CSEC 701 Cryptography Review 2

main security principles

defense in depth and least privilege

symmetric key

same key for decryption and encryption

symmetric key problems

key distribution, massive key requirements, and unlimited compromising power once broken

asymmetric key

different keys for encryption and decryption

substitution

replacing an item with a different item

transposition

changing the order of items

substitution cipher

units of plaintext are substituted with cipher text according to regular system, decipher using inverse substitution

Caesar cipher

mono-alphabetic substitution, shift cipher, rotate letter positions by n amount, vulnerable to frequency analysis (1:n)

cipher wheel

plaintext outside, cipher text inside

Vigenere cipher

polyalphabetic cipher,

one-time pad

large, non repeating set of keys, section of keys is used once and then destroyed, receiver needs identical pad to decrypt, most secret stream cipher

perfect cipher

information secure, impossible to break, data + random = random

transposition cipher

rearranges symbols,

transposition weaknesses

frequency analysis, if frequency distribution follows plaintext, it is trnsp

substitution-permutation ciphers

the basis of modern block ciphers, 1949, combine s box and p box

block cipher

plaintext is divided into blocks of a preset size, stronger than stream-based ciphers

IBM lucifer cipher

64 bit block size, 1971

data encryption standard DES

encrypts 64 bit block using a 56 bit key, combo of substitution and transposition, feistel cipher

brute force attack

try every key, proportional to key size

short key problem

56 bit vulnerable to brute force attack, increase key size by repeating DES multiple times,

double DES

using two keys, encrypt twice

meet in the middle attack

1. assume attacker knows two pair of c and p

2. attacker computes for all possible keys and stores them in table

3. attacker computes for other side and compares results with the table entries

   *time complexity

triple DES

to avoid MITM attack, run DES three times, tends to be slow and blobk size of 64bit too small

advanced encryption standard AES

block ciphers of 128 bits and key szes of 128, 192, and 256 bits

• one permutation stage, three substitution stages

• cannot reuse same key for all blocks

mode

technique for applying the cipher by mixing its outputs to hide ciphertext patterns

electronic code book ECB

each block is encrypted independently of the other, identical blocks of plaintext result in same cipher text, use for secure transmission of few blocks of data

cipher block chaining CBC

message blocks are linked together, uses initialization vector to start process, use for bulk data encryption

initialization vector

ensures each encryption yields different ciphertext, even when encrypting the exact same plaintext, stored in plaintext

block cipher into stream cipher

generates blocks of ciphertext that serve as a key stream

cipher feedback CFB

message is treated as stream of bits, standard allows any number of bit to be feed back, use for stream data encryption and authentication

• s-bit, b-bit, IV size, during decryption, encryption is used

output feedback OFB

generate the keystream before the data is available to encrypt (or decrypt)

counter CTR

encrypts counter value rather than any feedback value, must have different counter value for every plaintext block, use for high-speed network encryption, NO chaining

CTR advantages

efficiency, random access, simplicity

stream cipher

psuedo one-time pad, encrypts one bytes at a time, very fast