Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.

Slides:



Advertisements
Similar presentations
6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Data Encryption Standard (DES)
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard
Cryptography and Network Security
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Advanced Encryption Standard
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Lecture 23 Symmetric Encryption
6. Practical Constructions of Symmetric-Key Primitives
Chapter 3 – Block Ciphers and the Data Encryption Standard
CSE 651: Introduction to Network Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
The Digital Encryption Standard CSCI 5857: Encoding and Encryption.
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on “A Tutorial on Linear and Differential Cryptanalysis” by Howard Heys.] Modern block ciphers.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
CSCI 5857: Encoding and Encryption
5.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 5 Introduction to Modern Symmetric-key Ciphers.
Cryptography and Network Security Chapter 3. Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types of cryptographic.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Introduction to Modern Symmetric-key Ciphers
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Symmetric-Key Cryptography
Data Security and Encryption (CSE348) 1. Lecture # 6 2.
Traditional Symmetric-Key Ciphers
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Introduction to Modern Symmetric-key Ciphers
Lecture 23 Symmetric Encryption
Fifth Edition by William Stallings
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
Computer and Network Security Rabie A. Ramadan Lecture 3.
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
5.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 5 Introduction to Modern Symmetric-key Ciphers.
Block Cipher- introduction
1 The Data Encryption Standard. 2 Outline 4.1 Introduction 4.4 DES 4.5 Modes of Operation 4.6 Breaking DES 4.7 Meet-in-the-Middle Attacks.
Module :MA3036NI Symmetric Encryption -3 Lecture Week 4.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
CSE 5/7353 – January 25 th 2006 Cryptography. Conventional Encryption Shared Key Substitution Transposition.
Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.
CPIT 425 Chapter Three: Symmetric Key Cryptography.
Information and Network Security Lecture 2 Dr. Hadi AL Saadi.
Lecture 4 Data Encryption Standard (DES) Dr. Nermin Hamza
CS480 Cryptography and Information Security
Introduction to Modern Symmetric-key Ciphers
Introduction to Modern Symmetric-key Ciphers
AES Objectives ❏ To review a short history of AES
Advanced Encryption Standard (Symmetric key Algorithm)
Introduction to Modern Symmetric-key Ciphers
Block Ciphers and the Data Encryption Standard (DES)
Computer Security IT423 Semester II
Presentation transcript:

Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011

MODERN BLOCK CIPHERS A symmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts an n-bit block of ciphertext. The encryption or decryption algorithm uses a k-bit key.

Continued A modern block cipher can be designed to act as a substitution cipher or a transposition cipher. To be resistant to exhaustive-search attack, a modern block cipher needs to be designed as a substitution cipher.

Continued Full-Size Key Transposition Block Ciphers In a full-size key transposition cipher We need to have n! possible keys, so the key should have [log 2 n!] bits.

Continued Full-Size Key Substitution Block Ciphers A full-size key substitution cipher does not transpose bits; it substitutes bits. We can model the substitution cipher as a permutation if we can decode the input and encode the output.

Continued

Continued A full-size key n-bit transposition cipher or a substitution block cipher can be modeled as a permutation, but their key sizes are different:  Transposition: the key is [log 2 n!] bits long.  Substitution: the key is [log 2 (2n)!] bits long. A partial-key cipher is a group under the composition operation if it is a subgroup of the corresponding full-size key cipher.

Continued Modern block ciphers normally are keyed substitution ciphers in which the key allows only partial mappings from the possible inputs to the possible outputs. A P-box (permutation box) parallels the traditional transposition cipher for characters. It transposes bits. P-Boxes

Continued Three types of P-boxes

Continued S-Box An S-box (substitution box) can be thought of as a miniature substitution cipher. An S-box is an m × n substitution unit, where m and n are not necessarily the same.

Continued In an S-box with three inputs and two outputs, we have The S-box is linear because a 1,1 = a 1,2 = a 1,3 = a 2,1 = 1 and a 2,2 = a 2,3 = 0. The relationship can be represented by matrices, as shown below:

Continued In an S-box with three inputs and two outputs, we have where multiplication and addition is in GF(2). The S- box is nonlinear because there is no linear relationship between the inputs and the outputs.

Continued An S-box may or may not be invertible. In an invertible S-box, the number of input bits should be the same as the number of output bits.

Continued An important component in most block ciphers is the exclusive-or operation. Invertibility of the exclusive-or operation

Continued The five properties of the exclusive-or operation in the GF(2n) field makes this operation a very interesting component for use in a block cipher: closure, associativity, commutativity, existence of identity, and existence of inverse.

Continued Another component found in some modern block ciphers is the circular shift operation. Circular shifting an 8-bit word to the left or right

Continued Swap The swap operation is a special case of the circular shift operation where k = n/2. Swap operation on an 8-bit word

Continued Split and Combine Two other operations found in some block ciphers are split and combine. Split and combine operations on an 8-bit word

Continued Shannon introduced the concept of a product cipher. A product cipher is a complex cipher combining substitution, permutation, and other components discussed in previous sections.

Continued Diffusion The idea of diffusion is to hide the relationship between the ciphertext and the plaintext. Diffusion hides the relationship between the ciphertext and the plaintext.

Continued Confusion The idea of confusion is to hide the relationship between the ciphertext and the key. Confusion hides the relationship between the ciphertext and the key.

Continued Rounds Diffusion and confusion can be achieved using iterated product ciphers where each iteration is a combination of S-boxes, P-boxes, and other components.

