CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Similar documents
CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

CSC 474/574 Information Systems Security

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

CSC574: Computer & Network Security

Modern Symmetric Block cipher

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

AIT 682: Network and Systems Security

Lecture 4: Symmetric Key Encryption

Chapter 3 Block Ciphers and the Data Encryption Standard

Block Cipher Operation. CS 6313 Fall ASU

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Lecture 3: Symmetric Key Encryption

7. Symmetric encryption. symmetric cryptography 1

Processing with Block Ciphers

Symmetric Encryption. Thierry Sans

Content of this part

Symmetric key cryptography

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Secret Key Cryptography

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

The Rectangle Attack

Double-DES, Triple-DES & Modes of Operation

Network Security Essentials Chapter 2

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Computer Security CS 526

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

3 Symmetric Cryptography

Introduction to Cryptography. Lecture 3

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Modes of Operation. Raj Jain. Washington University in St. Louis

Computer Security 3/23/18

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Stream Ciphers and Block Ciphers

Some Aspects of Block Ciphers

CIS 4360 Secure Computer Systems Symmetric Cryptography

Block Ciphers. Advanced Encryption Standard (AES)

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Data Encryption Standard (DES)

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Cryptography [Symmetric Encryption]

Symmetric Encryption Algorithms

CENG 520 Lecture Note III

Using block ciphers 1

Jaap van Ginkel Security of Systems and Networks

Crypto: Symmetric-Key Cryptography

Lecture 1 Applied Cryptography (Part 1)

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Applied Cryptography Data Encryption Standard

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Introduction. Secret Key Cryptography. Outline. Secrets? (Cont d) Secret Keys or Secret Algorithms? Introductory Remarks Feistel Cipher DES AES

Stream Ciphers and Block Ciphers

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 6 Contemporary Symmetric Ciphers

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

Symmetric Cryptography

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Secret Key Cryptography (Spring 2004)

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Secret Key Cryptography Overview

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

Private-Key Encryption

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

EEC-484/584 Computer Networks

Cryptography: Symmetric Encryption [continued]

CSC574: Computer & Network Security

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Introduction to Cryptography. Lecture 3

Cryptography and Network Security. Sixth Edition by William Stallings

ECE 646 Lecture 8. Modes of operation of block ciphers

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Implementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Cryptography and Network Security

Chapter 6: Contemporary Symmetric Ciphers

P2_L6 Symmetric Encryption Page 1

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Computer and Data Security. Lecture 3 Block cipher and DES

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Information Security CS526

Block Ciphers, DES, 2DES, 3DES

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Block Cipher Modes of Operation

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Transcription:

CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1

Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation of the possible output values Output of one S-box should affect other S- boxes in the following round 3

Desirable Property: Avalanche Effect Roughly: a small change in either the plaintext or the key should produce a big change in the ciphertext Better: any output bit should be inverted (flipped) with probability 0.5 if any input bit is changed What is the expected number of different bits between two length-n random bit streams? 0.5n (Bernoulli distribution) f function must be difficult to un-scramble should achieve avalanche effect output bits should be uncorrelated 4

DES Avalanche Effect: Example 2 plaintexts with 1 bit difference: 0x0000000000000000 and 0x8000000000000000 encrypted using the same key: 0x016B24621C181C32 Resulting ciphertexts differ in 34 bits (out of 64) Similar results when keys differ by 1 bit 5

Example (cont d) An experiment: number of rounds vs. number of bits difference Round # 0 1 2 3 4 5 6 7 8 Bits changed 1 6 21 35 39 34 32 31 29 9 10 11 12 13 14 15 16 42 44 32 30 30 26 29 34 6

DES: Keys to Avoid Using Weak keys : These are keys which, after the first key permutation, are: 28 0 s followed by 28 0 s 28 1 s followed by 28 1 s 28 0 s followed by 28 1 s 28 1 s followed by 28 0 s Property of weak keys Easy clue for brute force attacks. Sixteen identical subkeys. Encrypting twice produces the original plaintext. 7

Weak keys Alternating ones + zeros (0x0101010101010101) Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 0xE0E0E0E0F1F1F1F1 0x1F1F1F1F0E0E0E0E DES weak keys produce sixteen identical subkeys 8

More Keys to Avoid! Semi-weak keys : These are keys which, after the first key permutation, are: 1. 28 0 s followed by alternating 0 s and 1 s 2. 28 0 s followed by alternating 1 s and 0 s 12. Alternating 1 s and 0 s followed by alternating 1 s and 0 s Property of semi-weak keys For a semi-weak key pair (K 1, K 2 ), K 1 {K 2 {m}} = m 9

Semi-weak key pairs 0x011F011F010E010E and 0x1F011F010E010E01 0x01E001E001F101F1 and 0xE001E001F101F101 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 K 1 {K 2 {m}} = m 10

