Module II

Symmetric Ciphers: Classical Encryption Techniques

Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
 The Problem

Private Message

Bob Alice
Eavesdropping

Eve
 The Solution
Private Message Private Message

Encryption Decryption
Scrambled Message

Bob Alice
Eavesdropping

Nonsense

Eve
 Classical Encryption
Techniques
• Cryptography
• Steganography
 What is cryptography?
• kryptos – “hidden”
• grafo – “write”

• Keeping messages secret

– Usually by making the message unintelligible
to anyone that intercepts it
 Steganography
• Conceals the existence of a msg
• Examples
– Character marking
– Invisible ink
– Pin punctures
– Typewriter correction ribbon
 Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and
cryptanalysis
 Cryptography
• can be characterized/classified based on
dimensions like:
– type of encryption operations used
• substitution / transposition / product
– number of keys used
• single-key or secret-key vs two-key or public-key
– way in which plaintext is processed
• block / stream
 Classical Encryption
Techniques
• Symmetric encryption- single key
• Asymmetric encryption- two keys public
and private
• Hashing- hash functions
 Module II

Symmetric Ciphers: Classical Encryption Techniques

Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
 Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• was the only type of cryptography, prior to
invention of public-key in 1970’s
Symmetric Cipher Model
 Requirements
• Two requirements for secure use of
symmetric encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
securely transmitted.
Y = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key
• Eg: Data Encryption Standard, Advanced
Encryption Standard, Triple DES
 Module II

Symmetric Ciphers: Classical Encryption Techniques

Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
 1.Types of Ciphers

• 1.1.Substitution ciphers
• 1.2.Permutation (or transposition) ciphers
• Also called as confusion and diffusion
method
 Confusion and Diffusion(another
terminology)
plaintext ciphertext plaintext
Encryption Decryption

Key KA Key KB

• Terms courtesy of Claude Shannon, father of

Information Theory
• “Confusion” = Substitution
• a -> b
• Caesar cipher
• “Diffusion” = Transposition or Permutation
• abcd -> dacb
• DES
 Classical Substitution Ciphers

• where letters of plaintext are replaced by

other letters or by numbers or symbols
• or if plaintext is viewed as a sequence of
bits, then substitution involves replacing
plaintext bit patterns with ciphertext bit
patterns
 1.1Substitution Cipher
• 1.1.a.Monoalphabetic cipher-replaces one
symbol with other
– Additive/Shift Eg:Caesar’s cipher
– Multiplicative cipher
– Affine cipher
– Monoalphabetic substitution
• 1.1.b.Polyalphabetic cipher
– Autokey cipher
– Playfair cipher
– Vigenere cipher
– Hill cipher
– One time pad, Rotor cipher
 Monoalphabetic cipher-replaces one
symbol with other
1.1.a.1Additive cipher

Note

When the cipher is additive, the plaintext,

ciphertext, and key are integers in Z26.

3.19
 Eg for additive cipher
Caesar Cipher
• Aka shift cipher/additive cipher
• earliest known substitution cipher
• first attested use in military affairs
• replaces each letter by 3rd letter on
• example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
• What’s the key?
Caesar Cipher
• can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• mathematically give each letter a number

a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:

C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
 1.1.a.2.Multiplicative Ciphers

Note

In a multiplicative cipher, the plaintext and

ciphertext are integers in Z26; the key is an
3.22 integer in Z26*.
 Continued

Example 3.7
What is the key domain for any multiplicative cipher?
Solution

The key needs to be in Z26*. This set has only 12 members: 1,

3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.
Example 3.8
We use a multiplicative cipher to encrypt the message “hello”
with a key of 7. The ciphertext is “XCZZU”.

3.23
 1.1.a.3.Affine Ciphers

3.24
 monoalphabetic Continued

Example 3.09
The affine cipher uses a pair of keys in which the first key is
from Z26* and the second is from Z26. The size of the key
domain is
26 × 12 = 312.
Example 3.10
Use an affine cipher to encrypt the message “hello” with the key
pair (7, 2).
 Monoalphabetic ciphers cont..

