CSE4303 Introduction to Computer Security (Lecture 7)

Cryptography in Symmetric Systems

Symmetric systems

Symmetric (shared-key) encryption

Classical techniques
Computer-aided techniques
Formal reasoning
Realizations:
- Stream ciphers
- Block ciphers

Stream ciphers

Operate on PT one bit at a time (usually), as a bit “stream”
Generate arbitrarily long keystream on demand

Keystream

Keystream $G(k)$ generated from key $k$ .

Encryption:

E(k,m) = m \oplus G(k)

Decryption:

D(k,c) = c \oplus G(k)

Security abstraction

XOR transfers randomness of keystream to randomness of CT regardless of PT’s content
Security depends on $G$ being “practically” indistinguishable from random string and “practically” unpredictable
Idea: shouldn’t be able to predict next bit of generator given all bits seen so far

Keystream $G(k)$

Idea: shouldn’t be able to predict next bit of generator given all bits seen so far
Strategies and challenges: many!

Idea that doesn’t quite work: Linear Feedback Shift Register (LFSR)

Choice of feedback: by algebra
Pro: fast, statistically close to random
Problem: susceptible to cryptanalysis (because linear)

LFSR-based modifications

Use non-linear combo of multiple LFSRs
Use controlled clocking (e.g. only cycle the LFSR when another LFSR outputs a 1)
Etc.

Others

Modular arithmetic-based constructions
Other algebraic constructions

Hazards

Weak PRG
Key re-use
Predictable effect of modifying CT on decrypted PT

Weak PRG

Makes semantic security impossible

Key re-use

Suppose:

c_1 = m_1 \oplus G(k)

and

c_2 = m_2 \oplus G(k)

Then:

c_1 \oplus c_2 = m_1 \oplus m_2

This may be enough to recover $m_1$ or $m_2$ using natural language properties.

IV (Initialization Vector)

Used to avoid key re-use:

IV incremented per frame
But repeats after $2^{24}$ frames
Sometimes resets to 0
Enough to recover key within minutes

Note:

Happens if keystream period is too short
Real-world example: WEP attack (802.11b)

Predictable modification of ciphertext

If attacker modifies ciphertext by XORing $p$ :

Ciphertext becomes:

(m \oplus k) \oplus p

Decryption yields:

m \oplus p

Affects integrity
Not CCA-secure for integrity

Summary: Stream ciphers

Pros

Fast
Memory-efficient
No minimum PT size

Cons

Require good PRG
Can never re-use key
No integrity mechanism

Note

Integrity mechanisms exist for other symmetric ciphers (block ciphers)
“Authenticated encryption”

Examples / Uses

RC4: legacy stream cipher (e.g. WEP)
ChaCha / Salsa: Android cell phone encryption (Adiantum)