Cybersecurity Defense and Offense: Symmetric Encryption

Symmetric encryption can be divided into block ciphers and stream ciphers. Block ciphers typically use a fixed size as the basic unit for processing, while stream ciphers use a single unit element (a letter or a bit) as the basic processing unit. Of course, when the block length is equal to the unit length, a block cipher can also be considered a stream cipher.

Block ciphers take the sequence of numerical representations of plaintext messages (referred to as plaintext numbers) and divide them into groups of length n (which can be viewed as vectors of length n). Each group is transformed into an output number sequence of equal length (referred to as ciphertext numbers) under the control of a key. Block ciphers use a fixed transformation that does not change over time, offering advantages such as good diffusion and sensitivity to insertion. The working mode of block ciphers allows the same key to encrypt more than one block of data while ensuring security. A block cipher can only encrypt a single block of data whose length is equal to the block size; to encrypt variable-length data, the data must first be divided into separate blocks. Generally, the last block of data also needs to be padded appropriately to match the block size. A working mode describes the process of encrypting each data block and often uses an additional input value known as an initialization vector (IV) for randomization to ensure data encryption security. Below are several commonly used block cipher working modes.

1. Electronic Codebook (ECB)

The simplest encryption mode is the Electronic Codebook (ECB) mode. The message to be encrypted is divided into several blocks according to the block size of the cipher, and each block is independently encrypted, as shown in Figure 1.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 1 Electronic Codebook Mode

Advantages: Simple implementation, high efficiency; conducive to parallel computation; errors are not propagated.

Disadvantages: Cannot hide the pattern of plaintext; identical plaintext produces identical ciphertext; may be susceptible to active attacks.

As shown in Figure 2, when a hacker obtains the ciphertext segment corresponding to account C, they can replace the ciphertext segment sent from bank A to bank B, successfully executing a replay attack on the ECB ciphertext.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 2 Example of Electronic Codebook Encryption

2. Cipher Block Chaining (CBC)

In CBC mode, each plaintext block is XORed with the previous ciphertext block before encryption, meaning that each ciphertext block depends on all previous plaintext blocks. Additionally, to ensure the uniqueness of each message, an initialization vector is used for the first block. The encryption process is shown in Figure 3.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 3 CBC Mode

Advantages: Less susceptible to active attacks; more secure than ECB; suitable for transmitting longer messages; it is the application standard for current SSL and IPSec security protocols.

Disadvantages: Not conducive to parallel computation; has error propagation effects; requires maintenance of the initialization vector (IV).

3. Cipher Feedback (CFB)

The Cipher Feedback (CFB) mode is similar to CBC and can convert block ciphers into self-synchronizing stream ciphers, with a very similar working process. The encryption process is shown in Figure 4.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 4 CFB Mode

Advantages: Hides the plaintext pattern; transforms block ciphers into stream modes, enhancing security; can encrypt and transmit data smaller than the block size in real-time.

Disadvantages: Not conducive to parallel computation; has error propagation effects, meaning that damage to one plaintext unit can affect multiple units; requires maintenance of an IV.

Block ciphers include DES, IDEA, SAFER, Blowfish, and Skipjack, with the latest international standard algorithm being AES, which replaced the previously used DES/3DES algorithms. Before introducing specific block encryption algorithms, it is necessary to understand a core transformation in block ciphers—the Feistel structure. Most block ciphers are essentially based on the Feistel network structure, so understanding the Feistel cipher structure is very helpful for learning block cipher algorithms.

Feistel is a structure used for multiple rounds of iterative processing in block encryption, effectively enhancing security. In each round, appropriate transformations can be applied using subkeys derived from the initial key. The input to the Feistel encryption algorithm divides the plaintext block into two parts, L and R, and generates a key sequence K=(K1,K2,…,Kn), performing n rounds of iteration. After the iterations are complete, the left and right halves are merged to produce the final ciphertext block. The function for the i-th round iteration is:

Li=Ri−1

Ri=Li−1+F(Ri−1,Ki)

where Ki is the subkey for the i-th round, “+” denotes the XOR operation, and F denotes the round function. Generally, the subkeys for each round are different, and the round functions F are also different. After the substitution process is complete, the left and right halves of the data are swapped; this process is called permutation. The encryption and decryption processes of the Feistel network are shown in Figure 5.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 5 Encryption and Decryption Process of Feistel Network

Therefore, the security of the Feistel network is related to the following parameters.

