1 / 71

Network Security

Network Security. Cryptology Cryptography Cryptanalysis. Topics Covered. Modern Encryption Techniques Simplified DES (S-DES) Block Cipher Principles The Feistel Cipher Diffusion and Confusion Data Encryption Standard DES Design Principles The Strength of DES DES Modes of Operation.

karsen
Télécharger la présentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Cryptology Cryptography Cryptanalysis

  2. Topics Covered • Modern Encryption Techniques • Simplified DES (S-DES) • Block Cipher Principles • The Feistel Cipher • Diffusion and Confusion • Data Encryption Standard • DES Design Principles • The Strength of DES • DES Modes of Operation

  3. Modern Encryption Techniques • Secret Key (Symmetric) Cryptography • Simplified Data Encryption Standard • Data Encryption Standard • Advanced Encryption Standard • Public Key (Asymmetric) Cryptography • RSA (Rivest-Shamir-Adleman) • ECC (Elliptic Curve Cryptography) • NTRU (Number Theorist aRe Us)

  4. Symmetric Cryptography

  5. Asymmetric Cryptography

  6. Simplified Data Encryption Standard (S-DES) Developed by Professor Edward Schaefer of Santa Clara University.

  7. S-DES: An Overview • Similar properties and structure to DES, with much smaller parameters. • Encryption • It takes an 8-bit block of plain text and a 10-bit key as input and produces an 8-bit block of cipher text as output. • Decryption • It takes an 8-bit block of cipher text and the same 10-bit key used to produce that ciphertext as input and produces the original 8-bit block of plaintext.

  8. S-DES Algorithm Algorithm involves 5 functions • An initial permutation (IP). • A complex function, fk , that involves both permutation and substitution operations and depends on a key input. • A simple permutation function that switches the two halves of the data (SW). • The function fk again. • A permutation function that is the inverse of the initial one (IP-1).

  9. S-DES Algorithm

  10. S-DES Key Generation • It depends on the use of a 10-bit key shared between sender and receiver. • From this key, two 8-bit subkeys are produced for use in particular stages of the encryption and decryption algorithm. • First permute the key in the following fashion, P10(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10)=(k3,k5,k2,k7,k4,k10,k1,k9,k8,k6)

  11. S-DES Key Generation (contd.) • Next perform a circular-left shift (LS-1), or rotation, separately on the first five bits and the second five bits. LS-1(k1,k2,k3,k4,k5)=(k2,k3,k4,k5,k1) • Next apply P8, which permutes 8 of the 10 bits according to the following rule, P8(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10)=(k6,k3,k7,k4,k8,k5,k10,k9) • The result is subkey 1 (K1)

  12. S-DES Key Generation (contd.) • To get the second subkey (K2), perform again a 2-bit circular-left shift LS-2 on the product of LS-1 LS-2(LS-1(k1,k2,k3,k4,k5)=LS-2(k2,k3,k4,k5,k1)=(k4,k5,k1, k2,k3) • Finally, P8 is applied again to produce K2.

  13. Example - Key Generation • Permute 10-bit key: 1010000010 P10(1010000010) = 1000001100 • Perform circular left shift, separately, on first 5 bits and second 5 bits (LS-1). LS-1(10000) = 00001 and LS-1(01100) = 11000 • Pick out and permute 8 of the 10 bits: (P8) P8(0000111000) = 10100100 • Result is K1 • Now perform circular left shift of 2 bit positions, on first 5 bits and second 5 bits (LS-2) on the result LS-1. LS-2(00001) = 00100 and LS-2(11000) = 00011 • Apply (P8) again. P8(0010000011) = 01000011 • Result is K2

  14. S-DES Encryption • Initial and final permutations • The Function fk • Let L and R be left and right halves of 8-bit input to fk . • Let F be a map from 4-bit strings to 4-bit strings, and SK be the subkey (K1 or K2) and  XOR is the bit-by-bit exclusive-OR function. fk(L, R) = (L  F(R, SK), R)

  15. Mapping F • Input is 4-bit number (n1n2n3n4). • Expansion/permutation operation • 8-bit subkey K1 is added to output of E/P using exclusive-OR.

  16. Mapping F (contd.) • First 4 bits fed to S-box S0,second 4 bits fed to S-box S1. • S-box uses 1st and 4th bits to specify a row,2nd and 3rd bits to specify a column. Entry in that position (base 2) is 2-bit output. • 4-bits produced by S-Boxes (S0 & S1) are permuted using P4. P4 = (k2k4k3k1) • Output of P4 is output of F.