Example 3.11
Use the affine cipher to decrypt the message “ZEBBW” with the
key pair (7, 2) in modulus 26.
Solution

Example 3.12
The additive cipher is a special case of an affine cipher in which
k1 = 1. The multiplicative cipher is a special case of affine cipher
in3.26
which k2 = 0.
 1.1.a.4.Monoalphabetic Substitution Cipher

Because additive, multiplicative, and affine ciphers have small

key domains, they are very vulnerable to brute-force attack.
A better solution is to create a mapping between each plaintext
character and the corresponding ciphertext character. Alice and
Bob can agree on a table showing the mapping for each
character.

Figure 3.12 An example key for monoalphabetic substitution cipher

 Continued

Example 3.13
We can use the key in Figure 3.12 to encrypt the message

The ciphertext is
 Cryptanalysis of Caesar Cipher

• only have 26 possible ciphers

– A maps to A,B,..Z
• could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• e.g., break ciphertext "GCUA VQ DTGCM“
• Monoalphabetic cipher : easy to break as
they reflect data of the original alphabet.
Substitution ciphers
1.1.b.Polyalphabetic Ciphers
• another approach to improving security is to use
multiple cipher alphabets
• called polyalphabetic substitution ciphers
• makes cryptanalysis harder with more alphabets
to guess and flatter frequency distribution
• use a key to select which alphabet is used for
each letter of the message
• use each alphabet in turn
• repeat from start after end of key is reached
 Polyalphabetic Ciphers

In polyalphabetic substitution, each occurrence of a character may have a different

substitute. The relationship between a character in the plaintext to a character in the
ciphertext is one-to-many.

1.1.b.1.Autokey Cipher
 Polyalphabetic 1.1.b.1.Autokey cipher
Example
Assume that Alice and Bob agreed to use an autokey cipher
with initial key value k1 = 12. Now Alice wants to send Bob the
message “Attack is today”. Enciphering is done character by
character.
 Polyalphabetic cont…
1.1.b.2.Playfair Cipher
Figure 3.13 An example of a secret key in the Playfair cipher

Example 3.15
Let us encrypt the plaintext “hello” using the key in Figure 3.13.
 1.1.b.3.Vigenère Cipher
• simplest polyalphabetic substitution cipher
is the Vigenère Cipher
• effectively multiple caesar ciphers
• key is multiple letters long K = k1 k2 ... kd
• ith letter specifies ith alphabet to use
• use each alphabet in turn
• repeat from start after d letters in message
• decryption simply works in reverse
 1.1.b.3. Continued
Vigenere Cipher

Example 3.16
We can encrypt the message “She is listening” using the 6-
character keyword “PASCAL”.
 1.1.b.3. Continued
Example 3.16
Let us see how we can encrypt the message “She is listening”
using the 6-character keyword “PASCAL”. The initial key stream
is (15, 0, 18, 2, 0, 11). The key stream is the repetition of this
initial key stream (as many times as needed).
1.1.b.3.Vigenere Table
 1.1.b.3.Security of Vigenère Ciphers

• have multiple ciphertext letters for each

plaintext letter
• hence letter frequencies are obscured
• but not totally lost
• start with letter frequencies
– see if look monoalphabetic or not
• if not, then need to determine the ‘number
of alphabets’ in the key string (aka. the
period of the key), since then can attach
each
 Kasiski Method
• method developed by Babbage / Kasiski
• repetitions in ciphertext give clues to period
• so find same plaintext an exact period apart
• which results in the same ciphertext
• suggests size of key
• then attack each monoalphabetic cipher
individually using same techniques as before
 1.1.b.4. Hill Cipher

Key in the Hill cipher

Note

The key matrix in the Hill cipher needs to

have a multiplicative inverse.
 Polyalphabetic-Hill cipher

For example, the plaintext “code is ready” can make a 3 × 4

matrix when adding extra bogus character “z” to the last block
and removing the spaces. The ciphertext is “OHKNIHGKLISS”.

Figure 3.16 Example 3.20

Hill cipher
Hill Cipher
 1.1.b.4 Continued

Assume that Eve knows that m = 3. She has intercepted three

plaintext/ciphertext pair blocks (not necessarily from the same
message) as shown in Figure 3.17.

