1. CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz

2. Administrative stuff  JCE 1.4.2 available  Extension for HW1  See HW1 FAQ –Generate randomness yourself (not using KeyGenerator) using SecureRandom class –Implement modes yourself, using only calls to DES (via “hack” using ECB)

3. Data Encryption Standard (DES)  Developed in 1977 by NBS  56-bit key, 64-bit input/output –A 64-bit key is derived from 56 random bits –One bit in each octet is a parity-check bit –The “short” key length is a major concern…

4. Concerns about DES  Short key length –DES “cracker”, built for $250K, can break DES in days –Distributing the computation makes it faster –Does not mean “DES is insecure”  Some (theoretical) attacks have been found  Non-public design process

5. 3-DES  Expands the key length  Now, key K = (K 1, K 2 ); |K| = 112  The “new” block cipher is just: –E K1,K2 (m) = DES K1 (DES -1 K2 (DES K1 (m)))  This is a permutation, and invertible  Fairly slow…

6. AES  Public contest sponsored by NIST in ’97 –Narrowed to 5 finalists –4 years of intense analysis  Efficiency and security taken into account  128-bit key length and 128-bit block size (minimum)  Rijndael selected as the AES –Supports variety of block/key sizes

7. Other block ciphers?  No compelling reason to use anything other than AES, in general –Unless (possibly) you have very specific performance requirements –Even then, think twice

8. Chosen-ciphertext attacks  None of the DES modes of encryption are secure against chosen-ciphertext attacks –Examples… –The one-time pad is not secure against chosen- ciphertext attacks either…  Encryption does not provide integrity!

9. Public-Key Encryption, RSA

10. Some basic number theory  Modular arithmetic, Z N, and Z * N  Simple computations with large numbers   (N), Fermat’s theorem