Securing Networks

SRTY-6002
Lecture 2
Symmetric Ciphers 1
Classical Encryption Techniques
Definitions

Plaintext Ciphertext Enciphering/

• An original message • The coded message
encryption
• The process of converting
from plaintext to ciphertext

Deciphering/ Cryptography Cryptographic

decryption • The area of study of the
system/cipher
• Restoring the plaintext many schemes used for • A scheme
from the ciphertext encryption

Cryptanalysis Cryptology
• Techniques used for • The areas of
deciphering a message cryptography and
without any knowledge of cryptanalysis
the enciphering details
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Symmetric Cipher Model

• There are two requirements for secure use of conventional encryption:

• A strong encryption algorithm

• Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Cryptographic Systems
• Characterized along three independent dimensions:

The type of
operations used for The way in which
The number of
transforming the plaintext is
keys used
plaintext to processed
ciphertext
Symmetric,
single-key,
Substitution secret-key, Block cipher
conventional
encryption

Asymmetric,
two-key, or
Transposition Stream cipher
public-key
encryption
Cryptanalysis and Brute-Force Attack

Cryptanalysis Brute-force attack

• Attack relies on the nature of the • Attacker tries every possible key
algorithm plus some knowledge of on a piece of ciphertext until an
the general characteristics of the intelligible translation into
plaintext plaintext is obtained
• Attack exploits the characteristics • On average, half of all possible
of the algorithm to attempt to keys must be tried to achieve
deduce a specific plaintext or to success
deduce the key being used
 Table 3.1 - Types of Attacks on En

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Encryption Scheme Security

• Unconditionally secure
• No matter how much time an opponent has, it is impossible for him or her to
decrypt the ciphertext simply because the required information is not there
• Computationally secure
• The cost of breaking the cipher exceeds the value of the encrypted information
• The time required to break the cipher exceeds the useful lifetime of the
information
Brute-Force Attack

Involves trying every possible key until an intelligible translation

of the ciphertext into plaintext is obtained

On average, half of all possible keys must be tried to achieve

success

To supplement the brute-force approach, some degree of

knowledge about the expected plaintext is needed, and some
means of automatically distinguishing plaintext from garble is
also needed
Substitution Technique

• Is one in which the letters of plaintext are replaced by other letters or by

numbers or symbols
• If the plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit patterns
Caesar Cipher

• Simplest and earliest known use of a substitution cipher

• Used by Julius Caesar
• Involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet
• Alphabet is wrapped around so that the letter following Z is A
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher Algorithm
•Can define transformation as:
abcdefghijklmnopqrstuvwxyz
DEF GHI JK LMN OPQR STUVWXYZAB C
•Mathematically give each letter a number
abcdefghij k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
•Algorithm can be expressed as:
c = E(3, p) = (p + 3) mod (26)

• A shift may be of any amount, so that the general

Caesar algorithm is:
C = E(k , p ) = (p + k ) mod 26
•Where k takes on a value in the range 1 to 25; the
decryption algorithm is simply:
p = D(k , C ) = (C - k ) mod 26
 Figure 3.3

Brute-Force
Cryptanalysis
of
Caesar Cipher

(This chart can be found on page 75 in the

textbook)

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Sample of Compressed Text
Monoalphabetic Cipher
• Permutation
•Of a finite set of elements S is an ordered sequence of
all the elements of S , with each element appearing
exactly once

• If the “cipher” line can be any permutation of

the 26 alphabetic characters, then there are
26! or greater than 4 x 1026 possible keys
•This is 10 orders of magnitude greater than the key
space for DES
•Approach is referred to as a monoalphabetic
substitution cipher because a single cipher alphabet is
used per message
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Monoalphabetic Ciphers

• Easy to break because they reflect the frequency data of the original
alphabet
• Countermeasure is to provide multiple substitutes (homophones) for a
single letter
• Digram
• Two-letter combination
• Most common is th
• Trigram
• Three-letter combination
• Most frequent is the
Playfair Cipher

