David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 3: Striving for Confusion Structures.

Slides:



Advertisements
Similar presentations
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Advertisements

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard
Cryptography and Network Security
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 4: Captain Ridley’s Shooting Party.
Modern Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.
Chapter 3 – Block Ciphers and the Data Encryption Standard
CSE 651: Introduction to Network Security
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
The Digital Encryption Standard CSCI 5857: Encoding and Encryption.
Lecture 2 Overview.
Encryption Presentation Jamie Roberts. Encryption Defined: n The process of converting messages, information, or data into a form unreadable by anyone.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Cryptography and Network Security Chapter 3. Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types of cryptographic.
David Evans CS200: Computer Science University of Virginia Computer Science Lecture 12: Decrypting Work Circle Fractal.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Introduction to Cryptography Techniques How secure is that banking network traffic?
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 6: Striving for Confusion Structures.
CSCI 5857: Encoding and Encryption
Data Security and Encryption (CSE348) 1. Lecture # 6 2.
1 Lect. 7 : Data Encryption Standard. 2 Data Encryption Standard (DES)  DES - History 1976 – adopted as a federal standard 1977 – official publication.
Chapter 2 (B) – Block Ciphers and Data Encryption Standard.
Classical &ontemporyryptology 1 Block Cipher Today’s most widely used ciphers are in the class of Block Ciphers Today’s most widely used ciphers are in.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Computer Security Cryptography. Cryptography Now and Before  In the past – mainly used for confidentiality  Today –Still used for confidentiality –Data.
Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.
Lecture 23 Symmetric Encryption
Cracking the DES Encryption
Computer and Network Security Rabie A. Ramadan Lecture 3.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
Block Cipher- introduction
David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 4: Dissin’ DES The design took.
Data Encryption Standard (DES) most widely used block cipher in world adopted in 1977 by NBS (now NIST) – as FIPS PUB 46 encrypts 64-bit data using 56-bit.
CS 150 – Computing: From Ada to the Web Cryptography.
Lecture 3 Overview. Ciphers The intent of cryptography is to provide secrecy to messages and data Substitutions – ‘hide’ letters of plaintext Transposition.
Module :MA3036NI Symmetric Encryption -3 Lecture Week 4.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.
Data Encryption Standard (DES) Financial companies found the need for a cryptographic algorithm that would have the blessing of the US government (=NSA)
Lecture 4 Data Encryption Standard (DES) Dr. Nermin Hamza
6b. Practical Constructions of Symmetric-Key Primitives.
Outline Desirable characteristics of ciphers Uses of cryptography
Outline Desirable characteristics of ciphers Uses of cryptography
Lecture 3: Symmetric Key Encryption
NET 311 Information Security
Lecture 5: Enigma Concluded Bletchley Park (June 2004)
Lecture 4: Striving for Confusion
Modern Cryptography.
Presentation transcript:

David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 3: Striving for Confusion Structures have been found in DES that were undoubtedly inserted to strengthen the system against certain types of attack. Structures have also been found that appear to weaken the system. Lexar Corporation, “An Evalution of the DES”, 1976.

30 Aug 2000University of Virginia CS 5512 Menu Recap Last Time Enigma Projects Intro to Block Ciphers

30 Aug 2000University of Virginia CS 5513 Last Time Cipher is perfect:  i, j : p (M i |C j ) = p (M i ) Given any ciphertext, the probability that it matches any particular message is the same. Equivalently,  i, j : p (C i |M j ) = p (C i ) Given any plaintext, the probability that it matches any particular ciphertext is the same.

30 Aug 2000University of Virginia CS 5514 Slanted One-Time Pad Is one-time pad constructed with bad random number generator: p(K i = 0) =.51 C i = P i  K i perfect?

30 Aug 2000University of Virginia CS 5515 Slanted One-Time Pad What is p(M = 0000 | C = 1111) ? = p(K 0 = 1) * p(K 1 = 1) * p(K 2 = 1) * p(K 3 = 1) =.49 4 = What is p(M = 1111 | C = 1111) ? = p(K 0 = 0) * p(K 1 = 0) * p(K 2 = 0) * p(K 3 = 0) =.51 4 =

30 Aug 2000University of Virginia CS 5516 Imperfect Cipher To prove a cipher is imperfect: –Find a ciphertext that is more likely to be one message than another –Show that there are more messages than keys Implies there is some ciphertext more likely to be one message than another even if you can’t find it.

30 Aug 2000University of Virginia CS 5517 Enigma Invented commercially, 1923 Adopted by Nazi’s About 50,000 in use Modified throughout WWII, believed to be perfectly secure [Kahn67] didn’t know it was broken Turing’s 1940 Treatise on Enigma declassified in Enigma machine at NSA Museum

30 Aug 2000University of Virginia CS 5518 Enigma Mechanics Three rotors (chosen from 5), scambled letters Each new letter, first rotor advances Other rotors advance when previous one rotates Reflector Plugboard

30 Aug 2000University of Virginia CS 5519 Setup Plugboard: 6 cables to swap letters Rotors: Order of 3 rotors chosen from 5 Orientations: Initial positions of rotors (each rotor has 26 letters) What is H(K)?