Figure 3.17 Example 3.21

 (Continued)

She makes matrices P and C from these pairs. Because P is

invertible, she inverts the P matrix and multiplies it by C to get
the K matrix as shown in Figure 3.18.
Figure 3.18 Example 3.21

Now she has the key and can break any ciphertext encrypted
with
3.45that key.
 1.1.b.5 One-Time Pad

One of the goals of cryptography is perfect secrecy. A study by Shannon has shown
that perfect secrecy can be achieved if each plaintext symbol is encrypted with a key
randomly chosen from a key domain. This idea is used in a cipher called one-time
pad, invented by Vernam.
 1.1.b.5.One-Time Pad

• if a truly random key as long as the

message is used, the cipher will be secure
called a One-Time Pad
• is unbreakable since ciphertext bears no
statistical relationship to the plaintext
• since for any plaintext & any ciphertext
there exists a key mapping one to other
• can only use the key once though
• have problem of safe distribution of key
1.1.b.6.Rotor Cipher

A rotor cipher
 1.2.Transposition Ciphers

• now consider classical transposition or

permutation ciphers
• these hide the message by rearranging
the letter order
• without altering the actual letters used
• can recognise these since have the same
frequency distribution as the original text
 Transposition-reorders the symbols

• 1.2.a.Keyless transposition
– Rail fence cipher
• 1.2.b.Keyed transposition
• 1.2.c.Combination of two approach
 1.2.a.1.Rail Fence cipher

• write message letters out diagonally over a

number of rows
• then read off cipher row by row
• Type 1:eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT
 Diffusion/transposition(Rail Fence
cipher-Type 2)
• “Diffusion” : a classical Transposition cipher

Courtesy:
Andreas
Steffen

• modern Transposition ciphers take in N bits and

permute using lookup table : called P-Boxes
 1.2.b Keyed Transposition Ciphers

•The keyless ciphers permute the characters by using writing

plaintext in one way and reading it in another way
•The permutation is done on the whole plaintext to create the
whole ciphertext.
• Another method is to divide the plaintext into groups of
predetermined size, called blocks
•Then use a key to permute the characters in each block
separately.
 Example
Alice needs to send the message “Enemy attacks tonight” to
Bob..

The key used for encryption and decryption is a permutation

key, which shows how the character are permuted.

The permutation yields

1.2.c.Combining Two Approaches
 1.2.c. Transposition using matrix

shows the encryption process. Multiplying the 4 × 5 plaintext

matrix by the 5 × 5 encryption key gives the 4 × 5 ciphertext
matrix.

Representation of the key as a matrix in the transposition cipher

 1.2.c. Double Transposition Ciphers

3.57
 Module II

Symmetric Ciphers: Classical Encryption Techniques

Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
 Stream Ciphers

Call the plaintext stream P, the ciphertext stream C, and the key stream K.

Stream cipher
 Stream Cipher
• Stream ciphers

• Rather than divide bit stream into discrete blocks, as block ciphers do, XOR
each bit of your plaintext continuous stream with a bit from a pseudo-
random sequence
• At receiver, use same symmetric key, XOR again to extract plaintext
 Continued

Additive ciphers can be categorized as stream ciphers in which

the key stream is the repeated value of the key. In other words,
the key stream is considered as a predetermined stream of
keys or
K = (k, k, …, k). In this cipher, however, each character in the
ciphertext depends only on the corresponding character in the
plaintext, because the key stream is generated independently.

The monoalphabetic substitution ciphers discussed in this

chapter are also stream ciphers.
 Continued

Vigenere ciphers are also stream ciphers according to the

definition. In this case, the key stream is a repetition of m
values, where m is the size of the keyword. In other words,

We can establish a criterion to divide stream ciphers based on

their key streams. We can say that a stream cipher is a
monoalphabetic cipher if the value of ki does not depend on the
position of the plaintext character in the plaintext stream;
otherwise, the cipher is polyalphabetic.
 Block Ciphers

In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted

together creating a group of ciphertext of the same size. A single key is used to
encrypt the whole block even if the key is made of multiple values. Figure 3.27 shows
the concept of a block cipher.

