Transcript Document

IS 302: Information Security and Trust
Week 3: From DES to AES
2012
Review
– Kerckhoff principle
– Attacks to cryptosystem
– Caesar, Vigenere, Zimmerman, Vernam cipher
– Confusion and diffusion
© Yingjiu Li 2007
2
Modern Symmetric Ciphers
•
•
DES
AES
© Yingjiu Li 2007
3
Block Ciphers vs Stream Ciphers
•
Block ciphers
–
–
•
DES and AES…
For each block, perform multiple rounds of
confusion and diffusion operations
Stream ciphers
–
–
Vernam,…
Bit by bit operations
© Yingjiu Li 2007
4
DES
• 1972-1974 NBS call for proposal
• IBM’s DES  Horst Feistel’s Lucifer cipher
• 1976 US Federal standard
• 1990  DES design is optimal
– Almost any change to DES weakens it
• May 26, 2002, DES was superseded by AES
– brute force attack can easily break 56-bit DES key
• 1998 3DES  valid till 2030
– extensively used in banking industry
© Yingjiu Li 2007
5
© Yingjiu Li 2007
Jeff Moser: http://www.moserware.com/2009/09/stick-figureguide-to-advanced.html
6
© Yingjiu Li 2007
7
© Yingjiu Li 2007
8
© Yingjiu Li 2007
9
© Yingjiu Li 2007
10
One Round in Encoding
• 56-bits key  16 48-bits
sub-key
• 64-bits blocks
– Right half  left half
– Left half mixed with
encrypted right half  right
half
A round of encoding a block
in DES (repeat 16 times)
Left half block
Right half block
substitution
permutation
New left half
block
© Yingjiu Li 2007
Sub key
f
New right half
block
11
Overall Diagram
http://en.wikipedia.org/wiki/Data_Encryption_Standard
f function
© Yingjiu Li 2007
12
DES procedure visualization
• Cryptool:
– Indiv. procedures  visualization of algorithms
 DES
– You need Java runtime environment at least
version 1.6 http://java.sun.com
– You also need to download and install the
current version of ANIMAL animation
software http://www.algoanim.info/Animal2/
© Yingjiu Li 2007
13
Multiple DESes
• Two-Key DES
Data
K1
E
K2
E
C
– Total key size is 56x2=112 bits; but the effective key size is only
57 bits only!
• Triple DES (3DES)
Data
K1
E
K2
D
K1
E
C
– This is a secure solution with effective key size of 112
bits
© Yingjiu Li 2007
14
DES encryption demo
• Cryptoolencrypt/decryptsymmetric
(modern)
– DES (CBC)
– 3-DES (CBC)
© Yingjiu Li 2007
15
Security Concerns
56 bit key is too short
– Can be broken on average in 2^55 ≈3.6*10^16
trials
– Moore’s law: speed of processor doubles per
1.5 yr
– 1997: 3500 machines broke DES in about 4
months
– 1998: 1M dollar machine broke DES in about 4
days
© Yingjiu Li 2007
16
© Yingjiu Li 2007
17
© Yingjiu Li 2007
18
© Yingjiu Li 2007
19
© Yingjiu Li 2007
20
© Yingjiu Li 2007
21
© Yingjiu Li 2007
22
© Yingjiu Li 2007
23
© Yingjiu Li 2007
24
AES
• 1997 NIST call
• Final five
–
–
–
–
–
Rijndael(Joan Daemen and Vincent Rijmen),
Serpent(Ross Anderson),
Twofish(Bruce Schneier),
RC6(Don Rivest, Lisa Yin),
MARS (Don Coppersmith, IBM)
• 2000 Rijndael won
• 2002 Rijndael became AES
© Yingjiu Li 2007
25
AES vs DES
DES
AES
Date
1976
1999
Block size
64
128
Key length
56
128, 192, 256
Number of rounds
16
9,11,13
Encryption primitives
Substitution, permutation
Substitution, shift, bit mixing
Cryptographic primitives
Confusion, diffusion
Confusion, diffusion
Design
Open
Open
Design rationale
Closed
Open
Selection process
Secret
Secret, but accept open
public comment
Source
IBM, enhanced by NSA
Independent cryptographers
© Yingjiu Li 2007
26
High-Level Cipher Algorithm
• KeyExpansion (one 128/192/256-biy key to 10/12/14 128-bit subkeys)
• Initial Round
– AddRoundKey (cipher key)
• Steps in each of 9/11/13 rounds (state: 4*4=16-array of bytes = 128
bit-block)
– SubBytes — a non-linear substitution step where each byte is replaced
with another according to a lookup table.
– ShiftRows — a transposition step where each row of the state is shifted
cyclically a certain number of steps.
– MixColumns — a mixing operation which operates on the columns of the
state, combining the four bytes in each column
– AddRoundKey — each byte of the state is combined with the round key;
each round key is derived from the cipher key using a key schedule.
• Final Round (no MixColumns)
– SubBytes
– ShiftRows
– AddRoundKey
• How many rounds in total? How many round keys?