  17. The Switch function • The function fk only alters the leftmost 4-bits of the input. • Switch function interchanges left and right 4 bits so that second instance of fk operates on a different 4 bits. • In this second instance, the E/P, S0, S1, and P4 functions are same. • The key input isK2.

  18. Analysis of S-DES • Brute-force attack is feasible, 210 = 1024 possible 10-bit keys. • Known plaintext? • Suppose we know a sinlge 8-bit plaintext and corresponding 8-bit ciphertext, and key is unknown. • Each ci is a polynomial function of pj's and kj's. • This means 8 non-linear equations in 10 unknowns. • Alternating linear maps with these nonlinear maps results in complex polynomial expressions for the ciphertext bits, making cryptanalysis difficult.

  19. Block Cipher Principles

  20. Stream Cipher vs. Block Cipher • Stream cipher is one that encrypts a digital data stream one bit or one byte at a time, e.g. • Vigenere cipher and Vernam cipher • Block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length (typically a block of 64 bits is used), e.g. • S-DES and DES • Various modes of operation can make a block cipher to achieve the same effect as a stream cipher. • The vast majority of network-based cryptographic applications make use of block cipher.

  21. Feistel Cipher Structure • Reversible Transformation • For the encryption to be reversible or non-singular (decryption is possible), each plaintext block must produce a unique ciphertext block. • Irreversible Transformation • For the encryption to be irreversible or singular (decryption is impossible), not all the plaintext block would have unique ciphertext block.

  22. Feistel Cipher • Symmetric block encryption algorithm are referred to as a Feistel block cipher. • The concept is to have a product cipher which is performing two or more basic ciphers in sequence in such a way that the final result or product is cryptographically stronger than any of the component ciphers. • Feistel proposed the use of a cipher that alternates substitution and permutation. • This cipher is referred to as a product cipher that alternates confusion and diffusion functions.

  23. Confusion and Diffusion • Introduced by Claude Shannon in 1945 to capture the two basic building blocks for any cryptographic system. • Shannon’s concern was to thwart cryptanalysis based on statistical analysis. In this way all statistics of the ciphertext are independent of the particular key used. • Confusions is achieved through the XOR operation performed on ciphertext and the value of the encryption key. This is achieved by the use of a complex substitution algorithm. • Diffusion is achieved through numerous permutations followed by applying a function to that permutation. The unknown values are put into the plaintext. This causes diffusion.

  24. Classical Feistel Network

  25. Feistel Network Parameters • Block Size: • Larger block sizes-greater security-reduced speed (64 bits) • Key Size: • Larger key sizes-greater security-reduced speed • Number of rounds: • Multiple rounds-increased security (16 rounds) • Subkey generation algorithm: • Greater complexity-greater security • Round function: • Greater complexity-greater security

  26. Feistel Cipher Mechanism • The text being encrypted is split into two halves. • The round function F is applied to one half using a subkey Ki and the output of F is XORed with the other half. • The two halves are then swapped. • Each round follows the same pattern except for the last round where there is no swap. Rr XOR F(kr,Lr) = Rr XOR F(kr,Rr-1) = Rr XOR (Rr ÅLr-1) = Lr-1

  27. Data Encryption Standard The Actual DES

  28. About DES • The original ideas behind the Data Encryption Algorithm were developed by IBM in the 1960's and was based on Claude Shannon’s concept. • The technique was first called as Lucifer and later refined and renamed as the DEA (Data Encryption Algorithm) and adopted as the standard in 1976. • In 1977 the United States Government chose the Data Encryption Standard (DES). • DES was widely adopted by industry for secure communication • Example: • DES is used to encrypt personal identification numbers (PINs) and account transactions in automated teller machines (ATMs

  29. Data Encryption Standard • There are two inputs to the encryption function, i.e. the plaintext and the key. • The plain text must be 64 bits and the key is 56 bits in length. • Processing of the plaintext proceeds in three phases, • The 64 bit plaintext passes through an Initial Permutation (IP) • Then a 16 "rounds" of operations which involves both permutation and substitution functions that mix the data and key together in a prescribed manner. • The pre-output obtained from swapping the left and right halves of the output in each round, is then passed through a Permutation (IP-1) that is the inverse of the initial permutation function, to produce the 64-bit ciphertext.

