CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz
Download
Report
Transcript CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz
CMSC 414
Computer and Network Security
Lecture 5
Jonathan Katz
Administrative stuff
JCE 1.4.2 available
Extension for HW1
See HW1 FAQ
– Generate randomness yourself (not using
KeyGenerator) using SecureRandom class
– Implement modes yourself, using only calls to
DES (via “hack” using ECB)
Data Encryption Standard (DES)
Developed in 1977 by NBS
56-bit key, 64-bit input/output
– A 64-bit key is derived from 56 random bits
– One bit in each octet is a parity-check bit
– The “short” key length is a major concern…
Concerns about DES
Short key length
– DES “cracker”, built for $250K, can break DES
in days
– Distributing the computation makes it faster
– Does not mean “DES is insecure”
Some (theoretical) attacks have been found
Non-public design process
3-DES
Expands the key length
Now, key K = (K1, K2); |K| = 112
The “new” block cipher is just:
– EK1,K2(m) = DESK1(DES-1K2(DESK1(m)))
This is a permutation, and invertible
Fairly slow…
AES
Public contest sponsored by NIST in ’97
– Narrowed to 5 finalists
– 4 years of intense analysis
Efficiency and security taken into account
128-bit key length and 128-bit block size
(minimum)
Rijndael selected as the AES
– Supports variety of block/key sizes
Other block ciphers?
No compelling reason to use anything other
than AES, in general
– Unless (possibly) you have very specific
performance requirements
– Even then, think twice
Chosen-ciphertext attacks
None of the DES modes of encryption are
secure against chosen-ciphertext attacks
– Examples…
– The one-time pad is not secure against chosenciphertext attacks either…
Encryption does not provide integrity!
Public-Key Encryption, RSA
Some basic number theory
Modular arithmetic, ZN, and Z*N
Simple computations with large numbers
(N), Fermat’s theorem