cs 682 - network security lecture 2 prof. katz. 9/7/2000lecture 2 - data encryption2 des – data...

CS 682 - Network Security

Lecture 2

Prof. Katz

9/7/2000 Lecture 2 - Data Encryption 2

DES – Data Encryption Standard

Private key. Encrypts by series of substitution and transpositions.

Worldwide standard for more than 20 years. Has a history of controversy. Designed by IBM (Lucipher) with later help

(interference?) from NSA. No longer considered secure for highly

sensitive applications. Replacement standard (AES) currently in

process of development.

9/7/2000 Lecture 2 - Data Encryption 3

DES - Overview

9/7/2000 Lecture 2 - Data Encryption 4

DES – Each iteration.

9/7/2000 Lecture 2 - Data Encryption 5

DES – Computation of F(Ri-1,Ki)

9/7/2000 Lecture 2 - Data Encryption 6

Computation of F:

Expansion function E: maps bit string of length 32 to bit string of length 48. Permutes bits in a fixed way and duplicates certain

bits Key schedule: each round uses a 48 bit key

obtained by performing permutations, shifts, and discarding bits from the original 56 bit key. Fixed algorithm for each round

resulting 48 bit string broken into 8 6-bit strings

9/7/2000 Lecture 2 - Data Encryption 7

S-boxes: S1

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 70 15 7 4 14 2 13 1 10 6 12 11 9 5 3 84 1 14 8 13 6 2 11 15 12 9 7 3 10 5 015 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

Sj

)( 654321 bbbbbbS

6543

21

:

:

bbbbcolumn

bbrowIs the table entry from

01106]9,1[)011001( dtableS

x Plain text

0R0LInitial permutation (IP)

0R ),( 100 KRFL Round-1 (key K1)

),( 161515 KRFL 15R

Round-16 (key K16)

),( 161515 KRFL 15R

swap

yIP inverse

Cipher text

15R15L

Rounds 2-15

),( 161515 KRFL 15R

yIP inverse

Cipher text

IP),( 161515 KRFL 15R

Round-1 (K16)

),(),( 1615161515 KRFKRFL 15R

15L15R

=

Since 0bbbb 0

en

cry

pt

decry

pt

9/7/2000 Lecture 2 - Data Encryption 10

DES – Electronic Code Book Mode

9/7/2000 Lecture 2 - Data Encryption 11

DES – Cipher block chaining mode

9/7/2000 Lecture 2 - Data Encryption 12

DES Security

S-Box design not well understood (secret). Has survived some recent sophisticated

attacks (differential cryptanalysis). Key is too short (thanks to NSA!). Hence is

vulnerable to brute force attack. 1998 distributed attack took 3 months. $1,000,000 machine will crack DES in 35

minutes – 1997 estimate. 10,000 – 2.5 days. In 1999 EFF achieved 245 billion keys per

second rate to crack in 22 hours.

9/7/2000 Lecture 2 - Data Encryption 13

Double DES

Double DES is almost as easy to break as single DES!

9/7/2000 Lecture 2 - Data Encryption 14

Triple DES

Triple DES (2 keys) requires 2112 search. Is reasonably secure. 3 keys requires 2168 .

9/7/2000 Lecture 2 - Data Encryption 15

Other Private Key Cryptosystems

IDEA Twofish Blowfish RC4, RC5, RC6 Rijndael Serpent MARS Feal

Message Authentication

9/7/2000 Lecture 2 - Data Encryption 17

Message Authentication

We must be able to certify that a message is from a particular person

We must be sure that the message has not been tampered with

9/7/2000 Lecture 2 - Data Encryption 18

Methods

Conventional Encryption Message Authentication Code One-way Hash

Using Conventional Encryption Using Public-Key Encryption Using Secret Value

9/7/2000 Lecture 2 - Data Encryption 19

Conventional Encryption

Modification of the cyphertext should produce unintelligible results in the plaintext.

9/7/2000 Lecture 2 - Data Encryption 20

One-Way Hash (using encryption)

1. The message is sent through a hashing function H(M)

2. The result is encrypted: C = E(K, H(M)3. C is appended to the message: N = M||C4. N is sent to the recipient5. C is extracted from N: N -> M & C6. C is decoded: H(M1) = D(K, C)

7. The recipient puts the message through the hashing function: H(M2)

8. If H(M1) = H(M2) the message is authentic

9/7/2000 Lecture 2 - Data Encryption 21

One-Way hash (Public Key)

Same as encryption but encryption Key is private key and decryption key is public key

9/7/2000 Lecture 2 - Data Encryption 22

One-Way Hash (secret value)

Secret Value (S) is concatenated onto M: N=S||M

N is put through the hash function: H(N) The result is append to M: C = M||H(N) C is sent to the recipient H(N1) is extracted from C Secret Value (S) is concatenated onto M: N=S||

M N is put through the hash function: H(N2) If H(N1) = H(N2), the message is authentic.