Block cipher

3.63
 Block Cipher
• Divide input bit stream into n-bit sections, encrypt only that section, no
dependency/history between sections

Courtesy:
Andreas
Steffen

• In a good block cipher, each output bit is a function of all n input bits
and all k key bits
 Continued

Playfair ciphers are block ciphers. The size of the block is m =

2. Two characters are encrypted together.

Hill ciphers are block ciphers. A block of plaintext, of size 2 or

more is encrypted together using a single key (a matrix). In
these ciphers, the value of each character in the ciphertext
depends on all the values of the characters in the plaintext.
Although the key is made of m × m values, it is considered as a
single key.
From the definition of the block cipher, it is clear that every
block cipher is a polyalphabetic cipher because each character
in 3.65
a ciphertext block depends on all characters in the plaintext
block.
 Module II

Symmetric Ciphers: Classical Encryption Techniques

Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
 History of DES
• DES – Data Encryption Standard
• Horst Feistel at IBM developed LUCIFER
– about 1971, sold to Lloyds of London
• Nat’l Bureau of Standards issued request
for national cipher standard
• IBM submitted (refined) LUCIFER
• NSA worked with IBM to refine cipher
• adopted in 1977 by Nat’l Bureau of Stds.
 DES Characteristics
• Plaintext is 64 bits long
• 16 rounds
• Key length is 56 bits
– 16 sub-keys generated, one used in each round
• DES algorithm is a variant of the Feistel
algorithm
DES Encryption
 DES cipher
• round i input is Li-1, Ri-1

Li = Ri-1
Ri = (Li-1 XOR F(Ri-1 ,Ki))
 One DES Round
<----32 bits------> <----32 bits------>
Li-1 Ri-1

exp/perm to 48
--- 48 bits

x Ki

--- 48 bits

S-box
--- 32 bits
permutation
--- 32 bits

x
Li Ri
DES function
 DES Round Structure
• uses two 32-bit L & R halves
• as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
• takes 32-bit R half and 48-bit subkey and:
– expands R to 48-bits using perm E
– adds to subkey
– passes through 8 S-boxes to get 32-bit result
– finally permutes this using 32-bit perm P
 Substitution Boxes S
• have eight S-boxes which map 6 to 4 bits
• each S-box is actually 4 little 4 bit boxes
– outer bits 1 & 6 (row bits) select one rows
– inner bits 2-5 (col bits) are substituted
– result is 8 lots of 4 bits, or 32 bits
• row selection depends on both data & key
– feature known as autoclaving (autokeying)
• example:
S(18 09 12 3d 11 17 38 39) = 5fd25e03
 DES Key Schedule
• forms subkeys used in each round
• consists of:
– initial permutation of the key (PC1) which
selects 56-bits in two 28-bit halves
– 16 stages consisting of:
• selecting 24-bits from each half
• permuting them by PC2 for use in function f,
• rotating each half separately either 1 or 2 places
depending on the key rotation schedule K
DES key generation
 DES Decryption
• decrypt must unwind steps of data computation
• with Feistel design, do encryption steps again
• using subkeys in reverse order (SK16 … SK1)
• note that IP undoes final FP step of encryption
• 1st round with SK16 undoes 16th encrypt round
• 16th round with SK1 undoes 1st encrypt round
• then final FP undoes initial encryption IP
• thus recovering original data value
 Key properties
• avalanche
– small change in plaintext or in key produces
significant change in ciphertext
– test for avalanche
• encrypt two plaintext blocks that differ only in one
bit
• about half the (ciphertext) bits will differ
• Completeness effect
– Each bit of the ciphertext needs to depend on
many bits in the plain text
 DES controversy
• DES choice was intensely criticized:
– original LUCIFER key length was 128 bits, and
DES used 56 bit key (to fit on chip, they said)
– critics feared brute force attacks
– design criteria for the S-boxes was classified, so
users not sure that internal structure was free of
hidden weak points that might let NSA break
cipher
 Cryptanalysis of DES
• increased computing speed has made a 56
bit key susceptible to exhaustive key search
• demonstrated breaks:
– 1997 – taking a few months, a large network of
computers broke DES
– 1998 – Electronic Frontier Foundation broke
DES in a few days on dedicated hardware
– 1999 – break accomplished in 22 hours
• in practice DES is used, and works
 Module II

Symmetric Ciphers: Classical Encryption Techniques

Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
Advanced Encryption
Standard
 Why AES?
• Symmetric block cipher, published in 2001
• Intended to replace DES and 3DES
DES is vulnerable to differential attacks
3DES has slow performances
 Origins
• US NIST (National institute for Science and technology)
issued call for ciphers in 1997

