Outline Cryptography and Encryption • Uses of cryptography Algorithms • Symmetric cryptography CS 239 • Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239, Winter 2005 Uses of Cryptography Cryptography and Secrecy • What can we use cryptography for? • Pretty obvious • Lots of things • Only those knowing the proper keys can decrypt the message –Secrecy –Thus preserving secrecy –Authentication • Used cleverly, it can provide other –Prevention of alteration forms of secrecy Lecture 5 Lecture 5 Page 3 Page 4 CS 239, Winter 2005 CS 239, Winter 2005 Cryptography and Zero- Cryptography and Authentication Knowledge Proofs • How can I prove to you that I created a • With really clever use, cryptography piece of data? can be used to prove I know a secret • What if I give you the data in encrypted –Without telling you the secret form? • Seems like magic, but it can work – Using a key only you and I know • Then only you or I could have created it • Basically, using multiple levels of – Unless one of us told someone else the cryptography in very clever ways key . . . Lecture 5 Lecture 5 Page 5 Page 6 CS 239, Winter 2005 CS 239, Winter 2005 1
Some Limitations on Cryptography and Non- Cryptography and Authentication Alterability • If both parties cooperative, cryptography • Changing one bit of an encrypted message can authenticate completely garbles it – Problems with non-repudiation, though – For many forms of cryptography • What if three parties want to share a key? • If a checksum is part of encrypted data, that’s detectable – No longer certain who created anything • If you don’t need secrecy, can get the same – Public key cryptography can solve this effect problem – By just encrypting the checksum • What if I want to prove authenticity without secrecy? Lecture 5 Lecture 5 Page 7 Page 8 CS 239, Winter 2005 CS 239, Winter 2005 Symmetric and Asymmetric Description of Symmetric Cryptosystems Systems • Symmetric - the encrypter and • C = E(K,P) decrypter share a secret key • P = D(K,C) –Used for both encrypting and • E() and D() are not necessarily decrypting symmetric operations • Asymmetric – encrypter has different key than decrypter Lecture 5 Lecture 5 Page 9 Page 10 CS 239, Winter 2005 CS 239, Winter 2005 Advantages of Symmetric Key Disadvantage of Symmetric Key Systems Systems + Encryption and authentication performed in – Encryption and authentication a single operation performed in a single operation + Well-known (and trusted) ones perform • Makes signature more difficult faster than asymmetric key systems – Non-repudiation hard without servers + Doesn’t require any centralized authority – Key distribution can be a problem • Though key servers help a lot – Scaling Lecture 5 Lecture 5 Page 11 Page 12 CS 239, Winter 2005 CS 239, Winter 2005 2
Scaling Problems of Symmetric Sample Symmetric Key Ciphers Cryptography K 5 K 4 K 1 • The Data Encryption Standard K 4 K 6 How many keys am I K 2 • The Advanced Encryption Standard going to need to handle • There are many others the entire Internet???? K 5 K 3 K 3 K 2 K 6 K 1 Lecture 5 Lecture 5 Page 13 Page 14 CS 239, Winter 2005 CS 239, Winter 2005 The Data Encryption Standard History of DES • Developed in response to National Bureau • Probably the best known symmetric of Standards studies key cryptosystem • Developed by IBM • Developed in 1977 • Analyzed , altered, and approved by the • Still much used National Security Agency –Which implies breaking it isn’t • Adopted as a federal standard trivial • One of the most widely used encryption algorithms • But showing its age Lecture 5 Lecture 5 Page 15 Page 16 CS 239, Winter 2005 CS 239, Winter 2005 Overview of DES Algorithm More On DES Algorithm • A block encryption algorithm • Uses substitutions to provide confusion – 64 bit blocks – To hide the set of characters sent • Uses substitution and permutation • Uses transpositions to provide diffusion – Repeated applications – To spread the effects of one plaintext bit • 16 cycles worth into other bits • 64 bit key • Uses only standard arithmetic and logic functions and table lookup – Only 56 bits really used, though Lecture 5 Lecture 5 Page 17 Page 18 CS 239, Winter 2005 CS 239, Winter 2005 3
Description of DES Algorithm One DES Round • Select 48 bits from the key • Alternate applications of two different • Expand right half of block to 48 bits ciphers • XOR with key bits –A product cipher • Look up result in an S-box – Resulting in 32 bits • Starts by breaking block in half • Perform a permutation using a P-box • The algorithm goes through 16 rounds • XOR with left half of block • Each round consists of a substitution • Result is new right half • Old right half becomes new left half followed by a permutation Lecture 5 Lecture 5 Page 19 Page 20 CS 239, Winter 2005 CS 239, Winter 2005 DES Round Diagram S-Boxes Left Right Key • Table lookups to perform substitutions Shift Shift Expand • Permanently defined for DES Compress + • Eight different S-boxes –Six bits out of 48 bits go to each Substitution –Four bits come out of each Permutation • Choice of contents of S-boxes believed + to strongly impact security of DES Key Left Right Lecture 5 Lecture 5 Page 21 Page 22 CS 239, Winter 2005 CS 239, Winter 2005 P-Box Decrypting DES • Maps 32 input bits to 32 output bits • For DES, D() is the same as E() • A single, straight permutation • You decrypt with exactly the same algorithm –Unlike S-boxes, which are table lookups • If you feed ciphertext and the same key into DES, the original plaintext pops out Lecture 5 Lecture 5 Page 23 Page 24 CS 239, Winter 2005 CS 239, Winter 2005 4
Is DES Secure? Key Length and DES • Apparently, reasonably • Easiest brute force attack is to try all • No evidence NSA put a trapdoor in keys – Alterations believed to have increased –Looking for a meaningful output security against differential cryptanalysis • Cost of attack proportional to number • Some keys are known to be weak with DES of possible keys – So good implementations reject them • Is 2 56 enough keys? • To date, only brute force attacks have publicly cracked DES Lecture 5 Lecture 5 Page 25 Page 26 CS 239, Winter 2005 CS 239, Winter 2005 How the DES Message DES Cracking Experiments Was Cracked • RSA Data Security issued challenge to • Required use of tens of thousands of computers crack a DES-encrypted message • Took four months • Various people got together to do so • The searchers “got lucky” –Harnessing computers across the – Only one quarter of key space searched Internet – On average, brute force requires searching one half of key space –Using a brute-force approach • Done over six years ago • Done in 1998 – So it would presumably take 1/16 as much time today Lecture 5 Lecture 5 Page 27 Page 28 CS 239, Winter 2005 CS 239, Winter 2005 DES and Differential Does This Mean DES is Unsafe? Cryptography • Depends on what you use it for • Research has shown that DES is somewhat • In how many cases will tens of thousands of susceptible to differential cryptography machines apply spare cycles for several days to break one message? • NSA alterations to original DES seem to • On the other hand, computers will continue to get have strengthened it against this attack faster • Only relevant for chosen-plaintext attack • And motivated opponents can harness vast resources scenarios • Those who care seriously about security don’t tend to use DES any more Lecture 5 Lecture 5 Page 29 Page 30 CS 239, Winter 2005 CS 239, Winter 2005 5
Recommend
More recommend
