Why Computer Security

About This Presentation

Title:

Why Computer Security

Description:

Malicious codes (viruses, worms, etc.) caused over $28 billion in economic ... An attack is any action that violates security. Active adversary ... – PowerPoint PPT presentation

Number of Views:86

Avg rating:3.0/5.0

Slides: 108

Provided by: fei1

Learn more at: https://users.cs.northwestern.edu

Category:

more less

Transcript and Presenter's Notes

Title: Why Computer Security

1
Why Computer Security

The past decade has seen an explosion in the
concern for the security of information
Malicious codes (viruses, worms, etc.) caused
over 28 billion in economic losses in 2003, and
will grow to over 75 billion by 2007
Jobs and salaries for technology professionals
have lessened in recent years. BUT
Security specialists markets are expanding !
Full-time information security professionals
will rise almost 14 per year around the world,
going past 2.1 million in 2008 (IDC report)

2
Why Computer Security (contd)

Internet attacks are increasing in frequency,
severity and sophistication
Denial of service (DoS) attacks
Cost 1.2 billion in 2000
1999 CSI/FBI survey 32 of respondents detected
DoS attacks directed to their systems
Thousands of attacks per week in 2001
Yahoo, Amazon, eBay, Microsoft, White House,
etc., attacked

3
Why Computer Security (contd)

Virus and worms faster and powerful
Melissa, Nimda, Code Red, Code Red II, Slammer
Cause over 28 billion in economic losses in
2003, growing to over 75 billion in economic
losses by 2007.
Code Red (2001) 13 hours infected gt360K machines
- 2.4 billion loss
Slammer (2003) 10 minutes infected gt 75K
machines - 1 billion loss
Spams, phishing
New Internet security landscape emerging BOTNETS
!

4
Outline

History of Security and Definitions
Overview of Cryptography
Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)
Asymmetric Cipher
One-way Hash Functions and Message Digest

5
The History of Computing

For a long time, security was largely ignored in
the community
The computer industry was in survival mode,
struggling to overcome technological and economic
hurdles
As a result, a lot of comers were cut and many
compromises made
There was lots of theory, and even examples of
systems built with very good security, but were
largely ignored or unsuccessful
E.g., ADA language vs. C (powerful and easy to
use)

6
Computing Today is Very Different

Computers today are far from survival mode
Performance is abundant and the cost is very
cheap
As a result, computers now ubiquitous at every
facet of society
Internet
Computers are all connected and interdependent
This codependency magnifies the effects of any
failures

7
Biological Analogy

Computing today is very homogeneous.
A single architecture and a handful of OS
dominates
In biology, homogeneous populations are in danger
A single disease or virus can wipe them out
overnight because they all share the same
weakness
The disease only needs a vector to travel among
hosts
Computers are like the animals, the Internet
provides the vector.
It is like having only one kind of cow in the
world, and having them drink from one single pool
of water!

8
The Spread of Sapphire/Slammer Worms
9
The Flash Worm

Slammer worm infected 75,000 machines in lt15
minutes
A properly designed worm, flash worm, can take
less than 1 second to compromise 1 million
vulnerable machines in the Internet
The Top Speed of Flash Worms. S. Staniford, D.
Moore, V. Paxson and N. Weaver, ACM WORM Workshop
2004.
Exploit many vectors such as P2P file sharing,
intelligent scanning, hitlists, etc.

10
The Definition of Computer Security

Security is a state of well-being of information
and infrastructures in which the possibility of
successful yet undetected theft, tampering, and
disruption of information and services is kept
low or tolerable
Security rests on confidentiality, authenticity,
integrity, and availability

11
The Basic Components

Confidentiality is the concealment of information
or resources.
E.g., only sender, intended receiver should
understand message contents
Authenticity is the identification and assurance
of the origin of information.
Integrity refers to the trustworthiness of data
or resources in terms of preventing improper and
unauthorized changes.
Availability refers to the ability to use the
information or resource desired.