• 15 candidates accepted in Jun 98

• 5 were shortlisted in Aug 99

• NIST selected Rijndael as the proposed AES algorithm

 NIST/AES Criteria to Evaluate
Potential Candidates
• Security: The effort to cryptanalyze an algorithm.
Bruteforce attacks become impossible with key
size 128bit
• Cost: The algorithm should be practical in a wide
range of applications.
• Algorithm and Implementation Characteristics :
Flexibility(suitability for a variety of h/w and s/w),
simplicity (should make the analysis of security
more straight forward)etc.
 The AES Cipher - Rijndael
• Rijndael was selected as the AES in Oct-2000
– Designed by Vincent Rijmen and Joan Daemen in
Belgium
– Issued as FIPS PUB 197 standard in Nov-2001

• An iterative rather than Feistel cipher V. Rijmen

– processes data as block of 4 columns of 4 bytes (128
bits)
– operates on entire data block in every round

• Rijndael design:
– simplicity
– has 128/192/256 bit keys, 128 bits data J. Daemen
– resistant against known attacks
– speed and code compactness on many CPUs
 The AES Cipher
• Block length is limited to 128 bit
• The key size can be independently
specified to 128, 192 or 256 bits

Key size (words/bytes/bits) 4/16/128 6/24/192 8/32/256

Number of rounds 10 12 14

Expanded key size (words/byte) 44/176 52/208 60/240

 The AES Cipher
• Key received as input array of 4 rows and Nk
columns
• Nk = 4,6, or 8, parameter which depends key
size
• Input key is expanded into an array of
44/52/60 words of 32 bits each
• 4 different words serve as a key for each
round
k0 k4 k8 k12

k1 k5 k9 k13 w0 w1 w2 …… w42 w43

k2 k6 k10 k14

k3 k7 k11 k15
 The AES Cipher

• Single 128 bit block as input

• Copied to a State array with Nb columns
(Nb=4)
Input State array Output

in0 in4 in8 in12 S00 S01 S02 S03 o0 o4 o8 o12

in1 in5 in9 in13 S10 S11 S12 S13 o1 o5 o9 o13

in2 in6 in10 in14 S20 S21 S22 S23 o2 o6 o10 o14
in3 in7 in11 in15 S30 S31 S32 S33 o3 o7 o11 o15
 The AES Cipher
• Number of rounds, Nr, depends on key
size
• Each round is a repetition of functions that
perform a transformation over State array
• Consists of 4 main functions:1,2,and 3 -
permutation and substitutions,4 actual
encryption
Substitute bytes, Shift rows, Mix columns, Add round
key
 The AES Cipher
• AddRoundKey() – round key is added to the
State using XOR operation
• MixColumns() – takes all the columns of the
State and mixes their data, independently of one
another, making use of arithmetic over GF(2^8)
• ShiftRows() – processes the State by cyclically
shifting the last three rows of the State by
different offsets
• SubBytes() – uses S-box to perform a byte-by-
byte substitution of State
 AES functions
• simpler way to view the AES function
order is:
– 1. Scramble each byte (SubBytes).
– 2. Scramble each row (ShiftRows).
– 3. Scramble each column (MixColumns).
– 4. Encrypt (AddRoundKey).
 Subbytes()
• S-Box operation on an example string of
“ABC,”
• take the hexadecimal value of each byte.
ASCII “A” == hex 0x42, “B” == 0x43 and
“C” == 0x44.
– Look up the first (left) hex digit in the S-Box
column and the second in the S-Box row.
0x42 becomes 0x2c; 0x43 becomes 0x1a,
and 0x44 becomes 0x1b.
ShiftRows()
Mix columns()
AddRoundkey()
 plaintext
The AES Cipher

Add round key W[0,3]

Substitute bytes Substitute bytes

Substitute bytes

Shift rows
Round 1

Round 9 Shift rows Shift rows

Mix columns Mix columns Add round key

Add Round key Add round key Cipher text

key W[4,7] W[36,3] W[40,43]

One round of AES
 The AES Cipher
• Only Add round key makes use of the key
• Other three functions are used for diffusion
and confusion
• Final round consists of only three stages
 The AES Inverse
ciphertext Cipher/Decryption
Add round key

