1 / 33

Lecture 7 Overview

Lecture 7 Overview. Advanced Encryption Standard. 10, 12, 14 rounds for 128, 192, 256 bit keys Regular Rounds (9, 11, 13) Final Round is different (10 th , 12 th , 14 th ) Each regular round consists of 4 steps Byte substitution (BSB) Shift row (SR) Mix column (MC) Add Round key (ARK).

yamal
Télécharger la présentation

Lecture 7 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 7 Overview

  2. Advanced Encryption Standard • 10, 12, 14 rounds for 128, 192, 256 bit keys • Regular Rounds (9, 11, 13) • Final Round is different (10th, 12th, 14th) • Each regular round consists of 4 steps • Byte substitution (BSB) • Shift row (SR) • Mix column (MC) • Add Round key (ARK) CS 450/650 Lecture 7: AES

  3. AES Overview Plaintext (128) ARK Subkey0 9 rounds BSB SR Ciphertext (128) ARK Subkey10 CS 450/650 Lecture 7: AES

  4. 128-bit block  4 x 4 matrix 128 bits  16 bytes  b0, b1, b2, .., b15 State S0,0 S0,1 CS 450/650 Lecture 7: AES

  5. 128-bit key  4 x 4 matrix 128 bits  16 bytes  k0, k1, k2, .., k15 Key CS 450/650 Lecture 7: AES

  6. Four Operations • Byte Substitution • predefined substitution table s[i,j]  s’[i,j] • Shift Row • left circular shift • Mix Columns • 4 elements in each column are multiplied by a polynomial • Add Round Key • Key is derived and added to each column diffusion confusion diffusion and confusion confusion CS 450/650 Lecture 7: AES

  7. Shift Row (128-bit) CS 450/650 Lecture 7: AES

  8. Mix Column = * Multiplying by 1  no change Multiplying by 2  shift left one bit Multiplying by 3  shift left one bit and XOR with original value More than 8 bits  100011011 is subtracted CS 450/650 Lecture 7: AES

  9. Add Key = b’x bx kx XOR CS 450/650 Lecture 7: AES

  10. 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes Key Generation Circular left shift 1byte S-box XOR Round constant XOR CS 450/650 Lecture 7: AES

  11. DES vs AES CS 450/650 Lecture 7: AES

  12. Cryptographic Hash Functions • Message Digest Functions • Protect integrity • Create a message digest or fingerprint of a digital document • MD4, MD5, SHA • Message Authentication Codes (MACs) • Protect both integrity and authenticity • Produce fingerprints based on both a given document and a secret key CS 450/650 Lecture 7: Hash Functions

  13. Message Digest Functions • Checksums fingerprint of a message • If message changes, checksum will not match • Most checksums are good in detecting accidental changes made to a message • They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum • Message digests are designed to protect against this possibility CS 450/650 Lecture 7: Hash Functions

  14. One-Way Hash Functions Example • M = “Elvis” • H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 • H(M) = (5 + 12 + 22 + 9 + 19) mod 26 • H(M) = 67 mod 26 • H(M) = 15 M H H(M) = h CS 450/650 Lecture 7: Hash Functions

  15. Collision Example • x = “Viva” • Y = “Vegas” • H(x) = H(y) = 2 x H H(x) = y H H(y) CS 450/650 Lecture 7: Hash Functions

  16. Collision-resistant, One-way hash fnc. • Given M, • it is easy to compute h • Given any h, • it is hard to find any M such that H(M) = h • Given M1, it is difficult to find M2 • such that H(M1) = H(M2) • Functions that satisfy these criteria are called message digest • They produce a fixed-length digest (fingerprint) CS 450/650 Lecture 7: Hash Functions

  17. Message Authentication Codes • A message authentication code (MAC) is a key-dependent message digest function • MAC(M,k) = h CS 450/650 Lecture 7: Hash Functions

  18. A MAC Based on a Block Cipher M1 M1 M1 XOR XOR Encrypt … Encrypt Encrypt MAC k k k CS 450/650 Lecture 7: Hash Functions

  19. Lecture 8 Secure Hash Algorithm CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

  20. Secure Hash Algorithm (SHA) • SHA-0 1993 • SHA-1 1995 • SHA-2 2002 • SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 160-bit message digest A message composed of b bits CS 450/650 Lecture 8: Secure Hash Algorithm

  21. Step 1 -- Padding • Padding the total length of a padded message is multiple of 512 • Every message is padded even if its length is already a multiple of 512 • Padding is done by appending to the input • A single bit, 1 • Enough additional bits, all 0, to make the final 512 block exactly 448 bits long • A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm

  22. Padding (cont.) Message 1 0…0 Message length 1 bit 64 bits Multiple of 512 CS 450/650 Lecture 8: Secure Hash Algorithm

  23. Example • M = 01100010 11001010 1001 (20 bits) • Padding is done by appending to the input • A single bit, 1 • 427 0s • A 64-bit integer representing 20 • Pad(M) = 01100010 11001010 10011000 … 00010100

  24. Example • Length of M = 500 bits • Padding is done by appending to the input: • A single bit, 1 • 459 0s • A 64-bit integer representing 500 • Length of Pad(M) = 1024 bits

  25. Step 2 -- Dividing Pad(M) • Pad (M) = B1, B2, B3, …, Bn • Each Bi denote a 512-bit block • Each Bi is divided into 16 32-bit words • W0, W1, …, W15 CS 450/650 Lecture 8: Secure Hash Algorithm

  26. Step 3 – Compute W16 – W79 • To Compute word Wj (16<=j<=79) • Wj-3, Wj-8, Wj-14 , Wj-16 are XORed • The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm

  27. Step 4 – Initialize A,B,C,D,E • A = H0 • B = H1 • C = H2 • D = H3 • E = H4 CS 450/650 Lecture 8: Secure Hash Algorithm

  28. Initialize 32-bit words • H0 = 67452301 • H1 = EFCDAB89 • H2 = 98BADCFE • H3 = 10325476 • H4 = C3D2E1F0 • K0 – K19 = 5A827999 • K20 – K39 = 6ED9EBA1 • K40 – K49 = 8F1BBCDC • K60 – K79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm

  29. Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + fj(B,C,D) + E + Wj + Kj E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm

  30. Four functions • For j = 0 … 19 • fj(B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) • For j = 20 … 39 • fj(B,C,D) = (B XOR C XOR D) • For j = 40 … 59 • fj(B,C,D) = (B AND C) OR ((NOT B) AND D) • For j = 60 … 79 • fj(B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm

  31. Step 6 – Final • H0 = H0 + A • H1 = H1 + B • H2 = H2 + C • H3 = H3 + D • H4 = H4 + E CS 450/650 Lecture 8: Secure Hash Algorithm

  32. Done • Once these steps have been performed on each 512-bit block (B1, B2, …, Bn) of the padded message, • the 160-bit message digest is given by H0 H1 H2 H3 H4 CS 450/650 Lecture 8: Secure Hash Algorithm

  33. SHA CS 450/650 Lecture 8: Secure Hash Algorithm

More Related