Symmetric Ciphers

8 minute read

Updated:

3. Symmetric Ciphers

Source code for this post can be found at:
View Source code - MAC

Reminder

  • Idea that we want data confidentiality, integrity, authenticity – highlighted bc they are closely linked to each other. The tech we need to achieve these goals are v similar
  • In terms of the threats, STRIDE, first four STRI are all mitigated to some degree by cryptographic tech what we gonna do for next few lectures

Objectives

  • One aspect of cryptographic – symmetric cipher -Understand what the standard symmetric ciphers do.
  • How to use them securely
  • Appreciate their limitation

Basic Concepts and keywords

  • Assume that we are encrypting a msg. for the sake of conv. Doesn’t necessarily mean a msg – could be any form of data. That msg plaintext

  • It takes the plain text, and the second input, the secret key. Need to be kept secret. This secret key governs how the algo works.

  • Ciphertext – is the encrypted output
    • Transformation from plain to cipher is v complicated. Shuffling in an unpredictable way,
    • One can apply the secret key to unscramble. But extremely diff when don’t know it.
  • Q: Why is it called symmetric cipher?
    • A: Bc we use the same key to encrypt and decrypt!!
  • Can’t guarantee that we can revert if we don’t know the key. But the complexity of reverting w/o the key is too time consuming so once again, its not worth it! As we said it before

‘Security Through Obscurity’

  • Q: Think which is the best option?
    1. A well-established cipher that is widely known?
    2. Or a custom cipher invented for a specific app, where the details are hidden?
  • A: A well-established cipher that is widely known!!!!!!!!WTF
    • Widely used = widely tested. If its widely used, experts have been trying to crack it and was unsuccessful. Would you be able to build something that’s THAT good?
    • These algorithms are very hard to design, you may not come up w/ something that is as strong
    • Whole thing is the secrecy of the key! Doesn’t matter wen attackers know the algo unless they know the key.
  • Security through obscurity is a bad idea.

Kerkhof’s’ Principle

  • 19th century. Dutch cryptographer. He came up w 6 axioms
 
“A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”

secrecy comes from the key, not from the algorithm

 
“Assume that the enemy knows the system” - Shannon

We gotta design our system under the assumption that the enemy will immediately gain full familiarity with them.

Scenarios

  • image

  • Alex and bob want to communicate. Alice has a plain text msg, and allice has Kab. (key shared by alice and bob) she encrypts it Eab(p) outputting a Ciphertext C. Alice can now transmit this C through insecure channel to bob.

  • Bob receives C. and he has the same key Kab. He can use the key to decrypt Dab(C), and obtain a plain text msg.

  • First attacker was eve. By capturing any traffic btwn Alice and Bob. Takes copy of C and she possibly knows how C was generated. But Eve doesn’t know the key! can’t do shit

  • Mallory – who interferes w the channel more actively. Attempting to send modified msg to bob. He’s limited coz he doesn’t know the key. He can’t generate the altered cipher text. BUT what he could still do is he can replay a msg (replay 10000$) - interfering w/o knowing the content of the msg active attack

  • Q: how is the key shared btwn alice and bob?

    • A; we gonna talk about 2 lectures after

Types of symmetric cipher

  • Block cipher – works by dividing up the plaintext to fixed size chunks, processing each block
    • If the msg its not big enough, needs to be padded.

  • Stream cipher- process continuously bit by bit, but it uses the key to generate a stream of pseudorandom data, then XORs this with plaintext

    • XOR of 1110 and 1001 – 0111. 1 and 1 =0, 0 OR 1 then 1

Feistel Block Ciphers

  • image

  • Take a block of plain text, 2n bits of n and n. left and right input of round function.
    • Right input becomes the left chunk of the output of that round.
    • It is also fed to the round function as a round subkey K1, and is fed to XOR.
    • It gets XORed with the left input, and the output becomes the right hand chunk of the output.
    • So you do this for 16 rounds, with 16 different subkeys where the subkeys are the bits of the original key.
  • We swapping and scrambling one half of it each time. Idea is if we simply feed the plaintext, we get C, and if we apply keys in reverse order, we get the plaintext
  • same input, but in reverse order to get the output! In 19th cent

Data Encryption Standard (DES)

  • Classic example of Feistel method, but was withdrawn in 2005 – block size is 64 bits, key size of 56 bits, 16 round each using 48bit 56-bit key is too short. vulnerable to brute force attack
  • Q: There are three cryptanalytic attacks known, but no practical way of breaking this analytical cypher. But then why do we NOT use it?
    • A; key size is too small.