• Best-known multiple-letter encryption cipher

• Treats digrams in the plaintext as single units and translates these units
into ciphertext digrams
• Based on the use of a 5 x 5 matrix of letters constructed using a
keyword
• Invented by British scientist Sir Charles Wheatstone in 1854
• Used as the standard field system by the British Army in World War I
and the U.S. Army and other Allied forces during World War II
Playfair Key Matrix

• Fill in letters of keyword (minus duplicates) from left to right and from top to
bottom, then fill in the remainder of the matrix with the remaining letters in
alphabetic order
• Using the keyword MONARCHY:

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Hill Cipher

• Developed by the mathematician Lester Hill in 1929

• Strength is that it completely hides single-letter frequencies
• The use of a larger matrix hides more frequency information
• A 3 x 3 Hill cipher hides not only single-letter but also two-letter frequency
information
• Strong against a ciphertext-only attack but easily broken with a known
plaintext attack
Polyalphabetic Ciphers

• Polyalphabetic substitution cipher

• Improves on the simple monoalphabetic technique by using different monoalphabetic
substitutions as one proceeds through the plaintext message

All these techniques have the following

features in common:
• A set of related monoalphabetic
substitution rules is used
• A key determines which particular rule
is chosen for a given transformation
Vigenère Cipher

• Best known and one of the simplest polyalphabetic substitution ciphers

• In this scheme the set of related monoalphabetic substitution rules
consists of the 26 Caesar ciphers with shifts of 0 through 25
• Each cipher is denoted by a key letter which is the ciphertext letter that
substitutes for the plaintext letter a
Example of Vigenère Cipher

• To encrypt a message, a key is needed that is as long as the message

• Usually, the key is a repeating keyword
• For example, if the keyword is deceptive, the message “we are discovered
save yourself” is encrypted as:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Vigenère Autokey System

• A keyword is concatenated with the plaintext itself to provide a running

key
• Example:
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA
• Even this scheme is vulnerable to cryptanalysis
• Because the key and the plaintext share the same frequency distribution of
letters, a statistical technique can be applied
Vernam Cipher
 One-Time Pad

• Improvement to Vernam cipher proposed by an Army Signal Corp officer,

Joseph Mauborgne
• Use a random key that is as long as the message so that the key need not
be repeated
• Key is used to encrypt and decrypt a single message and then is discarded
• Each new message requires a new key of the same length as the new
message
• Scheme is unbreakable
• Produces random output that bears no statistical relationship to the plaintext
• Because the ciphertext contains no information whatsoever about the plaintext, there
is simply no way to break the code

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Difficulties

• The one-time pad offers complete security but, in practice, has two
fundamental difficulties:
• There is the practical problem of making large quantities of random keys
• Any heavily used system might require millions of random characters on a regular basis
• Mammoth key distribution problem
• For every message to be sent, a key of equal length is needed by both sender and receiver
• Because of these difficulties, the one-time pad is of limited utility
• Useful primarily for low-bandwidth channels requiring very high security
• The one-time pad is the only cryptosystem that exhibits perfect secrecy (see
Appendix F)
Rail Fence Cipher

• Simplest transposition cipher

• Plaintext is written down as a sequence of diagonals and then read off
as a sequence of rows
• To encipher the message “meet me after the toga party” with a rail fence
of depth 2, we would write:
mematrhtgpry
etefeteoaat
Encrypted message is:
MEMATRHTGPRYETEFETEOAAT
Row Transposition Cipher

• Is a more complex transposition

• Write the message in a rectangle, row by row, and read the message off,
column by column, but permute the order of the columns
• The order of the columns then becomes the key to the algorithm
Key: 4312 5 67
Plaintext: atta c kp
ostpone
dunt i l t
w o a mx y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Steganography

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Steganography vs. Encryption