12
Security Threats and Attacks

A threat/vulnerability is a potential violation
of security.
Flaws in design, implementation, and operation.
An attack is any action that violates security.
Active adversary
An attack has an implicit concept of intent
Router mis-configuration or server crash can also
cause loss of availability, but they are not
attacks

13
Friends and enemies Alice, Bob, Trudy

well-known in network security world
Bob, Alice (lovers!) want to communicate
securely
Trudy (intruder) may intercept, delete, add
messages

Alice
Bob
data, control messages
channel
secure sender
secure receiver
data
data
Trudy
14
Eavesdropping - Message Interception (Attack on
Confidentiality)

Unauthorized access to information
Packet sniffers and wiretappers
Illicit copying of files and programs

B
A
Eavesdropper
15
Integrity Attack - Tampering With Messages

Stop the flow of the message
Delay and optionally modify the message
Release the message again

B
A
Perpetrator
16
Authenticity Attack - Fabrication

Unauthorized assumption of others identity
Generate and distribute objects under this
identity

B
A
Masquerader from A
17
Attack on Availability

Destroy hardware (cutting fiber) or software
Modify software in a subtle way (alias commands)
Corrupt packets in transit
Blatant denial of service (DoS)
Crashing the server
Overwhelm the server (use up its resource)

18
Classify Security Attacks as

Passive attacks - eavesdropping on, or monitoring
of, transmissions to
obtain message contents, or
monitor traffic flows
Active attacks modification of data stream to
masquerade of one entity as some other
replay previous messages
modify messages in transit
denial of service

19
Outline

Overview of Cryptography
Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)
Asymmetric Cipher
One-way Hash Functions and Message Digest

20
Basic Terminology

plaintext - the original message
ciphertext - the coded message
cipher - algorithm for transforming plaintext to
ciphertext
key - info used in cipher known only to
sender/receiver
encipher (encrypt) - converting plaintext to
ciphertext
decipher (decrypt) - recovering ciphertext from
plaintext
cryptography - study of encryption
principles/methods
cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext
without knowing key
cryptology - the field of both cryptography and
cryptanalysis

21
Classification of Cryptography

Number of keys used
Hash functions no key
Secret key cryptography one key
Public key cryptography two keys - public,
private
Type of encryption operations used
substitution / transposition / product
Way in which plaintext is processed
block / stream

22
Secret Key vs. Secret Algorithm

Secret algorithm additional hurdle
Hard to keep secret if used widely
Reverse engineering, social engineering
Commercial published
Wide review, trust
Military avoid giving enemy good ideas

23
Cryptanalysis Scheme

Ciphertext only
Exhaustive search until recognizable plaintext
Need enough ciphertext
Known plaintext
Secret may be revealed (by spy, time), thus
ltciphertext, plaintextgt pair is obtained
Great for monoalphabetic ciphers
Chosen plaintext
Choose text, get encrypted
Pick patterns to reveal the structure of the key

24
Unconditional vs. Computational Security

Unconditional security
No matter how much computer power is available,
the cipher cannot be broken
The ciphertext provides insufficient information
to uniquely determine the corresponding plaintext
Only one-time pad scheme qualifies
Computational security
The cost of breaking the cipher exceeds the value
of the encrypted info
The time required to break the cipher exceeds the
useful lifetime of the info

25
Brute Force Search

Always possible to simply try every key
Most basic attack, proportional to key size
Assume either know / recognise plaintext

Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs
32 232 4.3 ? 109 231 µs 35.8 minutes 2.15 milliseconds
56 256 7.2 ? 1016 255 µs 1142 years 10.01 hours
128 2128 3.4 ? 1038 2127 µs 5.4 ? 1024 years 5.4 ? 1018 years
168 2168 3.7 ? 1050 2167 µs 5.9 ? 1036 years 5.9 ? 1030 years
26 characters (permutation) 26! 4 ? 1026 2 ? 1026 µs 6.4 ? 1012 years 6.4 ? 106 years
26
Outline

Overview of Cryptography
Classical Symmetric Cipher
Substitution Cipher
Transposition Cipher
Modern Symmetric Ciphers (DES and AES)
Asymmetric Cipher
One-way Hash Functions and Message Digest

27
Symmetric Cipher Model
28
Requirements

Two requirements for secure use of symmetric
encryption
a strong encryption algorithm
a secret key known only to sender / receiver
Y EK(X)
X DK(Y)
Assume encryption algorithm is known
Implies a secure channel to distribute key

29
Classical Substitution Ciphers

Letters of plaintext are replaced by other
letters or by numbers or symbols
Plaintext is viewed as a sequence of bits, then
substitution replaces plaintext bit patterns with
ciphertext bit patterns

30
Caesar Cipher

Earliest known substitution cipher
Replaces each letter by 3rd letter on
Example
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB

31
Caesar Cipher

Define transformation as
a b c d e f g h i j k l m n o p q r s t u v w x y
z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B
C
Mathematically give each letter a number
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar cipher as
C E(p) (p k) mod (26)
p D(C) (C k) mod (26)