Continued

Continued Diffusion and confusion in a block cipher

Continued Modern block ciphers are all product ciphers, but they are divided into two classes. 1. Feistel ciphers 2. Non-Feistel ciphers

Continued Feistel Ciphers Feistel designed a very intelligent and interesting cipher that has been used for decades. A Feistel cipher can have three types of components: self-invertible, invertible, and noninvertible.

Continued The first thought in Feistel cipher design Diffusion hides the relationship between the ciphertext and the plaintext.

Continued Improvement of the previous Feistel design

Continued Final design of a Feistel cipher with two rounds

Continued Non-Feistel Ciphers A non-Feistel cipher uses only invertible components. A component in the encryption cipher has the corresponding component in the decryption cipher.

Continued Attacks on traditional ciphers can also be used on modern block ciphers, but today’s block ciphers resist most of the attacks Attacks on Block Ciphers

Continued Differential Cryptanalysis Eli Biham and Adi Shamir introduced the idea of differential cryptanalysis. This is a chosen-plaintext attack.

Continued

Continued Differential input/output

Continued Differential distribution table

Continued Differential cryptanalysis is based on a nonuniform differential distribution table of the S-boxes in a block cipher.

Continued Linear Cryptanalysis Linear cryptanalysis was presented by Mitsuru Matsui in The analysis uses known plaintext attacks.

Continued In some modern block ciphers, it may happen that some S-boxes are not totally nonlinear; they can be approximated, probabilistically, by some linear functions. where 1 ≤ x ≤ m, 1 ≤ y ≤ n, and 1 ≤ z ≤ n.

MODERN STREAM CIPHERS In a modern stream cipher, encryption and decryption are done r bits at a time. We have a plaintext bit stream P = p n …p 2 p 1, a ciphertext bit stream C = c n …c 2 c 1, and a key bit stream K = k n …k 2 k 1, in which p i, c i, and k i are r-bit words.

Continued In a modern stream cipher, each r-bit word in the plaintext stream is enciphered using an r-bit word in the key stream to create the corresponding r-bit word in the ciphertext stream. Stream cipher

Continued In a synchronous stream cipher the key is independent of the plaintext or ciphertext. One-time pad

Continued What is the pattern in the ciphertext of a one-time pad cipher in each of the following cases? a. The plaintext is made of n 0’s. b. The plaintext is made of n 1’s. c. The plaintext is made of alternating 0’s and 1’s. d. The plaintext is a random string of bits.

Continued Feedback shift register (FSR) Create a linear feedback shift register with 5 cells in which b 5 = b 4  b 2  b 0.

Continued Create a linear feedback shift register with 4 cells in which b 4 = b 1  b 0. Show the value of output for 20 transitions (shifts) if the seed is (0001) 2.

Continued In a nonsynchronous stream cipher, each key in the key stream depends on previous plaintext or ciphertext. In a nonsynchronous stream cipher, the key depends on either the plaintext or ciphertext.

Data Encryption Standard In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modification of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS).

Continued

Continued Find the output of the initial permutation box when the input is given in hexadecimal as:

Continued DES uses 16 rounds. Each round of DES is a Feistel cipher.

Continued

Continued The S-boxes do the real mixing (confusion).

Continued The input to S-box 1 is What is the output? Straight permutation table

Continued Cipher and Reverse Cipher First Approach To achieve this goal, one approach is to make the last round (round 16) different from the others; it has only a mixer and no swapper. Alternative Approach We can make all 16 rounds the same by including one swapper to the 16th round and add an extra swapper after that (two swappers cancel the effect of each other).

Continued Key generation

Continued Parity-bit drop table Number of bits shifts

Continued Key-compression table

DES ANALYSIS AND SECURITY Critics have used a strong magnifier to analyze DES. Tests have been done to measure the strength of some desired properties in a block cipher. Two desired properties of a block cipher are the avalanche effect and the completeness.

Continued To check the avalanche effect in DES, let us encrypt two plaintext blocks (with the same key) that differ only in one bit and observe the differences in the number of bits in each round. Completeness effect Completeness effect means that each bit of the ciphertext needs to depend on many bits on the plaintext.

Continued S-Boxe The design provides confusion and diffusion of bits from each round to the next. P-Boxes They provide diffusion of bits. Number of Rounds DES uses sixteen rounds of Feistel ciphers. the ciphertext is thoroughly a random function of plaintext and ciphertext. Design Criteria

Continued During the last few years critics have found some weaknesses in DES. Weaknesses in Cipher Design 1. Weaknesses in S-boxes 2. Weaknesses in P-boxes 3. Weaknesses in Key The major criticism of DES regards its key length. Fortunately DES is not a group. This means that we can use double or triple DES to increase the key size.

Continued DES, as the first important block cipher, has gone through much scrutiny. Among the attempted attacks, three are of interest: brute-force, differential cryptanalysis, and linear cryptanalysis. Security of DES

Continued We have discussed the weakness of short cipher key in DES. Combining this weakness with the key complement weakness, it is clear that DES can be broken using 2 55 encryptions. Brute-Force Attack

Continued It has been revealed that the designers of DES already knew about this type of attack and designed S-boxes and chose 16 as the number of rounds to make DES specifically resistant to this type of attack. Differential Cryptanalysis

Continued Linear cryptanalysis is newer than differential cryptanalysis. DES is more vulnerable to linear cryptanalysis than to differential cryptanalysis. S-boxes are not very resistant to linear cryptanalysis. It has been shown that DES can be broken using 2 43 pairs of known plaintexts. However, from the practical point of view, finding so many pairs is very unlikely. Linear Cryptanalysis