• Steganography •The advantage of

has a number of drawbacks when steganography
compared to encryption • It can be employed by
• It requires a lot of overhead to hide a parties who have something
relatively few bits of information to lose should the fact of
• Once the system is discovered, it
their secret communication
becomes virtually worthless
(not necessarily the content)
be discovered
•Encryption flags traffic as
important or secret or may
identify the sender or
receiver as someone with
something to hide

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 • Character marking
• Selected letters of printed or
Other Steganography Techniques typewritten text are over-written in
pencil
• The marks are ordinarily not
visible unless the paper is held at
an angle to bright light
• Invisible ink
• A number of substances can be
used for writing but leave no
visible trace until heat or some
chemical is applied to the paper
• Pin punctures
• Small pin punctures on selected
letters are ordinarily not visible
unless the paper is held up in
front of a light
• Typewriter correction ribbon
• Used between lines typed with a
black ribbon, the results of typing
with the correction tape are visible
only under a strong light
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Classical Encryption Techniques Summary

• Symmetric Cipher Model • Substitution techniques

• Cryptography • Caesar cipher
• Cryptanalysis and Brute-Force • Monoalphabetic ciphers
Attack • Playfair cipher
• Transposition techniques • Hill cipher
• Polyalphabetic ciphers
• Rotor machines
• One-time pad
• Steganography

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Block Ciphers and the Data Encryption Standard
Stream Cipher
For practical reasons the
In the ideal case, a one-
bit-stream generator
time pad version of the
Encrypts a digital data must be implemented as
Vernam cipher would be
stream one bit or one an algorithmic procedure
used, in which the
byte at a time so that the cryptographic
keystream is as long as
bit stream can be
the plaintext bit stream
produced by both users
It must be
Examples: If the cryptographic computationally
• Autokeyed Vigenère keystream is impractical to
cipher random, then this predict future
• Vernam cipher cipher is portions of the bit
unbreakable by any stream based on
means other than previous portions of
acquiring the the bit stream
keystream
• Keystream must be
provided to both users
in advance via some The two users need
independent and secure only share the
channel
• This introduces
generating key and
insurmountable each can produce
logistical problems if the the keystream
intended data traffic is
very large
Block Cipher

A block of
plaintext is
Typically a
treated as a
block size of 64
whole and used
or 128 bits is
to produce a
used
ciphertext block
of equal length

The majority of
As with a
network-based
stream cipher,
symmetric
the two users
cryptographic
share a
applications
symmetric
make use of
encryption key
block ciphers
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 4.1 - Encryption and Decryption Tables for Substitution Cipher of Figure 4.2
Feistel Cipher
• Feistel proposed the use of a cipher that alternates substitutions and
permutations
• Each plaintext element or group of elements is
Substitutions uniquely replaced by a corresponding
ciphertext element or group of elements

• No elements are added or deleted or replaced

Permutation in the sequence, rather the order in which the
elements appear in the sequence is changed

• Is a practical application of a proposal by

Claude Shannon to develop a product cipher
that alternates confusion and diffusion functions
• Is the structure used by many significant
symmetric block ciphers currently in use
Diffusion and Confusion

• Terms introduced by Claude Shannon to capture the two basic building

blocks for any cryptographic system
• Shannon’s concern was to thwart cryptanalysis based on statistical analysis

Diffusion
• The statistical structure of the plaintext is dissipated into long-range statistics of
the ciphertext
• This is achieved by having each plaintext digit affect the value of many ciphertext
digits

