Cryptography and Network Security

Similar documents
Cryptography and Network Security Chapter 3

How To Encrypt With A 64 Bit Block Cipher

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CSCE 465 Computer & Network Security

Cryptography and Network Security Block Cipher

Lecture 4 Data Encryption Standard (DES)

How To Understand And Understand The History Of Cryptography

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

1 Data Encryption Algorithm

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Symmetric Key cryptosystem

CIS433/533 - Computer and Network Security Cryptography

Lecture 3: Block Ciphers and the Data Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak

Keywords Web Service, security, DES, cryptography.

6 Data Encryption Standard (DES)

The Advanced Encryption Standard: Four Years On


Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Split Based Encryption in Secure File Transfer

Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key

The Advanced Encryption Standard (AES)

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

A Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security. Omer Rana

A PPENDIX G S IMPLIFIED DES

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

7! Cryptographic Techniques! A Brief Introduction

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

Network Security: Cryptography CS/SS G513 S.K. Sahay

Overview of Symmetric Encryption

F3 Symmetric Encryption

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Implementation of Full -Parallelism AES Encryption and Decryption

The Advanced Encryption Standard (AES)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

{(i,j) 1 < i,j < n} pairs, X and X i, such that X and X i differ. exclusive-or sums. ( ) ( i ) V = f x f x

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

A Study of New Trends in Blowfish Algorithm

Network Security - ISA 656 Introduction to Cryptography

Improving Performance of Secure Data Transmission in Communication Networks Using Physical Implementation of AES

MAC. SKE in Practice. Lecture 5

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2

Properties of Secure Network Communication

EXAM questions for the course TTM Information Security May Part 1

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: Web:

Design and Implementation of Asymmetric Cryptography Using AES Algorithm

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

CRYPTOGRAPHY IN NETWORK SECURITY

Cryptography and Network Security Chapter 9

Developing and Investigation of a New Technique Combining Message Authentication and Encryption


The Misuse of RC4 in Microsoft Word and Excel

SeChat: An AES Encrypted Chat

CS 758: Cryptography / Network Security

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

A Comparison of the 3DES and AES Encryption Standards

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Network Security Technology Network Management

Network Security. Chapter 2 Basics 2.1 Symmetric Cryptography. Cryptographic algorithms: outline. Basic Terms: Block cipher and Stream cipher

A New Digital Encryption Scheme: Binary Matrix Rotations Encryption Algorithm

Cyber Security Workshop Encryption Reference Manual

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Table of Contents. Bibliografische Informationen digitalisiert durch

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

ECE 428 Network Security

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)

A NEW DNA BASED APPROACH OF GENERATING KEY-DEPENDENT SHIFTROWS TRANSFORMATION

Lecture 8: AES: The Advanced Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak

Cryptography & Network Security

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL

Message Authentication

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Advanced Encryption Standard by Example. 1.0 Preface. 2.0 Terminology. Written By: Adam Berent V.1.7

CS 0427 Network Security. Slides Courtesy of William Stallings, Cryptography & Network Security, Pearson Education, 4th Edition

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay

Area optimized in storage area network using Novel Mix column Transformation in Masked AES

Advanced Encryption Standard by Example. 1.0 Preface. 2.0 Terminology. Written By: Adam Berent V.1.5

IJESRT. [Padama, 2(5): May, 2013] ISSN:

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Evaluation of the RC4 Algorithm for Data Encryption

Survey on Enhancing Cloud Data Security using EAP with Rijndael Encryption Algorithm

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Sandeep Mahapatra Department of Computer Science and Engineering PEC, University of Technology

Lecture 9: Application of Cryptography

Secure Network Communication Based on Text-to-Image Encryption

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Current State of Cryptography and Design of an Online Storage System

Lecture 9 - Network Security TDTS (ht1)

Message Authentication Codes

Transcription:

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1

Data Encryption Standard We focus now on the most widely used symmetric cipher: DES DES has been replaced by AES as a standard We will use DES to illustrate the principles of modern symmetric ciphers Adopted in 1977 by the National Bureau of Standards (US), nowadays NIST Originates from an IBM project from late 1960s led by Feistel Project ended in 1971 with the development of LUCIFER (key 128 bits) LUCIFER was then refined with the help of NSA to produce DES (key 56 bits) Immediate criticism: the reduction in key length was enormous and the internal details of the design were (and remained) classified information 1994: DES is reaffirmed as a standard for 5 more years 1999: DES should only be used for legacy systems and 3DES should replace it January 17, 2012 2

Block cipher principles Stream cipher is one that encrypts a digital data stream one bit (or byte) at a time Example: autokey Vigenère system Block cipher is one in which the plaintext is divided in blocks and one block is encrypted at one time producing a ciphertext of equal length Similar to substitution ciphers on very big characters: 64 bits or 128 bits are typical block lengths Many modern ciphers are block ciphers January 17, 2012 3

Principle: Substitution-Permutation Ciphers Claude Shannon (1949) introduced idea of substitution-permutation (S-P) networks These form the basis for modern substitution-transposition product cipher S-P networks are based on the two primitive cryptographic operations we have seen before: substitution (S-box) permutation (P-box) The goal is to provide confusion and diffusion of message January 17, 2012 4

Confusion and Diffusion Cipher need to completely obscure statistical properties of original message A one-time pad does this More practically Shannon (1949) suggested to combine elements to obtain: Diffusion dissipates statistical structure of plaintext over bulk of ciphertext Makes the statistical relationship plaintext - ciphertext as complex as possible Achieved by requiring that every digit of the plaintext affects many digits of the ciphertext (equivalently, every digit of the ciphertext is affected by many digits of the plaintext) Confusion makes relationship between ciphertext and key as complex as possible Makes it difficult to discover the key starting from the ciphertext The principles of confusion and diffusion are the most essential concepts in the design of modern block ciphers they defend against statistical attacks January 17, 2012 5

Feistel Cipher Structure Most modern block encryption algorithms use the Feistel structure Horst Feistel was the leader of the IBM team that worked in late 1960s on LUCIFER He devised the so-called feistel cipher Algorithm structure perform n rounds, each round has the following structure (for encryption and decryption): Input is of length 2w (bits), key is K Divide the input into two halves L 0 and R 0 L 1 = R 0, R 1 =L 0 f(r 0,K) In the next round use (L 1, R 1 ) instead of (L 0, R 0 ), etc. Function f is the same in all rounds but uses a different subkey in each round the subkey of each round is generated from the key January 17, 2012 6

Feistel Cipher Structure January 17, 2012 7

Feistel Cipher Design Principles block size increasing size improves security, but slows cipher key size increasing size improves security, makes exhaustive key searching harder, but may slow cipher number of rounds increasing number improves security, but slows cipher subkey generation greater complexity can make analysis harder, but slows cipher round function greater complexity can make analysis harder, but slows cipher fast software en/decryption & ease of analysis are more recent concerns for practical use and testing January 17, 2012 8

Feistel Cipher Decryption vs Encryption: the same algorithm (with keys in reverse order) January 17, 2012 9

Feistel decryption Decryption is the same as encryption and does not require any property for function f (not even to be invertible) LD/RD left/right half in the decryption algorithm LE/RE left/right half in the encryption algorithm denotes XOR: 0 0=0, 1 1=0, 0 1= 1 0=1 Encryption Input: the plaintext (LE 0, RE 0 ) Round i (1 to 16) performs on input (LE i-1, RE i-1 ) the operations: LE i =RE i-1, RE i =LE i-1 f(re i-1,k i ) This is the input to next round The key of round i is K i, Output: the ciphertext (RE 16, LE 16 ) Decryption Input: The ciphertext (LD 0, RD 0 )= (RE 16, LE 16 ) Round i (1 to 16) performs on input (LD i-1, RD i-1 ) the operations: LD i =RD i-1, RD i =LD i-1 f(rd i-1,k 16-i ) This is the input to next round The key of round i is K 16-i, This algorithm is CORRECT after round i we have LD i =RE 16-i, RD i =LE 16-i : PROOF: Input to the first round: LD 0 =RE 16, RD 0 =LE 16 Induction: assume it holds for i-1, prove it for i LD i-1 =RE 16-i+1, RD i-1 =LE 16-i+1 Then: LD i =RD i-1 =LE 16-i+1 =RE 16-i RD i =LD i-1 f(rd i-1, K 16-i )=RE 16-i+1 f(le 16-i+1, K 16-i )= =(LE 16-i f(re 16-i,K 16-i+1 )) f(re 16-i,K 16-i )=LE 16-i Result: (RE 16-i, LE 16-i ) Output: the plaintext (RD 16, LD 16 )=(LE 0, RE 0 ) January 17, 2012 10

