Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 10 September 21, 2004
Computer Science and Engineering Contents DES assignment More Student Presentations Advanced Encryption Standard (AES) Cryptographic Hash Mehmet’s Presentation
Computer Science and Engineering DES Group Exercise What would be the 64-bit output of round 1 be using the plaintext and key given below (in hexadecimal format): P = 2D 75 F4 DB A3 3E 3F 89 K = D4 3C B1 9A E4 90 D7 C6
Computer Science and Engineering Student presentations 9/21 Mehmet 9/23 Padmaraj 9/28 9/30 10/5
Computer Science and Engineering Advanced Encryption Standard (ASE) -By mid 1990s, virtually all cryptologists agreed that DES needed to be replaced by an advanced encryption standard for the 21 st century -In 1997, NIST issued a request for candidate AES algorithms.
Computer Science and Engineering The minimum requirements for a proposed algorithm: - A symmetric-key cryptosystem - A block cipher - Capable of supporting a block size of 128 bits - Capable of supporting key length of 128, 192, and 256 bits - Available on a worldwide, non- exclusive, royalty-free basis
Computer Science and Engineering Criteria for Evaluation - Security -Soundness of the mathematical basis for an algorithm’s claimed strength -Research community search for flaws - Computational Efficiency - Memory Requirements - Flexibility - Simplicity
Computer Science and Engineering Advanced Encryption Standard (ASE) -NIST chose 15 algorithms for evaluation in the first round, 9 of them were descendants of DES -One was selected out of five made it to the second round -Rijndael (Rine dahl) Vincent Rijmen & Joam Daemen -In 2001, it was formally adopted by US
Computer Science and Engineering ASE (cont) -Regular Rounds (9, 11, 13) -Additional final Round is different (10 th, 12 th, 14 th ) -Each regular round consists of 4 steps - Byte substitution (BSB) - Shift row (SR) - Mix column (MC) - Add Round key (ARK)
Computer Science and Engineering ASE Overview Plaintext (128)ARKSubkey0 Ciphertext (128)ARKSubkey10 SR BSB 9 rounds
Computer Science and Engineering Round i BSB ARKSubkeyi CM SR
Computer Science and Engineering State -128-bit block 4 x 4 matrix -128 bits 16 bytes b0, b1, b2,.., b15 b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15
Computer Science and Engineering Key -128-bit key 4 x 4 matrix -128 bits 16 bytes k0, k1, k2,.., k15 k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15
Computer Science and Engineering 4 Operations 1. s[i,j] s’[i,j] (predefined substitution table, Table page 663) 2. Rows – left circular shift 3. The 4 elements in each column are multiplied by a polynomial 4. Key is derived and added to each column
Computer Science and Engineering Exercise Using the table, Find the substitution of 6b, ff, 6e, 09
Computer Science and Engineering Shift Row b0b4b8b12 b5b9b13b1 b10b14b2b6 b15b3b7b11 b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15
Computer Science and Engineering Byte Representation as polynomial One byte 8 bits B7, B6, B5, B4, B3, B2, B1, B0 B7x 7 + B6 x 6 + B5 x 5 + B4 x 4 + B3 x 3 + B2 x 2 + B1 x + B0 Example: E5 (hex) = (binary) = x 7 + x 6 + x 5 + x (poly)
Computer Science and Engineering Mix Column = * Multiplying by 1 no change Multiplying by 2 shift left one bit Multiplying by 3 shift left one bit and XOR with original value More than 8 bits is subtracted
Computer Science and Engineering Exercise e5 a8 6f 33 = ? ? ? ? *
Computer Science and Engineering 6e 2c c6 95
Computer Science and Engineering Add Key b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 b’ x bxbx kxkx = XOR
Computer Science and Engineering Example k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12 B = e5 a8 6f 33 0a c c2 75 f8 1e b0 46 de 3a B’ = fa 9c 63 9e 50 7b 8a ed ac d6 68 ef f
Computer Science and Engineering Key Generation 4 bytes Circular left shift 1byte S-box X-OR Round constant
Computer Science and Engineering Round Constant Table RoundRound Constant (hex) b Final
