Computer Security: Principles and Practice, 1/e

Computer Security:Principles and PracticeChapter 19 – Symmetric Encryptionand Message ConfidentialityFirst Editionby William Stallings and Lawrie BrownLecture slides by Lawrie Brown

Symmetric Encryption andMessage Confidentiality‣ also known as: conventional encryption, secret-key, or single-key encryption• only alternative before public-key crypto in 70’s• still most widely used alternative• has ingredients: plaintext, encryption algorithm, secretkey, ciphertext, , and decryption algorithm‣ generically classified along dimensions of:1. type of operations used2. number of keys used3. way in which the plaintext is processed

Computationally Secure Algs‣ encryption is computationally secure if:• cost of breaking cipher exceeds info value• time required to break cipher exceeds theuseful lifetime of the info‣ usually very difficult to estimate theamount of effort required to break‣ can estimate time/cost of a brute-forceattack (see Ch 2)

FeistelCipherStructure

Block Cipher Structure‣ have a general iterative block cipher structure• with a sequence of rounds• with substitutions / permutations controlled by key‣ parameters and design features:• block size• key size• number of rounds• subkey generation algorithm• round function• also: fast software en/decrypt, ease of analysis

Data Encryption Standard(DES)

Triple DES (3DES)‣ first used in financial applications‣ in DES FIPS PUB 46-3 3 standard of 1999‣ uses three keys & three DES executions:C = E(K 3 , D(K 2 , E(K 1 , P)))‣ decryption same with keys reversed‣ use of decryption in second stage givescompatibility with original DES users‣ effective 168-bit key length, slow, secure‣ AES will eventually replace 3DES

AdvancedEncryptionStandard(AES)

AES Round Structure

Substitute Bytes‣ a simple table lookup in S-boxS• a 16×16 matrix of byte values• mapping old byte to a new value• e.g. {95} maps to {2A}• a permutation of all possible 256 8-bit 8values‣ constructed using finite field properties• designed to be resistant to knowncryptanalytic attacks‣ decrypt uses inverse of S-boxS

Shift Rows‣ on encrypt left rotate each row of State by0,1,2,3 bytes respectively‣ decrypt does reverse‣ to move individual bytes from one columnto another and spread bytes over columns