Confusion
• Seeks to make the relationship between the statistics of the ciphertext and the
value of the encryption key as complex as possible
• Even if the attacker can get some handle on the statistics of the ciphertext, the
way in which the key was used to produce that ciphertext is so complex as to
make it difficult to deduce the key
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Feistel Cipher Design Features
• Block size • Round function F
• Larger block sizes mean greater • Greater complexity generally means
security but reduced greater resistance to cryptanalysis
encryption/decryption speed for a given • Fast software
algorithm encryption/decryption
• Key size • In many cases, encrypting is
• Larger key size means greater security embedded in applications or utility
but may decrease encryption/decryption functions in such a way as to
speeds preclude a hardware
implementation; accordingly, the
• Number of rounds speed of execution of the algorithm
• The essence of the Feistel cipher is that becomes a concern
a single round offers inadequate • Ease of analysis
security but that multiple rounds offer
• If the algorithm can be concisely
increasing security
and clearly explained, it is easier to
• Subkey generation algorithm analyze that algorithm for
• Greater complexity in this algorithm cryptanalytic vulnerabilities and
should lead to greater difficulty of therefore develop a higher level of
cryptanalysis assurance as to its strength
Feistel Example
Data Encryption Standard (DES)

• Issued in 1977 by the National Bureau of Standards (now NIST) as

Federal Information Processing Standard 46
• Was the most widely used encryption scheme until the introduction of the
Advanced Encryption Standard (AES) in 2001
• Algorithm itself is referred to as the Data Encryption Algorithm (DEA)
• Data are encrypted in 64-bit blocks using a 56-bit key
• The algorithm transforms 64-bit input in a series of steps into a 64-bit output
• The same steps, with the same key, are used to reverse the encryption
Table 4.2

DES Example

(Table can be found on

page 114 in textbook)

Note: DES subkeys are shown as eight 6-bit values in hex format
Table 4.3 Avalanche Effect in DES: Change in Plaintext
Table 4.4 Avalanche Effect in DES: Change in Key
Table 4.5 - Average Time Required for Exhaustive Key Search
Strength of DES

•Timing attacks
•One in which information about the key or the
plaintext is obtained by observing how long it takes
a given implementation to perform decryptions on
various ciphertexts
•Exploits the fact that an encryption or decryption
algorithm often takes slightly different amounts of
time on different inputs
•So far it appears unlikely that this technique will ever
be successful against DES or more powerful
symmetric ciphers such as triple DES and AES
Block Cipher Design Principles: Number of Rounds

In general, the
criterion should be
If DES had 15 or
that the number of
fewer rounds,
The greater the rounds is chosen so
differential
number of rounds, the that known
cryptanalysis would
more difficult it is to cryptanalytic efforts
require less effort than
perform cryptanalysis require greater effort
a brute-force key
than a simple brute-
search
force key search
attack
Block Cipher Design Principles: Design of Function F

•The heart of a Feistel The algorithm should have

block cipher is the good avalanche properties
function F
•The more nonlinear F, the Strict
Bit
avalanche
more difficult any type of independence
criterion
cryptanalysis will be criterion (BIC)
(SAC)
•The SAC and BIC States that any States that output
criteria appear to output bit j of an S-
box should change
bits j and k should
change
strengthen the with probability 1/2
when any single input
independently when
any single input bit i
effectiveness of the bit i is inverted for all
i,j
is inverted for all i ,
j , and k
confusion function
Block Cipher Design Principles: Key Schedule Algorithm

• With any Feistel block cipher, the key is used to generate one subkey
for each round
• In general, we would like to select subkeys to maximize the difficulty of
deducing individual subkeys and the difficulty of working back to the
main key
• It is suggested that, at a minimum, the key schedule should guarantee
key/ciphertext Strict Avalanche Criterion and Bit Independence Criterion
 Block Ciphers and Data Encryption Standard Summary

• Traditional Block Cipher • The strength of DES

Structure • Use of 56-bit keys
• Stream ciphers • Nature of the DES algorithm
• Block ciphers • Timing attacks
• Motivation for the Feistel cipher • Block cipher design principles
structure • Number of rounds
• Feistel cipher • Design of function F
• The Data Encryption Standard • Key schedule algorithm
(DES)
• Encryption
• Decryption
• Avalanche effect

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.