Computer Systems Security Cryptography Topic 2 Sources: Pfleeger

1
Computer Systems SecurityCryptography Topic
2Sources Pfleeger W. Stallings

• Pirooz Saeidi

2
Where we have got so far

• Early lectures introduced the elementary
  cryptography,
• defining terms and definitions in symmetric and
  asymmetric encryption.
• We also gave an overview of classic algorithms
  such as DES, AES and
• public key Encryption with reference to RSA
  public key cryptosystem.

3
Where we have got so far

• We then last week covered the mathematics of
  cryptography and
• The remaining lectures on cryptography will
  expand on those algorithms.
• We will first look at symmetric algorithms and
  then public key encryption systems.

4
Symmetric Algorithms

• Fundamental concepts
• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)

5
Symmetric Encryption Fundamental concepts

• Before we give a detailed description of DES and
  AES recall these points
• Confusion change plaintext so that the
  corresponding plaintext is not apparent.
• The basic tool is substitution. At this point we
  can introduce the key.
• Diffusion spread the effect of change in the
  plaintext throughout the resulting ciphertext.
• Can be accomplished by permutations.

6
Symmetric Encryption Fundamental concepts

• More Definitions Block and Stream Ciphers
• Block cipher
• Data is broken into fixed-size blocks, and
  encrypted a block at a time
• Blocks are padded out if necessary
• conventional block size 64 bit
• Stream cipher
• Data is encrypted one bit at a time.
• Most algorithms now use block ciphers

7
Symmetric Encryption Fundamental concepts

• Feistel Ciphers
• Iterated block ciphers
• Ciphertext is calculated from plaintext by
  repeated application of the same transformation
  operation.
• Encryption and decryption are identical. i.e.
  The sub key order is reversed for decryption
• It is a very efficient implementation.

8
Symmetric Encryption Fundamental concepts
(Feistel Ciphers)

• The multiple rounds of repeated work take one or
  more of these forms
• Nonlinear functions using Substitution-
• Usually represented by S-boxes, which are
  table-driven substitutions
• Bit shuffling or permutations-
• Can use P-boxes.
• Linear mixing using modular algebra (XOR)
• The output of the S-boxes can be passed through
  a p-box which permutes the bits into a new order.

9
DES Data Encryption Standard

• Developed by IBM and adopted by the U.S.
  government in 1977 as its official standard.
• Key is 56 bits and data is encrypted in blocks of
  64 bits at a time.
• Uses a mixture of substitution and transposition
  multiple times.
• Key can be fed in as 64 bits and reduced to 56 by
  the elimination of each 8th bit (parity bits
  carry no information on key)

10
Data Encryption Standard (DES)

• DES algorithm is based on repeated application of
  substitution and permutation
• For a total of 16 cycles. The cycles are shown in
  the diagram.

11
DES Algorithm Plaintext is 64 bits and Key is 56
bits

• The left-hand side of figure shows the processing
  of plaintext in 3 phases
• The 64-bit plaintext passes through an initial
  permutation (IP) that rearranges bits to produce
  the permutated input.
• This phase repeats 16 iterations of the same
  function. The output of the last (16th) iteration
  consists of 64 bits that are a function of the
  input plaintext and the key. The left and right
  halves of output are swapped to produce the
  pre-output.

12
DES Algorithm

• The pre-output is passed through a permutation
  that is the inverse of the initial permutation
  function. This produces the 64-bit ciphertext.

13
DES Algorithm

• The right hand-side of this figure shows the way
  a 56-bit key is used
• The key is passed through a permutation
  function.
• For each of 16 iterations a sub-key is produced
  (ki) by the combination of left circular shift
  and a permutation. This function is the same for
  each iteration.

14
DES Algorithm The Feistel Cipher Structure
15
DES Algorithm Details of each Cycle

• Each cycle is four separate operations
• The right data half is expanded from 32 bits to
  48.
• It is then combined with a form (permutation) of
  the key.
• The result is then substituted for another
  result and compressed to 32 bits at the same
  time.
• The 32 bits are permutated and then combined with
  the left data half to rearrange a new right data
  half.
• The new left data half is then replaced by the
  old right data half

16
DES Algorithm Details of each Cycle
Right data half
Keys shifted 56 bits
Left data half
Keys permutated (48 bits)
New left data half
New right data half
17
DES Details of each Cycle Expansion Permutation

• Makes the intermediate halves of cipher text
  comparable in size to the key.
• Each right half is expanded from 32 to 48 bits
• The expansion permutes the order of the bits and
  also repeats some certain bits.
• The expansion permutation is defined in the
  following table.

