Download presentation

Presentation is loading. Please wait.

1
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz

2
Attacks Ciphertext only Known plaintext Chosen plaintext Chosen ciphertext (includes chosen plaintext attacks)

3
Randomized encryption To be secure against chosen-plaintext attack, encryption must be randomized –We will see later how this comes into play

4
Block ciphers Keyed (invertible) permutation; input/output length Large key space; large input/output length –Both are critical Modeled as a (family of) random permutations…

5
A possible encryption scheme Example – “trivial” encryption: –C = F K (m) –This is not randomized…

6
An improved scheme Is this secure…? What about for longer messages?

7
Modes of encryption ECB –C i = F K (m i ) CBC –C i = F K (m i C i-1 ) OFB (stream cipher mode) –z i = F K (z i-1 ); C i = z i m i CFB (stream cipher mode) –z i = F K (C i-1 ); C i = z i m i

8
Security? All previous modes (except ECB) are secure against chosen-plaintext attacks None of these modes are secure against chosen-ciphertext attacks

9
Data Encryption Standard (DES) Developed in 1977 by NBS 56-bit key, 64-bit input/output –A 64-bit key is derived from 56 random bits –One bit in each octet is a parity-check bit –The “short” key length is a major concern…

10
DES: High-level description Encryption proceeds in a sequence of 16 rounds Each round uses a 48-bit key (derived from the main key), acts on a 64-bit input, and produces a 64-bit output

11
DES: High-level description Each round proceeds as follows: –Input is divided into (L, R) –L’ = R –R’ = L F(K, R), where K is the round key –F is a non-invertible function! But we will see that decryption is still possible –(L’, R’) is then permuted in some fixed way to give the output at that round

12
3-DES Expands the key length Now, key K = (K 1, K 2 ); |K| = 112 The “new” block cipher is just: –E K1,K2 (m) = DES K1 (DES -1 K2 (DES K1 (m))) This is a permutation, and invertible…

13
Concerns about DES Short key length –DES “cracker”, built for $250K, can break DES in days –Distributing the computation makes it faster Some (theoretical) attacks have been found Non-public design process 3-DES is fairly slow

14
AES Public contest sponsored by NIST in ’97 –Narrowed to 5 finalists –4 years of intense analysis Efficiency and security taken into account 128-bit key length and 128-bit block size (minimum) Rijndael selected as the AES –Supports variety of block/key sizes

15
Other ciphers? IDEA RC4 No compelling reason to use anything other than AES, in general –Unless (possibly) you have very specific performance requirements –Even then, think twice

16
Public-key encryption (PKE)

17
Why PKE? Problem with private-key encryption is the need to securely share keys PKE allows users to publish their public key widely –only need to keep their private key secret Development of PKE was a huge advance –All classical systems, for 1000 years, were symmetric-key based

18
Some basic number theory Modular arithmetic: Z p, Z N Euclidean gcd algorithm, inverses, Z * N Efficient modular exponentiation Groups, order, (N), Fermat’s theorem Primality testing

Similar presentations

© 2020 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google