Presentation is loading. Please wait.

Presentation is loading. Please wait.

3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.

Published bySilvia Ball Modified over 9 years ago

Similar presentations

Presentation on theme: "3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security."— Presentation transcript:

1 3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security

2 Abstract We will discuss –2DES and 3DES –AES (Advanced Encryption Standard) –How to use block ciphers? –RC4: a widely used stream cipher –Problems with WEP’s use of RC4 2

3 Multiple Encryption with DES DES is not secure enough. The once large key space, 2 56, is now too small. In 2001, NIST published the Advanced Encryption Standard (AES) as an alternative. But users in commerce and finance are not ready to give up on DES. Solution: to use multiple DES with multiple keys 3

4 Double-DES Consider 2-DES with two keys: C = E K2 (E K1 (P)) Decryption: P = D K1 (D K2 (C)) Key length: 56 x 2 = 112 bits This should have thwarted brute-force attacks? Wrong! 4

5 Meet-in-the-Middle Attack on 2DES 2-DES: C = E K2 (E K1 (P)) So, X = E K1 (P) = D K2 (C) Given a known pair (P, C), attack as follows: –Encrypt P with all 2 56 possible keys for K1. –Decrypt C with all 2 56 possible keys for K2. –If E K1’ (P) = D K2’ (C), try the keys on another (P’, C’). –If works, (K1’, K2’) = (K1, K2) with high probability. –Takes O(2 56 ) steps; not much more than attacking 1-DES. 5

6 Triple DES with Two Keys A straightforward implementation would be: C = E K1 (E K2 (E K1 (P))) In practice: C = E K1 (D K2 (E K1 (P))) –Also referred to as EDE encryption Reason: if K1=K2, then 3DES = 1DES. Thus, a 3DES software can be used as a single-DES. Standardized in ANSI X9.17 & ISO8732 No current known practical attacks –What about the meet-in-the-middle attack? 6

7 Meet-in-the-Middle Attack on 3DES 1.For each possible key for K1, encrypt P to produce a possible value for A. 2.Using this A, and C, attack the 2DES to obtain a pair of keys (K2, K1’). 3.If K1’ = K1, try the key pair (K1, K2) on another (C’,P’). 4.If it works, (K1, K2) is the key pair with high probability. 5.It takes O(2 55 x 2 56 ) = O(2 111 ) steps on average. E D E A B P C K1 K2 K1 7

8 Triple DES with Three Keys Encryption: C = E K3 (D K2 (E K1 (P))). If K1 = K3, we have 3DES with 2 keys. If K1 = K2 = K3, we have the regular DES. So, 3DES w/ 3keys is backward compatible with 3DES w/ 2 keys and with the regular DES Some internet applications have adopted 3DES with three keys. –E.g. PGP and S/MIME. 8

9 Finite Fields Some mathematics used in AES

10

11

12

13

14

15

16

17

18

19 AES: Advanced Encryption Standard

20 20 AES: Advanced Encryption Standard In1997, NIST began the process of choosing a replacement for DES and called it the Advanced Encryption Standard. Requirements: block length of 128 bits, key lengths of 128, 192, and 256 bits. In 2000, Rijndael cipher (by Rijmen and Daemen) was selected. An iterated cipher, with 10, 12, or 14 rounds. Rijndael allows various block lengths. But AES allows only one block size: 128 bits.

21

22 22

23 23

24 24

25 25

26 26

27 27 Figure 5.1 AES Encryption and Decryption

28 28

29 29

30 30

31 31

32 32

33 33

34 34

35 35

36 Modes of Operations

37 How to use a block cipher? Block ciphers encrypt fixed size blocks –E.g. DES encrypts 64-bit blocks We need some way to encrypt arbitrary amounts of data –E.g. a message of 1000 bytes NIST defines five ways to do it –Called modes of operations –Including block and stream modes 37

38 Five Modes of Operation –Electronic codebook mode (ECB) –Cipher block chaining mode (CBC) – most popular –Output feedback mode (OFB) –Cipher feedback mode (CFB) –Counter mode (CTR) 38

39 Electronic Code Book (ECB) The plaintext is broken into blocks, P 1, P 2, P 3,... Each block is encrypted independently of the other blocks C i = E K (P i ) For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block has an entry, hence the name Electronic Code Book 39

40 Remarks on ECB Strength: it’s simple. Weakness: –Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. –If the same message (e.g., your SSN) is encrypted (with the same key) and sent twice, their ciphertexts are the same. Typical application: secure transmission of short pieces of information (e.g. an encryption key) 40