18
DES Details of each Cycle Expansion Permutation

• For each 4-bit block, the first and fourth bits
  are duplicated, but the second and third are used
  only once. Table 1 shows to which output
  positions the input bit moves (Expand 32 16
  48)

Table 1Expansion Permutation
19
DES Details of each CycleKey Transformation(see
RHS of Slide 16)

• In order to generate sixteen 48-bit sub-keys from
  the 56-bit key, the following process is used at
  each cycle
• The key is split into two 28-bit halves
• Shift left each half by a specified number of
  digits (see table 2)
• Paste the halves together again
• Permutate 48 of these 56 bits to use as key for
  this cycle
• Using an XOR combine the key with the expanded
  right half
• Move that result into S-boxes (will see shortly)

20
DES Details of each CycleKey Transformation

• The number of bits shifted are shown in table 2

21
DES Details of each CycleKey Transformation

• After being shifted, 48 of these 56 bits are
  extracted for XOR combination with the right
  half.
• The choice permutation that selects these 48-bits
  is shown in table 3.
• For example bit 2 of the shifted key goes to
  position 12,

22
DES Details of each CycleKey Transformation

• Table 3 Choice permutation to select 48 bits

56-8(not selected)48
23
DES S-Boxes

• Substitutions are performed by 8 S-boxes.
• An S-box is a permutated choice function by which
  6 bits of data are replaced by four bits.
• The 48-bit input is divided into eight 6-bit
  blocks B1,B2B8. Block Bj is operated on by S-box
  Sj.
• Bits 1-6 are the input to S-box 1.
• Bits 7-12 are the input to S-box 2, etc.

24
DES S-Boxes

• The S-box uses substitution based on a table of 4
  rows and 16 columns to transform 6-bit blocks to
  4-bit blocks.
• Suppose block Bj is the 6-bits b1,b2,b3,b4,b5,b6.
  
• Bits b1 and b2 together form a 2-bit binary
  number b1b2, having a decimal value between 0-3
  (call this value r).
• Bits b3, b4, b5 and b6 form a 4-bit binary number
  b3b4b5b6 having a decimal value between 0-15.
  Call this number c.
• The substitution from S-boxes transform each
  6-bit Bj into the 4-bit result shown in row r,
  column c of section Si of this table.
• Example of S-box 1 is shown in next slide.

25
S-boxes Example for S1 table
Is the table entry from
26
DES S-Boxes

• The S-box uses substitution used by DES.

27
DES P-Boxes

• After an S-box substitution, all 32 bits of a
  result are permutated by a straight permutation
  P. Table 4 shows the position to which the bits
  are moved.
• Similar tables will be used for initial and final
  permutations.

Goes to Position
28
DES Complete DES

• Putting all pieces back together.
• First the key was reduced to 56 bits.
• Then a block of 64 data bits is permutated by
  initial permutation.
• Next 16 cycles in which the key is shifted and
  permutated.
• Half of the data block is transformed with the
  substitution and permutation functions
• The result is combined with the remaining half of
  the data block
• After the last cycle, the data block is
  permutated with the final permutation.

29
DES The Decryption process

• The process is symmetric. Cycle J derives from
  cycle (j-1) as follows

Lj Rj-1 (1) Rj Lj-1 XOR f ( Rj-1,
Kj) (2) f is a function computed in an
expand-shift-substitute-permute cycle By
rewriting the equation in terms of Rj-1 and Lj-1,
we get Rj-1 Lj (3) and Lj-1 Rj XOR f (
Rj-1, Kj ) (4) substitute (3) into (4) Lj-1 Rj
XOR f ( Lj, Kj ) (5) Function f is used
forward to encrypt and backward to decrypt. The
only change is that the keys must be taken in the
reverse order (k16, K15,K1) for decryption
30
DES ECB

• DES in ECB form (Electronic Code Book)
• When used in this unmodified form each block of
  64 bits of plaintext is replaced by 64 bits of
  encrypted text
• this type of encryption is called Electronic Code
  Book and is really a 64 bit substitution Cipher.

31
DES CBC (cipher Block Chaining Mode)
Each block of ECB encrypted ciphertext is XORed
with the next plaintext block to be encrypted
32
Triple DES EDE form

• Uses three keys and three executions of DES
  algorithm
• The function follows an encrypt-decrypt-encrypt
  (EDE) sequence.
• In the next diagram P is the plaintext and C is
  the cipher text

33
Triple DES EDE form
34
Triple DES EDE form

• The input key is 192 bits (24 characters) as is
  broken into three keys. First, DES is used to
  encrypt a file using the first key. Then the file
  is decrypted using the second key. The final step
  is to encrypt the file again using the third key.
  
• If all three 64 bit keys are the same, Triple DES
  is identical to original DES.
• This method of encryption is much more secure
  than original DES.