© Yingjiu Li 2007
http://en.wikipedia.org/wiki/Advance
d_Encryption_Standard
27
© Yingjiu Li 2007
28
© Yingjiu Li 2007
29
© Yingjiu Li 2007
30
© Yingjiu Li 2007
31
Follow Me
• Cryptool: AES procedures
– Invid. Procedures  visualization of algorithms
 AES
– Web version: http://www.ccna-security.net/wpcontent/uploads/2008/10/rijndael_ingles2004.s
wf
• AES-128-CBC encryption
– Encrypt/decrypt  symmetric (modern) 
AES
© Yingjiu Li 2007
32
Four Modes of Block Ciphers
• How are multiple blocks processed?
–
–
–
–
ECB: Electronic Code Book
CBC: Cipher Block Chaining
CFB: Cipher Feedback
OFB: Output Feedback
© Yingjiu Li 2007
33
Electronic codebook (ECB) mode
Enc
K
P1
C1
Dec
C3
C2
K
C1
C3
C2
P1
© Yingjiu Li 2007
P3
P2
P2
P3
34
Cipher-block Chaining (CBC) Mode
Enc
K
P1 IV
P2 C1
C1
Dec
C3
C2
K
C1
P1
© Yingjiu Li 2007
P3 C2
IV
IV
P1
C2
C3
P2 C1
C1
P2
P3 C2
C2
P3
ECB vs CBC
• Which mode would you choose?
Original image
Encrypted with ECB
Encrypted with CBC
• Which one is semantically secure?
© Yingjiu Li 2007
36
Hands-On Exercise
• AES Encryption and Decryption
– OpenSSL
– JCE
• Download Lab.doc and follow instructions
© Yingjiu Li 2007
37
Introduction:Javax.crypto.Cipher
• This class provides the functionality of a cryptographic
cipher for encryption and decryption
• Methods:
–
getInstance(String algorithm )
• Generates a Cipher object that implements the specified algorithm.
– init(int opmode, Key key )
• The cipher is initialized with a key for either encryption or
decryption.
–
doFinal(byte[] input )
• Encrypts or decrypts data depending on how this cipher was
initialized.
Further details:
© Yingjiu Li 2007
http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/Cipher.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/Cipher.html
38
Example: AES Encryption
•
The following sample encrypts a file “clear.txt”and save the output as a file named
“encryptedfile”.
// Create a cipher object with algorithm “AES”.
Cipher cipher = Cipher.getInstance("AES");
//Set the Cipher object to ENCRYPT MODE
//Initialise it with the encryption key “mykey”.
//Previous example demostrated how to retrieve this key from a keystore.
cipher.init(Cipher.ENCRYPT_MODE, mykey);
//Create an input stream to read the file.
File clr=new File(“clear.txt”);
FileInputStream fi = new FileInputStream(clr);
//Get the size of the file.
long length = clr.length();
© Yingjiu Li 2007
…..cont’d
39
Example: AES Encryption cont’d
//Create a byte array with the size of the file.
byte[] plaintext = new byte[(int) length];
//Read data into the byte array
fi.read(plaintext);
//Close file
fi.close();
// Now encrypt the text and store it in the byte array ciphertext
byte[] ciphertext = cipher.doFinal(plaintext);
//Write encrypted text into the output file
File enc=new File(“encryptedfile”)
FileOutputStream fo = new FileOutputStream(enc);
fo.write(ciphertext);
fo.close();
© Yingjiu Li 2007
40
Example: AES Decryption
•
The following sample decrypts a file “encryptedfile”and save the output as a file
named “decryptedfile”.
// Create a cipher object with algorithm “AES”
Cipher cipher = Cipher.getInstance("AES");
//Set the Cipher object to DECRYPT MODE
//Initialise it with the decryption key “mykey”.
//Previous example demostrated how to retrieve this key from a keystore.
cipher.init(Cipher.DECRYPT_MODE, mykey);
//Create an input stream to read the file.
File enc=new File(“encryptedfile”);
FileInputStream fi = new FileInputStream(enc);
//Get the size of the file.
long length = enc.length();
© Yingjiu Li 2007
…..cont’d
41
Example: AES Decryption cont’d
//Create a byte array with the size of the file.
byte[] ciphertext = new byte[(int) length];
//Read data into the byte array
fi.read(ciphertext);
//Close file
fi.close();
// Now decrypt the text and store it in the byte array ciphertext
byte[] plaintext = cipher.doFinal(ciphertext);
//Write encrypted text into the output file
File dec=new File(“decryptedfile”)
FileOutputStream fo = new FileOutputStream(dec);
fo.write(plaintexttext);
fo.close();
© Yingjiu Li 2007
42
Review Questions
•
Which of the following is stream cipher
1) DES
•
2) AES
3) Vernam
What is effective key size for 4-DES
1) 112 bits 2) 113 bits 3) 168 bits
•
Increasing key size from 56 bits to 128
bits, how many times more effort an
attacker needs to spend in brute force
attack?
1) 72
© Yingjiu Li 2007
2) 2^72
3) 2^184
43
Individual Assignment 1 (5%)
• Due in week 4 (please submit hardcopy during
week 4 class)
– Textbook 1.11 Exercises 3, 12, 15 (pages 32-33 in 3rd
edition, pages 34-36 in 4th edition)
– Textbook 2.13 Exercises 1, 13, 17, 19 (pages 91-93 in
3rd edition, pages 94-97 in 4th edition)
© Yingjiu Li 2007
44