Computer Science and Engineering Group Exercise Final 4 bytes = 47 d6 8b 12 After shift = d6 8b Find the next sub key k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12
Computer Science and Engineering Cryptographic Hash Functions (take notes) Message Digest Functions Protect integrity Users create a message digest or fingerprint of a digital document Message Authentication Codes (MACs) Protect both integrity and authenticity MACs produce fingerprints based on both a given document and a secret key
Computer Science and Engineering Message Digest Functions Checksums fingerprint of a message If the message changes, the checksum will not match Most checksums are good in detecting accidental changes made to a message They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum Message digests are designed to protect against this possibility
Computer Science and Engineering One-Way Hash Functions Example M = “Elvis” H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 H(M) = ( ) mod 26 H(M) = 67 mod 26 H(M) = 15 H M H(M) = h
Computer Science and Engineering Collision Example x = “Viva” Y = “Vegas” H(x) = H(y) = 2 H xH(x) H yH(y) =
Computer Science and Engineering Collision-resistant, One-way hash functions Given M, it is easy to compute h Given any h, it is hard to find any M such that H(M) = h Given M1, it is difficult to find M2 (not identical to M1) such that H(M1) = H(M2) Functions that satisfy these criteria are called message digest. They produce a fixed-length digest (fingerprint)
Computer Science and Engineering The Secure Hash Algorithm (SHA-1) SHA-1 A message composed of b bits 160-bit message digest
Computer Science and Engineering Step 1 -- Padding Padding the total length of a padded message is multiple of 512 Every message is padded even if its length is already a multiple of 512 Padding is done by appending to the input: A single bit, 1 Enough additional bits, all 0, to make the final 512 block exactly 448 bits long A 64-bit integer representing the length of the original message in bits
Computer Science and Engineering Example M = (20 bits) Padding is done by appending to the input: A single bit, 1 427 0s A 64-bit integer representing 20 Pad(M) = …
Computer Science and Engineering Example Length of M = 500 bits Padding is done by appending to the input: A single bit, 1 459 0s A 64-bit integer representing 500 Length of Pad(M) = 1024 bits
Computer Science and Engineering Initialize bit words (Hexa) H0 = H1 = EFCDAB89 H2 = 98BADCFE H3 = H4 = C3D2E1F0 K0 – K19 = 5A K20 – K39 = 6ED9EBA1 K40 – K59 = 8F1BBCDC K60 – K79 = CA62C1D6
Computer Science and Engineering Step 2 -- Dividing Pad(M) Pad (M) = B 1, B 2, B 3, …, B n Each B i denote a 512-bit block Each B i is divided into bit words W 0, W 1, …, W 15
Computer Science and Engineering Step 3 – Use W 0 - W 15 to compute W 16 – W 79 To Compute word W j (16<=j<=79): W j-3, W j-8, W j-14, W j-16 are XORed The result is circularly left shifted one bit
Computer Science and Engineering Step 4 – Copy H0 – H4 into A,B,C,D,E A = H0 B = H1 C = H2 D = H3 D = H4
Computer Science and Engineering Step 5 – Four functions For j = 0, 19 f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) For j = 20, 39 f j (B,C,D) = (B XOR C XOR D) For j = 40, 59 f j (B,C,D) = (B AND C) OR ((NOT B) AND D) For j = 60, 79 f j (B,C,D) = (B XOR C XOR D)
Computer Science and Engineering Step 6 – Loop For j = 0 to 79 Do TEMP = Circular_left_shift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = Circular_left_shift_30(B); B = A; A = TEMP Done + addition (ignore overflow)
Computer Science and Engineering Step 7 – Final H0 = H0 + A H1 = H1 + B H2 = H2 + C H3 = H3 + D H4 = H4 + E
Computer Science and Engineering Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message in turn, the 160-bit message digest is given by H0 H1 H2 H3 H4
Computer Science and Engineering Message Authentication Codes (MACs) A message authentication code (MAC) is a key- dependent message digest function: MAC(M,K) = h
Computer Science and Engineering A MAC Based on a Block Cipher M1 Encrypt K M1 Encrypt K XOR M1 Encrypt K XOR … MAC