Inv. Shift rows Inv. Shift rows

Inv. Shift rows

Inv. Sub bytes

Round 1

Round 9 Inv. Sub bytes Inv. Sub bytes

Add round key Add round key Add round key

Inv. Mix Columns Inv. Mix columns plaintext

key W[36,39] W[4,7] W[0,3]

 The AES Inverse Cipher
• Decryption algorithm uses the expanded
key in reverse order
• All functions are easily reversible and their
inverse form is used in decryption
• Decryption algorithm is not identical to the
encryption algorithm
• Again, final round consists of only three
stages
 Attacks on AES
• Square Attack, based on the Square
Cipher
• created by the authors of Rijndael.
• It exploits the byte-oriented structure of
Square cipher
• The Square Attack is faster than a brute
force attack for AES using six rounds or
less.
 Module II
Symmetric Ciphers: Classical Encryption Techniques
Symmetric Cipher Model
Substitution and Transposition Ciphers
Stream and Block Ciphers
Data Encryption Standard
Triple DES
Advanced Encryption Standard
Confidentiality Using Symmetric Encryption
Confidentiality using Symmetric
Encryption
• traditionally symmetric encryption is used to provide
message confidentiality
• What to encrypt and where to encrypt?
 Confidentiality using Symmetric
Encryption
• consider typical scenario
– workstations on LANs access other workstations &
servers on LAN
– LANs interconnected using switches/routers
– with external lines or radio/satellite links
• consider attacks and placement in this scenario
– snooping from another workstation
– use dial-in to LAN or server to snoop
– use external router link to enter & snoop
– monitor and/or modify traffic one external links

– Major concern: placement of Encryption

algorithm
 Confidentiality using Symmetric
Encryption
Placement of encryption algorithm
• have two major placement alternatives
• link encryption
– encryption occurs independently on every link
– implies must decrypt traffic between links
– requires many devices, but paired keys
• end-to-end encryption
– encryption occurs between original source
and final destination
– need devices at each end with shared keys
 Placement of Encryption- An
Analysis
• when using end-to-end encryption must
leave headers in clear
– so network can correctly route information
• hence although contents protected, traffic
pattern flows are not
• ideally want both at once
– end-to-end protects data contents over entire
path and provides authentication
– link protects traffic flows from monitoring
 Placement of Encryption
• can place encryption function at various
layers in OSI Reference Model
– link encryption occurs at layers 1 or 2
– end-to-end can occur at layers 3, 4, 6, 7
– as move higher less information is encrypted
but it is more secure though more complex
with more entities and keys
 Traffic Analysis
• is monitoring of communications flows
between parties
– useful both in military & commercial spheres
– can also be used to create a covert channel-
means of communication unintended by the
designers
• Can be used to
– Identify partners
– How frequently the partners are
communicating
– Message pattern, length and quality analysis
– The events that co-relate special
conversations
 Overcoming-Traffic Analysis
• link encryption obscures header details
– but overall traffic volumes in networks and at
end-points is still visible
• traffic padding can further obscure flows
– but at cost of continuous traffic
 Key Distribution
• symmetric schemes require both parties to
share a common secret key
• issue is how to securely distribute this key
• often secure system failure due to a break
in the key distribution scheme
 Key Distribution
• given parties A and B have various key
distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B
Key Distribution Scenario
 Key Distribution Issues
• hierarchies of KDC’s required for large
networks, but must trust each other
• session key lifetimes should be limited for
greater security
• use of automatic key distribution on behalf
of users, but must trust system
• use of decentralized key distribution
• controlling purposes keys are used for
 Cryptanalysis
• Objective: to recover the plaintext of a
ciphertext or, more typically, to recover the
secret key.
• Kerkhoff’s principle: the adversary knows all
details about a cryptosystem except the
secret key.
• Two general approaches:
– brute-force attack
– non-brute-force attack (cryptanalytic attack)
119
 Cryptanalytic Attacks
• ciphertext only
– only know algorithm / ciphertext, statistical, can
identify plaintext
• known plaintext
– know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext
– select plaintext and obtain ciphertext to attack cipher
• chosen ciphertext
– select ciphertext and obtain plaintext to attack cipher
• chosen text
– select either plaintext or ciphertext to en/decrypt to
attack cipher
 Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext