1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography

2 CPCS425: Information Security (Topic 5) Overview  Block Cipher Definition  S-DES (to help you to understand DES)  The DES (Data Encryption Standard)  Triple DES (or 3DES)  An Example Use of DES  The AES (Advanced Encryption Standard)  (Other) Symmetrical Cryptosystems Summary  Stream Ciphers vs Block Ciphers  Conclusions  source: chapters 3 of Cryptography and Network Security

3 CPCS425: Information Security (Topic 5) Block Cipher Definition  Block ciphers operate on blocks of plaintext and ciphertext.  The block size n should be reasonably large, e.g. n  64 bits, to prevent dictionary attacks.  The encryption function is usually complex: C=E K (M).  We must have a decryption function which satisfies: M=D K (C).  Most modern cryptosystems are block ciphers.  We pick DES to illustrate how symmetrical cipher works.  S-DES next will help you to understand the DES algorithm.

4 CPCS425: Information Security (Topic 5) Simplified DES (S-DES) (1/5) - The whole picture

5 CPCS425: Information Security (Topic 5) S-DES (2/5): The whole picture  The 10-bit key K undergoes a serial of operations consisted of permutation (P), left shift (LS) and permutation/contraction (P8) to produce two 8-bit sub-keys, k 1 and k 2.  The two sub-keys are used by the complex function F in two rounds.  The complex function F consists of Expansion/Permutation (E/P), XOR, Substitution Box (S-Box), and Permutation (P4).

6 CPCS425: Information Security (Topic 5) S-DES (3/5): Major encryption functions 1st 4th - row 2nd 3rd - col

7 CPCS425: Information Security (Topic 5) S-DES (4/5): Proof IP -1 is the inverse of IP IP: A 1 A 2 A 3 A 4 A 5 A 6 A 7 A 8 A 2 A 6 A 3 A 1 A 4 A 8 A 5 A 7 B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 IP -1 : B 4 B 1 B 3 B 5 B 7 B 2 B 8 B 6 A Question for you: Can you tell the difference between E (encryption algorithm) and D (decryption algorithm) in S-DES?

8 CPCS425: Information Security (Topic 5) S-DES (5/5): S-DES vs DES  To summarise, the encryption can be described as IP -1 o f k2 o SW o f k1 o IP  Relationship to DES  DES operates on 64-bits blocks of input, has 16 rounds of permutation and substitution operations, and uses a 56-bit key (K).  The encryption can be described as: IP -1 o f k16 o SW o f k15 o SW o … o SW o f k1 o IP

9 CPCS425: Information Security (Topic 5) The DES (1/7) - Some facts (1/2)  It is a symmetric cryptography - encryption/decryption keys are the same.  It is essentially a block cipher - block length is 64 bits.  Length of key K is 56 bits (56-bit key is widely regarded as insufficient).  The subkeys k 1, k 2 …, k 16 are each 48-bits, generated from key K.  The DES decryption algorithm is the same as the encryption one; the only difference is that the keys for each round must be used in the reverse order.  The algorithm public, but the design principles are kept secret.

10 CPCS425: Information Security (Topic 5) The DES (2/7): Some facts (2/2)  It is mainly used for encryption of message contents - confidentiality.  It is more efficient than asymmetric cryptosystems.  No serious flaws or exploitable vulnerabilities have been reported in the design of DES.  But its weakness is 56-bit key - which is good enough to deter casual DES key browsing, but not for a dedicated adversary who is after a specific DES ciphertext of significant interest.  DES is a de facto international standard for banking security.

11 CPCS425: Information Security (Topic 5) The DES (3/7) - Modes of operation  Any block ciphers can be used in a variety of operational modes. Understanding them and choosing the right one for the job is an important factor in using a block cipher securely.  Here we use DES as an example block cipher to illustrate two (mostly commonly used) modes of operation in block ciphers:  ECB (electronic codebook) mode  CBC (cipher block chaining) mode  This modes of operation are applicable to all block ciphers! – e.g. RSA.

12 CPCS425: Information Security (Topic 5) The DES (4/7) - Electronic codebook (ECB) mode

13 CPCS425: Information Security (Topic 5) The DES (5/7) - Cipher block chaining (CBC) mode (1/2)

14 CPCS425: Information Security (Topic 5) The DES (6/7) - Cipher block chaining (CBC) mode (2/2)  This mode is effective at disguising any patterns in the plaintext.  CBC mode is used in most commercial applications that encrypt more than one blocks.

15 CPCS425: Information Security (Topic 5) The DES (7/7) - Strength  Built-in trapdoors might be placed in secret boxes.  Use of a 56-bit key that can be broken on average in 2 56 (i.e. 7.2 * ) trials.  trials/second time required  years  years  years  year  hours  a DES chip does 1 million encryptions per second.  a million chips in parallel do trials per second.  estimated cost is in 10s of millions of US dollars.

16 CPCS425: Information Security (Topic 5) Triple-DES  What is triple-DES?  To get round problems of short DES key, triple-DES is increasingly common.  This involves using two DES keys (K 1, K 2 ), encryption algorithm E, and decryption algorithm D: C=E K1 (D K2 (E K1 (M)))  The use of D here does not have any security implication, it just makes triple-DES backward compatible if K 1 =K 2.  Properties  More secure than DES, as effective key length now is 112- bits; But it is slower than DES.

17 CPCS425: Information Security (Topic 5) An example use of DES

18 CPCS425: Information Security (Topic 5) The AES (1/2) - Background  In the near term, triple DES is strong enough. But an improvement in processor speeds and number of parallel computers threatens it, too.  In 1997, a call was issued by NIST for a new encryption system.  The standard aims  Security - bigger key sizes.  Cost - fast in software too.  Algorithm and implementation characteristics - fast & easy.  The finalist candidates were MARS, RC6, Rijndael, Serpent, and Twofish.  Rijndael was selected as it offered the best combination of security, performance, ease of implementation and flexibility.  In 2001, Rijndael was formally nominated as the AES standard.

19 CPCS425: Information Security (Topic 5) The AES (2/2) - the Details  AES is a block cipher, block size is 128 bits (others are allowed but not recognised by the standard).  The key length can be 128, 192, or 256 bits.  It is a substitution-permutation cipher involve n rounds:  for key length=128 bits, n=9;  for key length =192 bits, n=11; and  for key length =256 bits, n=13.  It has been subjected to extensive cryptanalysis, but no significant problems have been found to date.  For now, the AES seems a solid replacement for the DES.

20 CPCS425: Information Security (Topic 5) (Other) Conventional Cryptosystems (2/2) - Summary

21 CPCS425: Information Security (Topic 5) Stream Ciphers vs Block Ciphers

22 CPCS425: Information Security (Topic 5) Conclusions (1/2)  Modern symmetric ciphers come in two variants: block ciphers and stream ciphers.  The mostly used block cipher is used to be DES.  A comparatively recent block cipher is the AES, called Rijndael.  Both DES and AES obtain their security by repeated application of simple rounds consisting of substitution, permutation, shift and key addition.

23 CPCS425: Information Security (Topic 5) Conclusions (2/2)  To use a block cipher one needs to also specify a mode of operation:  the simplest mode is ECB mode, which has problems associated with it:  same plaintext will always generate same ciphertext;  suffers from possible insertion/deletion attacks.  Hence it is common to use a more advanced mode such as CBC mode.  Symmetrical cryptography is reasonably secure, more efficient, and more suitable for encryption of large messages - provide message confidentiality.  But it has key exchange problem and does not support non- repudiation.