Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.

Published byArthur Ellis Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography."— Presentation transcript:

1 1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography

2 2 CPCS425: Information Security (Topic 5) Overview  Block Cipher Definition  S-DES (to help you to understand DES)  The DES (Data Encryption Standard)  Triple DES (or 3DES)  An Example Use of DES  The AES (Advanced Encryption Standard)  (Other) Symmetrical Cryptosystems Summary  Stream Ciphers vs Block Ciphers  Conclusions  source: chapters 3 of Cryptography and Network Security

3 3 CPCS425: Information Security (Topic 5) Block Cipher Definition  Block ciphers operate on blocks of plaintext and ciphertext.  The block size n should be reasonably large, e.g. n  64 bits, to prevent dictionary attacks.  The encryption function is usually complex: C=E K (M).  We must have a decryption function which satisfies: M=D K (C).  Most modern cryptosystems are block ciphers.  We pick DES to illustrate how symmetrical cipher works.  S-DES next will help you to understand the DES algorithm.

4 4 CPCS425: Information Security (Topic 5) Simplified DES (S-DES) (1/5) - The whole picture

5 5 CPCS425: Information Security (Topic 5) S-DES (2/5): The whole picture  The 10-bit key K undergoes a serial of operations consisted of permutation (P), left shift (LS) and permutation/contraction (P8) to produce two 8-bit sub-keys, k 1 and k 2.  The two sub-keys are used by the complex function F in two rounds.  The complex function F consists of Expansion/Permutation (E/P), XOR, Substitution Box (S-Box), and Permutation (P4).

6 6 CPCS425: Information Security (Topic 5) S-DES (3/5): Major encryption functions 1st 4th - row 2nd 3rd - col

7 7 CPCS425: Information Security (Topic 5) S-DES (4/5): Proof IP -1 is the inverse of IP IP: 2 6 3 1 4 8 5 7 A 1 A 2 A 3 A 4 A 5 A 6 A 7 A 8 A 2 A 6 A 3 A 1 A 4 A 8 A 5 A 7 B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 IP -1 : 4 1 3 5 7 2 8 6 B 4 B 1 B 3 B 5 B 7 B 2 B 8 B 6 A Question for you: Can you tell the difference between E (encryption algorithm) and D (decryption algorithm) in S-DES?

8 8 CPCS425: Information Security (Topic 5) S-DES (5/5): S-DES vs DES  To summarise, the encryption can be described as IP -1 o f k2 o SW o f k1 o IP  Relationship to DES  DES operates on 64-bits blocks of input, has 16 rounds of permutation and substitution operations, and uses a 56-bit key (K).  The encryption can be described as: IP -1 o f k16 o SW o f k15 o SW o … o SW o f k1 o IP

9 9 CPCS425: Information Security (Topic 5) The DES (1/7) - Some facts (1/2)  It is a symmetric cryptography - encryption/decryption keys are the same.  It is essentially a block cipher - block length is 64 bits.  Length of key K is 56 bits (56-bit key is widely regarded as insufficient).  The subkeys k 1, k 2 …, k 16 are each 48-bits, generated from key K.  The DES decryption algorithm is the same as the encryption one; the only difference is that the keys for each round must be used in the reverse order.  The algorithm public, but the design principles are kept secret.

10 10 CPCS425: Information Security (Topic 5) The DES (2/7): Some facts (2/2)  It is mainly used for encryption of message contents - confidentiality.  It is more efficient than asymmetric cryptosystems.  No serious flaws or exploitable vulnerabilities have been reported in the design of DES.  But its weakness is 56-bit key - which is good enough to deter casual DES key browsing, but not for a dedicated adversary who is after a specific DES ciphertext of significant interest.  DES is a de facto international standard for banking security.

11 11 CPCS425: Information Security (Topic 5) The DES (3/7) - Modes of operation  Any block ciphers can be used in a variety of operational modes. Understanding them and choosing the right one for the job is an important factor in using a block cipher securely.  Here we use DES as an example block cipher to illustrate two (mostly commonly used) modes of operation in block ciphers:  ECB (electronic codebook) mode  CBC (cipher block chaining) mode  This modes of operation are applicable to all block ciphers! – e.g. RSA.

