Data Encryption Standard DES

1
Data Encryption Standard (DES)

• Developed in 1970s for the U.S. Govt, intended
  for use by the public
• Uses combinations of substitution and
  transposition (16 cycles)
• Uses a 64 bit key (8 bits for check digits) to
  encrypt blocks of 64 bits
• Output bits have no obvious relationship to the
  input bits and are spread. Substitution provides
  the confusion and transposition provides the
  diffusion

2
Data Encryption Standard (DES)

• Double DES E(k2, E(k1,m)) no better than DES
  (only doubles the work)
• Triple DES - E(k1, D(k2, E(k1,m)) doubles the
  effective key length
• Any change to the algorithm weakens it
• 1998 - 100,000 computer determined the DES key
  in 4 days

3
Advanced Encryption Standard (AES)

• Adopted in Dec. 2001 (more efficient than other
  candidates)
• 9,11, or 13 cycles for keys of 128, 192, and 256
  bits)
• Each cycle consists of
• Byte substitution - similar to DES
• Shift - row transposition
• Mix column -left shift and XOR bits
• Add subkey XOR portion of key with cycle result

4
Comparison of DES and AES
5
Public Key Encryption (Asymmetric Key)

• Uses two keys (one private for decryption and one
  public for encryption) P D(kPRIV, E(kPUB, P))
• Requires less keys and simplifies distribution of
  keys
• P D(kPUB, E(kPRIV, P)) can be used for
  authentication

6
Comparing Secret Key and Public Key Encryption
7
Rivst-Shamir-Adelman (RSA) Encryption

• Public key algorithm introduced in 1978
• No serious flaws found
• Uses number theory and large prime numbers
• P D(kPRIV, E(kPUB, P)) D(kPUB, E(kPRIV, P))
  where the two keys are interchangeable

8
RSA Algorithm

• Alice picks two large prime numbers (assume p17,
  q11) which are kept secret
• Multiply N pq 187 and select e such that e
  and (p-1)(q-1) are relatively prime, e.g. e 7
• Publish the public key e and N
• Bob uses the public key to encrypt message M (in
  numeric form) to ciphertext C
• C Me (mod N) ex. M X (10110002 8810)
• C 887 (mod 187) 59,977,368 (mod 187) 11
• Bob sends 11 to Alice
• Since Alice knows p and q, she can calculate the
  private key (d)
• e x d 1 (mod (p-1)(q-1))
• 7 d 1 (mod 1610)
• d 23
• Alice decrypts the message C using M Cd (mod
  187)
• M 1123 (mod 187) 88 (which is ASCII for X)

9
Uses of Encryption

• Cryptographic Hash Functions
• Uses one-way functions to compute a value (hash,
  checksum, message digest) to ensure integrity of
  a file or message. sender use an algorithm to
  compute the value which is sent with the message.
  The receiver uses the same algorithm to compute
  the value and compare with the sent value.
• MD4/5 (Message Digest) use 12-bit digest
• SHA/SHS (Secure Hash Algorithm/Standard) uses a
  160-bit digest

10
Uses of Encryption

• Key Exchange
• Want to send a protected message to someone who
  you do not know and who does not know you
  (requires 4 keys)
• Sender encrypts with his private key, followed by
  receivers public key
• C E(kPUB-R, E(kPRIV-S, M)
• Receiver decrypts first with his private key,
  followed by the senders public key

11
Uses of Encryption

• Digital Signatures
• Transfer electronically a secure document (e.g.
  check)
• Digital signature is a protocol that produces the
  same effect as a real signature it is a mark
  that only the sender can make, but other people
  can easily recognize as belonging to the sender
• Must be unforgeable
• Must be authentic
• Should not be alterable
• Should not be reusable
• If S wishes to send M to R, S produces E(M,
  Kpriv-S) which R decodes using Ss public key.

12
Uses of Encryption

• Certificates
• Trust through a common respected individual
• Certificates to Authenticate an Identity
• Public key and users identify are bound together
  in a certificate, which is signed by a
  certificate authority (similar to a notary
  public)
• Root certification authorities Verisign,
  SecureNet, Deutsche Telecom,

13
Key Distribution Protocols

• What operational restrictions are there?
• What trust requirements are there?
• What is the protection against failure?
• How efficient is the protocol?
• How easy is the protocol to implement?