Network Security and Cryptography

Lecture 9
IDEA, RC5,RC2, Encryption key placement

Uday Prakash Pethakamsetty uday3prakash@gmail.com

International Data Encryption Algorithm (IDEA)

Developed by James Massey & Xuejia Lai at ETH originally in Zurich in 1990, then called IPES.
X Lai, J L Massey, A Proposal for a New Block Encryption Standard
In Advances in cryptology- Eurocrypt 90, Lecture Notes in computer Science, vol 473, pp 389-404.

X Lai, J L Massey, S Murphy, Markov Ciphers and Differential Cryptanalysis.

In Advances in cryptologyEurocrypt 91, Lecture Notes in Computer Science, vol 547, pp 17-38.

Name changed to IDEA in 1992.

3/18/2013 Department of ECE JNTUH 2

IDEA
IDEA is patented in Europe & US, however noncommercial use is freely permitted
Used in the public domain PGP (with agreement) Currently no attack against IDEA is known
Seem secure against differential cryptanalysis, brute force.

The name IDEA is also a trademark. The patents expired in 2010-2011. Today, IDEA is licensed in all the countries where it is patented by MediaCrypt. IDEA was used in Pretty Good Privacy (PGP) v2.0.
3/18/2013 Department of ECE JNTUH 3

IDEA...
Encrypts 64-bit blocks using a 128-bit key PRINCIPLE: Based on mixing operations from different (incompatible) algebraic groups
XOR, +mod 216 , *mod 216 + 1 On 16-bit sub-blocks, with no permutations used. The non-linearity deserved is obtained by three modulo operations (XOR, addition modulo 216 , Multiplication modulo 210 +1); instead of using Sboxes. Easily implemented both in hardware and software.
3/18/2013 Department of ECE JNTUH 4

IDEA
Initially, the 64 bit data is divided into 4 sub blocks (x1,x2,x3,x4) of 16 bit each. These sub-blocks together undergo 8 rounds (R1,R2,R3,R4,R5,R6,R7,R8)of transformation operation, with the sub-keys. The 128 bit key is divided into 8 sub-keys (K1,K2,K3,K4,K5,K6,K7,K8) of 16 bits each.

IDEA

3/18/2013

Department of ECE JNTUH

IDEA(overview)

3/18/2013

Department of ECE JNTUH

IDEA (Middle and Last Rounds)

3/18/2013

Department of ECE JNTUH

IDEA
Round Transformation of each round: 1) Multiply x1 and the first sub-keyx1*k1 2) Add x2 and second sub-key x2+k2 3) Add x3 and third sub-key x3+k3 4) Multiply x4 and fourth sub-key x4*k4 5) XOR the results of step1 and 3 6) XOR the results of step2 and 4 7) Multiply results of steps 5 with fifth sub-key 8) Add results of steps 6 and 7 9) Multiply the results of steps 8 with the sixth sub-key. 10) Add the results of step 7 and 9 11) XOR the results of steps 1 and 9y1 12) XOR the results of steps 3 and 9 y2 13) XOR the results of steps 2 and 10 y3 14) XOR the results of steps 4 and 10 y4 15) Y2 and Y3 sub-blocks are swapped. Y1 ,Y2,Y3,Y4------ end result of each round

IDEA
Last ROUND doesnt have swap step. Additionally, it has following transformations:
Multiply Y1 and the 1st subkey Add Y2 and the second subkey Add Y3 and the 3rd Sub-key Multiply Y4 and the 4th sub-key

Finally, the cipher text is the concatenation of the blocks:::::::Y1,Y2,Y3,Y4

IDEA
Sub-key Generation
Total needed 52=6 8+4 sub-keys
First are directly from the key in order Left shift of 25 bits, and then next 8 subkeys Each sub-key is a sub-block of the original key.

Decryption
Much more complicated It needs the inverse of the encryption key
For addition, multiplication respectively.

IDEA
Key Scheduling
128 bit key=8 16 bit sub-keys First 6 sub-keys are used for 1st round. Remaining 2 sub-keys for 2nd round Entire 128 bit key is given a rotation for 25 steps to left and again divided into 8 blocks (of 16 bit each). First 4 sub-keys are used for the remaining in 2nd round. Remaining $ sub-keys re used for 3rd round Entire 128 bit key is left shifted 25 bits and divided into 8 blocks This process iterates for all the rounds till the end. For Decryption, the sub-keys are reversed and are either the multiplicative or additive inverse of the corresponding encryption subkeys.

IDEA
Decryption
Same code can perform either encryption or decryption given different expanded keys. The inverses of the encryption keys and use them in the opposite order (use the inverse of the lastused encryption key as the first used when doing encryption). Since the last encryption round (an odd-round) used keys K49,K50,K51,K52, The first decryption round uses the inverses of the keys K49-K52.

IDEA- Important Feature

The size of the sub-block
Need 216 +1 be prime number
To compute the inverse for each possible subkey

So sub-block size 8 is also possible

28+1=257 is prime number

3/18/2013

Department of ECE JNTUH

14

IDEA
Cryptanalysis:
Only 4 rounds of cipher makes it immune to differential cryptanalysis. Joan Daeman, Rene Govaerts & Joos Vandewalle showed that the cipher had certain keys which can be easily discovered in a chosen plaintext attack.

