Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 8 September 14, 2004.

Similar presentations


Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 8 September 14, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 8 September 14, 2004

2 Computer Science and Engineering Contents  Announcements  More on DES  Advanced Encryption Standard (AES)  Saeed’s Presentation

3 Computer Science and Engineering Guest Lecture on 9/16 Electronic Crimes – Secret Service

4 Computer Science and Engineering Five Security Articles IEEE Computer, June 2004 1.Securing the High-Speed Internet, pp 33 2.Computer Security in the Real World, pp 37 3.Worm Epidemics in High-Speed Networks, pp 48 4.Making the Gigabit IPsec VPN Architecture Secure, pp 54 5.A Quantitative Study of Firewall Configuration Errors, pp62

5 Computer Science and Engineering Solution of Group Work on 9/9 Find keys d and e for the RSA cryptosystem with p = 7 and q = 11. Solution P*q = 77 (p-1) * (q-1) = 60 d = 13 e = 37 13 * 37 = 481 = 1 mod 60

6 Computer Science and Engineering Does DES Work?  Differential Cryptanalysis Idea  Use two plaintext that barely differ  Study the difference in the corresponding cipher text  Collect the keys that could accomplish the change  Repeat

7 Computer Science and Engineering Handouts  3-round baby DES  Why the initial permutation?  Why 16 rounds?  Why these particular S-boxes?

8 Computer Science and Engineering Cracking DES During the period NBS was soliciting comments on the proposed algorithm, the creators of public key cryptography, Martin Hellman and Whitfield Diffie, registered some objections to the use of DES. Hellman wrote: "Whit Diffie and I have become concerned that the proposed data encryption standard, while probably secure against commercial assault, may be extremely vulnerable to attack by an intelligence organization" (letter to NBS, October 22, 1975).

9 Computer Science and Engineering Cracking DES (cont.) Diffie and Hellman then outlined a "brute force" attack on DES. (By "brute force" is meant that you try as many of the 2^56 possible keys as you have to before decrypting the ciphertext into a sensible plaintext message.) They proposed a special purpose "parallel computer using one million chips to try one million keys each" per second, and estimated the cost of such a machine at $20 million.

10 Computer Science and Engineering Cracking DES (cont.) In 1998, under the direction of John Gilmore of the EFF (Electronic Frontier Foundation), a team spent $220,000 and built a machine that can go through the entire 56-bit DES key space in an average of 4.5 days. On July 17, 1998, they announced they had cracked a 56-bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each containing 64 chips, and is capable of testing 90 billion keys a second.

11 Computer Science and Engineering Cracking DES (cont.) In early 1999, Distributed. Net used the DES Cracker and a worldwide network of nearly 100,000 PCs to break DES in 22 hours and 15 minutes. The DES Cracker and PCs combined were testing 245 billion keys per second when the correct key was found. In addition, it has been shown that for a cost of one million dollars a dedicated hardware device can be built that can search all possible DES keys in about 3.5 hours. This just serves to illustrate that any organization with moderate resources can break through DES with very little effort these days.

12 Computer Science and Engineering The Birth of AES As computers became progressively faster and more powerful, it was recognized that a 56-bit key was simply not large enough for high security applications. As a result, NIST (New name of NBS) abandoned their official endorsement of DES in 1997 and began work on a replacement, to be called the Advanced Encryption Standard (AES). Despite the growing concerns about its vulnerability, DES is still widely used by financial services and other industries worldwide to protect sensitive on-line applications.

13 Computer Science and Engineering DES Group Exercise What would be the 64-bit output of round 1 be using the plaintext and key given below (in hexadecimal format): P = 2D 75 F4 DB A3 3E 3F 89 K = D4 3C B1 9A E4 90 D7 C6

14 Computer Science and Engineering Advanced Encryption Standard (ASE) -NIST, call 1997 -One was selected out of five -Rijndael (Rine dahl)  Vincent Rijmen & Joam Daemen -In 2001, it was formally adopted by US -9, 11, 13 cycles (rounds) for keys of 128, 192, 256 bits

15 Computer Science and Engineering ASE (cont) -Each cycle consists of 4 steps - Byte substitution (BSB) - Shift row (SR) - Mix column (MC) - Add Round key (ARK)

16 Computer Science and Engineering ASE Overview Plaintext (128)ARKSubkey0 Ciphertext (128)ARKSubkey10 SR BSB 9 rounds

17 Computer Science and Engineering Round i BSB ARKSubkeyi CM SR

18 Computer Science and Engineering State -128-bit block  4 x 4 matrix -128 bits  b0, b1, b2,.., b15 b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15

19 Computer Science and Engineering 4 Operations 1. s[i,j]  s’[i,j] (predefined substitution table, Table 10-11 page 663) 2. Rows – left circular shift 3. The 4 elements in each column are multiplied by a polynomial 4. Key is derived and added to each column

20 Computer Science and Engineering Exercise Using the table, Find the substitution of 6b, ff, 6e, 09

21 Computer Science and Engineering Shift Row 15913 610142 111537 164812 15913 261014 371115 481216

22 Computer Science and Engineering Mix Column 2311 1231 1123 3112 = * Multiplying by 1  no change Multiplying by 2  shift left one bit Multiplying by 3  shift left one bit and XOR with original value More than 8 bits  100011011 is subtracted

23 Computer Science and Engineering Exercise 2311 1231 1123 3112 e5 a8 6f 33 = ? ? ? ? *

24 Computer Science and Engineering Add Key b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 b’ x bxbx kxkx = XOR

25 Computer Science and Engineering Example k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12 B = e5 a8 6f 33 0a 52 31 9c c2 75 f8 1e b0 46 de 3a B’ = fa 9c 63 9e 50 7b 8a ed ac d6 68 ef f7 90 55 28

26 Computer Science and Engineering Key Generation 4 bytes Circular left shift 1byte S-box X-OR Round constant

27 Computer Science and Engineering Round Constant Table RoundRound Constant (hex) 101 00 00 00 202 00 00 00 304 00 00 00 408 00 00 00 510 00 00 00 620 00 00 00 740 00 00 00 880 00 00 00 91b 00 00 00 Final36 00 00 00

28 Computer Science and Engineering Group Exercise Final 4 bytes = 47 d6 8b 12 After shift = d6 8b 12 47 Find the next sub key k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12


Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 8 September 14, 2004."

Similar presentations


Ads by Google