Network Security

Essentials

Fifth Edition

by William Stallings
 Chapter 2
Symmetric Encryption and
Message Confidentiality
“I have solved other ciphers of an abstruseness ten thousand times
greater. Circumstances, and a certain bias of mind, have led me to
take interest in such riddles, and it may well be doubted whether
human ingenuity can construct an enigma of the kind which human
ingenuity may not, by proper application, resolve.”

—The Gold Bug, Edgar Allen Poe

Amongst the tribes of Central Australia every man, woman, and
child has a secret or sacred name which is bestowed by the older
men upon him or her soon after birth, and which is known to none
but the fully initiated members of the group. This secret name is
never mentioned except upon the most solemn occasions; to utter it
in the hearing of men of another group would be a most serious
breach of tribal custom. When mentioned at all, the name is spoken
only in a whisper, and not until the most elaborate precautions
have been taken that it shall be heard by no one but members of the
group. The native thinks that a stranger knowing his secret name
would have special power to work him ill by means of magic.

—The Golden Bough, Sir James George Frazer

 Some Basic Terminology
• Plaintext - original message

• Ciphertext - coded message

• Cipher - algorithm for transforming plaintext to ciphertext

• Key - info used in cipher known only to sender/receiver

• Encipher (encrypt) - converting plaintext to ciphertext

• Decipher (decrypt) - recovering plaintext from ciphertext

• Cryptography - study of encryption principles/methods

• Cryptanalysis (code breaking) - study of principles/methods of deciphering

ciphertext without knowing key

• Cryptology - field of both cryptography and cryptanalysis

 Requirements
• There are two requirements for secure use of symmetric
encryption:
• A strong encryption algorithm
• Sender and receiver must have obtained copies of the secret key in
a secure fashion and must keep the key secure

• The security of symmetric encryption depends on the secrecy

of the key, not the secrecy of the algorithm
• This makes it feasible for widespread use
• Manufacturers can and have developed low-cost chip
implementations of data encryption algorithms
• These chips are widely available and incorporated into a number of
products
 Cryptography

• The type of operations used for transforming plaintext to

ciphertext
• Substitution
• Each element in the plaintext is mapped into another element
Cryptographic • Transposition
• Elements in the plaintext are rearranged
systems are • Fundamental requirement is that no information be lost
generically • Product systems
• Involve multiple stages of substitutions and transpositions
classified • The number of keys used
• Referred to as symmetric, single-key, secret-key, or conventional
along three encryption if both sender and receiver use the same key
independent • Referred to as asymmetric, two-key, or public-key encryption if the
sender and receiver each use a different key
dimensions: • The way in which the plaintext is processed
• Block cipher processes the input one block of elements at a time,
producing an output block for each input block
• Stream cipher processes the input elements continuously, producing
output one element at a time, as it goes along
 Table 2.1
Types of Attacks on Encrypted Messages
 cryptanalysis
• An encryption scheme is computationally secure if the
ciphertext generated by the scheme meets one or both of
the following criteria:
• The cost of breaking the cipher exceeds the value of the
encrypted information
• The time required to break the cipher exceeds the useful
lifetime of the information
 Brute Force attack
• Involves trying every possible key until an intelligible
translation of the ciphertext into plaintext is obtained
• On average, half of all possible keys must be tried to achieve
success
• Unless known plaintext is provided, the analyst must be able
to recognize plaintext as plaintext
• To supplement the brute-force approach
• Some degree of knowledge about the expected plaintext is needed
• Some means of automatically distinguishing plaintext from garble
is also needed
 Fiestel cipher structure
• Many symmetric block encryption algorithms, including DES, have a structure first
described by Horst Feistel of IBM in 1973 [FEIS73] and shown in Figure 2.2.
• The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K .
The plaintext block is divided into two halves, LE0 and RE0 .
• The two halves of the data pass through n rounds of processing and then combine to produce
the ciphertext block.
• Each round i has as inputs LEi-1 and REi-1 derived from the previous round, as well as a
subkey Ki derived from the overall K .
• In general, the subkeys Ki are different from K and from each other and are generated from
the key by a subkey generation algorithm.
• In Figure 2.2, 16 rounds are used, although any number of rounds could be implemented.
The right-hand side of Figure 2.2 shows the decryption process.
• All rounds have the same structure. A substitution is performed on the left half of the data.
This is done by applying a round function F to the right half of the data and then taking the
exclusive-OR (XOR) of the output of that function and the left half of the data.
• The round function has the same general structure for each round but is parameterized by
the round subkey Ki . Following this substitution, a permutation is performed that consists of
the interchange of the two halves of the data.
 Feistel Cipher Design
Elements

