Network Security Essentials — Notes2. Symmetric Ciphers

Leave a Comment / Security / July 27, 2010

1. Overview

 
Symmetric Ciphers use the same key for both decryption and encryption.

  Other terms for symmetric-key encryption are secret-key, single-key, shared-key,  one-key, and private-key encryption.

2.
5 Indredients

  a.Plaintext

  b.Encryption Algorithm

  c.Secret Key

  e.Ciphertest

  f.Decryption Algorithm


Algorithms are not kept secret, but keys are

3.Two kinds of Ciphers:

   a.
Block Cipher  — Block by block, for example, encrypting a file

   b.
Stream Cipher — Element by element (a byte e.g.), for example, encrypting a multi-media stream

4.3 most commonly used Block Ciphers

  a.
DES: blockSize=64 bits, keyLength=56 bits

      I.The algorithm is not vulnerable, though studied a lot

     II.The key length of 56bits is so small that it can be cracked by brute force

  b.
3DES: 3 executions of DES with seperate 3 keys

      I.The algorithm is also good since it’s the same of DES

     II.The key length is 56bits * 3 = 168 bits. So it’s impossible to crack by brute force

    III.It’s slow

  c.
AES: Both secure and fast.

5. How to encrypt blocks broken from a message?

   a. b1 + b2 + … => encrypt(b1) + enrypt(b2) + … —
ECB

     
ECB is not safe because two "ABC"s in the message will generate two copies of ciphertext. Attackers may exploit the regularities in this case.

   b. b1 + b2 + … => encrypt(b1) + encrypt((enrypt(b1) XOR b2)) + …  —
CBC

6.Stream Ciphers

  
RC4 is a commonly used Stream cipher

   And CFB for Stream Ciphers is just like ECB/CBC for Block Ciphers

7. How to deliver keys?

   a.end-to-end delivery is not safe

   b.Permanent key is not safe

 

 
KDS Scheme is recommended to distribute keys.

    a. A third party KDS is responsible to deliver a temporary keys used only for a session

    b. These session keys are encrypted themselvez by permanentt keys used between KDS and the end parties.

100.
Java API Examples

   //generate a DES key

    KeyGenerator keygen = KeyGenerator.getInstance("DES");

    SecretKey desKey = keygen.generateKey();

  

  //Create a cipher

   Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding");

   Cipher c2 = Cipher.getInstance("DESede");

  

  //Use a PBE key

    String password = "password";

    byte[] salt = "salt1234".getBytes();

    PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 20);

    PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());

    SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");

    SecretKey passwordKey = kf.generateSecret(keySpec);

 

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.