DOCSLIB.ORG

Cryptographical Strength

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptographical Strength 1 Cryptographical Strength • Cryptographical strength needed today • Equivalent cryptographical strength 1.1 NSA Suite B Cryptography • NSA Suite B with 128 bit strength • NSA Suite B with 192 bit strength • Microsoft Windows with suite B support • strongSwan VPN solution with suite B support • NIST versus Brainpool ECC standard curves 1.2 Elliptic Curves • What are elliptic curves? • Cryptographic applications for elliptic curves • ECDH, ECDSA, ECIES 1.3 Authenticated Encryption with Associated Data (AEAD) • Highly parallel encryption and authentication in a single pass • AES-GCM, AES-CCM, CAMELLIA-GCM, CAMELLIA-CCM • AES-GMAC (Authentication only with NULL encryption) 1 2 3 5 NSA Suite B Homepage • http://www.nsa.gov/ia/programs/suiteb_cryptography/ The NSA comprises to [conflicting] divisions: • Signals Intelligence (SIGINT) • Information Asssurance (IA) The NSA documents leaked by William Snowden leaves us with big doubts whether the IA branch can work independently of the SIGINT division. Abbreviations • GOTS Government Off-The-Shelf • COTS Commercial Off-The-Shelf 6 7 8 Introducing Compliance to Suite B Cryptography • http://technet.microsoft.com/en-us/library/dd566200%28WS.10%29.aspx netsh Commands for Windows Firewall with Advanced Security • http://technet.microsoft.com/en-us/library/cc771920%28WS.10%29.aspx 9 strongSwan Open Source Project • http://www.strongswan.org Suite B Interoperability with Microsoft Windows • http://wiki.strongswan.org/wiki/strongswan/WindowsSuiteB Elliptic Curve Sets • NIST ECC standard curves defined in FIPS 186-4 and used in NSA Suite B http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf • Brainpool ECC standard curves defined by the Brainpool Group (BSI et al.) http://www.ecc-brainpool.org/download/Domain-parameters.pdf 10 11 Cryptographic Applications • The following ECC algorithms have been defined: • ECDH (Elliptic Curve Diffie-Hellman) for secret key exchange • ECIES (Elliptic Curve Integrated Encryption Scheme) for public key encryption • ECDSA (Elliptic Curve Digital Signature Algorithm) for digital signatures • Elliptic curve certificates based on the X.509 standard can either be ordered from several trust centers (e.g. Certicom) or can be generated with OpenSSL 0.9.8. • A set of 5 prime-based elliptic curves have been standardized by NIST: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf • Several ECC cipher suites based on the NIST curves have been defined for the TLS secure transport layer and for IPsec. 20 NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf This Recommendation specifies an algorithm called Galois/Counter Mode (GCM) for authenticated encryption with associated data. GCM is constructed from an approved symmetric key block cipher with a block size of 128 bits, such as the Advanced Encryption Standard (AES) algorithm. Thus, GCM is a mode of operation of the AES algorithm. GCM provides assurance of the confidentiality of data using a variation of the Counter mode of operation for encryption. GCM provides assurance of the authenticity of the confidential data (up to about 64 gigabytes per invocation) using a universal hash function that is defined over a binary Galois (i.e., finite) field. GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input is restricted to data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode on the input data. In the rest of this document, statements about GCM also apply to GMAC. The two functions of GCM are called authenticated encryption and authenticated decryption. Each of these functions is relatively efficient and parallelizable; consequently, high-throughput implementations are possible in both hardware and software. IPsec ESP Overhead: 8 octet IV, 16/12/8 octet authentication tag • RFC 4106 “The Use of Galois/Counter Mode (GCM) in IPsec ESP” • RFC 4309 “Using AES CCM Mode with IPsec ESP“ • RFC 4312 “The Camellia Cipher Algorithm and Its Use With IPsec” 21 .
