ciphers
•
A Brief Overview of Network Security
 more in Chapter 26
•
Privacy-enhanced E-Mails (PEM)
•
Advanced Topics: SSL, IPsec
 next course (Web Security)
csci5233 Computer Security
2
Context-related Vulnerability
•
Key point: How a crypto system is used will
affect its strength.
•
Sample Problems
1. Pre-computing the possible messages
Assumption: The plaintext corresponding to intercepted
ciphertext is drawn from a relatively small set of possible
plaintexts.
The cryptanalyst can encipher the set of possible plaintexts and
simply search that set for the intercepted ciphertext.
csci5233 Computer Security
3
Context-related Vulnerability
•
Sample Problems (cont.)
2. Polluted Blocks
Parts of a ciphertext message may be deleted, replayed, or
reordered.
Unless different parts are bound together, their order may be
changed by the attacker, without being detected by the
receiver.
o
Example: Reordered RSA data blocks
‘LIVE’ can be reordered to ‘EVIL’.
o
o
Source of problem: Each block is independently
enciphered, so integrity of each part does not
guarantee the integrity of the whole.
Solution? ‘binding’ of blocks + digital signature
csci5233 Computer Security
4
Context-related Vulnerability
•
Sample Problems (cont.)
3. Statistical Regularities
Such regularities may exist when each part of the ciphertext was
generated from independent part of the plaintext.
o Example: DES in ECB mode
o
Solution?
csci5233 Computer Security
5
Stream vs Block Ciphers
•
Block ciphers: Plaintexts are encoded into ciphertexts
block-by-block.
–
Each block is encrypted by the same key.
–
See definition 11-1.
–
Example: DES
•
Stream ciphers: The plaintext characters are encoded by
the sender unit-by-unit, usually with different key for each
unit.
–
Each letter may be encrypted by different key. (See definition 11-2)
• Example: one-time pad, where a random, infinitely long key is
used.
•
•
If the key stream repeats itself  periodic cipher
Questions: Is Vigenère cipher a block or stream cipher?
How about RSA?
csci5233 Computer Security
6
Stream Ciphers
•
Approaches in simulating a random, infinitely long
key
1. Synchronous Stream Ciphers
Generates bits (of the key) from a source other than the message itself.
See definition 11-3: LFSR (n-stage linear feedback shift register)
Example on p.278
Definition 11-4: NLFSR (n-stage nonlinear feedback shift register)
Example on p.279
Purpose? To eliminate lineality
c.f., LFSR vs NLFSR: How the new bit is inserted into the register r.
csci5233 Computer Security
7
Stream Ciphers
•
Alternative approaches in eliminating linearity:
–
Output Feedback Mode (OFM)
The register, r, is never shifted. It is repeatedly enciphered.
–
Counter Method: a variant of OFM
csci5233 Computer Security
8
Stream Ciphers
2. Self-Synchronous Stream Ciphers
The key is obtained from the message itself.
Example: autokey cipher (p.280)
Problems? The selection of the key.
Statistical regularities in the plaintext show up in the key.
An alternative: Use the ciphertext as the key stream
Problems? Weak cipher, because plaintext can be deducted from the
ciphertext
Another alternative: CFM (cipher feedback mode)
See Fig. 11-1, p.281
csci5233 Computer Security
9
Block Ciphers
A block of multiple bits are enciphered each time.
Faster than stream cipher (?).
Problem? Encipherment of the same plaintexts result in the
same ciphertexts (because the same key is used for each
block).
Solution: Cipher block chaining (CBC)
IV is needed for the first block encipherment
csci5233 Computer Security
10
Block Ciphers
•
Multiple Encryption
e.g., c = Ek’ (Ek(m))
Suppose the length of k and k’ are both n.
[Merkle/Hellman, 1981] The effective strenghth of the
above encryption is 2n+1, not 22n.
EDE
Triple encryption mode
csci5233 Computer Security
11
Next
•
A Brief Overview of Network Security
•
Privacy-enhanced E-Mails (PEM)
csci5233 Computer Security
12
Download