• Larger block sizes mean greater security but reduced encryption/decryption speed

Fast software
• Greater Block size
encryption/decryp • If the algorithm can be
complexity tion concisely and clearly
generally means explained, it is easier to
greater resistance • In many cases, encryption is analyze that algorithm
to cryptanalysis embedded in applications or for cryptanalytic
utility functions in such a way vulnerabilities and
as to preclude a hardware therefore develop a
Round function
implementation; accordingly, higher level of assurance
the seed of execution of the as to its strength
algorithm becomes a concern
Ease of analysis
 Symmetric Block encryption
algorithms
• Block cipher
Data
• The most commonly Encryption
Standard
used symmetric (DES)
encryption algorithms
• Processes the plaintext The three most
input in fixed-sized important
blocks and produces a symmetric
block of ciphertext of Advanced block ciphers
equal size for each Encryption Triple DES
Standard (3DES)
plaintext block (AES)
 Data Encryption Standard
(DES)
• Most widely used encryption scheme

• Issued in 1977 as Federal Information Processing

Standard 46 (FIPS 46) by the National Institute of
Standards and Technology (NIST)
• The algorithm itself is referred to as the Data Encryption
Algorithm (DEA)
 DES algorithm
• Description of the algorithm:
• Plaintext is 64 bits in length
• Key is 56 bits in length
• Structure is a minor variation of the Feistel network
• There are 16 rounds of processing
• Process of decryption is essentially the same as the encryption process

• The strength of DES:

• Concerns fall into two categories
• The algorithm itself
• Refers to the possibility that cryptanalysis is possible by exploiting the
characteristics of the algorithm
• The use of a 56-bit key
• Speed of commercial, off-the-shelf processors threatens the security
 Table 2.2
Average Time Required for Exhaustive Key Search
 3DES guidelines
• FIPS 46-3 includes the following guidelines for 3DES:
• 3DES is the FIPS-approved symmetric encryption algorithm
of choice
• The original DES, which uses a single 56-bit key, is
permitted under the standard for legacy systems only; new
procurements should support 3DES
• Government organizations with legacy DES systems are
encouraged to transition to 3DES
• It is anticipated that 3DES and the Advanced Encryption
Standard (AES) will coexist as FIPS-approved algorithms,
allowing for a gradual transition to AES
Advanced encryption standard
(AES)
• In 1997 NIST issued a call for proposals for a new AES:
• Should have a security strength equal to or better than 3DES and
significantly improved efficiency
• Must be a symmetric block cipher with a block length of 128 bits
and support for key lengths of 128, 192, and 256 bits
• Evaluation criteria included security, computational efficiency,
memory requirements, hardware and software suitability, and
flexibility

• NIST selected Rijndael as the proposed AES algorithm

• FIPS PUB 197
• Developers were two cryptographers from Belgium: Dr. Joan
Daemen and Dr. Vincent Rijmen
 Overview of AES

4Transformations:
Substitute Bytes
Shift Rows
Mix Columns
Add Round Key

24
 AES
• AES does not follow the feistel cipher structure but
processes the entire data block in parallel during each
round using substitutions and permutation.
• Key that is provided as input is expanded into array of
forty four 32 bit words.
• Four different stages are used one of permutations and
three of substitution.
• Substitute bytes
• Shift Rows
• Mix columns
• Add round Key
 Key Distribution

Both parties must have the secret key

Key is changed frequently
Requires either manual delivery of keys, or a third-party
encrypted channel
Most effective method is a Key Distribution Center
(e.g. Kerberos)
Key Distribution
 Random and pseudorandom
Numbers
• A number of network security algorithms based on cryptography
make use of random numbers
• Examples:
• Generation of keys for the RSA public-key encryption algorithm and
other public-key algorithms
• Generation of a symmetric key for use as a temporary session key; used
in a number of networking applications such as Transport Layer Security,
Wi-Fi, e-mail security, and IP security
• In a number of key distribution scenarios, such as Kerberos, random
numbers are used for handshaking to prevent replay attacks

• Two distinct and not necessarily compatible requirements for a

sequence of random numbers are:
• Randomness
• Unpredictability
 Randomness
• The following criteria are used to validate that a sequence
of numbers is random:
• The distribution of bits in the sequence
should be uniform
Uniform • Frequency of occurrence of ones and
zeros should be approximately the same
distribution

