Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Published byMoses Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011."— Presentation transcript:

1 ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011 1

2 Secret Key Cryptography Block cipher DES 3DES AES 2

3 Generic Block Encryption Block cipher: encryption/decryption in which a fixed- length block of plaintext is mapped to a ciphertext block of equal length Random mapping: when any one bit of plaintext changes, every bit in ciphertext has 50% chance to change Substitution: space complexity O(k 2^k) for k-bit blocks Permutation: space complexity O(k logk) for k-bit blocks Fixed key length: can be the same length as the block or different 3

4 Example of Block Encryption 4 Figure 3-1:

5 Diffusion and Confusion 5 Shannon’s proposal in 1949: develop a product cipher that alternates confusion and diffusion functions Diffusion: the statistical structure of the plaintext is dissipated into long-range statistics of the ciphertext by having each plaintext digit affect the value of many ciphertext digits Confusion: make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible to thwart attempts to discover the key They capture the essence of the desired attributes of a block cipher

6 Data Encryption Standard (DES) 6 Designed by IBM and published by NIST in 1977 64-bit input block  64-bit output block with 56-bit key Not secure anymore: key size must be increased by 1 bit every 2 years 3DES: 112-bit key

7 DES Overview 7 Figure 3-2: Basic Structure of DES

8 Permutations of The Data 8 Do not enhance security

9 Initial and Final Permutations 9 Reverse the arrows for final permutation

10 Generating Per-Round Keys 10 Initial permutation of key

11 Generating Per-Round Keys 11 16 48-bit keys generated A subset of 48-bit from the 56 bits Figure 3-5: Round i for generating K i

12 Generating Per-Round Keys 12 Permutations for obtaining left and right halves of key

13 A DES Round 13 Figure 3-6: DES round

14 Mangler Function 14 R is expanded from 32-bit to 48-bit

15 Mangler Function 15 Figure 3-8: Chunk transformation Each S-box is a 6-bit to 4-bit decoder, or 4 4-bit to 4-bit

16 S-Box 16 A substitution which produces a 4-bit output for each possible 6-bit input The 4-bit output of each of the 8 S-boxes is combined into a 32-bit quantity whose bits are then permuted The permutation ensures: bits of the output of an S-box on one round of DES affects the input of multiple S-boxes on the next round Output bits of S-box should not be close to a linear function of input bits

17 S-Boxes 17 Each S-box is a 6-bit to 4-bit decoder, or 4 4-bit to 4-bit Showing 2 S-boxes… There are 8 S-boxes producing 32-bit Mangle Function output

18 Permutation of the 32-bit Ouptut 18 This permutation is random looking, may be of some security value

19 Design Parameters 19 Block size: larger block sizes mean greater security but reduced encryption/decryption speed for a given algorithm Key size: larger key size means greater security but may decrease encryption/decryption speed Number of rounds: multiple rounds offer increasing security, more is not better, sufficient is good enough Key generation algorithm: greater complexity in this algorithm should lead to greater difficulty of cryptanalysis Round function: greater complexity generally means greater resistance to cryptanalysis

20 The Avalanche Effect 20 Desired property of encryption: a change in one bit of the plaintext or one bit of the key should produce a change in many bits of the ciphertext Table (a): two plaintext with 1-bit difference and a single key are selected Table (b): two keys with 1- bit difference and a single plaintext are selected

21 Attacks on DES 21 Brute-force attack: 56-bit key size not long enough 4 weak and 12 semi-weak keys: when C 0 and D 0 are one of 4 values, 1111…, 0000…, 1010…, 0101… Cryptanalysis by exploiting weakness in S-box design Differential cryptanalysis: observe the behavior of pairs of text blocks evolving along each round of the cipher, can find a DES key given 2 47 chosen plaintexts Linear cryptanalysis: finding linear approximations to describe the transformations performed in DES, can find a DES key given 2 43 known plaintexts Timing attacks: information about the key or the plaintext is obtained by observing how long to decrypt various ciphertexts

22 Multiple Encryption DES 22 Encrypting twice with the same key: Problem? Encrypting twice with two keys: Problem? (Read [Kaufman] 4.4.1.2 on page 111)

23 Triple DES (3DES) 3 DES encryptions with 2 keys: 64-bit block, 112-bit key Why three encryptions, not less or more? Why two keys, not three? Why EDE, not EEE or EDD? 23 Encryption Decryption

24 Other Block Ciphers IDEA: International Data Encryption Algorithm, 64-bit block, 128-bit key AES: Advanced Encryption Standard, 128- bit block, 128/192/256-bit key 24

25 AES Rijndael: invented by Belgian cryptographers AES parameters: 25

26 AES Overview 26

27 AES Example 27 N b = 4 N k = 4 N r = 6+max(N b,N k ) = 10

28 Key Expansion 128-bit or 4 cols. of 4-byte key is expanded to 11 cols. In general, needs (N r +1)N b columns of key 28

29 An Encryption Round 29

30 Substitute Bytes SubBytes: table lookup with a 16x16 S-box of bytes Substitute byte transformation: 30

31 AES S-Box Hex: 95  2A 31 S-Box

32 Example of SubBytes 32 State Matrices

33 An Encryption Round 33

34 ShiftRows Shift row transformation: Example: 34

35 Mixcolumn Table 35

36 Lookup Using Mixcolumn Table 36 The MixColumn operation is omitted in the last, i.e., N r th round

37 An Encryption Round 37

38 AddRoundKey Columnwise operation: the128-bit state is bitwise XORed with the 128-bit round key 38 State MatrixRound Key Matrix

39 Summary: Four Stages One permutation and three substitutions Substitute bytes: uses an S-box to perform a byte-by- byte substitution of the block ShiftRows: a simple permutation MixColumns: a substitution that makes use of arithmetic over GF(2 8 ) AddRoundKey: a simple bitwise XOR of the current block with a portion of the expanded key Each stage is easily reversible—decryption 39

40 The Decryption We sure can run the encryption backwards But for AES we can keep the encryption process except For SubBytes: use an inverse S-box that has a similar lookup table to S-box For ShiftRows: shift the same amount but to the right For MixColumns: use an InvMixColumn table that is similar to the Mixcolumn table, skip this step in the last round For AddRoundKey: keep the same AddRoundKey in encryption because XOR is its own inverse The order of round keys is reversed, i.e., K N r is applied first and K 0 last 40

41 Now We Have Every Piece of The Puzzle Let’s work through an AES encryption on board… Then verify the result using an AES calculator… 41

42 Strength of Rijndael Resistant to brute-force attack Resistant to differential and linear cryptanalysis 42

43 Reading Assignments [Kaufman] Chapter 3, 4.4, 8.5 43

Download ppt "ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
The Advanced Encryption Standard (AES) Simplified.

The Advanced Encryption Standard (AES) Simplified.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Advanced Encryption Standard

Advanced Encryption Standard
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

Similar presentations

Ads by Google