Symmetric Ciphers Stream and Block

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hello. Let's talk a little bit more in-depth on
00:00
how symmetric algorithms work and talk about
00:00
the two types, stream and block.
00:00
Now, stream ciphers encrypt data one bit at a time.
00:00
Sometimes it's one byte
00:00
but just think of it as being bit by bit,
00:00
and it's very fast.
00:00
As a matter of fact, a lot of times you'll
00:00
use a hardware encrypter for stream ciphers.
00:00
Just because you've got to have
00:00
something that you can keep up with
00:00
the process, it's very fast.
00:00
The way stream algorithms work is they
00:00
either use a process called transposition,
00:00
which is basically just shuffling
00:00
>> the characters around,
00:00
>> or substitution,
00:00
which is replacing one character for another,
00:00
or they use a process called XOR,
00:00
which we'll talk about in a minute.
00:00
These are some very fast algorithms,
00:00
but they're not as secure.
00:00
Like we said, sometimes we
00:00
trade security for performance.
00:00
The only algorithm that I want you to know for the test
00:00
that is a stream cipher is RC-4.
00:00
If I ask if AES is a stream or block, you say block.
00:00
Why? Because it's not RC-4.
00:00
What about RC-5?
00:00
It's a block because it's not RC-4.
00:00
That is the only stream cipher they
00:00
will ask you about is RC-4.
00:00
Now, remember that we already talked about
00:00
some of the things that made WEP work.
00:00
One of those reasons was that it actually use RC-4,
00:00
is not as secure as when they needed it to be.
00:00
RC-4 uses either a 64-bit or a 128-bit key.
00:00
But that's not very secure bytes, today's standards.
00:00
RC-4 was one of the problems with WEP.
00:00
Even when we improved it with WPA,
00:00
we were still using IC-4,
00:00
so it could be backward compatible.
00:00
But with WPA2,
00:00
we got away from RC-4 and use the block cipher.
00:00
Block ciphers chunked data into blocks.
00:00
Each block goes through a series of
00:00
math functions called S-box.
00:00
Now, going through all these functions takes more time,
00:00
but it is more secure.
00:00
The block algorithm that came with WPA2 is called AES,
00:00
and that stands for Advanced Encryption Standard.
00:00
AES is an algorithm that can
00:00
provide variable length encryption.
00:00
You can use AES in a 128-bit mode,
00:00
192 or 256, with 256 giving you the best performance.
00:00
I'll also mention that sometimes we hear about
00:00
these algorithms like the Advanced Encryption Standard,
00:00
but that's actually not an algorithm, it's a standard.
00:00
The government will release
00:00
these standards and then vendors
00:00
will produce algorithms that satisfy those standards.
00:00
Currently, the algorithm that satisfies
00:00
the AES is called Region del.
00:00
I'm not sure if they will ask
00:00
>> you about that on the test,
00:00
>> but it's something to be aware of.
00:00
This is an illustration of block ciphers.
00:00
You can see the S-blocks.
00:00
Within each conceptual S-block,
00:00
a math function is performed.
00:00
The key is going to dictate
00:00
what order those math functions are performed in.
00:00
Those algorithms and keys work together.
00:00
Now, I mentioned earlier that
00:00
stream ciphers either do transposition,
00:00
substitution, or a process called XOR,
00:00
and that stands for Exclusive OR.
00:00
For XOR, remember we are
00:00
encrypting one bit of data at a time.
00:00
If you look at the bottom of this slide,
00:00
we have plain text on the top line and the key is next,
00:00
and what we produce is ciphertext.
00:00
Let's look at the first bit of plain text,
00:00
which is one, and the first bit of the key is a zero.
00:00
If these two values are alike,
00:00
the ciphertext becomes zero.
00:00
If the values are different, it becomes one.
00:00
Since the first bit for each
00:00
>> one and zero are different,
00:00
>> the ciphertexts bit becomes one,
00:00
and that pattern follows through for each bit.
00:00
Only where there are both the same
00:00
does the ciphertexts bit come through as a zero.
00:00
That's how the XOR process works.
00:00
It's very quick and very easy to reverse,
00:00
particularly when you have a key.
00:00
We have to keep that in mind.
00:00
Anything quick to encrypt is
00:00
likely going to be quick to decrypt.
00:00
These are just some common symmetric algorithms.
00:00
Now, I already mentioned RC-4 and AES.
00:00
I think I already mentioned DES,
00:00
Data Encryption Standard.
00:00
That happens a lot where there is
00:00
a standard and the algorithm gets created for it.
00:00
When you see that S on the end,
00:00
it likely means it's a standard and
00:00
an algorithm gets created to satisfy it.
00:00
An AES is by far the most commonly used one,
00:00
it's the de-facto standard.
00:00
The government set apart this standard to encrypt
00:00
sensitive but unclassified information.
00:00
We know we're going to see AES pop up on the exam.
00:00
IDEA is a proprietary algorithm that is used for PGP,
00:00
which is pretty good privacy.
00:00
That's an email encryption application
00:00
created by Phil Zimmerman.
00:00
He noted that for national security reasons,
00:00
the government would like to decrypt
00:00
anything that we encrypt.
00:00
Zimmerman wondered why are
00:00
we using algorithms that the government
00:00
standardized if their goal is
00:00
to decrypt anything that's been encrypted.
00:00
Zimmerman came up with an algorithm called
00:00
IDEA, which was proprietary.
00:00
That's what he used to secure
00:00
email and his application, PGP.
00:00
That one will most likely come up on the test.
00:00
PGP is an alternative that's
00:00
proprietary to standards-based email.
00:00
Now, I do think that on the test,
00:00
you'll need to look at a list and pick out
00:00
which algorithms are symmetric versus asymmetric.
00:00
I'll show you how to do that later on.
Up Next