41 Cipher Block Chaining (CBC) 41

42 Cipher Block Chaining (CBC) 42

43 Remarks on CBC The same key is used for all blocks. A ciphertext block depends on all blocks before it. So, repeated plaintext blocks are encrypted differently. Initialization Vector (IV) –Must be known to both the sender & receiver –Typically, IV is either a fixed value –Or is sent encrypted in ECB mode before the rest of message. 43

44 Message Padding The last plaintext block may be short of a whole block and needs padding: Possible padding: –Known non-data values (e.g. nulls) –Or a number indicating the size of the pad –Or a number indicating the size of the plaintext –The last two schemes may require an extra block. 44

45 45 Cipher feedback mode (basic version) Plaintext blocks: p 1, p 2, … Key: k Basic idea: construct key stream k 1, k 2, k 3, … Encryption:

46 Cipher Feedback (CFB) Mode 46

47 Generating Key Stream for CFB 47

48 Encryption in CFB Mode 48

49 Decryption in CFB Mode 49

50 Remark on CFB The block cipher is used as a stream cipher. Appropriate when data arrives in bits/bytes. s can be any value; a common value is s = 8. A ciphertext segment depends on the current and all preceding plaintext segments. A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments. –How many plaintext segments will be affected? 50

51 Output Feedback (OFB) Mode 51

52 Cipher Feedback Output Feedback 52

53 Remark on OFB The block cipher is used as a stream cipher. Appropriate when data arrives in bits/bytes. Advantage: –more resistant to transmission errors; a bit error in a ciphertext segment affects only the decryption of that segment. Disadvantage: –Cannot recover from lost ciphertext segments; if a ciphertext segment is lost, all following segments will be decrypted incorrectly. IV should be generated randomly each time and sent with the ciphertext. 53

54 Counter Mode (CTR) A counter T is initialized to some IV and then incremented by 1 for each subsequent plaintext block. Encryption: T 1 = IV T i = T i-1 + 1 C i = P i XOR E K (T i ) 54

55 Remark on CTR Strengthes: –Needs only the encryption algorithm (so do CFB and OFB) –Fast encryption/decryption; blocks can be processed (encrypted or decrypted) in parallel; good for high speed links –Random access to encrypted data blocks As in OFB, IV should not be reused. 55

56 Stream Ciphers

57 Stream Cipher Diagram 57

58 Stream Ciphers 58

59 Stream Ciphers 59

60 The RC4 Stream Cipher Designed by Ron Rivest in 1987 for RSA Security. Kept as a trade secret until leaked out in 1994. The most popular stream cipher. Simple and fast. With a 128 bits key, the period is > 10 100. Used in the SSL/TLS standards (for secure Web communication), IEEE 802.11 wireless LAN standard, Microsoft Point-to-Point Encryption, and many others. 60

61 RC4 61

62 RC4: Initial Permutation 62

63 RC4: Key Stream Generation 63

64 Security of RC4 The keystream generated by RC4 is biased. –The second byte is biased toward zero with high probability. –The first few bytes are strongly non-random and leak information about the input key. Defense: discard the initial n bytes of the keystream. –Called “RC4-drop[n-bytes]”. –Recommended values for n = 256, 768, or 3072 bytes. Efforts are underway (e.g. the eSTREAM project) to develop more secure stream ciphers. 64

65 Problems with WEP’s use of RC4 WEP is a protocol using RC4 to encrypt packets for transmission over IEEE 802.11 wireless LAN. WEP requires each packet to be encrypted with a separate RC4 key. The RC4 key for each packet is a concatenation of a 24-bit IV (initialization vector) and a 40 or 104-bit long- term key. 65 l RC4 key: IV (24) Long-term key (40 or 104 bits)

66 802.11 frames using WEP 66 l Header IV Packet ICV FCS encrypted ICV: integrity check value FCS: frame check sequence Both use CRC32

67 Fluhrer, Mantin, and Shamir showed that: If the same secret key is used with numerous IVs, and the attacker can obtain the first word of RC4 output (keystream) corresponding to each IV, then he can construct the secret key with little effort. The first word is known for many plaintext packets. Recall: Ciphertext = plaintext XOR keystream So, the first word of RC output (keystream) can be obtained. 67

68 Tews, Weinmann, and Pyshkin wrote an article, “Breaking 104 bit WEP in less than 60 seconds,” discussing how to discover the RC4 key by analyzing the easily identified ARP packets. ARP: Address Resolution Protocol. 68

Download ppt "3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6

Cryptography and Network Security Chapter 6
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google