• No one subsequence in the sequence can be

inferred from the others
• There is no test to “prove” independence
Independence • The general strategy is to apply a number of
tests until the confidence that independence
exists is sufficiently strong
 unpredictability
• In applications such as reciprocal authentication and
session key generation, the requirement is not so much that
the sequence of numbers be statistically random but that
the successive members of the sequence are unpredictable
• With “true” random sequences, each number is statistically
independent of other numbers in the sequence and
therefore unpredictable
• Care must be taken that an opponent not be able to predict
future elements of the sequence on the basis of earlier
elements
 Algorithm design

• Designed specifically and solely for the purpose of

Purpose-built algorithms generating pseudorandom bit streams

Algorithms based on • Cryptographic algorithms have the effect of

existing cryptographic randomizing input
algorithms • Can serve as the core of PRNGs

Three broad categories of • Symmetric block ciphers

cryptographic algorithms • Asymmetric ciphers
are commonly used to
• Hash functions and message authentication codes
create PRNGs:
 Stream Cipher design
considerations
• The encryption sequence should have a large period
• The longer the period of repeat, the more difficult it will be to do
cryptanalysis

• The keystream should approximate the properties of a true random

number stream as close as possible
• The more random-appearing the keystream is, the more randomized the
ciphertext is, making cryptanalysis more difficult

• The pseudorandom number generator is conditioned on the value of

the input key
• To guard against brute-force attacks, the key needs to be sufficiently long
• With current technology, a key length of at least 128 bits is desirable
 RC4 algorithm
• A stream cipher designed in 1987 by Ron Rivest for RSA
Security
• It is a variable key-size stream cipher with byte-oriented
operations
• The algorithm is based on the use of a random permutation

• Is used in the Secure Sockets Layer/Transport Layer Security

(SSL/TLS) standards that have been defined for communication
between Web browsers and servers
• Also used in the Wired Equivalent Privacy (WEP) protocol and
the newer WiFi Protected Access (WPA) protocol that are part of
the IEEE 802.11 wireless LAN standard
 Cipher block Modes of
Operation
• A symmetric block cipher processes one block of data at a
time
• In the case of DES and 3DES, the block length is b=64 bits
• For AES, the block length is b=128
• For longer amounts of plaintext, it is necessary to break the
plaintext into b-bit blocks, padding the last block if necessary

• Five modes of operation have been defined by NIST

• Intended to cover virtually all of the possible applications of
encryption for which a block cipher could be used
• Intended for use with any symmetric block cipher, including
triple DES and AES
 Electronic Codebook Mode
(ECB)
• Plaintext is handled b bits at a time and each block of plaintext is
encrypted using the same key
• The term “codebook” is used because, for a given key, there is a
unique ciphertext for every b-bit block of plaintext
• One can imagine a gigantic codebook in which there is an entry for every
possible b-bit plaintext pattern showing its corresponding ciphertext

• With ECB, if the same b-bit block of plaintext appears more than once
in the message, it always produces the same ciphertext
• Because of this, for lengthy messages, the ECB mode may not be secure
• If the message is highly structured, it may be possible for a cryptanalyst to
exploit these regularities
 Advantages of CTR mode
• Hardware efficiency
• Encryption/decryption can be done in parallel on multiple blocks of plaintext or ciphertext
• Throughput is only limited by the amount of parallelism that is achieved

• Software efficiency
• Because of the opportunities for parallel execution, processors that support parallel features can be
effectively utilized

• Preprocessing
• The execution of the underlying encryption algorithm does not depend on input of the plaintext or
ciphertext --- when the plaintext or ciphertext input is presented, the only computation is a series of
XORs, greatly enhancing throughput

• Random access
• The ith block of plaintext or ciphertext can be processed in random-access fashion

• Provable security
• It can be shown that CTR is at least as secure as the other modes discussed in this section

• Simplicity
• Requires only the implementation of the encryption algorithm and not the decryption algorithm
 summary
• Symmetric encryption • Random and pseudorandom
principles numbers
• Cryptography • The use of random numbers
• TRNGs, PRNGs, PRFs
• Cryptanalysis
• Algorithm design
• Feistel cipher structure
• Stream ciphers and RC4
• Symmetric block encryption • Stream cipher structure
algorithms • RC4 algorithm
• Data encryption standard
• Triple DES • Cipher block modes of operation
• Advanced encryption • ECB
standard • CBC
• CFB
• CTR