RC 5
Developed by R. Rivest
Suitable for hardware or software Fast, simple Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations (circular bit shifts) Fast, simple, low memory, data-dependent rotations Adaptable to processors of different word length
A family of algorithms determined by word length, number of rounds, size of secret key

Decryption and encryption are not the same

With little variations

Primitive operations
Addition, XOR, left circular rotation
3/18/2013 Department of ECE JNTUH 16

Stream Ciphers
Decryption requires use of same pseudo random sequence: Ex: Cipher text : 10100000 key stream : 01101100 XOR operation Plain Text : 11001100 One Time Pad uses genuine random number generator , whereas stream cipher uses a pseudorandom number stream.

Properties of Stream Cipher

1) Encryption sequence should have a large period, i.e., repetition period of pseudo-random sequence must be large. 2) Key stream should approximate the properties of a true random number stream. i.e., probability of occurrence of 1s and 0s must be equal. 3) Pseudo-random stream is conditional on value of input key. To

prevent brute-force attacks, the key needs to be longer. With

current technology, a key length of at-least 128 bits is desirable.

Stream Cipher vs. Block Cipher

Stream ciphers are faster than block ciphers Block ciphers can reuse the keys. But, if two plaintexts are encrypted with the same key using a stream cipher, then cryptanalysis becomes simple. If two cipher text streams are XORed together, the result is the XOR of the original plaintexts.

Stream Ciphers
Encrypts plaintext one byte at a time. Can even operate on one bit at a time, or on units larger than 1 byte. Pseudorandom number stream should be unpredictable without the knowledge of the input key. PR generator output is called key stream. Ex: plain text : 11001100 key stream : 01101100 XOR operation Cipher text: 10100000

RC4
Ron Rivest (of the famous RCA) is the inventor A long random string is called a one-time pad. A stream cipher generates a one-time pad and applies it to a stream of plain text with . RC4 is a stream cipher designed by Ron Rivest.

3/18/2013

Department of ECE JNTUH

21

RC 4

C code for RC4 one-time pad generator

3/18/2013

Department of ECE JNTUH

23

Key features of advanced symmetric block ciphers

3/18/2013

Department of ECE JNTUH

24

Confidentiality using Symmetric Encryption

Have two major placement alternatives Link encryption
encryption occurs independently on every link implies must decrypt traffic between links requires many devices, but paired keys

End-to-end encryption
encryption occurs between original source and final destination need devices at each end with shared keys

3/18/2013

Dept. of ECE

Network Security & Cryptography

25

Placement of Encryption
Can place encryption function at various layers in OSI Reference Model
link encryption occurs at layers 1 or 2 end-to-end can occur at layers 3, 4, 6, 7 as move higher less information is encrypted but it is more secure though more complex with more entities and keys

3/18/2013

Dept. of ECE

Network Security & Cryptography

26

Location of Encryption Device

Link encryption:
A lot of encryption devices High level of security Decrypt each packet at every switch

End-to-end encryption
The source encrypt and the receiver decrypts Payload encrypted Header in the clear

High Security: Both link and end-to-end encryption are needed

3/18/2013 Department of ECE JNTUH 27

3/18/2013

Department of ECE JNTUH

28

Key Distribution
1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.
3/18/2013 Department of ECE JNTUH 29

Key Distribution
Session key:
Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed

Permanent key:
Used between entities for the purpose of distributing session keys

3/18/2013

Department of ECE JNTUH

30

Key Distribution
Symmetric schemes require both parties to share a common secret key Issue is how to securely distribute this key Often secure system failure due to a break in the key distribution scheme

3/18/2013

Dept. of ECE

Network Security & Cryptography

31

3/18/2013

Department of ECE JNTUH

32

Key Distribution
Given parties A and B have various key distribution alternatives:
1. A can select key and physically deliver to B 2. third party can select & deliver key to A & B 3. if A & B have communicated previously can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B

3/18/2013

Dept. of ECE

Network Security & Cryptography

33

Key Distribution Scenario

3/18/2013

Dept. of ECE

Network Security & Cryptography

34

Key Distribution Issues

hierarchies of KDCs required for large networks, but must trust each other session key lifetimes should be limited for greater security use of automatic key distribution on behalf of users, but must trust system use of decentralized key distribution controlling purposes keys are used for

3/18/2013

Dept. of ECE

Network Security & Cryptography

35

Random Numbers
many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad

in all cases its critical that these values be

statistically random
with uniform distribution, independent

unpredictable cannot infer future sequence on previous values

3/18/2013

Dept. of ECE

Network Security & Cryptography

36

Private-Key Cryptography
traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender

3/18/2013

Dept. of ECE

Network Security & Cryptography

37

References
Behrouz A. Forouzan, Debdeep Mukhopadhyay, Cryptography and Network Security 2e, McGraw Hill Publications, ISBN 978-0-07-070208-0. William Stallings, Cryptography and Network SecurityPrinciples and Practices, 4e, Pearson-Printice Hall publications, ISBN 81-7758-774-9. Stallings, W. Cryptography and Network Security: Principles and Practice, 2nd edition. Prentice Hall, 1999 Scneier, B. Applied Cryptography, New York: Wiley, 1996 Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Cyberspace.org
3/18/2013 Department of ECE JNTUH 38