Understanding Symmetric Ciphers

  

The symmetric cipher uses the same key for both encryption and decryption. In the asymmetric cipher , separate keys are used for encryption and decryption. When using an asymmetric cipher, the operation is dependent on the key used. In the symmetric cipher, the algorithm needs to be instructed - via a parameter, for example - whether it is encrypting or decrypting .

There are two types of symmetric algorithms: stream and block algorithms. A stream algorithm can encrypt a single bit or byte. The stream algorithm may even XOR it to the next byte. The operation is similar to a message digest. The stream algorithm doesn't have the same fixed-length limitations that the message digests have and uses a key to apply to the algorithm. Since the stream is one byte at a time, it eliminates the need for padding and doesn't need to work with a message block other than being encrypted or decrypted a byte size .

For algorithms where the current byte will be applied to the encryption of the next byte, the decryption will have to read in reverse. For example, the starting byte B 1 . . .B 3 , where B 1 will be encrypted first and B 3 encrypted last, will be decrypted starting with B 3 first and B 1 last. Since the cipher is encrypted a byte at a time, it is difficult to calculate the pattern that will emerge 64 bytes later.

Tip  

If a pattern arises, the algorithm can be compromised. Patterns should be avoided because they may offer some insight into how the algorithm is behaving. If the hex number x05 shows up every few bytes in the message, and the hacker knows that the letter "e" appears in every other word in the first sentence , it might be a good guess that the pattern continues for the letter "e." For this reason, and the fact that block ciphers can be used as stream ciphers, there are a lot more block ciphers than stream ciphers.

To help with the repetition of bytes in the stream, a key stream is used to encrypt and decrypt each byte. The key generator changes a block of a key into a key stream. The key stream matches the plaintext, or ciphertext stream, in a byte-by-byte ratio. When P 1 is being encrypted with the cipher algorithm, it has a matching key called k 1 . The next byte, P 2 , uses P 1 as material. The next key in the stream, k 2 , uses k 1 as a material to generate itself. The combination of P 2 and k 1 is used to generate C 2 and so on. For generating the plaintext, the ciphertext (C 1 , C 2 , C 3 , and so on) works similarly with the key stream to produce the previous plaintext. The key stream is needed for keeping out any patterns and protecting the data. This process is illustrated in Figure 12-1.

click to expand
Figure 12-1: The key stream

The block cipher works with block of data at a time. The key stream is important for keeping patterns out of the ciphertext. The block cipher is dependent on the input size. The objective of the cipher is to permutate the data with the key and to to reverse the process to restore the original data. The key can be permutated in a process called whitening. Whitening is the technique of XORing key material before the first round and after the last round. The cipher algorithm will perform a number of like operations. These operations are called rounds and have been demonstrated with the message digest.

Cross-Reference  

The message digest is discussed in Chapter 9.

The round operation is denoted by the function f in mathematical terms. The function f uses the key k and the plaintext p to build a ciphertext c . A cipher such as DES could be expressed in a mathematical function:

16f(kp) = c

The DES algorithm executes the function f 16 rounds, or times. Each round executes the function on the key and plaintext to form the ciphertext. If the key was permutated with the whitening process w , the key could be expressed as w(k) = k w . Each cipher needs to have the capability to be expressed in mathematical formula so that it may be studied, understood , and analyzed . The function and keys can be broken down so that an analysis can find any weaknesses.

For example, the function for DES includes the breakdown of the plaintext into a right side and a left side. The right side could be expressed as r 1 and the left side as l 1 . The next piece of the function may shift the l 1 through an S-box.

Note  

Recall that an S-box is a substitution box. Ever since DES and Lucifer, S-boxes have been used to describe the substitution operations. Most block ciphers use S-boxes. An example of how DES uses S-boxes is that DES takes 48 of the 56 bits of plaintext, and splits the 48 bits into a right half and a left half. The right half and left half expand the 24 bits into 48 bits and split the 48 bits into 6-bit sets. Each 6-bit set is passed into an S-box.

Before the shift, l 1 can be represented in hex as 0x9Ab37uIt . After the shift operation with the S-box, S 1 (l 1 ) = So 1 , the output data may become 0Xccv899oD . The operations are analyzed and studied for any patterns. If patterns or weaknesses are found in the algorithm, the algorithm can be fixed and upgraded. Unless you can express the algorithm in mathematical terms and to analyze the operations, the algorithm becomes difficult to express.