(1) Block size.

(2) Key size.

(3) Subkey generation algorithm: The more complex this algorithm is, the more difficult it is to perform cryptanalysis (the Feistel network structure itself is an encryption algorithm or an important component of it, and according to Kerckhoffs’ principle, it does not need to be kept secret).

(4) Number of rounds n: A single round structure is far from sufficient to ensure security; generally, the number of rounds is set to 16.

(5) Round function F: The more complex the structure, the harder it is to analyze.

4. Block Encryption Algorithm DES

The DES algorithm is a symmetric encryption system in cryptography, also known as the Data Encryption Standard of the United States, developed by IBM in 1972. The plaintext is grouped into 64-bit blocks, and the key length is 64 bits, but only 56 bits participate in the DES operation (the 8th, 16th, 24th, 32nd, 40th, 48th, 56th, and 64th bits are parity bits, ensuring that each key has an odd number of 1s). The encryption method forms ciphertext blocks by bit substitution or permutation of the grouped plaintext and the 56-bit key.

The DES algorithm has extremely high security; to date, no more effective method has been found to attack the DES algorithm other than exhaustive search. The exhaustive space for a 56-bit key is 2^56, which means that if a computer can check one million keys per second, it would take nearly 2285 years to search through all keys, making it impractical. However, this does not mean that DES is unbreakable. In fact, with the development of hardware technology and the Internet, the possibility of breaking it is increasing, and the time required is decreasing. Using specially designed hardware, it can be broken in a few hours. To overcome the small key space of DES, researchers proposed a variant called Triple DES, which uses two keys with a total length of 128 bits, thereby increasing the computational complexity of exhaustive key search, as shown in Figure 6.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 6 Variant of Triple DES

5. Block Encryption Standard AES

On April 15, 1997, the United States ANSI initiated a solicitation for AES (Advanced Encryption Standard) and established an AES working group for this purpose.

On September 12, 1997, the U.S. Federal Register published a formal solicitation for AES candidate algorithms. The basic requirements for AES were to be faster than Triple DES, at least as secure as Triple DES, with a data block length of 128 bits and key lengths of 128/192/256 bits.

On August 12, 1998, the first AES candidate conference announced 15 candidate algorithms, open to attacks and comments from institutions and individuals worldwide.

In March 1999, at the second AES candidate conference, after discussions on the analysis results of the candidate algorithms from cryptographic institutions and individuals worldwide, 5 algorithms were selected from the 15 candidates: RC6, Rijndael, SERPENT, Twofish, and MARS.

On April 13-14, 2000, the third AES candidate conference continued discussions on the final 5 candidate algorithms.

On October 2, 2000, NIST announced Rijndael as the new AES. After more than three years of discussions, Rijndael finally emerged as the winner. Rijndael was designed by Belgian cryptographers Joan Daemen and Vincent Rijmen.

The AES algorithm is based on permutation and substitution operations. Permutation rearranges the data, while substitution replaces one data unit with another. AES uses several different methods to perform permutation and substitution operations. AES is an iterative, symmetric key block cipher that can use 128, 192, and 256-bit keys and encrypts and decrypts data in 128-bit (16 B) blocks. Unlike public key cryptography, which uses key pairs, symmetric key cryptography uses the same key for both encryption and decryption. The number of bits in the encrypted data returned by the block cipher is the same as that of the input data. Iterative encryption uses a loop structure, in which the input data undergoes repeated permutations and substitutions, as shown in Figure 7.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 7 AES Algorithm Design

6. Stream Ciphers

Stream ciphers are encryption transformations that change over time, offering advantages such as fast transformation speed and low error propagation, with simpler hardware implementation circuits. However, they have disadvantages such as low diffusion and insensitivity to insertion or modification.

Stream ciphers involve a significant amount of theoretical knowledge, have proposed numerous design principles, and have undergone extensive analysis, but many research results have not been fully disclosed, as stream ciphers are currently more widely used in military and diplomatic secret departments. The publicly available stream cipher algorithms mainly include RC4 and SEAL. In 1949, Shannon proved that only one-time pad systems are absolutely secure, which provided strong support for the study of stream cipher technology. The development of stream cipher schemes is an attempt to mimic one-time pad systems, or in other words, one-time pad schemes are the prototypes of stream ciphers. If the stream cipher uses a truly random method with a key stream of the same length as the message stream, then the stream cipher is equivalent to a one-time pad system (One-Time Password). If a way can be found to generate a random sequence (key stream) determined by the key, then this sequence can be used for encryption, representing the key and plaintext as continuous symbols or binary, and encrypting and decrypting by processing one or several bits in the plaintext at a time.