30 Aug 2000University of Virginia CS Entropy of Enigma K = ((26 *25) * (25 *25) * (24*24) * (23 * 23) * (22 * 22) * (21 * 21)) * (5 * 4 * 3) * (26 * 26 * 26) = 2.9 * H(K) = log 2 K  75 U = H(K)/D German  25.5 Plugboard swaps 6 letters 3 wheels choosen from 5 Wheel orientations

30 Aug 2000University of Virginia CS Operation Day key (distributed in code book) Each message begins with message key (“randomly” choosen by sender) encoded using day key Message key sent twice to check After receiving message key, re-orient rotors according to key

30 Aug 2000University of Virginia CS Rejewski’s Cryptanalysis Poland in late 1930s –French spy acquired Enigma design documents Looked for patterns in repeated day key Gives clues to relationships of rotors –With enough day key messages could eliminate effect of plugboard swaps Reduced key space to 105,456 (orientations * rotors) –Brute force trial of each setting built up a table mapping key relationships to settings

30 Aug 2000University of Virginia CS Early 1939 – Germany changes scamblers and adds extra plugboard cables, stop double-transmissions –Poland unable to cryptanalyze July 1939 – Rejewski invites French and British cryptographers –It is actually breakable –Gives England replica Enigma machine constructed from plans

30 Aug 2000University of Virginia CS Bletchley Park Alan Turing leads British effort to crack Enigma Use cribs (“WETTER” transmitted every day at 6am) Still needed to brute force check ~1M keys. Built “bombes” to automate testing

30 Aug 2000University of Virginia CS Enigma Cryptanalysis Relied on combination of sheer brilliance, mathematics, espionage, operator errors, and hard work Huge impact on WWII –Britain knew where German U-boats were –Advance notice of bombing raids –But...keeping code break secret more important than short-term uses

30 Aug 2000University of Virginia CS Questions? End of classical ciphers.

30 Aug 2000University of Virginia CS Projects Preliminary Proposals due Sept 18 Open ended – proposal will lead to an “agreement” Different types of projects: –Design/Implement –Analyze –Research Survey Don’t limit yourself to ideas on list Meet with your team this week

30 Aug 2000University of Virginia CS Project Evaluation Need not be 100% technical: politics, psychology, law, ethics, history, etc.; but shouldn’t be 0% technical. Design/Implementation projects less focus on quality and organization of writing (but still important) All team members get same project grade –Unless there are problems: tell me early!

30 Aug 2000University of Virginia CS Block Ciphers Stream Ciphers –Encrypts small (bit or byte) units one at a time –Everything we have seen so far Block Ciphers –Encrypts large chunks (64 bits) at once

30 Aug 2000University of Virginia CS Block cipher 64 bit blocks 2 64 possible plaintext blocks, must have at least 2 64 corresponding ciphertext blocks –There are 2 64 ! possible mappings Why not just create a random mapping? –Need a 2 64 * 64-bit table  bits –$14 quadrillion –Need to distribute new table if compromised Approximate ideal random mapping using components controlled by a key

30 Aug 2000University of Virginia CS Goals of Block Cipher: Diffusion and Confusion Claude Shannon [1945] Diffussion: –Small change in plaintext, changes lots of ciphertext –Statistical properties of plaintext hidden in ciphertext Confusion: –Statistical relationship between key and ciphertext as complex as possible So, need to design functions that produce output that is diffuse and confused

30 Aug 2000University of Virginia CS Feistel Cipher Structure Plaintext Round L0L0 R0R0  F K1K1 L1L1 R1R1 L 0 = left half of plaintext R 0 = right half of plaintext L i = R i - 1 R i = L i - 1  F ( R i - 1, K i ) C = R n || L n n is number of rounds (undo last permutation) Substitution Permutation

30 Aug 2000University of Virginia CS One Round Feistel E (L 0 || R 0 ): L 1 = R 0 R 1 = L 0  F (R 0, K 1 )) C = R 1 || L 1 = L 0  F (R 0, K 1 )) || R 0 L i = R i - 1 R i = L i - 1  F ( R i - 1, K i )

30 Aug 2000University of Virginia CS Decryption Ciphertext LD 0 RD 0  F KnKn L1L1 R1R1 LD 0 = left half of ciphertext RD 0 = right half of ciphertext LD i = RD i - 1 RD i = LD i - 1  F ( RD i - 1, K n – i + 1 ) P = RD n || LD n n is number of rounds Substitution Permutation

30 Aug 2000University of Virginia CS Decryption D (L 0  F (R 0, K 1 )) || R 0 ) LD 0 = L 0  F (R 0, K 1 ) RD 0 = R 0 LD 1 = R 0 RD 1 = LD 0  F (RD 0, K 1 ) = L 0  F (R 0, K 1 )  F (RD 0, K 1 )) = L 0 P = RD 1 || LD 1 = L 0 || R 0 Yippee! LD i = RD i - 1 RD i = LD i - 1  F ( RD i - 1, K n – i + 1 )

30 Aug 2000University of Virginia CS Multiple Rounds The entire round is a function: f K (L || R) = R || L  F (R, K)) swap (L || R) = R || L E = swap ° swap ° f K r ° swap ° f K r-1 °... ° f K 2 ° swap ° f K 1 D = f K 1 ° swap ° f K 2 °... ° f Kr-1 ° swap ° f K r ° swap ° swap

30 Aug 2000University of Virginia CS Decryption swap (f K (swap (f K (L || R)) = swap (f K (swap (R || L  F (R, K)))) = swap (f K (L  F (R, K) || R)) = swap (R || (L  F (R, K))  F (R, K)) = swap (R || L) = L || R So swap ° f K its own inverse!

