1 / 68

3DES and Block Cipher Modes of Operation

3DES and Block Cipher Modes of Operation. CSE 651: Introduction to Network Security. Abstract. We will discuss 2DES and 3DES AES (Advanced Encryption Standard) How to use block ciphers? RC4: a widely used stream cipher Problems with WEP’s use of RC4. Multiple Encryption with DES.

andrew
Télécharger la présentation

3DES and Block Cipher Modes of Operation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security

  2. Abstract • We will discuss • 2DES and 3DES • AES (Advanced Encryption Standard) • How to use block ciphers? • RC4: a widely used stream cipher • Problems with WEP’s use of RC4

  3. Multiple Encryption with DES • DES is not secure enough. • The once large key space, 256, is now too small. • In 2001, NIST published the Advanced Encryption Standard (AES) as an alternative. • But users in commerce and finance are not ready to give up on DES. • Solution: to use multiple DES with multiple keys

  4. Double-DES • Consider 2-DES with two keys: C = EK2(EK1(P)) • Decryption: P = DK1(DK2(C)) • Key length: 56 x 2 = 112 bits • This should have thwarted brute-force attacks? • Wrong!

  5. Meet-in-the-Middle Attack on 2DES • 2-DES: C = EK2(EK1(P)) • So, X = EK1(P) = DK2(C) • Given a known pair (P, C), attack as follows: • Encrypt P with all 256 possible keys for K1. • Decrypt C with all 256 possible keys for K2. • If EK1’(P) = DK2’(C), try the keys on another (P’, C’). • If works, (K1’, K2’) = (K1, K2) with high probability. • Takes O(256) steps; not much more than attacking 1-DES.

  6. Triple DES with Two Keys • A straightforward implementation would be: C = EK1(EK2(EK1(P))) • In practice: C = EK1(DK2(EK1(P))) • Also referred to as EDE encryption • Reason: if K1=K2, then 3DES = 1DES. Thus, a 3DES software can be used as a single-DES. • Standardized in ANSI X9.17 & ISO8732 • No current known practical attacks • What about the meet-in-the-middle attack?

  7. Meet-in-the-Middle Attack on 3DES K1 K2 K1 • For each possible key for K1, encrypt P to produce a possible value for A. • Using this A, and C, attack the 2DES to obtain a pair of keys (K2, K1’). • If K1’ = K1, try the key pair (K1, K2) on another (C’,P’). • If it works, (K1, K2) is the key pair with high probability. • It takes O(255 x 256) = O(2111) steps on average. A B P C E D E

  8. Triple DES with Three Keys • Encryption: C = EK3(DK2(EK1(P))). • If K1 = K3, we have 3DES with 2 keys. • If K1 = K2 = K3, we have the regular DES. • So, 3DES w/ 3keys is backward compatible with 3DES w/ 2 keys and with the regular DES • Some internet applications have adopted 3DES with three keys. • E.g. PGP and S/MIME.

  9. Finite Fields Some mathematics used in AES

  10. AES: Advanced Encryption Standard

  11. AES: Advanced Encryption Standard • In1997, NIST began the process of choosing a replacement for DES and called it the Advanced Encryption Standard. • Requirements: block length of 128 bits, key lengths of 128, 192, and 256 bits. • In 2000, Rijndael cipher (by Rijmen and Daemen) was selected. • An iterated cipher, with 10, 12, or 14 rounds. • Rijndael allows various block lengths. • But AES allows only one block size: 128 bits.

  12. Figure 5.1 AES Encryption and Decryption

  13. Modes of Operations

  14. How to use a block cipher? • Block ciphers encrypt fixed size blocks • E.g. DES encrypts 64-bit blocks • We need some way to encrypt arbitrary amounts of data • E.g. a message of 1000 bytes • NIST defines five ways to do it • Called modes of operations • Including block and stream modes

  15. Five Modes of Operation • Electronic codebook mode (ECB) • Cipher block chaining mode (CBC) – most popular • Output feedback mode (OFB) • Cipher feedback mode (CFB) • Counter mode (CTR)

  16. Electronic Code Book (ECB) • The plaintext is broken into blocks, P1, P2, P3, ... • Each block is encrypted independently of the other blocks Ci = EK(Pi) • For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block has an entry, hence the name Electronic Code Book

  17. Remarks on ECB • Strength: it’s simple. • Weakness: • Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. • If the same message (e.g., your SSN) is encrypted (with the same key) and sent twice, their ciphertexts are the same. • Typical application: secure transmission of short pieces of information (e.g. an encryption key)

  18. Cipher Block Chaining (CBC)

  19. Cipher Block Chaining (CBC)

  20. Remarks on CBC • The same key is used for all blocks. • A ciphertext block depends on all blocks before it. • So, repeated plaintext blocks are encrypted differently. • Initialization Vector (IV) • Must be known to both the sender & receiver • Typically, IV is either a fixed value • Or is sent encrypted in ECB mode before the rest of message.

  21. Message Padding • The last plaintext block may be short of a whole block and needs padding: • Possible padding: • Known non-data values (e.g. nulls) • Or a number indicating the size of the pad • Or a number indicating the size of the plaintext • The last two schemes may require an extra block.

  22. Cipher feedback mode (basic version) • Plaintext blocks: p1, p2, … • Key: k • Basic idea: construct key stream k1, k2, k3, … • Encryption:

  23. Cipher Feedback (CFB) Mode

  24. Generating Key Stream for CFB

  25. Encryption in CFB Mode

  26. Decryption in CFB Mode

  27. Remark on CFB • The block cipher is used as a stream cipher. • Appropriate when data arrives in bits/bytes. • s can be any value; a common value is s = 8. • A ciphertext segment depends on the current and all preceding plaintext segments. • A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments. • How many plaintext segments will be affected?

More Related