Load more

Recommended publications
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms
    gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI g mel l iX e IPVEfit flo k gipher uitle for wultiple ltforms y z y uzumro eoki etsuyshikw wsyuki und z y z z witsuru wtsui hiho worii tunkoxkjim oshio okit y xipp on elegrph nd elephone gorp ortion IEI rikrino okD okosukD ungwD PQWEHVRU tpn fmroDkndDshihogdislFnttFoFjp z witsuishi iletri gorp ortion SEIEI yfunD umkurD ungwD PRUEVSHI tpn fihikwDmtsuiDjuneISDtokitgdissFislFmeloFoFjp er IFHX tuly IQD PHHH er PFHX eptemer PTD PHHI estrtF e present new IPVEit lo k ipher lled gmel liF gmelli supp orts IPVEit lo ksizend IPVED IWPED nd PSTEit keysD iFeF the sme interfe sp eitions s the edvned inryption tndrd @eiAF iieny on oth softE wre nd hrdwre pltforms is remrkle hrteristi of gmelli in ddition to its high level of seurityF st is onrmed tht gmelli provides strong seurity ginst dierentil nd liner ryptnlysisF gompred to the ei nlistsD iFeF weD gTD ijndelD erp entD nd woshD gmelli oers t lest omprle enryption sp eed in softwre nd hrdwreF en optimized implementtion of gmelE li in ssemly lnguge n enrypt on entiums s s @IFIQqrzA t the rte of RUI wits p er seondF sn dditionD distinguishing feture is its smll hrdwre designF e hrdwre implementtionD whih inludes enryptionD deryptionD nd the key shedule for IPVEit keysD o upies only VFIPu gtes using HFIV"m gwy esg lirryF his is in the smllest lss mong ll existing IPVEit lo k iphersF gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI gontents I sntro dution I P hesign tionle Q PFI p Efuntion X X X X X X X X X X X X X X X X X X X X X X X X X
    [Show full text]
  • Zero Correlation Linear Cryptanalysis on LEA Family Ciphers
    Journal of Communications Vol. 11, No. 7, July 2016 Zero Correlation Linear Cryptanalysis on LEA Family Ciphers Kai Zhang, Jie Guan, and Bin Hu Information Science and Technology Institute, Zhengzhou 450000, China Email: [email protected]; [email protected]; [email protected] Abstract—In recent two years, zero correlation linear Zero correlation linear cryptanalysis was firstly cryptanalysis has shown its great potential in cryptanalysis and proposed by Andrey Bogdanov and Vicent Rijmen in it has proven to be effective against massive ciphers. LEA is a 2011 [2], [3]. Generally speaking, this cryptanalytic block cipher proposed by Deukjo Hong, who is the designer of method can be concluded as “use linear approximation of an ISO standard block cipher - HIGHT. This paper evaluates the probability 1/2 to eliminate the wrong key candidates”. security level on LEA family ciphers against zero correlation linear cryptanalysis. Firstly, we identify some 9-round zero However, in this basic model of zero correlation linear correlation linear hulls for LEA. Accordingly, we propose a cryptanalysis, the data complexity is about half of the full distinguishing attack on all variants of 9-round LEA family code book. The high data complexity greatly limits the ciphers. Then we propose the first zero correlation linear application of this new method. In FSE 2012, multiple cryptanalysis on 13-round LEA-192 and 14-round LEA-256. zero correlation linear cryptanalysis [4] was proposed For 13-round LEA-192, we propose a key recovery attack with which use multiple zero correlation linear approximations time complexity of 2131.30 13-round LEA encryptions, data to reduce the data complexity.
    [Show full text]
  • Lattice-Based Cryptography - a Comparative Description and Analysis of Proposed Schemes
    Lattice-based cryptography - A comparative description and analysis of proposed schemes Einar Løvhøiden Antonsen Thesis submitted for the degree of Master in Informatics: programming and networks 60 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Autumn 2017 Lattice-based cryptography - A comparative description and analysis of proposed schemes Einar Løvhøiden Antonsen c 2017 Einar Løvhøiden Antonsen Lattice-based cryptography - A comparative description and analysis of proposed schemes http://www.duo.uio.no/ Printed: Reprosentralen, University of Oslo Acknowledgement I would like to thank my supervisor, Leif Nilsen, for all the help and guidance during my work with this thesis. I would also like to thank all my friends and family for the support. And a shoutout to Bliss and the guys there (you know who you are) for providing a place to relax during stressful times. 1 Abstract The standard public-key cryptosystems used today relies mathematical problems that require a lot of computing force to solve, so much that, with the right parameters, they are computationally unsolvable. But there are quantum algorithms that are able to solve these problems in much shorter time. These quantum algorithms have been known for many years, but have only been a problem in theory because of the lack of quantum computers. But with recent development in the building of quantum computers, the cryptographic world is looking for quantum-resistant replacements for today’s standard public-key cryptosystems. Public-key cryptosystems based on lattices are possible replacements. This thesis presents several possible candidates for new standard public-key cryptosystems, mainly NTRU and ring-LWE-based systems.
