210 likes | 384 Vues
Chapter 3 Encryption Algorithms & Systems (Part D). Outline. NP-completeness & Encryption Symmetric (secret key) vs Asymmetric (public key) Encryptions Popular Encryption Algorithms Merkle-Hellman Knapsacks RSA Encryption El Gamal Algorithms DES Hashing Algorithms Key Escrow & Clipper.
E N D
Outline • NP-completeness & Encryption • Symmetric (secret key) vs Asymmetric (public key) Encryptions • Popular Encryption Algorithms • Merkle-Hellman Knapsacks • RSA Encryption • El Gamal Algorithms • DES • Hashing Algorithms • Key Escrow & Clipper csci5233 computer security & integrity (Chap. 3)
Key Escrow and Clipper • 1993: AT&T started to market a telephone encryption device, using a new encryption key for each conversation. • Law enforcement wanted a means to break the encryption without weakening the encryption enough that interceptors could break the encryption as well. • Public concerns about government abuse of power… • The Clipper proposal NSA developed the key escrow concept (Fig. 3-20, p.119) csci5233 computer security & integrity (Chap. 3)
Key Escrow and Clipper • The Skipjack algorithm, the Clipper chip, the MOSAIC program, Fortezza, Tessera, the Capstone chip • Public reaction to the announcement of the Clipper proposal was strongly negative, mainly because the algorithm was classified. • NSA would release only hardware implementation of the algorithm, as a computer chip or as an encryption device. csci5233 computer security & integrity (Chap. 3)
Key Escrow and Clipper • Technical aspects 32 rounds of scrambling process 80-bit key 64-bit blocks of plaintext Each piece of data transmission is accompanied by a law enforcement agents’ field (LEAF): Fig. 3-21, p.121 csci5233 computer security & integrity (Chap. 3)
Key Escrow and Clipper • E( (E(k,u)&n&a), f) • Each unit has two keys. f: an 80-bit encryption key for the entire family of Clipper chips u: unique key for each of the unit, guarded by two escrow agencies (half by each) • n: a 30-bit number identifying the unit • a: an escrow authenticator • k: the session key under which a communication was encrypted csci5233 computer security & integrity (Chap. 3)
Key Escrow and Clipper • p.121: Fig. 3-21 M, the original message is encrypted by k, the session key. k, is encrypted by u, the escrow key. The encrypted k, n and a are encrypted by f, which is known to the law enforcement authority. • Steps taken by a law enforcement authority to decrypt a conversation: p.120 csci5233 computer security & integrity (Chap. 3)
Key Escrow and Clipper • 1993: A panel of cryptography experts reviewed the design of the Skipjack algorithm and concluded the design was sound and secure. • p.121 • What’s the current status of the proposal? • “Securing Cyberspace: The National Strategy”. ZDNet Tech Update. September 18, 2002. http://techupdate.zdnet.com/techupdate/filters/specialreport/0,14622,6023471,00.html csci5233 computer security & integrity (Chap. 3)
Data Encryption Standard (DES) • 1976: officially adopted as a U.S. federal standard • Was authorized for use on all public and private sector unclassified communication • Later became an international standard by the ISO • The strength of DES comes from repeated application of the two encryption techniques, substitution and permutation, one on top of the other, for a total of 16 cycles. • Product cipher: C = E2 ( E1(P) ) • A secret key method csci5233 computer security & integrity (Chap. 3)
Data Encryption Standard (DES) • 16 cycles of substitutions and permutations: Fig.3-12 (p.104) • Steps in a single cycle: Fig. 3-14, Fig. 3-16 Operates on blocks of data: 64 bits per block Splits a data block in half: left half, right half (32 bits) Scrambles each half independently: shifted left, permuted Combines the key with the right half: the result is then combined with the left half Swaps the two halves: T = right half; right half += key; right half += left half; left half = T. csci5233 computer security & integrity (Chap. 3)
Key Transformation • 64-bit key, but only 56 of the bits are used (bits 8, 16, 24, 32, 40, 48, 56, 64 are parity bits) • At each step, the key is split into two 28-bit halves. • The halves are shifted by a specified number of digits (Table 3-4, p.107), pasted together again, and then 48 of these 56 bits are permuted as a key during this step (choice permutation: Table 3-5). csci5233 computer security & integrity (Chap. 3)
Data Encryption Standard (DES) • How to combine a 32-bit right half with a 56-bit key? p.106: Fig. 3-15 Expansion permutation: The 32-bit half is expanded to 48 bits by repeating certain bits See Table 3-3, Fig. 3-17: p.107 Permuted choices: The 56-bit key is reduced to 48 bits by choosing only certain bits (See Table 3-5, p.108) • Fig. 3-16: a detailed single cycle csci5233 computer security & integrity (Chap. 3)
Substitutions and S-boxes • An S-box is a table in which 6 bits of data are replaced by 4 bits. • The 48-bit input is divided into eight 6-bit blocks 8 S-boxes for substitutions (Table 3-6, p.109) • Substitutions by S-boxes (Fig. 3-18, p.108) csci5233 computer security & integrity (Chap. 3)
S-box substitutions • Use Table 3-6 • Input: Bj = 6 bits (b1 b2 b3 b4 b5 b6) • Output: a 4-bit binary number • Process: • r = b1 b6 • c = b2 b3 b4 b5 • result = the value at (r, c) of the S-box j (Sj) of Table 3-6. • Convert the result to a binary number. csci5233 computer security & integrity (Chap. 3)
S-box substitutions • Example: p.108 Input = Bj =B7 = 010011b r = 01b = 1 c = 1001b = 9 result = (r, c) = (1, 9) in S7 = 3 = 0011b • Suppose the Input = B4 = 101010b. What’s the output of the substitution? csci5233 computer security & integrity (Chap. 3)
P-box permutations • Permutations: Initial permutation Permutation in each cycle Final inverse permutation • inverse & final permutations: Table 3-8, 3-9, p.110 • Per-cycle permutation: p.109: Table 3-7 Examples Bit 1 bit 9 Bit 23 bit 11 Bit 19 ? Bit 27 ? csci5233 computer security & integrity (Chap. 3)
Summary of DES Encryption • Fig. 3-19, p.111 • Input = (64-bit data block, 64-bit key) • process 64-bit key 56 bits Initial permutation 16 cycles: Key transformation (split, shift, permuted) Data blocks substitution & permutation Lj = Rj-1 ; Rj = Lj-1 XOR f(Rj-1, kj) S-boxes, P-boxes Final permutation • Output = 64-bit ciphertext csci5233 computer security & integrity (Chap. 3)
DES Decryption • Encryption: (Lj-1 ,Rj-1) (Lj ,Rj) Lj = Rj-1 ; Rj = Lj-1 XOR f(Rj-1, kj) • Decryption: (Lj ,Rj) (Lj-1 ,Rj-1) Rj-1 =Lj Lj-1 = Rj XOR f(Lj, kj) • Reverse key transformation csci5233 computer security & integrity (Chap. 3)
Security of the DES • DES is in general a secure method; although it suffers minor weakness caused by complements, weak keys, design, key clustering, and differential cryptanalysis. • Nobody has yet shown serious flaws in the DES, nor do people really believe that hardware power has reached the point where a brute force attack can feasibly break the DES. • The problem with DES is not that it is known, or even suspected, to have been broken; it is just becoming more likely that it could be broken. A “black box” approach (the NSA’s Clipper program) csci5233 computer security & integrity (Chap. 3)
NSA’s Role in Computer Security • 1984: President Reagan issued the National Security Decision Directive ("NSDD") 145. • NSDD-145 gave NSA the authority to develop a national policy on computer and communications security. • 1987: The “Computer Security Act of 1987” gave the responsibility to NIST. An important point of this law is that it places an entirely new emphasis on computer security, not only on classified data, but also on unclassified information that are national interest. csci5233 computer security & integrity (Chap. 3)
Summary • Hard problems • Asymmetric Encryptions: • Merkle-Hellman Knapsacks • RSA Encryption • El Gamal Algorithms • Symmetric Encryptions: • DES • Key Escrow & Clipper • Hashing Algorithms • Next: Ch. 4 (Protocols and practices) csci5233 computer security & integrity (Chap. 3)