Security - Telenor
Security - Telenor
Security - Telenor
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6<br />
In 1997, NIST initiated the process of finding a<br />
successor to DES, known as the Advance Encryption<br />
Standard (AES). The selection process<br />
for AES is the theme of an article by Lars Knudsen<br />
in this issue of Telektronikk.<br />
3.2 Stream Ciphers and<br />
Block Ciphers<br />
Symmetric algorithms are usually divided into<br />
block and stream ciphers.<br />
A block cipher breaks the plaintext message into<br />
strings (blocks) of a fixed length (the block<br />
length and encrypts one block at a time. With a<br />
given key, a pure block cipher will always produce<br />
the same ciphertext from a given plaintext.<br />
In many applications this is not a favourable feature,<br />
and some kind of feedback must be introduced.<br />
A stream cipher produces a key stream k 1 k 2 k 3 ...<br />
The key stream is combined with plaintext<br />
stream p 1 p 2 p 3 ... using a simple transformation E<br />
and producing the ciphertext C = c 1 c 2 c 3 ..., with<br />
c i = E(p i , k i ). Usually, E is the XOR operation, i.e.<br />
c 1 = p 1 ⊕ k 1 , c 2 = p 2 ⊕ k 2 , c 3 = p 3 ⊕ k 3 ...<br />
In a synchronous stream cipher, the sender and<br />
the receiver must be synchronized to allow for<br />
correct decryption. This means that they must<br />
use the same key stream and operate at the same<br />
position in that key stream. If the synchronization<br />
is lost, decryption will fail, and re-synchronization,<br />
e.g. re-initialization of the stream<br />
cipher is necessary.<br />
In contrast, in a self-synchronizing stream cipher<br />
the key stream is generated as a function of the<br />
encryption key and a fixed number of previous<br />
key stream bits. If ciphertext bits are deleted or<br />
inserted, only a fixed number of plaintext bits<br />
will come out garbled before the synchronization<br />
is re-established.<br />
Most stream ciphers are based on linear feedback<br />
shift registers, a structure very well suited<br />
for fast hardware implementations. The ciphers<br />
that protect the confidentiality of the radio communication<br />
in GSM and UMTS are both stream<br />
ciphers.<br />
The difference between stream ciphers and block<br />
ciphers is a bit “academic”. Observe that a<br />
stream cipher may be considered a block cipher<br />
with block length 1. On the other hand, there are<br />
standardized modes of operation that turn a<br />
block cipher into a stream cipher.<br />
3.3 Building a (Symmetric)<br />
Block Cipher<br />
Obviously, an encryption function E must be<br />
complex, preventing unauthorized reversal of the<br />
transformation. Modern block ciphers achieve<br />
this goal by combining simple functions in<br />
clever ways.<br />
3.3.1 Confusion and Diffusion<br />
Ciphers are based on two basic techniques (operations);<br />
transpositions and substitutions. A<br />
transposition changes the order of the symbols<br />
(permutation), without changing the symbols<br />
themselves. In a substitution, each symbol is<br />
replaced by another symbol (from the same<br />
or some other alphabet).<br />
3.3.2 Product Ciphers<br />
Almost all modern block ciphers are product<br />
ciphers. The idea is to build a complex encryption<br />
function by composing several simple functions,<br />
each offering some, but not adequate, protection.<br />
The simple functions are then combined<br />
in such a way that the combination is more<br />
secure than the individual components. Basic<br />
operations include transpositions, linear transformations,<br />
arithmetic operations, modular multiplications<br />
and simple substitutions.<br />
3.3.3 Iterated Ciphers<br />
An iterated block cipher involves a sequential<br />
repetition of an internal function called a round<br />
function. Let F be the round function, r the number<br />
of rounds, and let T i be the temporary output<br />
of the round function. Then we get these equations:<br />
T 1 = F(T 0 , K 1 )<br />
T 2 = F(T 1 , K 2 )<br />
.<br />
.<br />
.<br />
T r = F(T r-1 , K r )<br />
The plaintext is the input to the first round (T 0 ),<br />
and the ciphertext is the output from the last (r th )<br />
round (T r ). The K i are the round-keys that are<br />
derived from the encryption key K according<br />
to the key scheduling. In order to make unique<br />
decryption possible, the round function must<br />
be a bijection for all round-keys K i .<br />
3.3.4 Feistel Ciphers<br />
A Feistel cipher is an r-round iterated block<br />
cipher with block length 2t. The plaintext is the<br />
ordered pair (L 0 , R 0 ), where the t-bit values L 0<br />
and R 0 represent the left and right half-block,<br />
respectively. In each round i, 1 ≤ i ≤ r, (L i-1 , R i-1 )<br />
is mapped to (L i , R i ) as follows:<br />
Telektronikk 3.2000