32
Cryptanalysis of Caesar Cipher

Only have 25 possible ciphers
A maps to B,..Z
Given ciphertext, just try all shifts of letters
Do need to recognize when have plaintext
E.g., break ciphertext "GCUA VQ DTGCM"

33
Monoalphabetic Cipher

Rather than just shifting the alphabet
Could shuffle (jumble) the letters arbitrarily
Each plaintext letter maps to a different random
ciphertext letter
Key is 26 letters long
Plain abcdefghijklmnopqrstuvwxyz
Cipher DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext ifwewishtoreplaceletters
Ciphertext WIRFRWAJUHYFTSDVFSFUUFYA

34
Monoalphabetic Cipher Security

Now have a total of 26! 4 x 1026 keys
Is that secure?
Problem is language characteristics
Human languages are redundant
Letters are not equally commonly used

35
English Letter Frequencies
Note that all human languages have varying letter
frequencies, though the number of letters and
their frequencies varies.
36
Example Cryptanalysis

Given ciphertext
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies (see text)
Guess P Z are e and t
Guess ZW is th and hence ZWP is the
Proceeding with trial and error finally get
it was disclosed yesterday that several informal
but
direct contacts have been made with political
representatives of the viet cong in moscow

37
One-Time Pad

If a truly random key as long as the message is
used, the cipher will be secure - One-Time pad
E.g., a random sequence of 0s and 1s XORed to
plaintext, no repetition of keys
Unbreakable since ciphertext bears no statistical
relationship to the plaintext
For any plaintext, it needs a random key of the
same length
Hard to generate large amount of keys
Have problem of safe distribution of key

38
Transposition Ciphers

Now consider classical transposition or
permutation ciphers
These hide the message by rearranging the letter
order, without altering the actual letters used
Any shortcut for breaking it?
Can recognise these since have the same frequency
distribution as the original text

39
Rail Fence Cipher

Write message letters out diagonally over a
number of rows
Then read off cipher row by row
E.g., write message out as
m e m a t r h t g p r y
e t e f e t e o a a t
Giving ciphertext
MEMATRHTGPRYETEFETEOAAT

40
Product Ciphers

Ciphers using substitutions or transpositions are
not secure because of language characteristics
Hence consider using several ciphers in
succession to make harder, but
Two substitutions make another substitution
Two transpositions make a more complex
transposition
But a substitution followed by a transposition
makes a new much harder cipher
This is bridge from classical to modern ciphers

41
Rotor Machines

Before modern ciphers, rotor machines were most
common complex ciphers in use
Widely used in WW2
German Enigma, Allied Hagelin, Japanese Purple
Implemented a very complex, varying substitution
cipher

42
Outline

Overview of Cryptography
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES/AES)
Asymmetric Cipher
One-way Hash Functions and Message Digest

43
Block vs Stream Ciphers

Block ciphers process messages in into blocks,
each of which is then en/decrypted
Like a substitution on very big characters
64-bits or more
Stream ciphers process messages a bit or byte at
a time when en/decrypting
Many current ciphers are block ciphers, one of
the most widely used types of cryptographic
algorithms

44
Block Cipher Principles

Most symmetric block ciphers are based on a
Feistel Cipher Structure
Block ciphers look like an extremely large
substitution
Would need table of 264 entries for a 64-bit
block
Instead create from smaller building blocks
Using idea of a product cipher

45
Ideal Block Cipher
46
Substitution-Permutation Ciphers

Substitution-permutation (S-P) networks Shannon,
1949
modern substitution-transposition product cipher
These form the basis of modern block ciphers
S-P networks are based on the two primitive
cryptographic operations
substitution (S-box)
permutation (P-box)
provide confusion and diffusion of message

47
Confusion and Diffusion

Cipher needs to completely obscure statistical
properties of original message
A one-time pad does this
More practically Shannon suggested S-P networks
to obtain
Diffusion dissipates statistical structure of
plaintext over bulk of ciphertext
Confusion makes relationship between ciphertext
and key as complex as possible

48
Feistel Cipher Structure

Feistel cipher implements Shannons S-P network
concept
based on invertible product cipher
Process through multiple rounds which
partitions input block into two halves
perform a substitution on left data half
based on round function of right half subkey
then have permutation swapping halves

49
Feistel Cipher Structure
50
Feistel Cipher Decryption
51
DES (Data Encryption Standard)

Published in 1977, standardized in 1979.
Key 64 bit quantity8-bit parity56-bit key
Every 8th bit is a parity bit.
64 bit input, 64 bit output.