  30. DES Encryption Algorithm

  31. Why 16 rounds? • The goal is to completely scramble the data and key so that every bit of the ciphertext depends on every bit of the data and every bit of the key (a 56-bit quantity for the DES). • After sufficient "rounds" with a good algorithm, there should be no correlation between the ciphertext and either the original data or key. • The DES uses 16 rounds for some solid reasons. • First, a minimum of 12 rounds were needed to sufficiently scramble the key and data together; the others provided a margin of safety. • Second, the operation of 16 rounds would return the key back to its original position in an electronic device for the next use when used in accordance with the published algorithm.

  32. Details of Single Round

  33. Permutation Tables for DES

  34. Permutation Tables for DES

  35. DES Mechanism • The 64-bit block being enciphered is broken into two halves. • The right half goes through one DES round, and the result becomes the new left half. • The old left half becomes the new right half, and will go through one round in the next round. • This goes on for 16 rounds, but after the last round the left and right halves are not swapped, so that the result of the 16th round becomes the final right half, and the result of the 15th round (which became the left half of the 16th round) is the final left half.

  36. DES Mechanism (contd.) • Fundamentally DES performs only two operations on its input, • Bit shifting, and • Bit substitution. • The key controls exactly how this process works. By doing these operations repeatedly and in a non-linear manner you end up with a result which can not be used to retrieve the original without the key. • Those familiar with chaos theory should see a great deal of similarity to what DES does. • By applying relatively simple operations repeatedly a system can achieve a state of near total randomness.

  37. DES Mechanism (contd.) • For each iteration a 48 bit subset of the 56 bit key is fed into the encryption block. • Decryption is the inverse of the encryption process. • The key is usually stored as a 64-bit number, where every eighth bit is a parity bit. • The parity bits are pitched during the algorithm, and the 56-bit key is used to create 16 different 48-bit subkeys - one for each round.

  38. DES Key Generation • In order to generate 16  48-bit subkeys from the 56-bit key, the following process is used. • First, the key is loaded according to the Permutation Choice 1 (PC-1) and then halved. • Then each half is rotated by 2 bits in every round except the first, second, 9th and last rounds. • The reason for this is that it makes it secure against related-key cryptanalysis. • Then 48 of the 56 bits are chosen according to a compressionpermutation. • The subkeys used by the 16 rounds are formed by the key schedule which consists of, • An initial permutation of the key (PC-1) which selects 56-bits in two 28-bit halves

  39. Key Schedule Calculation

  40. S-Box • The S-boxes are somewhat different from the other permutations. • While all the others are set up according to "bit x goes to bit y", the input bits can be viewed differently for the S-boxes. • If the input is {d1,d2,d3,d4,d5,d6} then the two-bit number {d1,d6} and the four-bit number {d2,d3,d4,d5} are used as indices to the table. • For the 48-bit word {d1,d2..d48}, the word {d1..d6} is sent to S-box 1, the word {d7,,d12} to S-box 2, etc. The output of S-box 1, {o1..o4}, that of S-box 2, {o5..o8} etc. are concatenated to form the output.

  41. 48-bit input 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits Kn (+) S Box1 S Box2 S Box3 S Box4 S Box5 S Box6 S Box7 S Box8 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 32-bit permutation 32-bit output Mangler Function using S-Boxes

  42. S-Box (contd.)

  43. S-Box (contd.)

  44. S-Box (contd.)

  45. P-Box • The output of each of the 8 S-boxes is concatenated to form a 32-bit number, which is then permutated with a P-box. • This P-box is a straight permutation, and the resulting number is XOR-ed with the left half of the input block with which we started at the beginning of this round. • Finally, if this is not the last round, we swap the left and right halves and start again.

  46. Strength of DES • A brute-force attack is impractical with a key length of 56 bits since there are 256 possible keys, which is approximately 7.2 x 1016 keys. • Strength can be increased by compression of plain text before encryption. • Strength of DES has become questionable since very powerful machines is in action which can do parallel execution in a bit of time to break the cipher text.

  47. Security Provided by DES • The security provided by the DES depends on several factors: • Mathematical soundness, length of key, key management, input data formatting, mode of operation, implementation, application and threat. • The DES was developed to protect unclassified computer data in federal computer systems against a number of passive and active attacks in communications and storage systems. • It was assumed that a knowledgeable person might seek to comprise the security system with resources commensurate to the value of the information to be obtained. • Applications included Electronic Funds Transfer, privacy protection of personal information, personal authentication, password protection, access control, etc.

More Related