DES DES encryption/decryption Strength of DES Design principles Cryptanalysis January 17, 2012 11

DES encryption scheme The plaintext (64 bits) passes through an initial permutation IP (on 64 bits) Then follow 16 identical rounds in each round a different subkey is used; each subkey is generated from the key After round 16, swap the left half with the right half Apply the inverse of the initial permutation IP -1 (on 64 bits) January 17, 2012 12

DES encryption scheme January 17, 2012 13

Initial permutation and its inverse January 17, 2012 14

Details of a single round of DES Consider L the left half of the input to the round and R its right half each of them have 32 bits As in any Feistel cipher the overall processing is L i =R i-1, R i =L i-1 F(R i-1,k i ) The round subkey K i has 48 bits (details later on how it is generated) R is expanded from 32 to 48 bits using an expansion permutation E this is a table that defines a permutation, duplicating in the same time 16 of the bits in R These 48 bits are XORED with the subkey K i The 48-bit result passes through a substitution function that produces a 32- bit output Apply then a permutation P January 17, 2012 15

A single round of DES January 17, 2012 16

The scheme of the function F(R,K) in DES January 17, 2012 17

Details of a single round of DES January 17, 2012 18

The substitutions in the DES rounds: S-boxes There are 8 S-boxes, each of them accepting a 6-bit input and producing 4-bit output The S-boxes are 4 x 16 tables (shown on the next slide) and are used as follows: The first and the last bit of the input to the S-box form a 2-bit binary number that selects the row of the S-box (rows are from 0 to 3) The middle four bits select the column of the S-box (columns are from 0 to 15) The decimal value in the selected entry of the S-box is converted to its 4-bit binary representation to produce the output January 17, 2012 19

Definition of S-boxes Example: consider the input 011001to S-box S 1 The row is 011001: 01 (i.e. 1) The column is 011001: 1100 (i.e. 12) The value in the selected cell is 9 Output is 1001 Note that each row of each S-box is in fact an invertible substitution on 4 bits (permutation of numbers from 0 to 15) Note also that the output of the S-box is immediately permuted in DES so that it spreads in the ciphertext January 17, 2012 20

Subkey generation In the general scheme of DES is shown that a 64-bit key is used the bits of the key are numbered from 1 to 64. The algorithm ignores every 8 th bit thus, the key for DES is effectively 56-bit long Before round 1 of DES, they key is permuted according to a table labeled Permuted Choice One (see next slide) the resulting 56-bit key is split into its two 28-bit halves labeled C 0 and D 0 In each round, Ci-1 and Di-1 are separately subjected to a circular left shift of one or two bits according to the table on the next slide the shifted values will be input to next round The shifted values serve as input to Permuted Choice Two (see next slide) which produces a 48-bit output: the subkey of the current round January 17, 2012 21

Subkey generation In the general scheme of DES is shown that a 64-bit key is used the bits of the key are numbered from 1 to 64. The algorithm ignores every 8 th bit thus, the key for DES is effectively 56-bit long Before round 1 of DES, they key is permuted according to a table labeled Permuted Choice One the resulting 56-bit key is split into its two 28-bit halves labeled C 0 and D 0 In each round, Ci-1 and Di-1 are separately subjected to a circular left shift of one or two bits according to the table on the next slide the shifted values will be input to next round The shifted values serve as input to Permuted Choice Two which produces a 48-bit output: the subkey of the current round January 17, 2012 22

