CMSC 414 Computer and Network Security Lecture 5

1
CMSC 414Computer and Network SecurityLecture 5

• Jonathan Katz

2
Administrative stuff

• JCE 1.4.2 available
• Extension for HW1
• See HW1 FAQ
• Generate randomness yourself (not using
  KeyGenerator) using SecureRandom class
• Implement modes yourself, using only calls to DES
  (via hack using ECB)

3
Data Encryption Standard (DES)

• Developed in 1977 by NBS
• 56-bit key, 64-bit input/output
• A 64-bit key is derived from 56 random bits
• One bit in each octet is a parity-check bit
• The short key length is a major concern

4
Concerns about DES

• Short key length
• DES cracker, built for 250K, can break DES in
  days
• Distributing the computation makes it faster
• Does not mean DES is insecure
• Some (theoretical) attacks have been found
• Non-public design process

5
3-DES

• Expands the key length
• Now, key K (K1, K2) K 112
• The new block cipher is just
• EK1,K2(m) DESK1(DES-1K2(DESK1(m)))
• This is a permutation, and invertible
• Fairly slow

6
AES

• Public contest sponsored by NIST in 97
• Narrowed to 5 finalists
• 4 years of intense analysis
• Efficiency and security taken into account
• 128-bit key length and 128-bit block size
  (minimum)
• Rijndael selected as the AES
• Supports variety of block/key sizes

7
Other block ciphers?

• No compelling reason to use anything other than
  AES, in general
• Unless (possibly) you have very specific
  performance requirements
• Even then, think twice

8
Chosen-ciphertext attacks

• None of the DES modes of encryption are secure
  against chosen-ciphertext attacks
• Examples
• The one-time pad is not secure against
  chosen-ciphertext attacks either
• Encryption does not provide integrity!

9
Public-Key Encryption, RSA
10
Some basic number theory

• Modular arithmetic, ZN, and ZN
• Simple computations with large numbers
• ?(N), Fermats theorem