Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) (11.1-11.3) csci5233 Computer Security 1 Topics • Problems with Design of Ciphers • Stream and Block Ciphers • A Brief Overview of Network Security more in Chapter 26 • Privacy-enhanced E-Mails (PEM) • Advanced Topics: SSL, IPsec next course (Web Security) csci5233 Computer Security 2 Context-related Vulnerability • Key point: How a crypto system is used will affect its strength. • Sample Problems 1. Pre-computing the possible messages Assumption: The plaintext corresponding to intercepted ciphertext is drawn from a relatively small set of possible plaintexts. The cryptanalyst can encipher the set of possible plaintexts and simply search that set for the intercepted ciphertext. csci5233 Computer Security 3 Context-related Vulnerability • Sample Problems (cont.) 2. Polluted Blocks Parts of a ciphertext message may be deleted, replayed, or reordered. Unless different parts are bound together, their order may be changed by the attacker, without being detected by the receiver. o Example: Reordered RSA data blocks ‘LIVE’ can be reordered to ‘EVIL’. o o Source of problem: Each block is independently enciphered, so integrity of each part does not guarantee the integrity of the whole. Solution? ‘binding’ of blocks + digital signature csci5233 Computer Security 4 Context-related Vulnerability • Sample Problems (cont.) 3. Statistical Regularities Such regularities may exist when each part of the ciphertext was generated from independent part of the plaintext. o Example: DES in ECB mode o Solution? csci5233 Computer Security 5 Stream vs Block Ciphers • Block ciphers: Plaintexts are encoded into ciphertexts block-by-block. – Each block is encrypted by the same key. – See definition 11-1. – Example: DES • Stream ciphers: The plaintext characters are encoded by the sender unit-by-unit, usually with different key for each unit. – Each letter may be encrypted by different key. (See definition 11-2) • Example: one-time pad, where a random, infinitely long key is used. • • If the key stream repeats itself periodic cipher Questions: Is Vigenère cipher a block or stream cipher? How about RSA? csci5233 Computer Security 6 Stream Ciphers • Approaches in simulating a random, infinitely long key 1. Synchronous Stream Ciphers Generates bits (of the key) from a source other than the message itself. See definition 11-3: LFSR (n-stage linear feedback shift register) Example on p.278 Definition 11-4: NLFSR (n-stage nonlinear feedback shift register) Example on p.279 Purpose? To eliminate lineality c.f., LFSR vs NLFSR: How the new bit is inserted into the register r. csci5233 Computer Security 7 Stream Ciphers • Alternative approaches in eliminating linearity: – Output Feedback Mode (OFM) The register, r, is never shifted. It is repeatedly enciphered. – Counter Method: a variant of OFM csci5233 Computer Security 8 Stream Ciphers 2. Self-Synchronous Stream Ciphers The key is obtained from the message itself. Example: autokey cipher (p.280) Problems? The selection of the key. Statistical regularities in the plaintext show up in the key. An alternative: Use the ciphertext as the key stream Problems? Weak cipher, because plaintext can be deducted from the ciphertext Another alternative: CFM (cipher feedback mode) See Fig. 11-1, p.281 csci5233 Computer Security 9 Block Ciphers A block of multiple bits are enciphered each time. Faster than stream cipher (?). Problem? Encipherment of the same plaintexts result in the same ciphertexts (because the same key is used for each block). Solution: Cipher block chaining (CBC) IV is needed for the first block encipherment csci5233 Computer Security 10 Block Ciphers • Multiple Encryption e.g., c = Ek’ (Ek(m)) Suppose the length of k and k’ are both n. [Merkle/Hellman, 1981] The effective strenghth of the above encryption is 2n+1, not 22n. EDE Triple encryption mode csci5233 Computer Security 11 Next • A Brief Overview of Network Security • Privacy-enhanced E-Mails (PEM) csci5233 Computer Security 12