DES decryption Like in any Feistel cipher, decryption works just like encryption with the subkeys used in reverse order January 17, 2012 23

Analysis of DES Avalanche effect: this is a desirable property of any encryption algorithm A small change (even 1 bit) in the plaintext should produce significant change in the ciphertext Example: consider two blocks of 64 zeros and in the second block rewrite 1 on the first position. Encrypt them both with DES: depending on the key, the result may have 34 different bits! A small change (even 1 bit) in the key should produce significant change in the ciphertext Example: a change of one bit in the DES key may produce 35 different bits in the encryption of the same plaintext January 17, 2012 24

Strength of DES Two main concerns with DES: the length of the key and the nature of the algorithm The key is rather short: 56 bits there are 2 56 possible keys, around 7.2 x 10 16 In average, only half of the keys have to be tried to break the system In principle it should take long time to break the system Things are quicker with dedicated hardware: 1998 a special machine was built for less than 250 000 $ breaking DES in less than 3 days, 2006 estimates are that a hardware costing around 20.000$ may break DES within a day DES has no export restrictions from NSA! 40-bit RC4 key is also insecure 128-but keys seem to be secure Important difficulty in breaking any system: unless the plaintext is known, we have to recognize when we have broken the system: we have to recognize the plaintext when we find it This is not trivial if the file is binary, compressed, etc. Automated procedures to do that are needed (and indeed some exist) January 17, 2012 25

Strength of DES Nature of the algorithm There has always been a concern about the design of DES, especially about the design of S-boxes perhaps they have been designed in such a way as to ensure a trapdoor to the algorithm break it without having to search for the key The design criteria for the S-boxes (and for the rest of the algorithm) have been classified information and NSA was involved in the design Many regularities and unexpected behavior of the S-boxes have been reported On the other hand, changing the S-boxes slightly seems to weaken the algorithm No fatal weaknesses in the S-boxes have been (publicly) reported so far January 17, 2012 26

Cryptanalysis of DES There are ways to break DES significantly quicker than with the brute-force attack: differential and linear cryptanalysis Differential cryptanalysis Published in the open literature after 1990: Murphy and then Biham and Shamir (published a book on this) Idea: Knowing the XOR of the message halves before and after a round, one may try to deduce the subkey used in that round DES can be broken in 2 47 steps, requiring 2 47 chosen plaintexts The need for so many chosen plaintexts makes its applicability limited This attack seems to have been known to the DES design team and NSA 20 years before it was published in the open literature! Linear cryptanalysis More recent attack (Matsui, 1993): find linear approximations to describe the transformations in DES Can find the DES key given 2 47 known plaintexts Still impractical method January 17, 2012 27

DES cryptanalysis chronology (Wikipedia) July 1990 1992 1994 June 1997 Biham and Shamir rediscover differential cryptanalysis, and apply it to a 15-round DESlike cryptosystem. Biham and Shamir report the first theoretical attack with less complexity than brute force: differential cryptanalysis. However, it requires an unrealistic 2 47 chosen plaintexts. The first experimental cryptanalysis of DES is performed using linear cryptanalysis (Matsui, 1994). The DESCHALL Project breaks a message encrypted with DES for the first time in public. July 1998 The EFF's DES cracker (Deep Crack) breaks a DES key in 56 hours. January 1999 Together, Deep Crack and distributed.net break a DES key in 22 hours and 15 minutes. November 2001 The Advanced Encryption Standard is published in FIPS 197 May 2002 The AES standard becomes effective May 2005 NIST withdraws FIPS 46-3 (see Federal Register vol 70, number 96) April 2006 November 2008 The FPGA based parallel machine COPACOBANA of the Universities of Bochum and Kiel, Germany, breaks DES in 9 days at $10,000 hardware cost. Within a year software improvements reduced the average time to 6.4 days. The successor of COPACOBANA, the RIVYERA machine reduced the average time to less than one single day. 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information