View
213
Download
0
Tags:
Embed Size (px)
Citation preview
CS 682 - Network Security
Lecture 2
Prof. Katz
9/7/2000 Lecture 2 - Data Encryption 2
DES – Data Encryption Standard
Private key. Encrypts by series of substitution and transpositions.
Worldwide standard for more than 20 years. Has a history of controversy. Designed by IBM (Lucipher) with later help
(interference?) from NSA. No longer considered secure for highly
sensitive applications. Replacement standard (AES) currently in
process of development.
9/7/2000 Lecture 2 - Data Encryption 3
DES - Overview
9/7/2000 Lecture 2 - Data Encryption 4
DES – Each iteration.
9/7/2000 Lecture 2 - Data Encryption 5
DES – Computation of F(Ri-1,Ki)
9/7/2000 Lecture 2 - Data Encryption 6
Computation of F:
Expansion function E: maps bit string of length 32 to bit string of length 48. Permutes bits in a fixed way and duplicates certain
bits Key schedule: each round uses a 48 bit key
obtained by performing permutations, shifts, and discarding bits from the original 56 bit key. Fixed algorithm for each round
resulting 48 bit string broken into 8 6-bit strings
9/7/2000 Lecture 2 - Data Encryption 7
S-boxes: S1
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 70 15 7 4 14 2 13 1 10 6 12 11 9 5 3 84 1 14 8 13 6 2 11 15 12 9 7 3 10 5 015 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Sj
)( 654321 bbbbbbS
6543
21
:
:
bbbbcolumn
bbrowIs the table entry from
01106]9,1[)011001( dtableS
x Plain text
0R0LInitial permutation (IP)
0R ),( 100 KRFL Round-1 (key K1)
),( 161515 KRFL 15R
Round-16 (key K16)
),( 161515 KRFL 15R
swap
yIP inverse
Cipher text
15R15L
Rounds 2-15
),( 161515 KRFL 15R
yIP inverse
Cipher text
IP),( 161515 KRFL 15R
Round-1 (K16)
),(),( 1615161515 KRFKRFL 15R
15L15R
=
Since 0bbbb 0
en
cry
pt
decry
pt
9/7/2000 Lecture 2 - Data Encryption 10
DES – Electronic Code Book Mode
9/7/2000 Lecture 2 - Data Encryption 11
DES – Cipher block chaining mode
9/7/2000 Lecture 2 - Data Encryption 12
DES Security
S-Box design not well understood (secret). Has survived some recent sophisticated
attacks (differential cryptanalysis). Key is too short (thanks to NSA!). Hence is
vulnerable to brute force attack. 1998 distributed attack took 3 months. $1,000,000 machine will crack DES in 35
minutes – 1997 estimate. 10,000 – 2.5 days. In 1999 EFF achieved 245 billion keys per
second rate to crack in 22 hours.
9/7/2000 Lecture 2 - Data Encryption 13
Double DES
Double DES is almost as easy to break as single DES!
9/7/2000 Lecture 2 - Data Encryption 14
Triple DES
Triple DES (2 keys) requires 2112 search. Is reasonably secure. 3 keys requires 2168 .
9/7/2000 Lecture 2 - Data Encryption 15
Other Private Key Cryptosystems
IDEA Twofish Blowfish RC4, RC5, RC6 Rijndael Serpent MARS Feal
Message Authentication
9/7/2000 Lecture 2 - Data Encryption 17
Message Authentication
We must be able to certify that a message is from a particular person
We must be sure that the message has not been tampered with
9/7/2000 Lecture 2 - Data Encryption 18
Methods
Conventional Encryption Message Authentication Code One-way Hash
Using Conventional Encryption Using Public-Key Encryption Using Secret Value
9/7/2000 Lecture 2 - Data Encryption 19
Conventional Encryption
Modification of the cyphertext should produce unintelligible results in the plaintext.
9/7/2000 Lecture 2 - Data Encryption 20
One-Way Hash (using encryption)
1. The message is sent through a hashing function H(M)
2. The result is encrypted: C = E(K, H(M)3. C is appended to the message: N = M||C4. N is sent to the recipient5. C is extracted from N: N -> M & C6. C is decoded: H(M1) = D(K, C)
7. The recipient puts the message through the hashing function: H(M2)
8. If H(M1) = H(M2) the message is authentic
9/7/2000 Lecture 2 - Data Encryption 21
One-Way hash (Public Key)
Same as encryption but encryption Key is private key and decryption key is public key
9/7/2000 Lecture 2 - Data Encryption 22
One-Way Hash (secret value)
Secret Value (S) is concatenated onto M: N=S||M
N is put through the hash function: H(N) The result is append to M: C = M||H(N) C is sent to the recipient H(N1) is extracted from C Secret Value (S) is concatenated onto M: N=S||
M N is put through the hash function: H(N2) If H(N1) = H(N2), the message is authentic.