Transcript CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz

CMSC 414
Computer and Network Security
Lecture 5
Jonathan Katz
Administrative stuff
 JCE 1.4.2 available
 Extension for HW1
 See HW1 FAQ
– Generate randomness yourself (not using
KeyGenerator) using SecureRandom class
– Implement modes yourself, using only calls to
DES (via “hack” using ECB)
Data Encryption Standard (DES)
 Developed in 1977 by NBS
 56-bit key, 64-bit input/output
– A 64-bit key is derived from 56 random bits
– One bit in each octet is a parity-check bit
– The “short” key length is a major concern…
Concerns about DES
 Short key length
– DES “cracker”, built for $250K, can break DES
in days
– Distributing the computation makes it faster
– Does not mean “DES is insecure”
 Some (theoretical) attacks have been found
 Non-public design process
3-DES
 Expands the key length
 Now, key K = (K1, K2); |K| = 112
 The “new” block cipher is just:
– EK1,K2(m) = DESK1(DES-1K2(DESK1(m)))
 This is a permutation, and invertible
 Fairly slow…
AES
 Public contest sponsored by NIST in ’97
– Narrowed to 5 finalists
– 4 years of intense analysis
 Efficiency and security taken into account
 128-bit key length and 128-bit block size
(minimum)
 Rijndael selected as the AES
– Supports variety of block/key sizes
Other block ciphers?
 No compelling reason to use anything other
than AES, in general
– Unless (possibly) you have very specific
performance requirements
– Even then, think twice
Chosen-ciphertext attacks
 None of the DES modes of encryption are
secure against chosen-ciphertext attacks
– Examples…
– The one-time pad is not secure against chosenciphertext attacks either…
 Encryption does not provide integrity!
Public-Key Encryption, RSA
Some basic number theory
 Modular arithmetic, ZN, and Z*N
 Simple computations with large numbers
 (N), Fermat’s theorem