Modes of Operation. Raj Jain. Washington University in St. Louis

Similar documents
Data Encryption Standard (DES)

Content of this part

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Block Encryption and DES

Block Cipher Operation. CS 6313 Fall ASU

CSC 474/574 Information Systems Security

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Block Cipher Operation

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Symmetric Encryption Algorithms

Secret Key Cryptography

Double-DES, Triple-DES & Modes of Operation

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Chapter 3 Block Ciphers and the Data Encryption Standard

Lecture 1 Applied Cryptography (Part 1)

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Overview of Authentication Systems

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Kerberos V5. Raj Jain. Washington University in St. Louis

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Classical Encryption Techniques

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Computer Security CS 526

Stream Ciphers and Block Ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

P2_L6 Symmetric Encryption Page 1

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

7. Symmetric encryption. symmetric cryptography 1

The Rectangle Attack

Cryptography Functions

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Symmetric Encryption. Thierry Sans

CIS 4360 Secure Computer Systems Symmetric Cryptography

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Network Security Essentials Chapter 2

Secret Key Cryptography Overview

CSC574: Computer & Network Security

Cryptography [Symmetric Encryption]

IDEA, RC5. Modes of operation of block ciphers

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

EEC-484/584 Computer Networks

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Stream Ciphers and Block Ciphers

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Computer Security 3/23/18

Processing with Block Ciphers

3 Symmetric Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

SUMMARY OF INFORMATION ON EACH COURSE

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Lecture 3: Symmetric Key Encryption

Modern Symmetric Block cipher

Chapter 6 Contemporary Symmetric Ciphers

Study and Analysis of Symmetric Key-Cryptograph DES, Data Encryption Standard

Symmetric Cryptography

Network Security Essentials

Symmetric key cryptography

CENG 520 Lecture Note III

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Computer and Data Security. Lecture 3 Block cipher and DES

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Lecture 4: Symmetric Key Encryption

Symmetric Cryptography. Chapter 6

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Summary on Crypto Primitives and Protocols

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Symmetric Cryptography. CS4264 Fall 2016

Symmetric, Asymmetric, and One Way Technologies

Some Aspects of Block Ciphers

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Cryptography and Network Security

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Encryption Details COMP620

Stream Ciphers. Stream Ciphers 1

Secret Key Cryptography (Spring 2004)

Block Ciphers, DES, 2DES, 3DES

Block Cipher Modes of Operation

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Cryptography (cont.)

BYTE ROTATION WITH CBC ENCRYPTION ALGORITHM

Cryptography 2017 Lecture 3

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Using block ciphers 1

Summary. Final Week. CNT-4403: 21.April

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Information Security CS526

How to Use Your Block Cipher? Palash Sarkar

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

International Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Transcription:

Modes of Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at : http://www.cse.wustl.edu/~jain/cse567-06/ 6-1

Overview 1. Modes of Operation: ECB, CBC, OFB, CFB, CTR 2. Privacy+Integrity 3. DES Attacks 4. 3DES and its design Ref: Chapter 4 of textbook. 6-2

Modes of Operation 1. Electronic Code Book (ECB) 2. Cipher Block Chaining (CBC) 3. Cipher Feedback Mode (CFB) 4. Output Feedback Mode (OFB) 5. Counter Mode (CTR) 6-3

1. Electronic Code Book (ECB)! Each block is independently encoded! Problem: " Identical Input Identical Output " Can insert encoded blocks 6-4

Cipher Block Chaining (CBC)! Add a random number before encoding 6-5

CBC (Cont)! Use C i as random number for i+1! Need Initial Value (IV)! If no IV, then one can guess changed blocks! Example: Continue Holding, Start Bombing 6-6

CBC (Cont)! Attack 1: Change selected bits in encrypted message " Garbled text not detected by computers! Attack 2: Attacker knows plain text and cipher text. Can change plain text. " 32-bit CRC may not detect. 64-bit CRC may be better. 6-7

k-bit Output Feedback Mode (OFB)! IV is used to generate a stream of blocks! Stream is used a one-time pad and XOR'ed to plain text 6-8

! Advantages: OFB (Cont) " Stream can be generated in advance " 1-bit error in transmission affects only one bit of plain text " Message can be any size " All messages are immediately transmitted! Disadvantage: Plain text can be trivially modified! Only left-most k-bits of the block can be used 6-9

k-bit Cipher Feedback Mode (CFB)! Key Stream blocks use previous block as IV! k-bits of encoded streams are used to generate next block 6-10

CFB (Cont)! Stream cannot be generated in advance.! In practice, k=8 bit or 64 bit! If a byte is added or deleted, that byte and next 8 bytes will be affected! No block rearranging effect 6-11

Counter Mode (CTR)! If the same IV and key is used again, " Xor of two encrypted messages = Xor of plain text! IV is incremented and used to generated one-time pad! Advantage: Pre-computed 6-12

Message Authentication Code (MAC)! Cryptographic checksum or Message Integrity Code (MIC)! CBC residue is sent with plain text 6-13

Weak and Semi-Weak Keys! Recall that 56-bit DES key is divided in two halves and permuted to produce C0 and D0! Keys are weak if C0 and D0 (after permutation) result in: " All 0's " All 1's " Alternating 10 or 01! Four possibilities for each half 16 week keys 6-14

