Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2016 2 September 2016 rev. 16.0 2014 2016 Egemen K. Çetinkaya
Data Encryption Standard Outline Stream and block ciphers Feistel cipher DES 2 September 2016 MST CPE 5420 Data Encryption Standard 2
Data Encryption Standard Stream and Block Ciphers Stream and block ciphers Feistel cipher DES 2 September 2016 MST CPE 5420 Data Encryption Standard 3
Cryptography Cryptographic System Types Egemen K. Çetinkaya Operation type transforming plaintext to ciphertext 2 September 2016 MST CPE 5420 Data Encryption Standard 4
Cryptography Cryptographic System Types Operation type transforming plaintext to ciphertext substitution: elements mapped into another transposition: elements are rearranged essential requirement - information is not lost and reversible 2 September 2016 MST CPE 5420 Data Encryption Standard 5
Cryptography Cryptographic System Types Operation type transforming plaintext to ciphertext substitution: elements mapped into another transposition: elements are rearranged essential requirement - information is not lost and reversible The number of keys used 2 September 2016 MST CPE 5420 Data Encryption Standard 6
Cryptography Cryptographic System Types Operation type transforming plaintext to ciphertext substitution: elements mapped into another transposition: elements are rearranged essential requirement - information is not lost and reversible The number of keys used symmetric, single-key, secret-key, private-key asymmetric, two-key, public-key 2 September 2016 MST CPE 5420 Data Encryption Standard 7
Cryptography Cryptographic System Types Operation type transforming plaintext to ciphertext substitution: elements mapped into another transposition: elements are rearranged essential requirement - information is not lost and reversible The number of keys used symmetric, single-key, secret-key, private-key asymmetric, two-key, public-key The way in which the plaintext is processed 2 September 2016 MST CPE 5420 Data Encryption Standard 8
Cryptography Cryptographic System Types Operation type transforming plaintext to ciphertext substitution: elements mapped into another transposition: elements are rearranged essential requirement - information is not lost and reversible The number of keys used symmetric, single-key, secret-key, private-key asymmetric, two-key, public-key The way in which the plaintext is processed block cipher stream cipher 2 September 2016 MST CPE 5420 Data Encryption Standard 9
Stream Cipher Operation Encrypts data stream one bit or one byte at a time Examples? 2 September 2016 MST CPE 5420 Data Encryption Standard 10
Stream Cipher Operation Encrypts data stream one bit or one byte at a time Examples? autokeyed Vigenère cipher Vernam cipher Ideal case is: a one-time pad keystream is as long as the plaintext bit stream keystream is completely random Keys need to be distributed before communication via independent and secure channel Cryptographic strong bit-stream generation needed 2 September 2016 MST CPE 5420 Data Encryption Standard 11
Stream Cipher Operation Bit stream is algorithmic procedure Both ends generate bit stream using shorter key, K 2 September 2016 MST CPE 5420 Data Encryption Standard 12
Block Cipher Operation Blocks of plaintext is operated: 64 or 128 bits size Both ends utilize symmetric key, K Vast crypto systems utilize this method 2 September 2016 MST CPE 5420 Data Encryption Standard 13
Transformation Singularity Reversible vs. Irreversible Transformation n bits plaintext produce a ciphertext block of n bits There are 2 n possible different plaintext blocks Encryption reversibility decryption possible ciphertext must be unique 2 n! possible different transformations for revers. map. Plaintext Reversible (nonsingular) ciphertext Irreversible (singular) ciphertext 00 11 11 01 10 10 10 00 01 11 01 01 2 September 2016 MST CPE 5420 Data Encryption Standard 14
Block Substitution Example General n-bit-n-bit Block Substitution Possible input states: 16 input states Required key length for all possible states: n 2 n 2 September 2016 MST CPE 5420 Data Encryption Standard 15
Diffusion Statistical Cryptanalysis Diffusion and Confusion dissipate long-range statistics of the plaintext each plaintext digit affect value of many ciphertext digits Confusion make complex relationship between statistics of ciphertext and value of the encryption key complex substitution rather than simple linear substitution 2 September 2016 MST CPE 5420 Data Encryption Standard 16
Data Encryption Standard Feistel Cipher Stream and block ciphers Feistel cipher DES 2 September 2016 MST CPE 5420 Data Encryption Standard 17
Product cipher Product Cipher Definitions combines two or more transformations with intend that the resulting cipher is more secure than individual components Substitution-Permutation (SP) network is a product cipher composed of a number of stages each involving substitutions and permutations An iterated block cipher is a block cipher involving the sequential repetition of an internal function called a round function [MOV1996] 2 September 2016 MST CPE 5420 Data Encryption Standard 18
Feistel Cipher Operation Cipher that alternates substitutions and permutations substitution? permutation? 2 September 2016 MST CPE 5420 Data Encryption Standard 19