64 bit M
64 bit C
DES Encryption
56 bits
52
DES Top View
56-bit Key
64-bit Input
48-bit K1
Generate keys
Permutation
Initial Permutation
48-bit K1
Round 1
48-bit K2
Round 2
...
48-bit K16
Round 16
Swap 32-bit halves
Swap
Final Permutation
Permutation
64-bit Output
53
DES Standard

Cipher Iterative Action
Input 64 bits
Key 48 bits
Output 64 bits

Key Generation Box
Input 56 bits
Output 48 bits

One round (Total 16 rounds)
54
DES Box Summary

Simple, easy to implement
Hardware/gigabits/second, software/megabits/second
56-bit key DES may be acceptable for non-critical
applications but triple DES (DES3) should be
secure for most applications today
Supports several operation modes (ECB CBC, OFB,
CFB) for different applications

55
Avalanche Effect

Key desirable property of encryption alg
Where a change of one input or key bit results in
changing more than half output bits
DES exhibits strong avalanche

56
Strength of DES Key Size

56-bit keys have 256 7.2 x 1016 values
Brute force search looks hard
Recent advances have shown is possible
in 1997 on a huge cluster of computers over the
Internet in a few months
in 1998 on dedicated hardware called DES
cracker by EFF in a few days (220,000)
in 1999 above combined in 22hrs!
Still must be able to recognize plaintext
No big flaw for DES algorithms

57
DES Replacement

Triple-DES (3DES)
168-bit key, no brute force attacks
Underlying encryption algorithm the same, no
effective analytic attacks
Drawbacks
Performance no efficient software codes for
DES/3DES
Efficiency/security bigger block size desirable
Advanced Encryption Standards (AES)
US NIST issued call for ciphers in 1997
Rijndael was selected as the AES in Oct-2000

58
AES

Private key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger faster than Triple-DES
Provide full specification design details
Evaluation criteria
Security effort to practically cryptanalysis
Cost computational efficiency and memory
requirement
Algorithm implementation characteristics
flexibility to apps, hardware/software
suitability, simplicity

59
AES Shortlist

After testing and evaluation, shortlist in
Aug-99
MARS (IBM) - complex, fast, high security margin
RC6 (USA) - v. simple, v. fast, low security
margin
Rijndael (Belgium) - clean, fast, good security
margin
Serpent (Euro) - slow, clean, v. high security
margin
Twofish (USA) - complex, v. fast, high security
margin
Then subject to further analysis comment

60
Outlines

Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)
Asymmetric Cipher
One-way Hash Functions and Message Digest

61
Private-Key Cryptography

Private/secret/single key cryptography uses one
key
Shared by both sender and receiver
If this key is disclosed communications are
compromised
Also is symmetric, parties are equal
Hence does not protect sender from receiver
forging a message claiming is sent by sender

62
Public-Key Cryptography

Probably most significant advance in the 3000
year history of cryptography
Uses two keys a public a private key
Asymmetric since parties are not equal
Uses clever application of number theoretic
concepts to function
Complements rather than replaces private key
crypto

63
Public-Key Cryptography

Public-key/two-key/asymmetric cryptography
involves the use of two keys
a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
a private-key, known only to the recipient, used
to decrypt messages, and sign (create) signatures
Asymmetric because
those who encrypt messages or verify signatures
cannot decrypt messages or create signatures

64
Public-Key Cryptography
65
Public-Key Characteristics

Public-Key algorithms rely on two keys with the
characteristics that it is
computationally infeasible to find decryption key
knowing only algorithm encryption key
computationally easy to en/decrypt messages when
the relevant (en/decrypt) key is known
either of the two related keys can be used for
encryption, with the other used for decryption
(in some schemes)
Analogy to delivery w/ a padlocked box

66
Public-Key Cryptosystems

Two major applications
encryption/decryption (provide secrecy)
digital signatures (provide authentication)

67
RSA (Rivest, Shamir, Adleman)

The most popular one.
Support both public key encryption and digital
signature.
Assumption/theoretical basis
Factoring a big number is hard.
Variable key length (usually 512 bits).
Variable plaintext block size.
Plaintext must be smaller than the key.
Ciphertext block size is the same as the key
length.