30 Aug 2000University of Virginia CS F What are the requirements on F? –For decryption to work: none! –For security: Hide patterns in plaintext Hide patterns in key Coming up with a good F is hard

30 Aug 2000University of Virginia CS DES NIST (then NBS) sought standard for data security (1973) IBM’s Lucifer only reasonable proposal Modified by NSA –Changed S-Boxes –Reduced key from 128 to 56 bits Adopted as standard in 1976 More bits have been encrypted using DES than any other cipher

30 Aug 2000University of Virginia CS DES Algorithm Feistel cipher with added initial permutation Complex choice of F 16 rounds 56-bit key, shifts and permutations produce 48-bit subkeys for each round

30 Aug 2000University of Virginia CS DES’s F Expand and Permute (using E table) 32 bits 48 bits  KnKn Substitute (using S boxes) 32 bits Permutation The goal is confusion!

30 Aug 2000University of Virginia CS S-Boxes S-Box 6 bits 4 bits Example: Critical to security NSA changed choice of S-Boxes Only non-linear step in DES 64 entry lookup table E(11)  E(01) + E(10)

30 Aug 2000University of Virginia CS DES Avalanche Input: *1 Permuted: * Round 1: * Round 2:.*..*...*.....* * Round 3:.*..*.*.**..*.*.*.*....**.....**.*..*...*.....* Round 4:..*.*****.*.*****.*.*......*.....*..*.*.**..*.*.*.*....**.....** 28 Round 5: *...**..*.*...*.*.*.*...*.***..*..*.*****.*.*****.*.*......* Round 6:...*..**.....*.*..**.*.**...*..**...**..*.*...*.*.*.*...*.***..* 26 Round 7: *****...***....**...*..*.*..*......*..**.....*.*..**.*.**...*..* Round 8: *.*.*.*.**.....*.*.*...**.*...*******...***....**...*..*.*..*... Round 9: ***.*.***...**.*.****.....**.*..*.*.*.*.**.....*.*.*...**.*...** Round 10: *.*..*.*.**.*..*.**.***.**.*...****.*.***...**.*.****.....**.*.. Round 11:..******......*..******....*....*.*..*.*.**.*..*.**.***.**.*...* Round 12: *..***....*...*.*.*.***...****....******......*..******....*.... Round 13: **..*....*..******...* *.*..***....*...*.*.*.***...****.. Round 14: *.**.*....*.*....**.*...*..**.****..*....*..******...* *. Round 15: **.*....*.*.*...*.**.*..*.*.**.**.**.*....*.*....**.*...*..**.** Round 16:.*..*.*..*..*.**....**..*..*..****.*....*.*.*...*.**.*..*.*.**.* Output:..*..**.*.*...*....***..***.**.*...*..*..*.*.*.**.*....*.*.*.**. Source: Willem de Graaf,

30 Aug 2000University of Virginia CS Key Schedule Need bit keys –Best security: just use 16 independent keys –768 key bits 56-bit key used (64 bits for parity checking) –Produce 48-bit round keys by shifting and permuting

30 Aug 2000University of Virginia CS DES Keys K i = PC (Shift (Left (K i-1 )) || Shift (Right (K i-1 ))) Key Shift (1 or 2 bits) 56 bits 28 bits Compress/Permute KnKn Next round How do you decrypt? Are there any weak keys?

30 Aug 2000University of Virginia CS Is DES a perfect cipher? No: more messages than keys Even for 1 64-bit block 2 64 messages > 2 56 keys

30 Aug 2000University of Virginia CS Attacking DES: Brute Force Key is 56 bits 2 56 = 7.2 * = 72 quadrillion Try 1 per second = 9 Billion years to search entire space Distributed attacks –Steal/borrow idle cycles on networked PCs –Search half of key space with PCs * 1M keys/second in 25 days

30 Aug 2000University of Virginia CS Brute Force Attacks RSA DES challenges: –1997:96 days (using 70,000 machines) –Feb 1998: 41 days (distributed.net) –July 1998: 56 hours (EFF custom hardware) –January 1999: 22 hours (EFF + distributed.net) 245 Billion keys per second NSA can probably crack DES routinely (but they won’t admit it)

30 Aug 2000University of Virginia CS Charge Next time: –Better than brute force DES attacks –3-DES –Modes of Operation Problem Set 1 Due Monday Start thinking about projects

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.