Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

Published byKristian Oliver Modified over 9 years ago

Similar presentations

Presentation on theme: "DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION."— Presentation transcript:

1 DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION

2 Overview In this Module, we shall learn about the basis of two commonly used encryption standards:- - DES (Data Encryption Standard) - AES (Advanced Encryption Standard) Both are based on symmetric block encryption What is block encryption?

3 Stream Cipher Vs. Block Cipher Stream Cipher One symbol of plaintext is immediately convert into its symbol in cipher text E.g. Caesar cipher, Vernam cipher. Block Cipher A group of plaintext symbols is converted into its equivalent group of cipher text symbols E.g. Columnar transposition cipher.

4 Stream Cipher Vs. Block Cipher (cont.) EncryptionStream CipherBlock Cipher Advantages High speed Low error propagation High diffusion Immunity towards insertion of symbols Disadvantages Low diffusion Susceptible towards insertion of symbols Slow speed High error propagation ** Read page 60-61

5 Overview of DES Use a combination of substitution and transposition approaches. Consists of 16 cycles of the above said combination. Use block encryption where 1 block is a fixed size of 64 bits. Use symmetric encryption where the size of a key 64 bits – in actual only 56 bits of key is used (i.e. 8 bits are not used, instead are replaced by a 8 bits of parity code) The key in DES is also shifted and permutated. DES can be implemented via software or hardware.

6 Overview of DES (cont.) Prior to the 16 cycles of substitution and transposition approaches, the 64 bits of a block plaintext goes through Initial Permutation. Following the 16 cycles of substitution and transposition approaches, the 64 bits of a block cipher text goes through Inverse Initial Permutation.

7 Overview of DES (cont.) A cycle in DES Left Half DataRight Half Data Substitution Permutation Right Half Data Left Half Data Key Shifted Key Permuted ** Read page 644 – 649 It resembles the Feistel- function which substitutes and scrambles half a block together with the key. The output is then combined with the other half of the block by using the XOR function, and finally the halves are swapped. Note: the key is also shifted and permuted

8 Left Half DataRight Half Data f Left Half Data Key Shifted Key Permuted k1k1 K Input Initial permutation

9 Overview of DES (cont.) DES is vulnerable to an attack called “Differential Cryptanalysis.” The number of actual bits required for the key is known, which is fixed at 56 bits. So, for brute force attack, we need to try 2 56 different keys to break the system. Though 2 56 is a large number of attempts, with today’s super computer capability this can be done within a day’s limit (and it has been proven so!!). Thus, the vulnerability of DES leads to the introduction of Triple DES (written as 3DES) and AES.

10 Triple DES Triple DES uses longer bits of key compared to DES (i.e. 112 bits or 168bits depending whether the key is broken down into 2 or 3 sub-keys), thus providing for better security. Since it is based on the DES algorithm, it is very easy to modify existing software to use Triple DES. The procedure for encryption is exactly the same as regular DES, but it is repeated three times, hence the name Triple DES. The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key. Triple DES runs three times slower than standard DES.

11 Triple DES (cont.) There are three keying options defined in ANSI X9.52 for 3DES: (1) the three keys k 1, k 2 and k 3 are independent (2) k 1 and k 2 are independent, but k 1 = k 3 (3) k 1 = k 2 = k 3 Note: The third option makes triple-DES backward compatible with DES. C=E(k3, D(k2, E(k1,P)))

12 Overview of AES It is based on Rijndale algorithm. Use a combination of substitution and a couple of transpositions approaches together with a keying function. Consists of n rounds of the above said combination, where n depends on the key length (i.e. unlike DES, the length of AES key varies amongst 3 types). Use block encryption where 1 block is a fixed size of 128 bits. Use symmetric encryption where the size of a key can either be 128 bits (still double the size of DES 64 bits of key!!), 192 bits, or 256 bits, where the number of n rounds are 9, 11 and 13 respectively.

13 Overview of AES (cont.) In AES, the block of 128 bits are treated as individual 4*4 matrix of bytes (i.e. a total of 16 matrices) Each round in AES consists of 4 steps:- (1) Byte Substitution by substituting each byte in a block based on a substitution table. Byte1Byte5Byte9Byte13 Byte2Byte6Byte10Byte14 Byte3Byte7Byte11Byte15 Byte4Byte8Byte12Byte16

14 Overview of AES (cont.) (2) Shift row each row n is left shifted (n-1) byte as follows: Byte1Byte5Byte9Byte13 Byte2Byte6Byte10Byte14 Byte3Byte7Byte11Byte15 Byte4Byte8Byte12Byte16 Byte1Byte5Byte9Byte13 Byte6Byte10Byte14Byte2 Byte11Byte15Byte3Byte7 Byte16Byte4Byte8Byte12 Before After

15 Overview of AES (cont.) (3) Mix column Each column is multiplied by a defined matrix resulting the bits to be shifted left n places, where n is an element in the matrix of the multiplier (e.g. if *2 = binary 10, then bits are shifted left 2 places) followed by Exclusive OR (XOR) operation with themselves 2311 1231 1123 3112

16 Overview of AES (cont.) (4) Adding subkey A portion of the key, which is unique to this round is added with the previous result using Exclusive OR (XOR) function. The key of AES will go through a combination of transformation and substitution on every round. AES is more difficult to be cracked compared to DES since its key is longer and of variable length, as well as the number of rounds is also not fixed to one. AES is faster than 3DES too!! You may go here http://www.cs.bc.edu/~straubin/cs381- 05/blockciphers/rijndael_ingles2004.swf to experience the simulation of AES… http://www.cs.bc.edu/~straubin/cs381- 05/blockciphers/rijndael_ingles2004.swf

17 Problem with Symmetric Cryptography Key Distribution Key Management secret key 1 secret key 3 secret key 5 secret key 4 secret key 2

18 Symmetric Vs. Asymmetric Cryptography The encryption key is the same as the decryption key K e =K d OR K d can be easily derived from K e This system provides security as long as the key remains secret. It requires a pair of keys, where it allow one key to be publicized for encryption, whereas only proper recipient who knows the decryption key can decrypt the message. The encryption key is called public key and the decryption key is called secret / private key.

19 Private Key Protection It should provide the necessary level of protection Its lifetime should correspond with how often it is used & the sensitivity of the data it is protecting It should be changed frequently and not used past its allowed lifetime It should be properly destroyed at the end of its lifetime It should never be exposed in clear text No copies of the key should be made if it is used for digital signatures It should not be shared It should be stored securely It should be transported to securely

20 DATA & COMPUTER SECURITY (CSNB414) --END--

Download ppt "DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Making “Good” Encryption Algorithms

Making “Good” Encryption Algorithms
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Similar presentations

Ads by Google