12 12 CPCS425: Information Security (Topic 5) The DES (4/7) - Electronic codebook (ECB) mode

13 13 CPCS425: Information Security (Topic 5) The DES (5/7) - Cipher block chaining (CBC) mode (1/2)

14 14 CPCS425: Information Security (Topic 5) The DES (6/7) - Cipher block chaining (CBC) mode (2/2)  This mode is effective at disguising any patterns in the plaintext.  CBC mode is used in most commercial applications that encrypt more than one blocks.

15 15 CPCS425: Information Security (Topic 5) The DES (7/7) - Strength  Built-in trapdoors might be placed in secret boxes.  Use of a 56-bit key that can be broken on average in 2 56 (i.e. 7.2 * 10 16 ) trials.  trials/second time required  1 10 9 years  10 3 10 6 years  10 6 10 3 years  10 9 1 year  10 12 10 hours  a DES chip does 1 million encryptions per second.  a million chips in parallel do 10 12 trials per second.  estimated cost is in 10s of millions of US dollars.

16 16 CPCS425: Information Security (Topic 5) Triple-DES  What is triple-DES?  To get round problems of short DES key, triple-DES is increasingly common.  This involves using two DES keys (K 1, K 2 ), encryption algorithm E, and decryption algorithm D: C=E K1 (D K2 (E K1 (M)))  The use of D here does not have any security implication, it just makes triple-DES backward compatible if K 1 =K 2.  Properties  More secure than DES, as effective key length now is 112- bits; But it is slower than DES.

17 17 CPCS425: Information Security (Topic 5) An example use of DES

18 18 CPCS425: Information Security (Topic 5) The AES (1/2) - Background  In the near term, triple DES is strong enough. But an improvement in processor speeds and number of parallel computers threatens it, too.  In 1997, a call was issued by NIST for a new encryption system.  The standard aims  Security - bigger key sizes.  Cost - fast in software too.  Algorithm and implementation characteristics - fast & easy.  The finalist candidates were MARS, RC6, Rijndael, Serpent, and Twofish.  Rijndael was selected as it offered the best combination of security, performance, ease of implementation and flexibility.  In 2001, Rijndael was formally nominated as the AES standard.

19 19 CPCS425: Information Security (Topic 5) The AES (2/2) - the Details  AES is a block cipher, block size is 128 bits (others are allowed but not recognised by the standard).  The key length can be 128, 192, or 256 bits.  It is a substitution-permutation cipher involve n rounds:  for key length=128 bits, n=9;  for key length =192 bits, n=11; and  for key length =256 bits, n=13.  It has been subjected to extensive cryptanalysis, but no significant problems have been found to date.  For now, the AES seems a solid replacement for the DES.

20 20 CPCS425: Information Security (Topic 5) (Other) Conventional Cryptosystems (2/2) - Summary

21 21 CPCS425: Information Security (Topic 5) Stream Ciphers vs Block Ciphers

22 22 CPCS425: Information Security (Topic 5) Conclusions (1/2)  Modern symmetric ciphers come in two variants: block ciphers and stream ciphers.  The mostly used block cipher is used to be DES.  A comparatively recent block cipher is the AES, called Rijndael.  Both DES and AES obtain their security by repeated application of simple rounds consisting of substitution, permutation, shift and key addition.

23 23 CPCS425: Information Security (Topic 5) Conclusions (2/2)  To use a block cipher one needs to also specify a mode of operation:  the simplest mode is ECB mode, which has problems associated with it:  same plaintext will always generate same ciphertext;  suffers from possible insertion/deletion attacks.  Hence it is common to use a more advanced mode such as CBC mode.  Symmetrical cryptography is reasonably secure, more efficient, and more suitable for encryption of large messages - provide message confidentiality.  But it has key exchange problem and does not support non- repudiation.

Download ppt "1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Cryptography and Network Security

Cryptography and Network Security
Review Overview of Cryptography Classical Symmetric Cipher

Review Overview of Cryptography Classical Symmetric Cipher
Simplified DES CS-480b Network Security Dick Steflik.

Simplified DES CS-480b Network Security Dick Steflik.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google