Foundations of Network and Computer Security J J ohn Black Lecture #6 Sep 10 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Slides:



Advertisements
Similar presentations
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Advertisements

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3
Foundations of Network and Computer Security J J ohn Black Lecture #5 Aug 31 st 2009 CSCI 6268/TLEN 5550, Fall 2009.
Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
Foundations of Network and Computer Security J J ohn Black Lecture #5 Sep 7 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed
Foundations of Network and Computer Security J J ohn Black Lecture #4 Sep 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 31 st 2007 CSCI 6268/TLEN 5831, Fall 2007.
Foundations of Network and Computer Security J J ohn Black Lecture #4 Sep 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 30 st 2005 CSCI 6268/TLEN 5831, Fall 2005.
CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 31 st 2004 CSCI 6268/TLEN 5831, Fall 2004.
Chapter 3 – Block Ciphers and the Data Encryption Standard
CSE 651: Introduction to Network Security
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
Cryptography and Network Security Chapter 3. Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types of cryptographic.
Blowfish A widely used block cipher. Blowfish Designed by Bruce Schneier (1993) A variant of it (Twofish) was an AES finalist candidate 64-bit block size,
9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &
Cryptography Lecture 4 Stefan Dziembowski
Classical &ontemporyryptology 1 AESAES Classical &ontemporyryptology 2 Advanced Encryption Standard Since DES was becoming less reliable as new cryptanalysis.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2015.
Classical &ontemporyryptology 1 Block Cipher Today’s most widely used ciphers are in the class of Block Ciphers Today’s most widely used ciphers are in.
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
Introduction to Information Security Lect. 6: Block Ciphers.
Lecture 23 Symmetric Encryption
Chapter 2 (C) –Advanced Encryption Standard. Origins clearly a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.
Computer and Network Security Rabie A. Ramadan Lecture 3.
Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data Encryption Standard (DES)
© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
Fall 2002CS 395: Computer Security1 Chapters 5-6: Contemporary Symmetric Ciphers Triple DES Blowfish AES.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 7 September 9, 2004.
Module :MA3036NI Symmetric Encryption -3 Lecture Week 4.
The Advanced Encryption Standard Part 1: Overview
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
School of Computer Science and Engineering Pusan National University
Outline Desirable characteristics of ciphers Uses of cryptography
Outline Desirable characteristics of ciphers Uses of cryptography
Foundations of Network and Computer Security
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography Lecture 17.
Presentation transcript:

Foundations of Network and Computer Security J J ohn Black Lecture #6 Sep 10 th 2007 CSCI 6268/TLEN 5831, Fall 2007

Announcements Quiz #1 –Will return Weds –Remote students should have it by today

DES -- Review IP – Initial permutation swaps bits around for hardware purposes Adds no cryptographic strength; same for FP Each inner application of F and the XOR is called a “round” F is called the “round function” The cryptographic strength of DES lies in F DES uses 16 rounds

One Round Key LiLi RiRi F R i+1 L i+1 Each half is 32 bits Round key is 48 bits Is this a permutation (as required)? How do we invert? Note that F need not be invertible with the round key fixed

The DES Round Function

DES Round Function (cont) F takes two inputs –32 bit round value –48 bits of key taken from 56 bit DES key A different subset of 48 bits selected in each round –E is the “expansion” box Turns each set of 4 bits into 6, by merely repeating some bits –S boxes take 6 bits back to 4 bits Non-linear functions and they are the cryptographic heart of DES S-boxes were tweaked by NSA back in the 70’s It is believed that they IMPROVED DES by doing this

Full Description of DES If you want all the gory details Challenge Problem: –Alter the S-boxes of DES any way you like so that with ONE plaintext-ciphertext pair you can recover all 56 key bits –(Warning: you need some linear algebra here) –Hard problem, worth 10 extra credit pts Get it to me within two weeks (Sep 24 th )

So if not DES, then what? Double DES? Let’s write DES(K, P) as DES K (P) Double DES (DDES) is a 64-bit blockcipher with a 112 bit key K = (K1, K2) and is DDES K (P) = DES K2 (DES K1 (P)) We know 112 bits is out of exhaustive search range… are we now secure?

Meet in the Middle Attack With enough memory, DDES isn’t much better than single DES! Attack (assume we have a handful of pt-ct pairs P1,C1; P2, C2; …) –Encipher P1 under all 2 56 possible keys and store the ciphertexts in a hash table –Decipher C1 under all 2 56 possible keys and look for a match –Any match gives a candidate 112-bit DDES key –Use P2, C2 and more pairs to validate candidate DDES key until found

Meet in the Middle (cont) Complexity – = 2 57 DES operations –Not much better than the 2 55 expected DES operations for exhaustive search! –Memory requirements are quite high, but there are techniques to reduce them at only a slightly higher cost –End result: no one uses DDES

How about Triple-DES! Triple DES uses a 168-bit key K=(K1, K2, K3) TDES K (P) = DES K3 (DES K2 (DES K1 (P))) No known attacks against TDES –Provides 112-bits of security against key-search –Widely used, standardized, etc –More often used in “two-key triple-DES” mode with EDE format (K is 112 bits like DDES): TDES K (P) = DES K1 (DES -1 K2 (DES K1 (P))) –Why is the middle operation a decipherment?

AES – The Advanced Encryption Standard If TDES is secure, why do we need something else? –DES was slow –DES times 3 is three times slower –64-bit blocksize could be bigger without adding much cost –DES had other annoying weakness which were inherited by TDES –We know a lot more about blockcipher design, so time to make something really cool!

AES Competition NIST sponsored a competition –Individuals and groups submitted entries Goals: fast, portable, secure, constrained environments, elegant, hardware-friendly, patent- free, thoroughly analyzed, etc –Five finalists selected (Aug 1999) Rijndael (Belgium), MARS (IBM), Serpent (Israel), TwoFish (Counterpane), RC6 (RSA, Inc) –Rijndael selected (Dec 2001) Designed by two Belgians

AES – Rijndael Not a Feistel construction! –128 bit blocksize –128, 192, 256-bit keysize –SP network Series of invertible (non-linear) substitutions and permutations –Much faster than DES About 300 cycles on a Pentium III –A somewhat risky choice for NIST

Security of the AES Some close calls in 2004 (XL attack) –Can be represented as an overdetermined set of very sparse equations –Computer-methods of solving these systems would yield the key –Turns out there are fewer equations than previously thought –Seems like nothing to worry about yet

Block Ciphers – Conclusion There are a bunch out there besides AES and DES –Some are pretty good (IDEA, TwoFish, etc) –Some are pretty lousy LOKI, FEAL, TEA, Magenta, Bass-O-Matic If you try and design your own, it will probably be really really bad –Plenty of examples, yet it still keeps happening

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.