The basic framework for encryption and decryption in stream ciphers is shown in Figure 8.

Cybersecurity Defense and Offense: Symmetric Encryption

Figure 8 Stream Cipher Encryption and Decryption

Plaintext sequence: m=m1m2m3…

Key sequence: k=k1k2k3…

Ciphertext sequence: c=c1c2c3…

Encryption transformation: ci=ki⊗mi(i=1,2,3…)

Decryption transformation: mi=ki⊗ci(i=1,2,3…)

Where the key sequence k1k2k3… is generated by a master key K through a key stream generator. The core of the key stream generator is a pseudo-random number generator, and the key K is the seed for that random number generator. The most widely used random number generator is the Linear Feedback Shift Register (LFSR). LFSR takes the output of the previous state and uses a linear function of that output as input to shift the register. XOR operation is the most common single-bit linear function: after performing XOR operations on certain bits of the register, the result is used as input, and then all bits in the register are shifted as a whole.

LFSR can produce a long-period binary sequence to form a secure stream key. When the period is infinitely long, it can form the aforementioned OTP one-time pad system, which is an ideal secure stream cipher system. The one-time pad system faces several practical challenges as follows.

(1) Key distribution: The sender needs to send the key to the receiver for decryption. The OTP key length is the same as the plaintext length; if the key can be securely and effectively sent, why not just send the plaintext directly using this method.

(2) Key storage: OTP essentially transforms the problem of “storing plaintext” into the problem of “storing a key of the same length as the plaintext”.

(3) Key reuse: OTP cannot reuse previously used random bit sequences; otherwise, if the key is leaked, all previous communications will be decrypted, which is known in cryptography as forward security.

(4) Key synchronization: When the plaintext is long, the key will also be the same length; if there is a slight error in synchronization, all subsequent ciphertext will be impossible to decrypt, which is sometimes referred to as backward security.

(5) Key generation: OTP requires generating a large number of random numbers; computer-generated pseudo-random numbers often do not meet the requirements, while generating truly non-reproducible random numbers is extremely difficult.

Therefore, in practical applications, the security of stream ciphers mainly relies on the confidentiality of the master key K and the reliability of the key stream generator. The key sequence generation algorithm is crucial; the generated key sequence must have pseudo-randomness. Pseudo-randomness is primarily reflected in two aspects: on one hand, the key sequence is unpredictable, making it difficult for attackers to break the ciphertext; on the other hand, the key sequence has controllability. Both the encryption and decryption parties use the same seed key to produce identical key sequences. If the key sequence is completely random, it means that the results of the key sequence generation algorithm are uncontrollable, and in such cases, it will be impossible to recover the plaintext through decryption. Additionally, both parties must maintain precise synchronization of the key sequence, which is a crucial condition for recovering the plaintext through decryption. The advantages of stream ciphers lie in their high security level, as each bit of the plaintext is encrypted independently, unrelated to other parts of the plaintext. Furthermore, stream ciphers have fast encryption speeds and good real-time performance; however, the drawback is that the key sequence must be strictly synchronized, which often incurs high costs in practical applications.

7. RC4 Stream Cipher

RC4 is a high-speed and simple stream cipher designed by Ron Rivest of RSA Security in 1987, widely used in common protocols, including wireless network security algorithms, SSL/TLS, HTTPS, and other security protocols. RC4 encryption consists of two steps.

(1) Key-Scheduling Algorithm (KSA): A variable-length encryption key is used to generate the initial state of the key stream generator.

(2) Pseudo-Random Generation Algorithm (PRGA): This algorithm generates the key stream based on the initial state and XORs it with the plaintext to produce the ciphertext.

RC4 uses XOR operations, and once the subkey sequence repeats, the ciphertext may be compromised. There are certain weak keys that cause the subkey sequence to repeat in less than 100 bytes. If some repetition occurs, complete repetition can happen in less than 100,000 bytes. Therefore, when using the RC4 algorithm, it is essential to perform security testing on the encryption key to avoid weak key issues.

Source: Computer and Network Security

Cybersecurity Defense and Offense: Symmetric Encryption

Leave a Comment