68
What Is RSA?

To generate key pair
Pick large primes (gt 256 bits each) p and q
Let n pq, keep your p and q to yourself!
For public key, choose e that is relatively
prime to ø(n) (p-1)(q-1), let pub lte,ngt
For private key, find d that is the
multiplicative inverse of e mod ø(n), i.e., ed
1 mod ø(n), let priv ltd,ngt

69
RSA Example

Select primes p17 q11
Compute n pq 1711187
Compute ø(n)(p1)(q-1)1610160
Select e gcd(e,160)1 choose e7
Determine d de1 mod 160 and d lt 160 Value is
d23 since 237161 101601
Publish public key KU7,187
Keep secret private key KR23,17,11

70
How Does RSA Work?

Given pub lte, ngt and priv ltd, ngt
encryption c me mod n, m lt n
decryption m cd mod n
signature s md mod n, m lt n
verification m se mod n
given message M 88 (nb. 88lt187)
encryption
C 887 mod 187 11
decryption
M 1123 mod 187 88

71
Why Does RSA Work?

Given pub lte, ngt and priv ltd, ngt
n pq, ø(n) (p-1)(q-1)
ed 1 mod ø(n)
xe?d x mod n
encryption c me mod n
decryption m cd mod n me?d mod n m mod n
m (since m lt n)
digital signature (similar)

72
Is RSA Secure?

Factoring 512-bit number is very hard!
But if you can factor big number n then given
public key lte,ngt, you can find d, hence the
private key by
Knowing factors p, q, such that, n pq
Then ø(n) (p-1)(q-1)
Then d such that ed 1 mod ø(n)
Threat
Moores law
Refinement of factorizing algorithms
For the near future, a key of 1024 or 2048 bits
needed

73
Symmetric (DES) vs. Public Key (RSA)

Exponentiation of RSA is expensive !
AES and DES are much faster
100 times faster in software
1,000 to 10,000 times faster in hardware
RSA often used in combination in AES and DES
Pass the session key with RSA

74
Outline

History of Security and Definitions
Overview of Cryptography
Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)
Asymmetric Cipher
One-way Hash Functions and Message Digest

75
Confidentiality gt Authenticity ?

Symmetric cipher ?
Plaintext has to be intelligible/understandable
Asymmetric cipher?
Straightforward use provides no authenticity
Coupled encryption
Too expensive
Requires intelligible text, otherwise message
size doubles

76
Hash Functions

Condenses arbitrary message to fixed size
h H(M)
Usually assume that the hash function is public
and not keyed
Hash used to detect changes to message
Can use in various ways with message
Most often to create a digital signature

77
Hash Functions Digital Signatures
78
Requirements for Hash Functions

Can be applied to any sized message M
Produces fixed-length output h
Is easy to compute hH(M) for any message M
Given h is infeasible to find x s.t. H(x)h
One-way property
Given x is infeasible to find y s.t. H(y)H(x)
Weak collision resistance
Is infeasible to find any x,y s.t. H(y)H(x)
Strong collision resistance

79
Birthday Problem

How many people do you need so that the
probability of having two of them share the same
birthday is gt 50 ?
Random sample of n birthdays (input) taken from k
(365, output)
kn total number of possibilities
(k)nk(k-1)(k-n1) possibilities without
duplicate birthday
Probability of no repetition
p (k)n/kn ? 1 - n(n-1)/2k
For k366, minimum n 23
n(n-1)/2 pairs, each pair has a probability 1/k
of having the same output
n(n-1)/2k gt 50 ? ngtk1/2

80
How Many Bits for Hash?

m bits, takes 2m/2 to find two with the same hash
64 bits, takes 232 messages to search (doable)
Need at least 128 bits

81
Using Hash for Authentication

Assuming share a key KAB
Alice to Bob challenge rA
Bob to Alice MD(KABrA)
Bob to Alice rB
Alice to Bob MD(KABrB)
Only need to compare MD results

82
Using Hash to Encrypt

One-time pad with KAB
Compute bit streams using MD, and K
b1MD(KAB), biMD(KABbi-1),
? with message blocks
Is this a real one-time pad ?
Add a random 64 bit number (aka IV)
b1MD(KABIV), biMD(KABbi-1),

83
General Structure of Secure Hash Code

Iterative compression function
Each f is collision-resistant, so is the
resulting hashing

84
MD5 Message Digest Version 5
input Message
Output 128 bits Digest

Until recently the most widely used hash
algorithm
in recent times have both brute-force
cryptanalytic concerns
Specified as Internet standard RFC1321

