Network Security Essentials - Notes2. Symmetric Ciphers
Network Security Essentials -- Notes2. Symmetric Ciphers
1. Overview
Symmetric Ciphers use the same key for both decryption and encryption.
Other terms for symmetric-key encryption are secret-key, single-key, shared-key, one-key, and private-key encryption.
2.5 Indredients
a.Plaintext
b.Encryption Algorithm
c.Secret Key
e.Ciphertest
f.Decryption Algorithm
Algorithms are not kept secret, but keys are
3.Two kinds of Ciphers:
a. Block Cipher -- Block by block, for example, encrypting a file
b. Stream Cipher -- Element by element (a byte e.g.), for example, encrypting a multi-media stream
4.3 most commonly used Block Ciphers
a. DES: blockSize=64 bits, keyLength=56 bits
I.The algorithm is not vulnerable, though studied a lot
II.The key length of 56bits is so small that it can be cracked by brute force
b. 3DES: 3 executions of DES with seperate 3 keys
I.The algorithm is also good since it's the same of DES
II.The key length is 56bits * 3 = 168 bits. So it's impossible to crack by brute force
III.It's slow
c. AES: Both secure and fast.
5. How to encrypt blocks broken from a message?
a. b1 + b2 + ... => encrypt(b1) + enrypt(b2) + ... -- ECB
ECB is not safe because two "ABC"s in the message will generate two copies of ciphertext. Attackers may exploit the regularities in this case.
b. b1 + b2 + ... => encrypt(b1) + encrypt((enrypt(b1) XOR b2)) + ... -- CBC
6.Stream Ciphers
RC4 is a commonly used Stream cipher
And CFB for Stream Ciphers is just like ECB/CBC for Block Ciphers
7. How to deliver keys?
a.end-to-end delivery is not safe
b.Permanent key is not safe
KDS Scheme is recommended to distribute keys.
a. A third party KDS is responsible to deliver a temporary keys used only for a session
b. These session keys are encrypted themselvez by permanentt keys used between KDS and the end parties.
100.Java API Examples
//generate a DES key
KeyGenerator keygen = KeyGenerator.getInstance("DES");
SecretKey desKey = keygen.generateKey();
//Create a cipher
Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding");
Cipher c2 = Cipher.getInstance("DESede");
//Use a PBE key
String password = "password";
byte[] salt = "salt1234".getBytes();
PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 20);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey passwordKey = kf.generateSecret(keySpec);
1. Overview
Symmetric Ciphers use the same key for both decryption and encryption.
Other terms for symmetric-key encryption are secret-key, single-key, shared-key, one-key, and private-key encryption.
2.5 Indredients
a.Plaintext
b.Encryption Algorithm
c.Secret Key
e.Ciphertest
f.Decryption Algorithm
Algorithms are not kept secret, but keys are
3.Two kinds of Ciphers:
a. Block Cipher -- Block by block, for example, encrypting a file
b. Stream Cipher -- Element by element (a byte e.g.), for example, encrypting a multi-media stream
4.3 most commonly used Block Ciphers
a. DES: blockSize=64 bits, keyLength=56 bits
I.The algorithm is not vulnerable, though studied a lot
II.The key length of 56bits is so small that it can be cracked by brute force
b. 3DES: 3 executions of DES with seperate 3 keys
I.The algorithm is also good since it's the same of DES
II.The key length is 56bits * 3 = 168 bits. So it's impossible to crack by brute force
III.It's slow
c. AES: Both secure and fast.
5. How to encrypt blocks broken from a message?
a. b1 + b2 + ... => encrypt(b1) + enrypt(b2) + ... -- ECB
ECB is not safe because two "ABC"s in the message will generate two copies of ciphertext. Attackers may exploit the regularities in this case.
b. b1 + b2 + ... => encrypt(b1) + encrypt((enrypt(b1) XOR b2)) + ... -- CBC
6.Stream Ciphers
RC4 is a commonly used Stream cipher
And CFB for Stream Ciphers is just like ECB/CBC for Block Ciphers
7. How to deliver keys?
a.end-to-end delivery is not safe
b.Permanent key is not safe
KDS Scheme is recommended to distribute keys.
a. A third party KDS is responsible to deliver a temporary keys used only for a session
b. These session keys are encrypted themselvez by permanentt keys used between KDS and the end parties.
100.Java API Examples
//generate a DES key
KeyGenerator keygen = KeyGenerator.getInstance("DES");
SecretKey desKey = keygen.generateKey();
//Create a cipher
Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding");
Cipher c2 = Cipher.getInstance("DESede");
//Use a PBE key
String password = "password";
byte[] salt = "salt1234".getBytes();
PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 20);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey passwordKey = kf.generateSecret(keySpec);