## Exploring Symmetric Encryption

Encryption algorithms use encryption keys to provide confidentiality of encrypted data. With symmetric encryption algorithms, the same key is used to encrypt and decrypt data. This section explores the principles that underlie symmetric encryption. It also examines some of the major symmetric encryption algorithms and discusses the means by which they operate, their strengths, and their weaknesses.

### Functionality of Symmetric Encryption Algorithms

Because of the simplicity of their mathematics and the speed at which they operate, symmetric algorithms are the most commonly used form of cryptography. Symmetric encryption algorithms are also stronger. Therefore, they can use shorter key lengths compared to asymmetric algorithms. This helps increase their speed of execution in software.

### Key Lengths

Key lengths for current symmetric algorithms range from 40 to 256 bits, giving symmetric algorithms keyspaces that range from 240 (1,099,511,627,776) possible keys to 2256 (1.5 * 1077) possible keys. As discussed previously, a large key space is central to determining how vulnerable an algorithm will be to a brute-force attack. Figure 12-4 shows a symmetric algorithm with 2256 possible keys.

Figure 12-4 Key Lengths for Symmetric Encryption

256-Bit Key -f

1.5x1077 Possible Keys

256-Bit Key -f

At the low end, a key length of 40 bits may be easily broken using a brute-force attack. On the other hand, if your key length is 256 bits, it is not likely that a brute-force attack will succeed. The keyspace generated with a 256-bit key is simply too large to easily fall victim to a brute-force attack.

Table 12-5 illustrates ongoing expectations for key lengths, assuming that the algorithms are mathematically and cryptographically sound. A further assumption in such calculations is that computing power will continue to keep pace with its present rate of growth and that capacity to perform brute-force attacks will also increase at the same rate. Note that if a method other than brute-force is discovered to crack a given algorithm, the key lengths in the table become obsolete.

 Symmetric Key Asymmetric Key Digital Signature Hash Protection up to three years 80 1248 160 160 Protection up to ten years 96 1776 192 192 Protection up to 20 years 112 2432 224 224 Protection up to 30 years 128 3248 256 256 Protection against quantum computers 256 15,424 512 512

Features and Functions of DES

One of the most well-known and most widely used symmetric encryption algorithms is Data Encryption Standard (DES). DES typically operates in block mode, where it encrypts data in 64-bit blocks. Like other symmetric algorithms, DES uses the same algorithm and key for both encryption and decryption. DES has stood the test of time. Cryptography researchers have scrutinized it for nearly 35 years and so far have found no significant flaws. Adding to its appeal, because DES is based on relatively simple mathematical functions, it may be easily implemented and accelerated in hardware.

### Working with the DES Key

DES employs a fixed key length of 64 bits, but only 56 of these bits are used for encryption; the other 8 bits are used for parity. The least-significant bit of each key byte indicates odd parity.

This means that each DES key is always 56 bits long. If DES is used with a weaker encryption, such as a 40-bit key, this means that the encryption key is 40 secret bits and 16 known bits, so the key length remains at 56 bits. In this case, however, DES would have a key strength of only 40 bits.

Modes of Operation for DES

DES uses two different types of ciphers to encrypt or decrypt more than 64 bits of data— the block cipher and the stream cipher.

■ Block ciphers use fixed-length groups of bits known as blocks, with an unvarying transformation. \ Topic

■ Stream ciphers operate on individual digits one at a time, with the transformation varying during the encryption.

For block cipher mode, DES uses two standardized modes:

■ Electronic Code Book (ECB)

■ Cipher Block Chaining (CBC)

ECB mode uses the same 56-bit key to serially encrypt each 64-bit plain-text block. Should two identical plain-text blocks be encrypted using the same key, their ciphertext blocks are the same. This means that an attacker could identify similar or identical traffic as it flows across a communications channel. The attacker could use this information to help build a catalogue of messages that have a certain meaning, and then replay them later, without knowing their real meaning. For instance, suppose an attacker captures a login sequence for a user who has administrative privilege and whose traffic is protected by DES-ECB, and then replays it. This sort of risk must be mitigated, and that is why CBC was invented.