85
MD5 Overview
86
MD5 Overview

Pad message so its length is 448 mod 512
Append a 64-bit original length value to message
Initialise 4-word (128-bit) MD buffer (A,B,C,D)
Process message in 16-word (512-bit) blocks
Using 4 rounds of 16 bit operations on message
block buffer
Add output to buffer input to form new buffer
value
Output hash value is the final buffer value

87
Processing of Block mi - 4 Passes
mi
MDi
ABCDfF(ABCD,mi,T1..16)
A
C
D
B
ABCDfG(ABCD,mi,T17..32)
ABCDfH(ABCD,mi,T33..48)
ABCDfI(ABCD,mi,T49..64)

MD i1
88
Secure Hash Algorithm

Developed by NIST, specified in the Secure Hash
Standard (SHS, FIPS Pub 180), 1993
SHA is specified as the hash algorithm in the
Digital Signature Standard (DSS), NIST

89
General Logic

Input message must be lt 264 bits
not really a problem
Message is processed in 512-bit blocks
sequentially
Message digest is 160 bits
SHA design is similar to MD5, a little slower,
but a lot stronger

90
SHA-1 verses MD5

Brute force attack is harder (160 vs 128 bits for
MD5)
A little slower than MD5 (80 vs 64 steps)
Both work well on a 32-bit architecture
Both designed as simple and compact for
implementation
Cryptanalytic attacks
MD4/5 vulnerability discovered since its design
SHA-1 no until recent 2005 results raised
concerns on its use in future applications

91
Revised Secure Hash Standard

NIST have issued a revision FIPS 180-2 in 2002
Adds 3 additional hash algorithms
SHA-256, SHA-384, SHA-512
Collectively called SHA-2
Designed for compatibility with increased
security provided by the AES cipher
Structure detail are similar to SHA-1
Hence analysis should be similar, but security
levels are rather higher

92
Backup Slides
93
Bit Permutation (1-to-1)
1 2 3 4 32
.

0 0 1 0 1
Input
1 bit
..
Output
1 0 1 1 1
22 6 13 32 3
94
Per-Round Key Generation
Initial Permutation of DES key
C i-1
D i-1
28 bits
28 bits
Circular Left Shift
Circular Left Shift
One round
Round 1,2,9,16 single shift Others two bits
Permutation with Discard
48 bits Ki
C i
D i
28 bits
28 bits
95
A DES Round
32 bits Ln
32 bits Rn
E
One Round Encryption
48 bits
Mangler Function
48 bits Ki
S-Boxes
P
32 bits
32 bits Ln1
32 bits Rn1
96
Mangler Function
The permutation produces spread among the
chunks/S-boxes!
97
Bits Expansion (1-to-m)
1 2 3 4 5 32
.
Input

0 0 1 0 1 1
Output
..
1 0 0 1 0 1 0 1
1 0
1 2 3 4 5 6 7 8
48
98
S-Box (Substitute and Shrink)

48 bits gt 32 bits. (86 gt 84)
2 bits used to select amongst 4 substitutions for
the rest of the 4-bit quantity

99
S-Box Examples
Each row and column contain different numbers.
0 1 2 3 4 5
6 7 8 9. 15
0 14 4 13 1 2
15 11 8 3
1 0 15 7 4 14
2 13 1 10
2 4 1 14 8 13
6 2 11 15
3 15 12 8 2 4
9 1 7 5
Example input 100110 output ???
100
Padding Twist

Given original message M, add padding bits 10
such that resulting length is 64 bits less than a
multiple of 512 bits.
Append (original length in bits mod 264),
represented in 64 bits to the padded message
Final message is chopped 512 bits a block

101
MD5 Process

As many stages as the number of 512-bit blocks in
the final padded message
Digest 4 32-bit words MDABCD
Every message block contains 16 32-bit words
m0m1m2m15
Digest MD0 initialized to A01234567,B89abcdef,C
fedcba98, D76543210
Every stage consists of 4 passes over the message
block, each modifying MD
Each block 4 rounds, each round 16 steps

102
Different Passes...

Each step i (1 lt i lt 64)
Input
mi a 32-bit word from the message
With different shift every round
Ti int(232 abs(sin(i)))
Provided a randomized set of 32-bit patterns,
which eliminate any regularities in the input
data
ABCD current MD
Output
ABCD new MD

103
MD5 Compression Function