By looking at the algorithm and how the plaintext and ciphertext propagate through the rounds, cryptologists are able to analyze the differences through the algorithm. This is known as differential cryptanalysis . Differential cryptanalysis is the ability to take pairs of ciphertext, while looking at their plaintexts, and examine their differences for weaknesses.

There are eight S-boxes for this operation because 6 bits — 8 S-boxes = 48 bits. The result of the 48 bits after passing through the S-box set is 32 bits. S-boxes normally have a different number of bits coming in and going out. The ratio of bits going in and coming out is known as the S-box size . The size of the S-box is the number of bits that the S-box can handle. The designation of the inputs is normally n and the designation of the outputs is normally m . The size of the S-box is n m . The size of the S-box just described for DES is a 6 — 4 S-box. Each DES S-box will have 6 bits going in and 4 bits coming out. Because there are 8 S-boxes, the total input will be 48 bits and the total output will be 32 bits.

The operation that S-box offers is a substitution cipher by mapping the bit substitution. The DES S-box reads the 6-bit input number and, based on the number, it maps the number to a row and column in the substitution table. Based on the mapping in the substitution table, it modifies the number specified in the table. An example of the S-box substitution can be seen in Figure 12-2.

click to expand
Figure 12-2: The S-box substitution

In that example, the result is 11 from 51. If the digit 11 was expanded again by being wrapped with ones, 1(1011)1, the result would be 55. Passing 55 through the same S-box would yield a different result. For decryption, the return path could be done in reverse to establish the original message by using the table lookups. The tables themselves have sometimes evolved over time. Some are generated randomly and tested to see if they are weak. Others are designed using mathematical principles through statistics to avoid patterns. Depending on the means used to create the S-box table, the table can add strength or weakness to the cipher.

DES has been the cornerstone of discussion with the S-box. Many block ciphers have evolved from using DES as a foundation. For the message digest, MD4 serves the same purposes. Because the types and levels of security for different people and organizations are very diverse, block ciphers must cover a wide variety of uses. To do so, block ciphers use four modes of operation. These modes of operation are based on the DES four modes of operation: Electronic CodeBook Mode (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).

The first mode of operation is ECB. The ECB is the simplest form of the operation modes. The ECB offers a one-to-one relationship between a block of plaintext and ciphertext. DES has a 64-bit size. In ECB mode, each 64-bit block is encrypted with the same key producing the same 64-bit ciphertext. If the input to the cipher is not 64-bit, the cipher algorithm will apply a pad to ensure that input fits the correct block size. If the message is longer than 64 bits, then it is broken down into 64-bit blocks. The encryption and decryption of each block is independent of the other blocks.

The reason that the ECB is called the codebook mode is because the same plaintext will always produce the same ciphertext. Theoretically, but not practically, it is possible to establish a codebook of all the possible combinations of plaintext and ciphertext to avoid calculations. That is also the weakness of the ECB. Because the same plaintext will produce the same ciphertext, a pattern could be found and the cipher could be cracked. If you know that the string "ABC" will always produce the output "0xOis6rtsr" for a given key, the next time you see the ciphertext "0xOis6rtsr" (and the key has not changed), you know the input was "ABC." See Figure 12-3 for an example of the ECB.

click to expand
Figure 12-3: The ECB mode

The ECB cipher producing the same ciphertext for the same key has been seen as a deficiency on the operational mode. To compensate for this deficiency, the CBC has evolved. The CBC repeats the same plaintext, and the key produces a different ciphertext. It accomplishes this task by chaining the cipher block. The cipher block is the ciphertext that is the output of the encryption algorithm. The output of one algorithm block is used to permutate the input of another block so that when a second block contains the same plaintext, it produces a different ciphertext. The ciphertext from the first block is XORed with the plaintext of the next block. Hashing the input with an output alleviates patterns for the same plaintext to become the same ciphertext. For every plaintext, there is an accompanying ciphertext to be XORed with in order to mask the plaintext.

To ensure that the first round works the same as the other rounds, an initialization vector (IV) is used. Since the first round of plaintext doesn't have a previous ciphertext block to work with, the IV is used to simulate a block of ciphertext for the first round. For DES, the IV would be a 64-bit block of random data to simulate a block of ciphertext. The random data cannot be randomly generated data on-the-fly because the data is needed for encrypting and decrypting the same data. If one DES engine uses one set of data for the IV and another uses a different set of data for IV, the encryption and decryptions will not work. The IV gives the algorithm the same security as an extra key.