200 INTERNATIONAL JOURNAL OF INTELLIGENT CONTROL AND SYSTEMS, VOL. 10, NO. 3, SEPTEMBER 2005improve this paper significantly. He would also like tothank Dr. Johann Borenstein for his support on this work.Reference1 S. Betgé-Brezetz, P. Hebert, R. Chatila, and M. Devy, “Uncertainmap making in natural environments,” Proc. IEEE InternationalConference on Robotics and Automation, Minneapolis, MN, 1996,pp. 1048-1053.2 D. S. Apostolopoulos, M. D. Wagner, B. Shamah, L. Pedersen, K.Shillcutt, and W. L. Whittaker, “Technology and field demonstrationof robotic search for Antarctic meteorites,” International Journal ofRobotics Research, vol. 19, no. 11, pp. 1015-1032, 2000.3 K. Fregene, R. Madhavan, and L. E. Parker, “Incremental multi-agentrobotic mapping of outdoor terrain,” Proc. IEEE InternationalConference on Robotics and Automation, Washington, DC, 2002, pp.1339-1346.4 R. Simmons, et al., “Experience with rover navigation for lunar-liketerrains,” Proc. IEEE/RSJ International Conference on IntelligentRobots and System, Pittsburgh, PA, 1995, pp. 441-446.5 H. Seraji and A. Howard, “Behavior-based robot navigation onchallenging terrain: a fuzzy logic approach,” IEEE Trans. on Roboticsand Automation, vol. 18, no. 3, 2002.6 I. S. Kweon and Takeo Kanade, “High-resolution terrain map frommultiple sensor data,” IEEE Trans. on Pattern Analysis and MachineIntelligence, vol. 14, no. 2, pp. 278-292, 1992.7 E. Krotkov and R. Hoffman, “Terrain mapping for a walkingplanetary rover,” IEEE Trans. on Robotics and Automation, vol. 10,no. 6, pp. 728-738, 1994.8 C. M. Shoemaker and J. A. Bornstein, “The demo III UGV program:a testbed for autonomous navigation research,” Proc. IEEEISIS/CIRA/ISAS Joint Conference, Gaithersburg, MD, 1998, pp. 644-651.9 C. Ye and J. Borenstein, “Obstacle avoidance for the segway roboticmobility platform,” Proc. the American Nuclear Society InternationalConference on Robotics and Remote System for HazardousEnvironment, Gainesville, FL, 2004, pp. 107-114.10 C. Ye and J. Borenstein, “A novel filter for terrain mapping with laserrangefinders," IEEE Trans. on Robotics, vol. 20, no. 5, pp. 913-921,2004.11 D. Langer, J. K. Rosenblatt, and M. Hebert, “A Behavior-basedsystem for off-road navigation,” IEEE Trans. on Robotics andAutomation, vol. 10, no. 6, pp. 776-783, 199412 D. B. Gennery, "Traversability analysis and path planning for aplanetary rover," Autonomous Robots, vol. 6, no. 2, pp. 131-146,1999.13 S. Singh, et al., “Recent progress in local and global traversability forplanetary rovers,” Proc. IEEE International Conference on Roboticsand Automation, San Francisco, CA, 2000, pp. 1194-1200.14 J. A. Janét, R. C. Luo, and M. G. Kay, “Autonomous Mobile RobotGlobal Motion Planning and Geometric Beacon Collection UsingTraversability Vectors”, IEEE Trans. on Robotics and Automation,vol. 13, no. 1, pp. 132-140, 1997.15 N. J. Nilsson, Principles of Artificial Intelligence, Tioga PublishingCompany, 1980.16 A. Stentz and M. Hebert, “A complete navigation system for goalacquisition in unknown environments,” Autonomous Robots, vol. 2,no. 2, 1995.17 C. Ye and D. W. Wang, “A novel navigation method for autonomousmobile robots,” Journal of Intelligent and Robotic Systems, vol. 32,no. 4, pp. 361-388, 2001.18 S. Lacroix, et al., “Autonomous Rover Navigation on UnknownTerrains: Functions and Integration,” International Journal ofRobotics Research, vol. 21, no. 10-11, pp. 917-942, 2002.19 I. Kammon, E. Rivlin, and E. Rimon, “A new range-sensor basedglobally convergent navigation algorithm for mobile robots,” Proc.IEEE International Conference on Robotics and Automation,Minneapolis, MN, 1996, pp. 429-435.20 S. L. laubach and J. W. Burdick, “An autonomous Sensor-based pathplannerfor planetary micorovers,” Proc. IEEE InternationalConference on Robotics and Automation, Detroit, MI, 1999, pp. 347-354.21 H. Haddad, M. Khatib, S. Lacroix, and R. Chatila, “Reactivenavigation in outdoor environments using potential fields,” Proc.IEEE International Conference on Robotics and Automation, 1998,pp. 1232-1237.22 Y. Koren and J. Borenstein, “Potential Field Methods and TheirInherent Limitations for Mobile Robot Navigation,” Proc. IEEEInternational Conference on Robotics and Automation, Sacramento,CA, 1991, pp. 1398-1404.23 J. Borenstein and Y. Koren, “The Vector Field Histogram−FastObstacle-Avoidance for Mobile Robots,” IEEE Trans. on Roboticsand Automation, vol. 7, no. 3, pp. 278-288, 1991.24 L. Ojeda, M. Raju and J. Borenstein, “FLEXnav: A Fuzzy LogicExpert Dead-reckoning System for the Segway RMP.” Proc. of theDefense and Security Symposium (was Aerosense) UnmannedGround Vehicle Technology VI (OR54), Orlando, FL, 2004.25 D. P. Bertsekas, Constrained Optimization and Lagrange MultiplierMethods, Academic Press, 1982.26 D. H. Golub and C. F. Van Loan, Matrix Computations, Prentice-Hall, 1986.27 W. H. Press, et al, Numerical Recipes in C++, Cambridge UniversityPress, 2002.Cang Ye received B.E. and M.E. degreefrom the University of Science andTechnology of China, P. R. China in1988 and 1991, respectively. He receivedhis Ph.D. degree from the University ofHong Kong in 1999.He is currently an Assistant Professorin Department of Applied Science,University of Arkansas at Little Rock,AR. He was a research investigator atUniversity of Michigan, Ann Arbor, MIfrom 2003 to 2005. His research interests are in mobile robotterrain mapping and navigation, fuzzy systems and reinforcementlearning.Dr. Ye is a senior member of IEEE and a member of TechnicalCommittee on Robotics and Manufacturing Automation, IEEESystems, Man, and Cybernetics Society.

Stream Ciphers‣ processes input elements continuously‣ key input to a pseudorandom bit generator• produces stream of random like numbers• unpredictable without knowing input key• XOR keystream output with plaintext bytes‣ are faster and use far less code‣ design considerations:• encryption sequence should have a large period• keystream approximates random number properties• uses a sufficiently long key

RC4

Modes of Operation‣ block ciphers process data in blocks• e.g. 64-bits (DES, 3DES) or 128-bits (AES)‣ for longer messages must break up• and possibly pad end to blocksize multiple‣ have 5 five modes of operation for this• defined in NIST SP 800-38A• modes are: ECB, CBC, CFB, OFB, CTR

Electronic Codebook (ECB)‣ simplest mode‣ split plaintext into blocks‣ encrypt each block using the same key‣ “codebook” because have uniqueciphertext value for each plaintext block• not secure for long messages since repeatedplaintext is seen in repeated ciphertext

Cipher Block Chaining (CBC)

Cipher Feedback (CFB)

Counter (CTR)

Location of Encryption

Key Distribution‣ symmetric crypto needs a shared key:‣ two parties A & B can achieve this by:• A selects key, physically delivers to B• 3rd party select keys, physically delivers to A, B• reasonable for link crypto, bad for large no’s s users• A selects new key, sends encrypted usingprevious old key to B• good for either, but security fails if any key discovered• 3rd party C selects key, sends encrypted toeach of A & B using existing key with each• best for end-toto-end encryption

Key Distribution

Summary‣ introduced symmetric encryption basics‣ DES, 3DES and AES‣ stream ciphers and RC4‣ modes of operation‣ location of encryption‣ key distribution