Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Data Encryption Standard)

Published byHolly Newton Modified over 6 years ago

Similar presentations

Presentation on theme: "(Data Encryption Standard)"— Presentation transcript:

1 (Data Encryption Standard)
DES (Data Encryption Standard)

2 Stream Ciphers vs. Block Ciphers
Stream cipher encrypts digital data one bit (byte) at a time Block cipher encrypts block of plaintext at a time Will produce a ciphertext block of the same size

3 DES Basics Block cipher (64-bit block)
Uses 56-bit key (out of 64 bits) 16 rounds 48-bit subkeys Feistel structure (except initial and final permutations)

4 Overall Scheme of DES Encryption

5 Initial Permutation (IP) and Inverse IP

6 DES Single Round of DES

7 DES Round function F

8 DES Round Function Operates on 32-bit units
32-bit  48-bit expansion/permutation (E table) XOR with 48 bit subkey S-box computation returns 32 bits Round permutation (P) Look at the following diagram!!!

9 Single Round of DES cont…

10 Expansion E and Permutation P

11 S-BOX Substitution S-BOX: 4 x 16 entry table Input: 6 bits
2-bits determine the table (1 s/d 4) 4-bits determine the table entry Output: 4 bits

12 S-BOX table

13 DES Key Generation Parity bits (8, 16, …, 64) are discarded (out of 64-bit key) 56-bit key is split into 28-bit L and R 16 48-bit subkeys (K1, K2, … , K16) are generated by various circular left shifts of L and R Bits are permuted and selected

14 Security of DES This secret key is 56 bits
Trying out all 72,057,594,037,927,936 possible keys (a seven with 16 zeros) would be impossible because computers could not possibly ever become fast enough. In 1998 the Electronic Frontier Foundation (EFF) built a special-purpose machine that could decrypt a message by trying out all possible keys in less than three days. The machine cost less than $250,000 and searched over 88 billion keys per second.

15 Triple-DES with Two-Keys
hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = EK1[DK2[EK1[P]]] NB: encrypt & decrypt equivalent in security if K1=K2 then can work with single DES standardized in ANSI X9.17 & ISO8732 no current known practical attacks Triple-DES with two keys is a popular alternative to single-DES, but suffers from being 3 times slower to run. Although there are no practical attacks, have some indications of attack approaches. Hence some are now adopting Triple-DES with three keys for greater security.

16 Triple-DES with Three-Keys
The Triple-DES variant was developed after it became clear that DES by itself was too easy to crack. It uses three 56-bit DES keys, giving a total key length of 168 bits. Encryption using Triple-DES encryption using DES with the first 56-bit key decryption using DES with the second 56-bit key encryption using DES with the third 56-bit key C = EK3[DK2[EK1[P]]] Has been adopted by some Internet applications, eg PGP, S/MIME

17 DES variant DESL was first presented at the workshop on RFID security (RFIDSec) in DESL was designed by the Communication Security Group at the Ruhr University Bochum. Key: 56 bit Application: RFID tags (resource constrained devices in general) DESX(x) = K2 + DESKDES(x + K1) Key: 168 bit DESXL(x) = K2 + DESLKDESL(x + K1)

18 Modes of Operation

19 Modes of Operation Block ciphers encrypt fixed size blocks
eg. DES encrypts 64-bit blocks, with 56-bit key need way to use in practise, given usually have arbitrary amount of information to encrypt Four were defined for DES in ANSI standard ANSI X Modes of Use subsequently now have 5 for DES and AES have block and stream modes DES (or any block cipher) forms a basic building block, which en/decrypts a fixed sized block of data. However to use these in practise, we usually need to handle arbitrary amounts of data, which may be available in advance (in which case a block mode is appropriate), and may only be available a bit/byte at a time (in which case a stream mode is used).

20 Electronic Code Book (ECB)
message is broken into independent blocks which are encrypted one at a time each block is a value which is substituted, like a codebook each block is encoded independently of the other blocks Ci = DESK1 (Pi) ECB is the simplest of the modes, where each block is en/decrypted independently of all the other blocks, and is used when only a single block of info needs to be sent (eg. a session key encrypted using a master key).

21 Electronic Codebook Book (ECB)
Stallings Fig 3-11.

22 Limitations of ECB repetitions in message may show in ciphertext
main use is sending a few blocks of data, for example, an encryption key ECB is not appropriate for any quantity of data, since repetitions can be seen, esp. with graphics, and because the blocks can be shuffled/inserted without affecting the en/decryption of each block.