DES Key Size 56 bits is currently too small to resist brute force attacks using readily-available hardware Ten years ago it took $250,000 to build a machine that could crack DES in a few hours Now? 11

Cryptanalysis of DES Differential cryptanalysis exploits differences between encryptions of two different plaintext blocks provides insight into possible key values Linear cryptanalysis requires known plaintext / ciphertext pairs, analyzes relationships to discover key value No attacks on DES so far are significantly better than brute force attacks, for comparable cost 12

Advanced Encryption Standard (AES) Selected from an open competition, organized by NSA winner: Rijndael algorithm, standardized as AES Some similarities to DES (rounds, round keys, alternate permutation+substitution) but not a Feistel cipher Block size = 128 bits Key sizes = 128, 192, or 256 13

AES-128 Overview 128-bit Input Round 1 128-bit K 0 128-bit K 1 128-bit key Generate round keys Round 10 128-bit K 10 128-bit Output 14

AES Assessment No known successful attacks on full AES Best attacks work on 7 9 rounds For brute force attacks, AES-128 needs much more effort than DES 15

Attacks on AES Differential Cryptanalysis: based on how differences in inputs correlate with differences in outputs Linear Cryptanalysis: based on correlations between input and output Side Channel Attacks: Implementations of the cipher on systems inadvertently leak data Timing Attacks: measure the time it takes to do operations 16

CIS 6930/4930 Computer and Network Security Topic 3.2 Modes of Operation 17

Processing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to chain cipher text together? Modes of operation ECB (Electronic Code Book) CBC (Cipher Block Chaining) OFB (Output Feedback) CFB (Cipher Feedback) CTR (Counter) 18

Issues for Block Chaining Mode Ciphertext manipulation Can an attacker modify ciphertext block(s) in a way that will produce a predictable/desired change in the decrypted plaintext block(s)? Note: assume the structure of the plaintext is known, e.g., first block is employee #1 salary, second block is employee #2 salary, etc. Information leakage Does it reveal info about the plaintext blocks? 19

Issues (Cont d) Parallel/Sequential Can blocks of plaintext (ciphertext) be encrypted (decrypted) in parallel? Error propagation If there is an error in a plaintext (ciphertext) block, will there be an encryption (decryption) error in more than one ciphertext (plaintext) block? 20

Electronic Code Book (ECB) Plaintext M 1 M 2 M 3 M 4 64 64 64 46 + padding Key E E E E 64 64 64 64 Ciphertext C 1 C 2 C 3 C 4 The easiest mode of operation; each block is independently encrypted 21

ECB Decryption M 1 M 2 M 3 M 4 64 64 64 46 + padding Key D D D D 64 64 64 64 C 1 C 2 C 3 C 4 Each block is independently decrypted 22

ECB Properties Does information leak? Can ciphertext be manipulated? Parallel processing possible? Do ciphertext errors propagate? M 1 M 24 M 3 M 42 Key 64 64 64 46 + padding D D D D 64 64 64 64 C 1 C 4 C 3 C 2 C 1 C 2 C 3 C 4 23

Cipher Block Chaining (CBC) Initialization Vector Key M 1 M 2 M 3 M 4 64 64 64 46 + padding E E E E 64 64 64 64 C 1 C 2 C 3 C 4 Chaining dependency: each ciphertext block depends on all preceding plaintext blocks 24

Initialization Vectors Initialization Vector (IV) Used along with the key; not secret For a given plaintext, changing either the key, or the IV, will produce a different ciphertext Why is that useful? IV generation and sharing Random; may transmit with the ciphertext Incremental; predictable by receivers 25

CBC Decryption M 1 M 2 M 3 M 4 Initialization Vector 64 64 64 46 + padding Key D D D D 64 64 64 64 C 1 C 2 C 3 C 4 How many ciphertext blocks does each plaintext block depend on? 26

CBC Properties Does information leak? Identical plaintext blocks will produce different ciphertext blocks Can ciphertext be manipulated predictably???? Parallel processing possible? no (encryption), yes (decryption) Do ciphertext errors propagate? yes (encryption), a little (decryption) 27

Output Feedback Mode (OFB) Initialization Vector one-time pad Key 64 E Pseudo-Random E Number EGenerator E M 1 M 2 M 3 M 4 64 64 64 46 + padding 64 64 64 64 C 1 C 2 C 3 C 4 28

OFB Decryption IV one-time pad Key 64 E E E E M 1 M 2 M 3 M 4 64 64 64 46 + padding 64 64 64 64 C 1 C 2 C 3 C 4 No block decryption required! 29

OFB Properties Does information leak? identical plaintext blocks produce different ciphertext blocks Can ciphertext be manipulated predictably???? Parallel processing possible? yes (generating pad), yes (XORing with blocks) Do ciphertext errors propagate???? 30

OFB (Cont d) If you know one plaintext/ciphertext pair, can easily derive the one-time pad that was used i.e., should not reuse a one-time pad! Conclusion: IV must be different every time 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback