Top Banner

Click here to load reader

1 Symmetric Key Crypto Alfred C. Weaver Tom Horton CS453 Electronic Commerce

Dec 13, 2015

ReportDownload

Documents

  • Slide 1

1 Symmetric Key Crypto Alfred C. Weaver Tom Horton CS453 Electronic Commerce Slide 2 2 Readings: Chapter 13 of Treese and Stewart textbook Web resources Weavers References Bruce Schneier, Applied Cryptography, John Wiley & Sons Andrew Tanenbaum, Computer Networks, Prentice-Hall Jim Kurose and Keith Ross, Computer Networking, Addison-Wesley Slide 3 3 Symmetric Key Encryption Plaintext Original Plaintext EncryptionDecryption Ciphertext Encryption Key Decryption Key Slide 4 4 Evaluating SKC How do you break this strategy? Whats the risk? Odd question for the moment: Is this the strategy we want for encrypting passwords for authentication? Slide 5 5 Answers Question 1: How do you break this strategy? Whats the risk? Answer: Attack the key! Can you guess it? Find it? Question 2: Is this the strategy we want for encrypting passwords for authentication? Answer: No. Use a one-way hash to convert plain-text to cipher-text. Store cipher-text on system. At authentication, hash what the user types and compare two cipher-texts for match. How to attack? Same as above. Slide 6 6 Topics What are some major (historical) SKC algorithms? DES, Triple-DES, IDEA, RC4, AES How do they work? (Hmm.) Where do they stand? How do they fit into larger systems? Slide 7 7 Data Encryption Standard Government requested white papers on proposed cryptographic standard in early 1970s IBM responded with a clever design NSA approved (and changed) the design NBS (now NIST) certified the design in 1976 as Data Encryption Standard (DES) Recertified in 1987 and 1993 Worlds most commonly used algorithm Slide 8 8 DES Iterated block cipher with 56-bit key (although 64 are specified, 8 are parity) Iterated multiple repetitions of basic algorithm DES uses 16 rounds Block cipher encrypts fixed-size data groups DES uses 8-byte (64-bit) blocks data divided into 64-bit chunks Key space 2 56 keys ~= 72 x 10 15 possible keys Slide 9 9 DES Uses a combination of confusion and diffusion every bit of the key (56 bits) and every bit of the plaintext (64 bits) affects every bit of the ciphertext (64 bits) key is shifted and massaged each round to produce a subkey plaintext is permuted, shifted, selected, and massaged against a permuted, shifted, and selected subkey 16 times each 64-bit plaintext produces a 64-bit ciphertext Slide 10 10 DES Plaintext Permutation L0R0 f L1 = R0 R1 = L0 f (R0,K1) L16 = R15 R16 = L15 f (R15,K16) Permutation Ciphertext + .. one round K1 Slide 11 11 DES 1. Plaintext enters as 64-bit block 2. Bits are permuted and divided into left- hand side (L0) and right-hand side (R0) 3. Repeat 16 rounds of encryption: (a) Key from previous round is divided into two 28-bit halves (b) Each half of key is shifted and subjected to a compression permutation that selects 48 of the 56 bits for propagation into the next round Slide 12 12 DES (c) Right-hand side R i from previous round subjected to expansion permutation that increases 32 bits into 48 bits by selective repetition of certain bits (d) Expanded, permuted right-hand side R i is exclusive-ORed with shifted, compressed key (e) Result goes through substitution box that moves the bits around and expands 32 bits into 48 bits temporarily Slide 13 13 DES (f) Temporary result goes through a permutation box that moves bits around and reduces 48 bits to 32 bits (g) Left-hand side is exclusive-ORed with output of permutation box to produce a new right-hand side (h) New left-hand side is copied from right-hand side of previous round Slide 14 14 DES At the end of 16 rounds 64-bit result permuted once more Final 64-bit ciphertext emitted Note: no security due to secrecythe algorithm has been published and studied extensively since 1975 All the security is in the key Slide 15 15 DES Decryption Use the ciphertext as the plaintext Use same initial key Run the algorithm backwards through 16 rounds, using subkeys in reverse order K16, K15, , K1 DES outputs the plaintext Many companies now offer DES on a chip so it runs at wire speed Slide 16 16 Slide 17 17 DES Implementation Java implementation of DES available at http://intercom.virginia.edu/crypto/crypto.html http://intercom.virginia.edu/crypto/crypto.html Slide 18 18 A Brief IBM / NSA History IBM needed crypto for ATM Idea began as Lucifer with 128-bit key IBM needed an export license NSA agreed to vet the algorithm NSA probably changed the S-boxes NSA told IBM to reduce the key size IBM agreed to 64 bits Production reduced it to 56 bits plus parity IBM got