23 Cipher Block Chaining (CBC)
message is broken into blocks but these are linked together in the encryption operation each previous cipher blocks is chained with current plaintext block use Initial Vector (IV) to start process Ci = DESK1(Pi XOR Ci-1) C-1 = IV uses: bulk data encryption, authentication To overcome the problems of repetitions and order independence in ECB, want some way of making the ciphertext dependent on all blocks before it. This is what CBC gives us, by combining the previous ciphertext block with the current message block before encrypting. To start the process, use an Initial Value (IV), which is usually well known (often all 0's), or otherwise is sent, ECB encrypted, just before starting CBC use. CBC mode is applicable whenever large amounts of data need to be sent securely, provided that its available in advance (eg , FTP, web etc)

24 Cipher Block Chaining (CBC)
Stallings Fig 3-12.

25 Advantages and Limitations of CBC
each ciphertext block depends on all message blocks thus a change in the message affects all ciphertext blocks after the change as well as the original block need Initial Value (IV) known to sender & receiver at end of message, handle possible last short block by padding either with known non-data value (eg nulls) or pad last block with count of pad size eg. [ b1 b2 b ] <- 3 data bytes, then 5 bytes pad+count CBC is the generally used block mode. The chaining provides an avalanche effect, which means the encrypted message cannot be changed or rearranged without totally destroying the subsequent data. One issue is how to handle the last block, which may well not be complete. In general have to pad this block (typically with 0's), and then must recognise padding at other end - may be obvious (eg in text the 0 value should usually not occur), or otherwise must explicitly have the last byte as a count of how much padding was used (including the count). Note that if this is done, if the last block IS an even multiple of 8 bytes, will have to add an extra block, all padding so as to have a count in the last byte.

26 Cipher FeedBack (CFB) message is treated as a stream of bits
added to the output of the block cipher result is feed back for next stage standard allows any number of bit (1,8 or 64 or whatever) to be feed back denoted CFB-1, CFB-8, CFB-64 etc is most efficient to use all 64 bits (CFB-64) Ci = Pi XOR DESK1(Ci-1) C-1 = IV uses: stream data encryption, authentication If the data is only available a bit/byte at a time (eg. terminal session, sensor value etc), then must use some other approach to encrypting it, so as not to delay the info. Idea here is to use the block cipher essentially as a pseudo-random number generator (see stream cipher lecture later) and to combine these "random" bits with the message. Note as mentioned before, XOR is an easily inverted operator (just XOR with same thing again to undo). Again start with an IV to get things going, then use the ciphertext as the next input. As originally defined, idea was to "consume" as much of the "random" output as needed for each message unit (bit/byte) before "bumping" bits out of the buffer and re-encrypting. This is wasteful though, and slows the encryption down as more encryptions are needed. An alternate way to think of it is to generate a block of "random" bits, consume them as message bits/bytes arrive, and when they're used up, only then feed a full block of ciphertext back. This is CFB-64 mode, the most efficient. This is the usual choice for quantities of stream oriented data, and for authentication use.

27 Cipher FeedBack (CFB) Stallings Fig 3-13.

28 Advantages and Limitations of CFB
appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends CFB is the usual stream mode. As long as can keep up with the input, doing encryptions every 8 bytes. A possible problem is that if its used over a "noisy" link, then any corrupted bit will destroy values in the current and next blocks (since the current block feeds as input to create the random bits for the next). So either must use over a reliable network transport layer (pretty usual) or use OFB.

29 Output FeedBack (OFB) message is treated as a stream of bits
output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance Ci = Pi XOR Oi Oi = DESK1(Oi-1) O-1 = IV uses: stream encryption over noisy channels The alternative to CFB is OFB. Here the generation of the "random" bits is independent of the message being encrypted. The advantage is that firstly, they can be computed in advance, good for bursty traffic, and secondly, any bit error only affects a single bit. Thus this is good for noisy links (eg satellite TV transmissions etc).

30 Other Symmetric Block Ciphers
International Data Encryption Algorithm (IDEA) Skipjack Blowfish

31 International Data Encryption Algorithm (IDEA)
Developed by Xu Lai & James Massey (ETH Zurich, Switzerland) Characteristics: 64-bits block cipher 128-bits key length Uses three algebraic groups: XOR, + mod 216, x mod 17 rounds (or 8 rounds according to the description) Speed: software 2 times faster than DES ,

32

33 Skipjack is a recent algorithm that was developed in 1987 and put into service in 1993. encrypts and decrypts data in 64-bit blocks using an 80-bit key Skipjack has 32 rounds, meaning the main algorithm is repeated 32 times to produce the ciphertext.

34 Rule A and B

35 Diagram of Rule A and Rule B

36 SkipJack: Encryption & Decryption

37 Blowfish has a 64-bit block size and a variable key length from 0 up to 448 bits 16-round Feistel cipher

38 Structure of Blowfish

39 demo blowfish demo AES http://www.php-einfach.de/blowfish_en.php

Download ppt "(Data Encryption Standard)"

Similar presentations

Cryptography and Network Security Chapter 6 Block Cipher Modes of Operation Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e,

Cryptography and Network Security Chapter 6 Block Cipher Modes of Operation Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e,
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6

Cryptography and Network Security Chapter 6
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CSCE 790G: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790G: Computer Network Security Chin-Tser Huang University of South Carolina.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Applied Cryptography Example: AES. Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know what the key is it's.

Applied Cryptography Example: AES. Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's.
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.

Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
Slide 1 Stream Ciphers uBlock ciphers generate ciphertext Ciphertext(Key,Message)=Message  Key Key must be a random bit sequence as long as message uIdea:

Slide 1 Stream Ciphers uBlock ciphers generate ciphertext Ciphertext(Key,Message)=Message  Key Key must be a random bit sequence as long as message uIdea:
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.

3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.

Similar presentations

Ads by Google