    [Show full text]
  • Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M
    Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M. Kanda ISSN: 2070-1721 NTT September 2011 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) Abstract This document specifies forty-two cipher suites for the Transport Security Layer (TLS) protocol to support the Camellia encryption algorithm as a block cipher. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6367. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
    [Show full text]
  • Scalable Verification for Outsourced Dynamic Databases Hwee Hwa PANG Singapore Management University, [email protected]
    Singapore Management University Institutional Knowledge at Singapore Management University Research Collection School Of Information Systems School of Information Systems 8-2009 Scalable Verification for Outsourced Dynamic Databases Hwee Hwa PANG Singapore Management University, [email protected] Jilian ZHANG Singapore Management University, [email protected] Kyriakos MOURATIDIS Singapore Management University, [email protected] DOI: https://doi.org/10.14778/1687627.1687718 Follow this and additional works at: https://ink.library.smu.edu.sg/sis_research Part of the Databases and Information Systems Commons, and the Numerical Analysis and Scientific omputC ing Commons Citation PANG, Hwee Hwa; ZHANG, Jilian; and MOURATIDIS, Kyriakos. Scalable Verification for Outsourced Dynamic Databases. (2009). Proceedings of the VLDB Endowment: VLDB'09, August 24-28, Lyon, France. 2, (1), 802-813. Research Collection School Of Information Systems. Available at: https://ink.library.smu.edu.sg/sis_research/876 This Conference Proceeding Article is brought to you for free and open access by the School of Information Systems at Institutional Knowledge at Singapore Management University. It has been accepted for inclusion in Research Collection School Of Information Systems by an authorized administrator of Institutional Knowledge at Singapore Management University. For more information, please email [email protected]. Scalable Verification for Outsourced Dynamic Databases HweeHwa Pang Jilian Zhang Kyriakos Mouratidis School of Information Systems Singapore Management University fhhpang, jilian.z.2007, [email protected] ABSTRACT receive updated price quotes early could act ahead of their com- Query answers from servers operated by third parties need to be petitors, so the advantage of data freshness would justify investing verified, as the third parties may not be trusted or their servers may in the computing infrastructure.
    [Show full text]
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms – Design Andanalysis
    Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms – Design andAnalysis Kazumaro Aoki1, Tetsuya Ichikawa2, Masayuki Kanda1, Mitsuru Matsui2, Shiho Moriai1, Junko Nakajima2, and Toshio Tokita2 1 Nippon Telegraph and Telephone Corporation, 1-1 Hikarinooka, Yokosuka, Kanagawa, 239-0847Japan {maro,kanda,shiho}@isl.ntt.co.jp 2 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501 Japan {ichikawa,matsui,june15,tokita}@iss.isl.melco.co.jp Abstract. We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced Encryption Stan- dard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of se- curity. It is confirmed that Camellia provides strong security against differential and linear cryptanalyses. Compared to the AES finalists, i.e., MARS, RC6, Rijndael, Serpent, and Twofish, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can encrypt on a Pen- tium III (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In addition, a distinguishing feature is its small hardware design. The hard- ware design, which includes encryption and decryption and key schedule, occupies approximately 11K gates, which is the smallest among all ex- isting 128-bit block ciphers as far as we know. 1 Introduction This paper presents a 128-bit block cipher called Camellia, which was jointly developed by NTT and Mitsubishi Electric Corporation.
    [Show full text]
  • Block Ciphers: Fast Implementations on X86-64 Architecture
    Block Ciphers: Fast Implementations on x86-64 Architecture University of Oulu Department of Information Processing Science Master’s Thesis Jussi Kivilinna May 20, 2013 Abstract Encryption is being used more than ever before. It is used to prevent eavesdropping on our communications over cell phone calls and Internet, securing network connections, making e-commerce and e-banking possible and generally hiding information from unwanted eyes. The performance of encryption functions is therefore important as slow working implementation increases costs. At server side faster implementation can reduce the required capacity and on client side it can lower the power usage. Block ciphers are a class of encryption functions that are typically used to encrypt large bulk data, and thus make them a subject of many studies when endeavoring greater performance. The x86-64 architecture is the most dominant processor architecture in server and desktop computers; it has numerous different instruction set extensions, which make the architecture a target of constant new research on fast software implementations. The examined block ciphers – Blowfish, AES, Camellia, Serpent and Twofish – are widely used in various applications and their different designs make them interesting objects of investigation. Several optimization techniques to speed up implementations have been reported in previous research; such as the use of table look-ups, bit-slicing, byte-slicing and the utilization of “out-of-order” scheduling capabilities. We examine these different techniques and utilize them to construct new implementations of the selected block ciphers. Focus with these new implementations is in modes of operation which allow multiple blocks to be processed in parallel; such as the counter mode.