Feistel Cipher Operation Cipher that alternates substitutions and permutations substitution: plaintext replaced by corresponding ciphertext permutation: reordering or transposition Design features: block size key size number of rounds subkey generation algorithm round function F fast software encryption/decryption ease of analysis 2 September 2016 MST CPE 5420 Data Encryption Standard 20
Block size Feistel Cipher Features 1 larger block sizes mean greater security but reduced encryption/decryption speed for a given algorithm Key size larger key size means greater security but may decrease encryption/decryption speeds Number of rounds a single round offers inadequate security but multiple rounds offer increasing security 2 September 2016 MST CPE 5420 Data Encryption Standard 21
Feistel Cipher Features 2 Subkey generation algorithm greater complexity should lead to greater cryptanalysis effort Round function (aka Mangler function) F greater complexity leads greater resistance to cryptanalysis Fast software encryption/decryption speed of execution of the algorithm becomes a concern both in hardware and software Ease of analysis algorithm analysis can alleviate cryptanalytic vulnerabilities 2 September 2016 MST CPE 5420 Data Encryption Standard 22
Feistel Cipher Structure All rounds have same structure All rounds have substitution and permutation Decryption uses keys in the reverse order [http://www.emc.com/emc-plus/rsa-labs/images/feistel.gif] 2 September 2016 MST CPE 5420 Data Encryption Standard 23
Feistel Cipher F Function E: Expansion 32 bit to 48 bits S-box for substitution 8 S-boxes P-box 6-bit input 4-bit output for permutation [https://en.wikipedia.org/wiki/file:des-f-function.png] 2 September 2016 MST CPE 5420 Data Encryption Standard 24
Data Encryption Standard DES Stream and block ciphers Feistel cipher DES 2 September 2016 MST CPE 5420 Data Encryption Standard 25
Data Encryption Standard Overview Symmetric key algorithm Uses 56 bit long key actually 64 bit, 8 bit used for parity check or padding Block size is 64-bit; also plaintext size Based on Feistel cipher Decryption uses the same keys, inverse operation Initial selection of the algorithm controversial NSA involved in selection US government officials claim it is unbreakable 1992 Movie Sneakers 2 September 2016 MST CPE 5420 Data Encryption Standard 26
Data Encryption Standard History 1973: NBS (ex-nist) initiates competition 1976: DES approved as a standard 1977: Published in FIPS PUB 46 1992: Theoretical cryptanalysis using brute force requires 2 47 chosen plaintext 1998: DES cracker breaks key in less than 3 days cost ~ $250 K https://w2.eff.org/privacy/crypto/crypto_misc/descracker/html/19980716_eff_des_faq.html 2001: AES published 2008: COPACOBANA breaks DES in about a week cost ~ $10 K; http://www.sciengines.com/copacobana/index.html 2 September 2016 MST CPE 5420 Data Encryption Standard 27
Data Encryption Standard Operation Modes It has 3 stages initial permutation; IP key dependent encryption/decryption inverse initial permutation; IP -1 Encryption/decryption is based on Feistel cipher Key schedule designates keys in each round depends on the round number includes shifts and permuted choice functions Avalanche effect causes change in ciphertext 1 bit change in plaintext causes 32 bit change in ciphertext 2 September 2016 MST CPE 5420 Data Encryption Standard 28
Data Encryption Standard Operation Modes Electronic Codebook (ECB) plaintext datablock is used as a direct input to DES Cipher Block Chaining (CBC) chains successive cipher and plaintext blocks Cipher Feedback (CFB) Egemen K. Çetinkaya previous ciphertext used to generate pseudorandom output Output Feedback (OFB) similar to CFB CBC, CFB, OFB uses initialization vector, IV Details in chapter 4 [http://csrc.nist.gov/publications/fips/fips81/fips81.htm] 2 September 2016 MST CPE 5420 Data Encryption Standard 29
Data Encryption Standard Successors Triple DES TDES or 3DES applies DES three times with 2 or 3 different keys adequately secure, but much slower more on chapter 4 DES-X or DESX uses additional 2 keys and XOR operation DES-X (M)=K 2 DES (M K 1 ) requires 2 61 chosen plaintext vs. 2 47 for DES Generalized DES (GDES) faster but less secure than the DES 2 September 2016 MST CPE 5420 Data Encryption Standard 30
Block Cipher Design Principle Three critical aspects to block cipher design? 2 September 2016 MST CPE 5420 Data Encryption Standard 31
Number of rounds Block Cipher Design Principles the more rounds, more difficult to perform cryptanalysis Design of Mangler function F function to be nonlinear linearity: approximation of function F by linear equations good avalanche properties strict avalanche criterion bit independence criterion Key schedule should be difficult to deduce the key from subkeys 2 September 2016 MST CPE 5420 Data Encryption Standard 32
References and Further Reading [S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, 2017. [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, 2002. [MOV1996] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. [FIPS46] NIST FIPS 46, Data Encryption Standard, 1999 (withdrawn) http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 2 September 2016 MST CPE 5420 Data Encryption Standard 33
End of Foils 2 September 2016 MST CPE 5420 Data Encryption Standard 34