CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Published byModified over 4 years ago
Presentation on theme: "CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of."— Presentation transcript:
9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of substitution and transpositions. Worldwide standard for more than 20 years. Has a history of controversy. Designed by IBM (Lucipher) with later help (interference?) from NSA. No longer considered secure for highly sensitive applications. Replacement standard (AES) currently in process of development.
9/7/2000Lecture 2 - Data Encryption3 DES - Overview
9/7/2000Lecture 2 - Data Encryption4 DES – Each iteration.
9/7/2000Lecture 2 - Data Encryption5 DES – Computation of F(R i-1,K i )
9/7/2000Lecture 2 - Data Encryption6 Computation of F: Expansion function E: maps bit string of length 32 to bit string of length 48. Permutes bits in a fixed way and duplicates certain bits Key schedule: each round uses a 48 bit key obtained by performing permutations, shifts, and discarding bits from the original 56 bit key. Fixed algorithm for each round resulting 48 bit string broken into 8 6-bit strings
9/7/2000Lecture 2 - Data Encryption7 S-boxes: S1 Is the table entry from
Plain text Initial permutation (IP) Round-1 (key K 1 ) Round-16 (key K 16 ) swap IP inverse Cipher text Rounds 2-15
IP inverse Cipher text IP Round-1 (K 16 ) = Since encrypt decrypt
9/7/2000Lecture 2 - Data Encryption10 DES – Electronic Code Book Mode
9/7/2000Lecture 2 - Data Encryption11 DES – Cipher block chaining mode
9/7/2000Lecture 2 - Data Encryption12 DES Security S-Box design not well understood (secret). Has survived some recent sophisticated attacks (differential cryptanalysis). Key is too short (thanks to NSA!). Hence is vulnerable to brute force attack. 1998 distributed attack took 3 months. $1,000,000 machine will crack DES in 35 minutes – 1997 estimate. 10,000 – 2.5 days. In 1999 EFF achieved 245 billion keys per second rate to crack in 22 hours.
9/7/2000Lecture 2 - Data Encryption13 Double DES Double DES is almost as easy to break as single DES!
9/7/2000Lecture 2 - Data Encryption14 Triple DES Triple DES (2 keys) requires 2 112 search. Is reasonably secure. 3 keys requires 2 168.
9/7/2000Lecture 2 - Data Encryption15 Other Private Key Cryptosystems IDEA Twofish Blowfish RC4, RC5, RC6 Rijndael Serpent MARS Feal
9/7/2000Lecture 2 - Data Encryption17 Message Authentication We must be able to certify that a message is from a particular person We must be sure that the message has not been tampered with
9/7/2000Lecture 2 - Data Encryption18 Methods Conventional Encryption Message Authentication Code One-way Hash Using Conventional Encryption Using Public-Key Encryption Using Secret Value
9/7/2000Lecture 2 - Data Encryption19 Conventional Encryption Modification of the cyphertext should produce unintelligible results in the plaintext.
9/7/2000Lecture 2 - Data Encryption20 One-Way Hash (using encryption) 1. The message is sent through a hashing function H(M) 2. The result is encrypted: C = E(K, H(M) 3. C is appended to the message: N = M||C 4. N is sent to the recipient 5. C is extracted from N: N -> M & C 6. C is decoded: H(M 1 ) = D(K, C) 7. The recipient puts the message through the hashing function: H(M 2 ) 8. If H(M 1 ) = H(M 2 ) the message is authentic
9/7/2000Lecture 2 - Data Encryption21 One-Way hash (Public Key) Same as encryption but encryption Key is private key and decryption key is public key
9/7/2000Lecture 2 - Data Encryption22 One-Way Hash (secret value) Secret Value (S) is concatenated onto M: N=S||M N is put through the hash function: H(N) The result is append to M: C = M||H(N) C is sent to the recipient H(N 1 ) is extracted from C Secret Value (S) is concatenated onto M: N=S||M N is put through the hash function: H(N 2 ) If H(N 1 ) = H(N 2 ), the message is authentic.