    [Show full text]
  • Low-Latency Elliptic Curve Scalar Multiplication
    Noname manuscript No. (will be inserted by the editor) Low-Latency Elliptic Curve Scalar Multiplication Joppe W. Bos Received: date / Accepted: date Abstract This paper presents a low-latency algorithm designed for parallel computer architectures to compute the scalar multiplication of elliptic curve points based on approaches from cryptographic side-channel analysis. A graph- ics processing unit implementation using a standardized elliptic curve over a 224-bit prime field, complying with the new 112-bit security level, computes the scalar multiplication in 1.9 milliseconds on the NVIDIA GTX 500 archi- tecture family. The presented methods and implementation considerations can be applied to any parallel 32-bit architecture. Keywords Elliptic Curve Cryptography · Elliptic Curve Scalar Multiplica- tion · Parallel Computing · Low-Latency Algorithm 1 Introduction Elliptic curve cryptography (ECC) [30,37] is an approach to public-key cryp- tography which enjoys increasing popularity since its invention in the mid 1980s. The attractiveness of small key-sizes [32] has placed this public-key cryptosystem as the preferred alternative to the widely used RSA public-key cryptosystem [48]. This is emphasized by the current migration away from 80-bit to 128-bit security where, for instance, the United States' National Se- curity Agency restricts the use of public key cryptography in \Suite B" [40] to ECC. The National Institute of Standards and Technology (NIST) is more flexible and settles for 112-bit security at the lowest level from the year 2011 on [52]. At the same time there is a shift in architecture design towards many-core processors [47]. Following both these trends, we evaluate the performance of a Laboratory for Cryptologic Algorithms Ecole´ Polytechnique F´ed´eralede Lausanne (EPFL) Station 14, CH-1015 Lausanne, Switzerland E-mail: joppe.bos@epfl.ch 2 Joppe W.
    [Show full text]
  • Post-Quantum Key Exchange for the Internet and the Open Quantum Safe Project∗
    Post-Quantum Key Exchange for the Internet and the Open Quantum Safe Project∗ Douglas Stebila1;y and Michele Mosca2;3;4;z 1 Department of Computing and Software, McMaster University, Hamilton, Ontario, Canada [email protected] 2 Institute for Quantum Computing and Department of Combinatorics & Optimization, University of Waterloo, Waterloo, Ontario, Canada 3 Perimeter Institute for Theoretical Physics, Waterloo, Ontario, Canada 4 Canadian Institute for Advanced Research, Toronto, Ontario, Canada [email protected] July 28, 2017 Abstract Designing public key cryptosystems that resist attacks by quantum computers is an important area of current cryptographic research and standardization. To retain confidentiality of today's communications against future quantum computers, applications and protocols must begin exploring the use of quantum-resistant key exchange and encryption. In this paper, we explore post-quantum cryptography in general and key exchange specifically. We review two protocols for quantum-resistant key exchange based on lattice problems: BCNS15, based on the ring learning with errors problem, and Frodo, based on the learning with errors problem. We discuss their security and performance characteristics, both on their own and in the context of the Transport Layer Security (TLS) protocol. We introduce the Open Quantum Safe project, an open-source software project for prototyping quantum-resistant cryptography, which includes liboqs, a C library of quantum-resistant algorithms, and our integrations of liboqs into popular open-source applications and protocols, including the widely used OpenSSL library. ∗Based on the Stafford Tavares Invited Lecture at Selected Areas in Cryptography (SAC) 2016 by D. Stebila. ySupported in part by Australian Research Council (ARC) Discovery Project grant DP130104304, Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146, and an NSERC Discovery Accelerator Supplement grant.
