Presentation is loading. Please wait.

Presentation is loading. Please wait.

NET 311 Information Security

Published byΠρόχορος Αυγερινός Modified over 6 years ago

Similar presentations

Presentation on theme: "NET 311 Information Security"— Presentation transcript:

1 NET 311 Information Security
Networks and Communication Department Lec3 : Block Ciphers and the Data Encryption Standard (DES)

2 lecture contents: Simple Modern Ciphers Block and Stream Ciphers
XOR Cipher Rotation Cipher S-boxes and P-boxes Data Encryption Standard (DES) 22-Sep-18 Networks and Communication Department

3 Simple Modern Ciphers Vs Traditional Ciphers
The traditional ciphers are character-oriented; however, Simple Modern Ciphers are bit-oriented. Bit-oriented ciphers are needed because: Information to be encrypted is not just text, it can be graphics, audio, and video data. It provides more security. Modern ciphers is made up of simple ciphers.

4 Block vs Stream Ciphers
block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process messages a bit or byte at a time when en/decrypting many current ciphers are block ciphers better analysed broader range of applications Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”. Block ciphers are currently better analysed, and seem to have a broader range of applications, hence focus on them.

5 Block vs Stream Ciphers
A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used. As with a stream cipher, the two users share a symmetric encryption key (Figure 3.1b). A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. In the ideal case, a one-time pad version of the Vernam cipher would be used (Figure 2.7), in which the keystream (k ) is as long as the plaintext bit stream (p).

6 XOR Cipher An XOR operation needs two data inputs: plaintext and a key. The size of the plaintext, key, and ciphertext are the same. XOR ciphers have a very interesting property: the encryption and decryption are the same.

7 XOR cipher Example: Block: 01101010 XOR Key: 10101100  11000110
22-Sep-18 Networks and Communication Department

8 Rotation Cipher In rotation cipher, the input bits are rotated to the left or right. The rotation cipher can be considered a special case of the transpositional cipher using bits instead of characters

9 NOTES in Rotation Cipher
If the length of the original stream is N, after N rotation, we get the original message. The decryption algorithm for the rotation cipher uses the same key and the opposite rotation direction.

10 Substitution Cipher: S-box
The S-box is normally keyless. The function that matches the input to the output is defined either mathematically or by a table.

11 S-BOXES Simple example: Input : 1010 (4bits) Output: 10 (2bits) *00*
*01* *10* *11* 0**0 01 00 11 10 0**1 1**0 1**1 22-Sep-18 Networks and Communication Department

12 Permutation Cipher: P-box

13 Modern Round Ciphers The ciphers of today are called round ciphers because they involve multiple rounds. Each round is a complex cipher made up of simple ciphers. They key used in each round is a subset or variation of the general key called the round key.

14 Modern Round Ciphers There are three modern symmetric key ciphers:
Data Encryption Standard (DES). Triple DES. Advanced Encryption Standard (AES).

15 Data Encryption Standard (DES)
Inputs: the plaintext must be 64 bits in the lenght and the key is 56 bits (8 bits can be used as parity bits). The bits of m are permuted by a fixed initial permutation to obtain m0= IP(m). M0 = L0 R0 32 bits 32 bits 2. For i=1:16 Do Li= Ri-1 Ri= Li-1 XOR f(Ri-1, ki) Ki: string of 48 bits obtained from the key k 3. Switch left and right then apply the inverse of the initial permutation.

16 Data Encryption Standard (DES)

17 DES Round Structure uses two 32-bit L & R halves
as for any Feistel cipher can describe as: Li = Ri–1 Ri = Li–1  F(Ri–1, Ki) F takes 32-bit R half and 48-bit subkey: expands R to 48-bits using perm E adds to subkey using XOR passes through 8 S-boxes to get 32-bit result finally permutes using 32-bit perm P We now review the internal structure of the DES round function F, which takes R half & subkey, and processes them. The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table that defines a permutation plus an expansion that involves duplication of 16 of the R bits (Table 3.2c). The resulting 48 bits are XORed with Ki This 48-bit result passes through a substitution function that produces a 32-bit output, which is permuted as defined by Table 3.2d. This follows the classic structure for a feistel cipher. Note that the s-boxes provide the “confusion” of data and key values, whilst the permutation P then spreads this as widely as possible, so each S-box output affects as many S-box inputs in the next round as possible, giving “diffusion”.

