CMSC 414 Computer and Network Security Lecture 5

1
CMSC 414Computer (and Network) SecurityLecture
5

• Jonathan Katz

2
Attacks

• Ciphertext only
• Known plaintext
• Chosen plaintext
• Chosen ciphertext (includes chosen plaintext
  attacks)

3
Randomized encryption

• To be secure against chosen-plaintext attack,
  encryption must be randomized
• We will see later how this comes into play

4
Block ciphers

• Keyed (invertible) permutation input/output
  length
• Large key space large input/output length
• Both are critical
• Modeled as a (family of) random permutations

5
A possible encryption scheme

• Example trivial encryption
• C FK(m)
• This is not randomized

6
An improved scheme

• ltr, FK(r) ? m gt
• Is this secure?
• What about for longer messages?

7
Modes of encryption

• ECB
• Ci FK(mi)
• CBC
• Ci FK(mi ? Ci-1)
• OFB (stream cipher mode)
• zi FK(zi-1) Ci zi ? mi
• CFB (stream cipher mode)
• zi FK(Ci-1) Ci zi ? mi

8
Security?

• All previous modes (except ECB) are secure
  against chosen-plaintext attacks
• None of these modes are secure against
  chosen-ciphertext attacks

9
Data Encryption Standard (DES)

• Developed in 1977 by NBS
• 56-bit key, 64-bit input/output
• A 64-bit key is derived from 56 random bits
• One bit in each octet is a parity-check bit
• The short key length is a major concern

10
DES High-level description

• Encryption proceeds in a sequence of 16 rounds
• Each round uses a 48-bit key (derived from the
  main key), acts on a 64-bit input, and produces a
  64-bit output

11
DES High-level description

• Each round proceeds as follows
• Input is divided into (L, R)
• L R
• R L ? F(K, R), where K is the round key
• F is a non-invertible function!
• But we will see that decryption is still possible
• (L, R) is then permuted in some fixed way to
  give the output at that round

12
3-DES

• Expands the key length
• Now, key K (K1, K2) K 112
• The new block cipher is just
• EK1,K2(m) DESK1(DES-1K2(DESK1(m)))
• This is a permutation, and invertible

13
Concerns about DES

• Short key length
• DES cracker, built for 250K, can break DES in
  days
• Distributing the computation makes it faster
• Some (theoretical) attacks have been found
• Non-public design process
• 3-DES is fairly slow

14
AES

• Public contest sponsored by NIST in 97
• Narrowed to 5 finalists
• 4 years of intense analysis
• Efficiency and security taken into account
• 128-bit key length and 128-bit block size
  (minimum)
• Rijndael selected as the AES
• Supports variety of block/key sizes

15
Other ciphers?

• IDEA
• RC4
• No compelling reason to use anything other than
  AES, in general
• Unless (possibly) you have very specific
  performance requirements
• Even then, think twice

16
Public-key encryption (PKE)
17
Why PKE?

• Problem with private-key encryption is the need
  to securely share keys
• PKE allows users to publish their public key
  widely
• only need to keep their private key secret
• Development of PKE was a huge advance
• All classical systems, for 1000 years, were
  symmetric-key based

18
Some basic number theory

• Modular arithmetic Zp, ZN
• Euclidean gcd algorithm, inverses, ZN
• Efficient modular exponentiation
• Groups, order, ?(N), Fermats theorem
• Primality testing