its export license Slide 19 19 Security of DES DES started in 1976 It was secure then but not now Jan. 1997: RSA Data Security issued a cryptographic challenge Research project DESCHALL used distributed computing (14,000 unique computers over 3 months) to crack DES with 56-bit key http://www.interhack.net/projects/deschall/ At its peak, DESCHALL was testing 7 billion keys/second Slide 20 20 Security of DES July 1998: DES Challenge II Electronic Frontier Foundation (EFF) built a DES code-cracker for $250k Cracked DES in 3 days Jan. 1999: DES Challenge III Distributed.Net used EFF DES cracker plus 100,000 PCs on the Internet to crack DES in 22 hours 15 min. Testing 245 billion keys/sec when key was found Slide 21 21 Security of DES Reported in late 90s that DES could be cracked in a few hours (presumably by NSA) Reasonable to assume that DES can now be cracked very quickly with special hardware and/or a distributed approach Slide 22 22 Weak Keys Some 56-bit keys are known to be weak 0000000 0000000 0000000 FFFFFFF FFFFFFF 0000000 FFFFFFF FFFFFFF Repeating bits do not stir well when shifted Also some possibly weak keys, but these are identified in the literature so dont use them Slide 23 23 Triple-DES Triple-DES invented to boost security Uses three separate encryption and decryption cycles with two or three unique keys Two unique keys gives 2x56=112 bit protection Three unique keys gives 3x56=168 bit protection Slide 24 24 Triple-DES DES Plaintext Ciphertext DES DES - 1 DES Key-1Key-2 Key-3 DES - 1 Slide 25 25 Triple-DES with Three Unique Keys Sender: Encrypt with Key-1 Decrypt with Key-2 (decryption has same scrambling power as encryption) Encrypt with Key-3 Receiver: Decrypt with Key-3 Encrypt with Key-2 Decrypt with Key-1 Power: 56x3=168 bit key Slide 26 26 Triple-DES with Two Unique Keys Sender: Encrypt with Key-1 Decrypt with Key-2 Encrypt with Key-1 again Receiver: Decrypt with Key-1 Encrypt with Key-2 Decrypt with Key-1 Power: 56x2=112 bit key Slide 27 27 Triple-DES with One Unique Key Sender: Encrypt with Key-1 Decrypt with Key-1 Encrypt with Key-1 Receiver: Decrypt with Key-1 Encrypt with Key-1 Decrypt with Key-1 Power: 56 bit key (exactly equal to DES) Slide 28 28 Triple-DES Why use three unique keys instead of one? thats easy! power of 168-bit key vs. 56-bit key many, many, many orders of magnitude harder to crack than DES Why use two keys instead of one? power of 112-bit key vs. 56-bit key many orders of magnitude harder to crack than DES two keys (112 bits) easier to manage than three (doubtful) 112-bit key is fairly secure today Why use one key instead of two or three? setting key1=key2=key3 makes 3DES interoperate with DES of course the power is just one 56-bit key only use would be for backward compatibility Slide 29 29 Security of DES and Triple- DES Is DES suitable for commercial transactions? today the answer is no nevertheless it is in daily, wide-spread use Triple-DES very robust, very well suited to commercial activities Slide 30 30 IDEA International Data Encryption Algorithm proposed 1992 symmetric-key, 128 bits 64-bit blocks similar in design, but different in detail, from DES Slide 31 31 IDEA Design philosophy is mixing operations from three algebraic groups XOR Addition modulo 2 16 Multiplication modulo 2 16 + 1 (substitutes for DES S-box) About twice as fast as DES Used in PGP Very strong symmetric key encryption algorithm Slide 32 32 AES NIST held a competition to replace DES Five serious entries, including 3DES Winner was Rijndael (pronounced Rhine- doll) from two co-inventors in Belgium AES is a 128-, 192-, or 256-bit block cipher Uses 128, 192, or 256 bit symmetric keys AES uses an affine transformation with a non-linear substitution box Slide 33 33 AES 3.4 x 10 38 128-bit keys 6.2 x 10 57 192-bit keys 1.1 x 10 77 256-bit keys Compare those to DESs 56-bit key with 7.2 x 10 16 keys Assume you could crack DES (i.e., full search of a 56-bit key space) in one second Then cracking AES with a 128-bit key would take 149 trillion years The universe is ~14 billion years old Slide 34 34 AES AES is the way of the future Threats: backdoor? (probably not) massive distributed computation quantum computing something we've not thought of Slide 35 35 Others RC4 Developed by Ron Rivest Will pop up in discussions of RSA, SSL Blowfish Developed by Bruce Schneier Free, fast Variable length key Slide 36 36 Summary and Whats Next A set of historical algorithms Culminating in AES DES illustrates some of the controversies and social issues inherent in cryptography PGP too Weakness Keys must be shared An alternative Public Key Encryption, possibly combined with SKC