With CBC mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block. It is then encrypted using the DES key. This means that the encryption of each block depends on previous blocks, and encryption of the same 64-bit plain-text block can result in different ciphertext blocks. Thanks to this, CBC mode can help guard against certain attacks. Of course, it cannot help guard against sophisticated cryptanalysis or if an attacker launches an extended brute-force attack.

Figure 12-5 shows the differences between ECB mode and CBC mode.

Figure 12-5 DES ECB Mode Versus CBC Mode ECB

Message of Five 64-Bit Blocks

Message of Five 64-Bit Blocks

Message of Five 64-Bit Blocks

Cisco IP Security (IPsec) implementation currently uses DES and Triple Data Encryption Standard (3DES) in CBC mode.

### Working with DES Stream Cipher Modes

When working with DES in stream cipher mode, the cipher uses previous ciphertext along with the secret key to generate a pseudorandom stream of bits. This may only be generated by the secret key.

To encrypt data, it is XORed with the pseudorandom stream on a bit-by-bit basis. Alternatively, this may be done byte by byte to obtain the ciphertext. To decrypt the data, the process is the same. The receiver uses the secret key to generate the same random stream and then XORs the ciphertext with the pseudorandom stream to gain access to the plain text.

If it is necessary to encrypt or decrypt more than 64 bits of data, two common stream cipher modes may be used:

■ Cipher feedback (CFB) is similar to CBC. It may be used to encrypt any number of bits, even single bits or single characters. I Topic

■ Output feedback (OFB) generates keystream blocks that are then XORed with the plain-text blocks to generate the ciphertext.

Usage Guidelines for Working with DES

You should consider a number of things when seeking to protect the security of DES-encrypted data, as described in Table 12-6.

 Consideration Description Change keys Keys should be changed frequently to help prevent brute-force attacks. Use a secure channel A secure channel from the sender to the receiver should be used to communicate the DES key. Use CBC mode Using DES in CBC mode means that the encryption of each 64-bit block depends on the previous block, making this more secure. Avoid weak keys Be sure to test a key before using it to check it for weakness. DES has four weak keys and 12 semiweak keys. Testing will not significantly impact encryption time and can prevent the use of a weak key.

Understanding How 3DES Works

As mentioned, DES, with its original 56-bit key, is too short to withstand even mediumbudget attackers. One means of increasing the security of DES without changing the well-analyzed algorithm itself is to use the same algorithm but with different keys multiple times in a row. In essence, that is what 3DES does.

By applying DES three times in a row to a plain-text block, we have what is known as 3DES. This application of DES three times with different keys makes brute-force attacks on 3DES infeasible. This stems from the fact that the basic algorithm has stood the test of time, weathering 35 years in the field and proving quite trustworthy.

### Encrypting with 3DES

To encrypt plain text, 3DES uses a method called 3DES-encrypt-decrypt-encrypt (3DES-EDE). Figure 12-6 shows the 3DES-EDE encryption process, described in the following steps:

Key Topic

Step 1 The message to be secured is encrypted using the first 56-bit key (K1).

Step 2 Data is decrypted using the second 56-bit key (K2).

Step 3 Data to be secured is again encrypted using a third 56-bit key (K3).

Figure 12-6 3DES-EDE Encryption Process

Key K1 Key K2

Key K3

Hello!

Encrypt

Decrypt

Encrypt

D5f&a

By applying the keys as it does, the 3DES-EDE process provides encryption with an effective key length of 168 bits. Should keys K1 and K3 be equal, a less-secure encryption of 112 bits is achieved.

To decrypt a message that has been encrypted with this process, the following steps, which are the opposite of the 3DES-EDE method, are used:

Step 1 Use key K3 to decrypt the ciphertext. Step 2 Use key K2 to encrypt the data. Step 3 Use key K1 to decrypt the data.

Simply encrypting data three times with three different keys does not significantly increase security. To achieve security, the 3DES-EDE method must be employed. In fact, if we were to simply encrypt data three times in a row using three different 56-bit keys, we would generate an effective 58-bit key strength, rather than the full 168-bit key strength we achieve by using 3DES-EDE.