Cracking DES

  • By brute forcing it and trying possible keys.
  • Calculating the time required?
    • Total time require to process one key = (time to do decryption with that key + checking if it successfully decrypts)* number of attempts we need to make
    • If the key is n bits – 2n-1

Cracking DES: history

  • RSS set up competition – in 1997, successful decryption happened in 96 days. Then in 56 hours on 1998, then 22 hours in 1999.
    • Can handle 92 billion keys per sec!!
  • DES was no longer good coz it could be easily and quickly be decrypted using various technologies!!

Today? – Why is it too trivial to crack DES?

  • We got CPU that’s so much more powerful, but we got GPU too. GPU gives hundreds of extra processing cores which could be used for this simple number calc! not a big deal these days.
  • Bc of the hardware, you can build ur own key cracking machine which are super efficient.
    • FPGAs Field-Programmable Gate Arrays. This program performs better than using multiple pcs to brute force it, with lower power consumptions than PCs.
  • The cloud – use of VMs and economies of scale of the large data centres make computing a low cost utility. you can do such operations even without leaving your browser.

Key security [pg 15]

  • Imagine you can build a machine to do decryption + checking. What key size do we set to make it resistant to the brute force?
    • Smallest and Largest AES key. Now significance of the dash line age of universe hahahaha
    • if its more than 100 bits, even with super fast comp, it will take agggeees

Caveats

  • 128+ bits look safe! If we assume computing power is fixed.
    • If Moore’s law continues indefinitely, then this key COULD be vulnerable in a century
  • Ignores practical limitations of brute force
    • Just for the power requirements, its impossible to brute force big keys.
  • Ignores radial technology and possibility of shortcuts arising from cryptanalysis

Triple DES (3DES)

  • One simple way to make DES safer – chain it 3 times
  • Encrypt with key1, decrypt it using key2, and encrypt it again using key3
  • image
  • BUT the blocks ares too small (64 bit) and the software implementations are slow we want a better algo

Advanced Encryption Standard (AES)

  • Uses ‘Square’ cipher, not a Feistel
  • Block size of 128 bits – harder to attack
  • 3 possible key sizes (128, 192, 256) varying security. Although 128 is good enough.
  • Much faster than triple DES
  • image
  • 3DES: 0.835 sec to process block size of 10000000
  • AES: 0.093 sec

Attacks against AES

  • Not very attackable!
  • There could be an attack that’s less effort than brute force, BUT only for a smaller version of AES as it has fewer rounds. Cipher has rounds, and when its smaller, It could be vulnerable.
  • There is an attack on FULL AES, BUT it requires sooo much space 9PB not practical & not worth

Block Encryption modes

  • AES is a good idea, and keep the key secret, BUT we have to operate the cipher encryption mode

  • Block based

    • ECB (Electronic Codebook) – simply when you take each block of plaintext, and process as you go. Same thing for the second block, and so on.
      • Can be done simultaneously as they are being ciphered separately.
      • Problem is for repeated plaintext, when encrypted to ciphertext, we see the repetition they can exploit the repetition.
        • Even if you don’t know the exact content of it, you can still get some extent of information about the text
        • Ecb!!! It makes <Gi”KE;…..x. –> the same key!!!! So they can exploit the repetition. Altho you wont know what it is, it gives out certain extent of information.
      • U DON’T want repeating blocks of plaintext to be seen in the cipher text
      • Never use it, but only when you use a small non repeated txt </br></br>
    • CBC (Cipher block chaining) – makes each step dependent on the prev step using XOR
      • Every subsequent ciphertext block depends on the previous one. Prev cipher is XORed with the new cipher
      • Can only be done in one thread
      • Problem is for very first block – we need a special input, Initialization Vector (IV).
        • IV is chosen randomly, and be shared with recipient with the key
        • During transmission, IV and ciphertext is concatenated, to allow decryption.

  • Stream based

    • CTR (Counter)– turn block cipher into a stream cipher– in bit sense
      • Keystream bits are created regardless of content of encrypting data blocks. No longer restricted to block by block.
      • A counter, N, nonce (number used once = same role as IV) can be combined with a counter using any operation (XOR, addition), to produce the actual unique counter block for encryption (= to encrypt as usual)
      • Can be done in multiple threads at the same time.
      • Good one to use, provided that nonce is never used again.

Diagrams

Screenshot 2020-02-17 at 11 16 25 pm

Summary

  • Basic principles of symmetric ciphers
  • Explored Potential risk of brute forcing
  • AES as a good symmetric cipher, and the level of security offered by its key sizes
  • Noted the importance of operating in the correct mode – CBC for block ciphers

Leave a comment