1 / 29

Lecture 2.2: Private Key Cryptography II

Lecture 2.2: Private Key Cryptography II. CS 436/636/736 Spring 2012 Nitesh Saxena. Today’s fun/informative bit – The Smudge Attack. See: http://www.usenix.org/event/woot10/tech/full_papers/Aviv.pdf. Course Administration. TA/Grader: Eric Frees Email: efrees@uab.edu

diallo
Télécharger la présentation

Lecture 2.2: Private Key Cryptography II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena

  2. Today’s fun/informative bit – The Smudge Attack • See: http://www.usenix.org/event/woot10/tech/full_papers/Aviv.pdf Lecture 2.2 - Private Key Cryptography II

  3. Course Administration • TA/Grader: Eric Frees • Email: efrees@uab.edu • Office hours: 2-4pm on Wednesdays, Ugrad lab (CH 154) Lecture 2.2 - Private Key Cryptography II

  4. Outline of today’s lecture • Block Ciphers • Data Encryption Standard (DES) Lecture 2.2 - Private Key Cryptography II

  5. Block Ciphers and Stream Ciphers • Block ciphers partition plaintext into blocks and encrypt each block independently (with the same key) to produce ciphertext blocks. • A stream cipher generates a keystream and encrypts by combining the keystream with the plaintext, usually with the bitwise XOR operation. • We will focus mostly on Block Ciphers Lecture 2.2 - Private Key Cryptography II

  6. DES – Data Encryption Standard • Encrypts by series of substitution and transpositions. • Based on Feistel Structure • Worldwide standard for more than 20 years. • Designed by IBM (Lucifer) with later help (interference?) from NSA. • No longer considered secure for highly sensitive applications. • Replacement standard AES (advanced encryption standard) recently completed. Lecture 2.2 - Private Key Cryptography II

  7. DES – Overview (Block Operation) Lecture 2.2 - Private Key Cryptography II

  8. DES – Each Round

  9. DES – Function F Lecture 2.2 - Private Key Cryptography II

  10. DES – Key Schedule (KS) Lecture 2.2 - Private Key Cryptography II

  11. Operation Tables of DES: Key Schedule, PC-1, PC-2 Lecture 2.2 - Private Key Cryptography II

  12. Operation Tables (IP, IP-1, E and P) Lecture 2.2 - Private Key Cryptography II

  13. S-boxes: S1 (as an example) Is the table entry from Lecture 2.2 - Private Key Cryptography II

  14. DES Decryption • Same as the encryption algorithm with the “reversed” key schedule – NEXT! Lecture 2.2 - Private Key Cryptography II

  15. Plain text Initial permutation (IP) Round-1 (key K1) Rounds 2-15 Round-16 (key K16) swap IP inverse Cipher text

  16. IP Round-1 (K16) = Since encrypt IP inverse Cipher text decrypt Lecture 2.2 - Private Key Cryptography II

  17. DES Example We choose a random plaintext block and a random key, and determine what the ciphertext block would be (all in hexadecimal): Lecture 2.2 - Private Key Cryptography II

  18. Example (contd) -- encryption Lecture 2.2 - Private Key Cryptography II

  19. Example (contd) -- decryption Let us see how Bob, at the destination, can decipher the ciphertext received from Alice using the same key. Table 6.16 shows some interesting points. Lecture 2.2 - Private Key Cryptography II

  20. DES Security: Avalanche Effect Lecture 2.2 - Private Key Cryptography II

  21. DES Security • S-Box design not well understood • Has survived some recent sophisticated attacks (differential cryptanalysis) • Key is too short. Hence is vulnerable to brute force attack. • 1998 distributed attack took 3 months. • $1,000,000 machine will crack DES in 35 minutes – 1997 estimate. $10,000 – 2.5 days. Lecture 2.2 - Private Key Cryptography II

  22. DES Cracking machine Lecture 2.2 - Private Key Cryptography II

  23. Super-encryption. • If key length is a concern, then instead of encrypting once, encrypt twice!! C = EK2(EK1(P)) P = DK2(DK1(C)) • Does this result in a larger key space? • Encrypting with multiple keys is known as super-encryption. • May not always be a good idea Lecture 2.2 - Private Key Cryptography II

  24. Double DES • Double DES is almost as easy to break as single DES (Needs more memory though)! Lecture 2.2 - Private Key Cryptography II

  25. Double DES – Meet-in-the-middle Attack (due to Diffie-Hellman) • Based on the observation that, if C = EK2(EK1(P)) Then X = EK1(P) = DK2(C). • Given a known (P, C) pair, encrypt P with all possible values of K and store result in table T. • Next, decrypt C with all possible keys K and check result. If match occurs then check key pair with new known (P, C) pair. If match occurs, you have found the keys. Else continue as before. • Process will terminate successfully. Lecture 2.2 - Private Key Cryptography II

  26. Meet-in-the-middle Explanation • The first match does not say anything as we have 264 ciphertexts and 2112 keys. • On the average 2112 / 264 = 248 keys will produce same ciphertext. • So there could be 248 possible candidates • We can use a second pair (P’,C’) • So, probability that false alarm will survive two known (P, C) pairs is 248 / 264 = 2-16. • One can always check a third pair to further reduce the chance of a false alarm. Lecture 2.2 - Private Key Cryptography II

  27. Triple DES • Triple DES (2 keys) requires 2112 search. Is reasonably secure. • Triple DES (3 keys) requires 2112 as well • Which one is better?

  28. Some Questions • Double encryption in DES increases the key space size from 2^56 to 2^112 – true or false? • Is known-plaintext an active or a passive attack? • Is chosen-ciphertext attack an active or a passive attack? • Reverse Engineering is applied to what design of systems – open or closed? • Alice needs to send a 64-bit long top-secret letter to Bob. Which of the ciphers that we studied today should she use? Lecture 2.2 - Private Key Cryptography II

  29. Further Reading • Chapter 7.4 of HAC • Chapter 3 of Stallings Lecture 2.2 - Private Key Cryptography II

More Related