Stream Ciphers - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Stream Ciphers

Description:

Encrypt with pseudo-random number generator (PRNG) ... To use RC4, usually prepend initialization vector (IV) to the key. IV can be random or a counter ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 20
Provided by: vita50
Category:

less

Transcript and Presenter's Notes

Title: Stream Ciphers


1
Stream Ciphers
  • Block ciphers generate ciphertext
  • Ciphertext(Key,Message)Message?Key
  • Key must be a random bit sequence as long as
    message
  • Idea replace random with pseudo-random
  • Encrypt with pseudo-random number generator
    (PRNG)
  • PRNG takes a short, truly random secret seed
    (key) and expands it into a long random-looking
    sequence
  • E.g., 128-bit key into a 106-bit
  • pseudo-random sequence
  • Ciphertext(Key,Message)Message?PRNG(Key)
  • Message processed bit by bit, not in blocks

Randomness amplification (remember HMAC?)
2
Properties of Stream Ciphers
  • Usually very fast
  • Used where speed is important WiFi, SSL, DVD
  • Unlike one-time pad, stream ciphers do not
    provide perfect secrecy
  • Only as secure as the underlying PRNG
  • If used properly, can be as secure as block
    ciphers
  • PRNG must be unpredictable
  • Given the stream of PRNG output (but not the
    seed!), its hard to predict what the next bit
    will be
  • If PRNG(unknown seed)b1bi, then bi1 is 0
    with probability ½, 1 with probability ½

3
Weaknesses of Stream Ciphers
  • No integrity
  • Associativity commutativity (X?Y)?Z(X?Z)?Y
  • (M1?PRNG(key)) ? M2 (M1?M2) ? PRNG(key)
  • Known-plaintext attack is very dangerous if
    keystream is ever repeated
  • Self-cancellation property of XOR X?X0
  • (M1?PRNG(key)) ? (M2?PRNG(key)) M1?M2
  • If attacker knows M1, then easily recovers M2
  • Most plaintexts contain enough redundancy that
    knowledge of M1 or M2 is not even necessary to
    recover both from M1?M2

4
Stream Cipher Terminology
  • Seed of pseudo-random generator often consists of
    initialization vector (IV) and key
  • IV is usually sent with the ciphertext
  • The key is a secret known only to the sender and
    the recipient, not sent with the ciphertext
  • The pseudo-random bit stream produced by
    PRNG(IV,key) is referred to as keystream
  • Encrypt message by XORing with keystream
  • ciphertext message ? keystream

5
RC4
  • Designed by Ron Rivest for RSA in 1987
  • Simple, fast, widely used
  • SSL/TLS for Web security, WEP for wireless
  • Byte array S256 contains a permutation of
    numbers from 0 to 255
  • i j 0
  • loop
  • i (i1) mod 256
  • j (jSi) mod 256
  • swap(Si,Sj)
  • output (SiSj) mod 256
  • end loop

6
RC4 Initialization
Divide key K into L bytes for i 0 to 255 do
Si i j 0 for i 0 to 255 do j
(jSiKi mod L) mod 256 swap(Si,Sj)
Key can be any length up to 2048 bits
Generate initial permutation from key K
  • To use RC4, usually prepend initialization vector
    (IV) to the key
  • IV can be random or a counter
  • IV is often sent in the clear with the ciphertext
  • RC4 is not random enough! 1st byte of generated
    sequence depends only on 3 cells of state array
    S. This can be used to extract the key.
  • To use RC4 securely, RSA suggests discarding
    first 256 bytes

Fluhrer-Mantin-Shamir attack
7
Modes of Operation
  • block ciphers encrypt fixed size blocks
  • eg. DES encrypts 64-bit blocks, with 56-bit key
  • need way to use in practise, given usually have
    arbitrary amount of information to encrypt
  • four were defined for DES in ANSI standard ANSI
    X3.106-1983 Modes of Use
  • subsequently now have 5 for DES and AES
  • have block and stream modes

8
Electronic Codebook Book (ECB)
  • message is broken into independent blocks which
    are encrypted
  • each block is a value which is substituted, like
    a codebook, hence name
  • each block is encoded independently of the other
    blocks
  • Ci DESK1 (Pi)
  • uses secure transmission of single values

9
Electronic Codebook Book (ECB)
10
Advantages and Limitations of ECB
  • repetitions in message may show in ciphertext
  • if aligned with message block
  • particularly with data such graphics
  • or with messages that change very little, which
    become a code-book analysis problem
  • weakness due to encrypted message blocks being
    independent
  • main use is sending a few blocks of data

11
Cipher Block Modes of Operation
  • Cipher Block Chaining Mode (CBC)
  • The input to the encryption algorithm is the XOR
    of the current plaintext block and the preceding
    ciphertext block.
  • Repeating pattern of 64-bits are not exposed

12
Cipher FeedBack (CFB)
  • message is treated as a stream of bits
  • added to the output of the block cipher
  • result is feed back for next stage (hence name)
  • standard allows any number of bit (1,8 or 64 or
    whatever) to be feed back
  • denoted CFB-1, CFB-8, CFB-64 etc
  • is most efficient to use all 64 bits (CFB-64)
  • Ci Pi XOR DESK1(Ci-1)
  • C-1 IV
  • uses stream data encryption, authentication

13
Cipher FeedBack (CFB)
14
Advantages and Limitations of CFB
  • appropriate when data arrives in bits/bytes
  • most common stream mode
  • limitation is need to stall while do block
    encryption after every n-bits
  • note that the block cipher is used in encryption
    mode at both ends
  • errors propagate for several blocks after the
    error

15
Location of Encryption Device
  • Link encryption
  • A lot of encryption devices
  • High level of security
  • Decrypts each packet at every switch
  • End-to-end encryption
  • The source encrypts and the receiver decrypts
  • Payload encrypted
  • Header in the clear
  • High Security Both link and end-to-end
    encryption are needed (see Figure 2.9)

16
(No Transcript)
17
Key Distribution
  • A key could be selected by A and physically
    delivered to B.
  • A third party could select the key and physically
    deliver it to A and B.
  • If A and B have previously used a key, one party
    could transmit the new key to the other,
    encrypted using the old key.
  • If A and B each have an encrypted connection to a
    third party C, C could deliver a key on the
    encrypted links to A and B.

18
Key Distribution (See Figure 2.10)
  • Session key
  • Data encrypted with a one-time session key. At
    the conclusion of the session the key is
    destroyed
  • Permanent key
  • Used between entities for the purpose of
    distributing session keys

19
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com