Although DES has withstood the test of time, it has been recognized for some time that DES would eventually reach the end of its usefulness. The Advanced Encryption Standard (AES) initiative was announced in 1997. The public was invited to propose candidate encryption schemes to be evaluated as the encryption standard to replace DES.

### The Rijndael Cipher

The Rijndael cipher was selected as the AES algorithm in October 2000 by the U.S. National Institute of Standards and Technology (NIST). In 2002 the U.S. Secretary of Commerce approved the adoption of AES as an official U.S. government standard. Joan Daemen and Vincent Rijmen developed the Rijndael cipher, which employs a variable block length and key length. The algorithm provides nine different combinations of key length and block length. Keys with a length of 128, 192, or 256 bits may be used to encrypt blocks with a length of 128, 192, or 256 bits.

The Rijndael cipher is an iterated block cipher. In this cipher the initial input block and cipher key undergo multiple transformation cycles before producing output. This algorithm can operate over variable-length blocks using variable-length keys. Currently, the AES implementation of Rijndael contains only some of the capabilities of the Rijndael algorithm. One of the key features of this algorithm is that it is written so that the block length or the key length (or both) may be extended easily in multiples of 32 bits. This system was designed for efficient implementation in either hardware or software on a range of processors.

### Comparing AES and 3DES

The key length of AES is much stronger than that of DES, and AES runs much faster than 3DES on comparable hardware. With these features, AES was chosen to replace DES and 3DES. AES is also better suited for high-throughput, low-latency environments. This is especially true when pure software encryption is used.

In terms of longevity, AES is a relatively young algorithm. As mentioned previously, a more mature algorithm is always more trusted. That being the case, 3DES represents a more conservative yet more trusted choice in terms of strength, because it has been analyzed for nearly 35 years.

Availability of AES in the Cisco Product Line

Cisco offers AES implementation in a number of virtual private network (VPN) devices as an encryption transform, applied to IPsec-protected traffic:

■ Cisco PIX Firewall Software version 6.3 and later

■ Cisco ASA Software version 7.0 and later

■ Cisco VPN 3000 Software version 3.6 and later

■ Cisco IOS Release 12.2(13)T and later

SEAL

For those seeking an alternative algorithm to software-based DES, 3DES, and AES, SEAL encryption uses a 160-bit encryption key. SEAL also offers the benefit of having less impact on the CPU compared to other software-based algorithms. Cisco IOS IPsec implementations feature SEAL encryption and provide support for the SEAL algorithm. The Cisco IOS software Release 12.3(7)T also added support for SEAL.

SEAL Restrictions

SEAL is bound by several restrictions:

■ IPsec must be supported by your Cisco router and the other peer.

■ The k9 subsystem must be supported by your Cisco router and the other peer.

■ Only Cisco equipment supports this feature.

A further restriction is that your router and the other peer must not have hardware IPsec encryption.

### The Rivest Ciphers

Many networking applications employ the Rivest cipher (RC) family of algorithms. This is because of their favorable speed and variable key-length capabilities.

Ronald Rivest played a significant role in designing all or at least part of all the RC algorithms. Table 12-7 describes some of the most widely used RC algorithms.

Table 12-7 Most Widely Used RC Algorithms

Table 12-7 Most Widely Used RC Algorithms

 RC Algorithm Description RC2 Designed as a drop-in replacement for DES, RC2 is a variable key-sized cipher. RC4 Often used in file encryption products, as well as for secure communication, such as in Secure Socket Layer (SSL), RC4 is a variable key-size stream cipher. RC5 This fast block cipher has a variable block size and variable key length. With its 64-bit block size, it may be used as a drop-in replacement for DES. RC6 Based on RC5, this block cipher had as its main design goal meeting the requirement of AES.

Of the various RC algorithms listed in Table 12-7, the most popular is RC4. RC4 represents a variable key-size stream cipher that employs byte-oriented operations and is based on the use of a random permutation. Via analysis, it has been determined that the period of the cipher is quite large, likely greater than 10100. To give you a better sense of this, each output byte requires from eight to 16 machine operations and can be expected to run very quickly in software.

RC4 is considered a secure algorithm and as such is often used for file encryption. It is also used frequently to encrypt website traffic within the context of the SSL protocol.

0 0