35
Alternatives to DES

• IDEA (International Data Encryption Algorithm)
  iuses
• Key length is 128 bits.
• Total number of keys is 2128 3402823669209000000
  00000000000000000000

36
Advanced Encryption Standard (AES)

• In 1997 NIST issued a call for a new encryption
  system
• With several restrictions to be placed on the
  candid algorithm. The criteria were
• Security
• Cost
• Algorithm and implementation characteristics
• Among the 5 finalists Rijndael algorithm (Joan
  Daemen and Vincent Rijmen) was chosen.

37
AES Motivations

• The Replacement for DES
• Known vulnerabilities
• Broken by exhaustive key search attack
• Triple DES secure but slow
• A new standard was required with these
  characteristics
• Secure
• With practical cryptanalysis and resist the known
  attacks
• Cost effective
• Simple implementation, flexible and portable

38
AES Origin

• The project originally started in 1997 and took
  several years to finish
• Requirements by The NIST specified
• Algorithm unclassified and publicly available
• Available royalty free world wide
• Symmetric key
• Operates on data blocks of 128 bits
• Key sizes of 128, 192, and 256 bits
• Fast, secure, and portable
• Active life of 20-30 years
• Provides full specifications

39

• AES Finalists were

40
Rijndael Algorithm

• Was selected because it offered the best
  combination of security, performance, efficiency,
  ease of implementation, and flexibility
• Can use block size 128 and variable key length
• In 2001 it was formally adopted by U.S.
  government, and NIST relied heavily on public
  analysis of the algorithm.

41
Structure of AES

• Key length can be 128, 192, or 256 bits
• Block size 128
• Processed as 4 groups of 4 bytes called state.
• Operates on the entire block in every round
• Number of rounds depending on key size
• Key 128 bits 9 rounds
• Key192 bits 11 rounds
• Key256 bits 13 rounds

42
Structure of AES

• We can think of the 128-block of AES as a 4 by 4
  matrix, called the state.
• We can present the state as the matrix
  s0,0..s3,3.
• The state can be filled from input in columns.
  For example the 16 byte input b0, b1,b15 are
  represented in the state as shown in table 5.
• Rijindael performs some of the operations in
  columns, and some in rows.

43
Structure of AES

• State representation of a given block of bytes
• Rijindael implements a form of columnar
  transposition

StateRow,ColumnByteRow4Column
44
AES Rijndael Basic Steps

• The four steps are as follows
• Byte Substitution Non-linear function for
  confusion
• S-box used on every byte. Si,j becomes si,j
• Shift Rows Linear mixing function for diffusion
• Rows of S are permutated by left circular shift
• The first i elements of row i are shifted around
  to the end
• Mix columns Transformation on columns of S under
  which the 4 elements of each column are
  multiplied by a polynomial
• Defusing each element of the column over all
  these four elements
• Shifting left and XOR bits
• Effect matrix multiplication
• Add Round Key incorporates key and creates
  confusion
• Derive unique key and add to each column
• All operations can be combined into XOR and table
  look-ups
• This is a very efficient and fast method

45
AES Rijndael mathematics

• Rijndael is defined in the Galois field GF (28)
  by the irreducible polynomial
• In this mathematical system a number is
  represented as a series of coefficients to this
  eighth-degree polynomial. For example, the number
  23, is represented in binary as 10111, is the
  polynomial.

P x8 x4 x3 x 1
P 1 x4 0 x3 1 x2 1 x 1
46
AES Rijndael mathematics

• Addition of coefficients is performed (mod 2)
• So the addition will be the same as subtraction
  as well as XOR
• For example 00 0
• 1 0 0 1 1
• 1 1 0
• Multiplication on polynomials
• (x31)(x4x) (x7 x4 x4x) x7 x
• The mathematics of Galois fields are beyond the
  scope of this module but are the important
  foundation to encryption in AES. As we get into
  the details of Rijndael we will point out the use
  of Galois Field.

47
Next Week

• Details of these four steps
• Conclude AES
• Public Key Encryption System
• Other aspects of Cryptography

48
Case Study 1

• Investigate the following
• Security of DES in terms of
• Design of algorithm and mechanisms used
• Number of iterations
• Key length
• Weak keys
• Key clustering
• Or any other issues .

49
Case Study 2

• Investigate the following Encryption algorithms.
• Use the following sites or your preferred sources
• Blowfish
• http//www.finecrypt.net/blowfish.html
• RC5
• http//www.cse.ohio-state.edu/cgi-bin/rfc/rfc2040.
  html
• CAST
• http//www.faqs.org/rfcs/rfc2144.html
• RC2
• http//www.faqs.org/rfcs/rfc2268.html