18 One round in DES ciphers

19 Confusion and Diffusion
cipher needs to completely obscure statistical properties of original message a one-time pad does this combining S & P elements to obtain: diffusion – dissipates statistical structure of plaintext over bulk of ciphertext confusion – makes relationship between ciphertext and key as complex as possible The terms diffusion and confusion were introduced by Claude Shannon to capture the two basic building blocks for any cryptographic system. Shannon's concern was to thwart cryptanalysis based on statistical analysis. Every block cipher involves a transformation of a block of plaintext into a block of ciphertext, where the transformation depends on the key. The mechanism of diffusion seeks to make the statistical relationship between the plaintext and ciphertext as complex as possible in order to thwart attempts to deduce the key. Confusion seeks to make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible, again to thwart attempts to discover the key. So successful are diffusion and confusion in capturing the essence of the desired attributes of a block cipher that they have become the cornerstone of modern block cipher design.

20 DES IP(M) Initial permutation
The initial permutation and its inverse are defined by tables, as shown in Stallings Tables 3.2a and 3.2b, respectively. The tables are to be interpreted as follows. The input to a table consists of 64 bits numbered left to right from 1 to 64. The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64. Each entry in the permutation table indicates the position of a numbered input bit in the output, which also consists of 64 bits. IP(M)

21 DES Example: Find the output of the initial permutation if the input was:

22 The input has only two 1s (bit 25 and 63).
Convert Hex to binary: 0000  0080  0002  The input has only two 1s (bit 25 and 63). Based on the previous permutation table, bit 25 becomes bit 37 and bit 63 becomes 57 of the permutation. 22-Sep-18 Networks and Communication Department

23 DES M IP(M) Bit 37 Bit 57

24 The result of the permutation is :
Therefore, IP(M): The result of the permutation is : 22-Sep-18 Networks and Communication Department

25 Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values brute force search looks hard recent advances have shown is possible in 1997 on Internet in a few months in 1998 on dedicated h/w (EFF) in a few days in 1999 above combined in 22hrs! still must be able to recognize plaintext must now consider alternatives to DES Since its adoption as a federal standard, there have been lingering concerns about the level of security provided by DES in two areas: key size and the nature of the algorithm. With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2*1016 keys. Thus a brute-force attack appeared impractical. However DES was finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF) announced that it had broken a DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000. The attack took less than three days. The EFF has published a detailed description of the machine, enabling others to build their own cracker [EFF98]. There have been other demonstrated breaks of the DES using both large networks of computers & dedicated h/w, including: on a large network of computers in a few months on dedicated h/w (EFF) in a few days above combined in 22hrs! It is important to note that there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext. Clearly must now consider alternatives to DES, the most important of which are AES and triple DES.

26 Triple DES Algorithm: - Encrypt with DES using key1
- Decrypt with DES using key2 - Encrypt with DES using key3 Triple DES has a considerably longer key (3*56=168) 2^168 alternative key 22-Sep-18 Networks and Communication Department

27 AES It has been tested and proved to be very good
Can work with keys consisting of 128 or 192 or 256 bits Used till now. 22-Sep-18 Networks and Communication Department

28 References Cryptography and Network Security: Principles and practice’, William Stallings Fifth edition, 2011. 22-Sep-18 Networks and Communication Department

Download ppt "NET 311 Information Security"

Similar presentations

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard
CSE 651: Introduction to Network Security

CSE 651: Introduction to Network Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CSCI 5857: Encoding and Encryption

CSCI 5857: Encoding and Encryption
Cryptography and Network Security Chapter 3. Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types of cryptographic.

Cryptography and Network Security Chapter 3. Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types of cryptographic.
Confusion and Diffusion1 Ref: William Stallings, Cryptography and Network Security, 3rd Edition, Prentice Hall, 2003.

Confusion and Diffusion1 Ref: William Stallings, Cryptography and Network Security, 3rd Edition, Prentice Hall, 2003.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography and Network Security

Cryptography and Network Security
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google