If an organization fears that its ciphertexts have been compromised, it could decrypt its messages, change the IV, and re-encrypt all the messages, making sure that every trusted party uses the same IV. If the organization rotates the IV, the crackers that don't have the IV will be kicked out of the decryption and have to find the new IV data set. The weakness of the CBC is that some block ciphers such as DES, which is 64 bits or 8 bytes, do not have enough randomness within the blocks. The blocks are small, and there is not enough change in the data by an XOR to ensure no patterns are established. If the blocks were much larger, the XOR of larger values would have the probability to produce more of a change in data.

Another issue is that the ciphertext can be determined, and an attacker can take into consideration that the ciphertext is XORed with plaintext to compensate for the chaining. Just as the chaining is used to XOR the plaintext for the next ciphertext, any cracker intercepting the first ciphertext can use it as part of the cracking mechanism. While the CBC has the capability to chain the plaintext with ciphertext and produce a different ciphertext for the same plaintext block, it does this chaining at a very rudimentary level. This makes a crack possible for those who can intercept pieces of the ciphertext and use it to piece back the plaintext. See Figure 12-4 for an overview of CBC.

click to expand
Figure 12-4: A CBC overview

The CFB mode can force a block cipher to act like a stream cipher. The CFB has the capability to work with sizes that are smaller than the block size. For DES, it can work with a block smaller than 64 bits. The CFB could encrypt 1 byte (8 bits) or even 1 bit at a time. Encrypting 8 bits at a time is referred to as CFB8. Since the CFB acts like a stream cipher, padding is not required. Figure 12-5 shows an overview of CFB8.

click to expand
Figure 12-5: Overview of the CBC8

To start the algorithm, the IV is initialized and encrypted. Each byte will be XORed with the plaintext one byte at a time. The first byte to be XORed will be the first byte in the shift register labeled IV 1 to the first byte of plaintext labeled P 1 . The result of the two elements produces the ciphertext C 1 . IV 1 will be discarded and all the other entries in the IV register will shift one byte to take its place. When all bytes shift to the beginning of the queue, one byte will be left empty on the end of the register that was labeled IV 8 . A copy of the ciphertext C 1 will fill the gap and replace IV 8 . The ciphertext is fed back into the VI shift register. The entire 64 bits of the IV shift register block will be encrypted again. This process continues until all the plaintext has been encrypted. The encryption algorithm is also used during decryption. The difference between encryption and decryption is that during decryption, the ciphertext byte is XORed with the IV register instead of the plaintext byte. Because the IV shift register is encrypted every time the register is shifted, the CFB mode is a lot slower than the previous two modes. In this example, the entire block of 8 bytes will be encrypted for every one byte that is added to the register.

The OFB is another example of a block cipher that can be used like a stream cipher. The OFB works just like the CFB except that ciphertext does not feed back into the IV shift register, but rather the IV shift register feeds back into itself. When all the IV entries shift to replace the IV 1 entry, the IV 1 entry will move into the IV 8 position. The plaintext and ciphertext will not actually be encrypted. They will be XORed with the values in the IV that are encrypted. The encryption will happen again every time the IV entries are shifted. Because the ciphertext is no longer in the equation, if any corruption errors occur in the ciphertext, they will not be propagated to the plaintext. Because the IV is used for encrypting data, instead of the ciphertext, the IV shift register could be susceptible to attacks to crack the plaintext or corrupt the message. This is illustrated in Figure 12-6.

click to expand
Figure 12-6: The OFB mode

The symmetric cipher algorithms can be classified and categorized based on key size, block size, number of S-boxes, number of rounds, and other factors that describe the algorithm. To understand the weaknesses and strengths of a cipher, the mathematics, substitutions, and modes must be understood. The mathematics describes the process of the algorithm in a common language.

The constructs, like the modes and substitutions, can be used to walk through the process of the algorithm and conceptualize the weaknesses and strengths of the algorithms. It is up to the individual and the organization to understand the algorithm's weaknesses and strengths to ensure that they are using the correct algorithms. If users understand the characteristics that make up the symmetric algorithms, such as key size, the ability to differentiate between the different algorithms can be offered .

Note  

An organization must know and understand the export laws for a very large key size. This can influence the decision about which algorithm to use. For instance, an organization may not use a specific algorithm if the organization frequently sends messages overseas.

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net