    [Show full text]
  • Implementation and Analysis of Elliptic Curves-Based Cryptographic
    INTL JOURNAL OF ELECTRONICS AND TELECOMMUNICATIONS, 2011, VOL. 57, NO. 3, PP. 257–262 Manuscript received June 19, 2011; revised September 2011. DOI: 10.2478/v10177-011-0034-7 Implementation and Analysis of Elliptic Curves-Based Cryptographic Algorithms in the Integrated Programming Environment Robert Lukaszewski, Michal Sobieszek, and Piotr Bilski Abstract—The paper presents the implementation of the Ellip- limitations, which is possible only for operations fast enough. tic Curves Cryptography (ECC) algorithms to ensure security The paper presents the implementation of the ECC library in in the distributed measurement system. The algorithms were the LabWindows/CVI environment. It is a popular tool for deployed in the LabWindows/CVI environment and are a part of its cryptographic library. Their functionality is identical with the designing DMCS using the C language. As it lacks the proper OpenSSL package. The effectiveness of implemented algorithms cryptographic library, it was a good target to implement it. Two is presented with the comparison of the ECDSA against the DSA methods of assimilating the algorithms into LabWindows/CVI systems. The paper is concluded with future prospects of the were selected. The first one consists in obtaining the ready- implemented library. made dynamically linked library - DLL (such as in OpenSSL) Keywords—Cryptography, distributed measurement systems, called from the C code in the programming environment. The integrated programming environments. second option is to adapt the library to the form accepted by the environment. The paper presents implementation and I. INTRODUCTION verification of both solutions in the LabWindows/CVI. In section II fundamentals of cryptography required to implement URRENTLY one of the most pressing issues in the the project are introduced.
    [Show full text]
  • A Cache Trace Attack on CAMELLIA
    A Cache Trace Attack on CAMELLIA Rishabh Poddar, Amit Datta, and Chester Rebeiro Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India {rishavp,adatta,chester}@cse.iitkgp.ernet.in Abstract. CAMELLIA is a 128 bit block cipher certified for its security by NESSIE and CRYPTREC. Yet an implementation of CAMELLIA can easily fall prey to cache attacks. In this paper we present an attack on CAMELLIA, which utilizes cache access patterns along with the differen- tial properties of CAMELLIA’s s-boxes. The attack, when implemented on a PowerPC microprocessor having a 32 byte cache line size requires power traces from 216 different encryptions. Further, the work shows that this trace requirement reduces to 211 if a 64 byte cache line is used. 1 Introduction With the development of newer and better encryption schemes, it has become increasingly difficult to find flaws in the algorithm and therefore the schemes are more secure. However, implementations of the encryption algorithms are highly susceptible to being attacked. Attacks that target implementations are known as side channel attacks, and were discovered by Paul Kocher in 1996 [10]. These attacks take advantage of the information that gets leaked during the cipher’s execution. The channels for leakage are generally power consumption, timing for execution, and electro-magnetic radiation. Cache attacks are a class of side-channel attacks that glean secret information from the behavior of the processor’s cache memory. These attacks utilize the fact that a cache miss has a different power and timing profile compared to a cache hit. Cache attacks were first prophesied by Kelsey et al.
    [Show full text]
  • Camellia As an Oilseed Crop
    HORTSCIENCE 52(4):488–497. 2017. doi: 10.21273/HORTSCI11570-16 Camellia as an Oilseed Crop Haiying Liang1 Department of Genetics and Biochemistry, Clemson University, Clemson, SC 29634 Bing-Qing Hao, Guo-Chen Chen, Hang Ye, and Jinlin Ma1 Guangxi Forestry Research Institute, Guangxi Key Laboratory of Non-wood Cash Crops Cultivation and Utilization, Nanning, P.R. China, 530002 Additional index words. biodiesel, cultivar, edible oil, new horticultural crop, oil camellias Abstract. Camellia is one of the four main oil-bearing trees along with olive, palm, and coconut in the world. Known as ‘‘Eastern Olive Oil,’’ camellia oil shares similar chemical composition with olive oil, with high amounts of oleic acid and linoleic acid and low saturated fats. Camellia was first exploited for edible oil in China more than 1000 years ago. Today, its oil serves as the main cooking oil in China’s southern provinces. Introduction of camellia oil into the Western countries was delayed until the recognition of its many health benefits. Although popularity for the oil has yet to grow outside of China, interest has emerged in commercial production of camellia oil in other countries in recent years. Unlike seed-oil plants that are grown on arable land, oil camellias normally grow on mountain slopes. This allows the new crop to take full usage of the marginal lands. To facilitate promoting this valuable crop as an alternative oil source and selecting promising cultivars for targeted habitats, this paper reviews the resources of oil camellias developed in China, use of by-products from oil-refining process, as well as the progress of developing camellias for oil production in China and other nations.
    [Show full text]