Privacy + Integrity! Can't send encrypted message and CBC residue. 1. Use strong CRC 2. Use CBC residue with another key. " The 2nd CBC can be weak, as in Kerberos. " Kerberos uses K+F0F0 F0F0 as the 2nd key. 6-15

Privacy + Integrity (Cont) 3. Use hash with another key. Faster than encryption. 4. Use Offset Code Book (OCB), http://www.cs.ucdavis.edu/~rogaway/papers/draftkrovetz-ocb-00.txt 6-16

MISTY1! Block cipher with 128 bit keys! With 4 to 8 rounds. Each round consists of 3 subrounds.! Secure against linear and differential cryptanalysis! Named after the inventors: Matsui Mitsuru, Ichikawa Tetsuya, Sorimachi Toru, Tokita Toshio, and Yamagishi Atsuhiro! A.k.a. Mitsubishi Improved Security Technology! Recommended for Japanese government use. Patented! Described in RFC 2994! Ref: http://en.wikipedia.org/wiki/misty1 6-17

! Selected by 3GPP KASUMI! 64-bit block cipher with 128 bit key! A variant of MISTY1! Needs limited computing power! Works in real time (voice)! KASUMI with counter mode and output feedback modes. This algorithm is known as f8. 6-18

GSM Encryption! Three stream ciphers: A5/1, A5/2, A5/3! Description of A5/1 and A5/2 were never released to public but were reverse engineered and broken! A5/3 is based KASUMI 6-19

DES Attacks! 1997 RSA Lab set a prize of $10k! Curtin and Dolske used combined power of Internet computers to find the key using a brute force method.! 1998 Electronic Frontier Foundation (EFF) showed that a $250k machine could find any DES key in max 1 week. Avg 3 days.! 2001 EFF combined the cracker with Internet to crack DES in 1 day.! Differential Cryptanalysis and Linear cryptanalysis can be used to crack DES! NIST recommended 3DES 6-20

! c = e k1 (d k2 (e k3 (m)))! m = d k3 (e k2 (d k1 (c))) 3DES! k1 and k2 should be independent but k3 can be independent or k3=k1! k3 = k1 results in 112 bit strength 6-21

CBC: Outside vs. Inside 6-22

CBC: Outside vs. Inside (Cont) 6-23

1. 3 stages 2. Two keys 3. E-D-E 4. CBC Outside Key 3DES Design Decisions 6-24

! ek1(ek2(m)) 1. Why not 2DES?! 2DES is only twice as secure as DES (57-bit key)! Suppose you know (m1,c1), (m2,c2),...! c1=ek1(ek2(m1))! dk1(c1)=ek2(m1)! k1 and k2 can be found by preparing two 2^56 entry tables! Table 1 contains all possible encryptions of m1.! Table 2 contains all possible decryptions of c1.! Sort both tables.! Find matching entries potential (k1,k2) pairs! Try these pairs on (m2, c2),... 6-25

2. Why Only Two Keys?! k3=k1 is as secure as k3\=k1! Given (m,c) pairs, it is easy to find 3 keys such that ek1(dk2(ek3(m)))=r! But finding the keys when k3=k1 is difficult. 6-26

3. Why E-D-E E E and not E-E-E? E E?! E and D are both equally strong encryptions.! With k1=k2, EDE = E a 3DES system can talk to DES by setting k1=k2 6-27

4. Why CBC outside? 1. Bit Flipping: " CBC Outside: One bit flip in the cipher text causes that block of plain text and next block garbled Self-Synchronizing " CBC Inside: One bit flip in the cipher text causes more blocks to be garbled. 2. Pipelining: " More pipelining possible in CBC inside implementation. 3. Flexibility of Change: " CBC outside: Can easily replace CBC with other feedback modes (ECB, CFB,...) 6-28

Summary 1. To encrypt long messages, we need to use different modes of operation 2. Five modes of operation: ECB, CBC, OFG, CFB, CTR 3. Privacy + Integrity: Use CRC or CBC residue 4. 3DES uses two keys and E-D-E sequence and CBC on the outside. 6-29

References 1. C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, 2 nd Ed, Prentice Hall, 2002, ISBN: 0130460192 2. William Stallings, Cryptography and Network Security, 4 th Ed, Prentice-Hall, 2006, ISBN:013187316 3. A. W. Dent and C. J. Mitchell, User s Guide to Cryptography and Standards, Artech House, 2005, ISBN:1580535305 4. N. Ferguson and B. Schneier, Practical Cryptography, Wiley, 2003, ISBN:047122894X 6-30

Homework 6! Read chapter 4 of the textbook! Submit answer to Exercise 4.4! Exercise 4.4: What is a practical method of finding a triple of keys that maps a given plain text to a given cipher text using EDE? Hint: 1. You have only one (m, c) pair 2. Worst case is to have 3 nested loops for trying all k1, k2, k3 2 64 2 64 2 64 = 2 192 steps but requires storing only 1 intermediate result. 3. How can you reduce the number of steps using more storage for intermediate results. 6-31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback