Professional Documents
Culture Documents
IS 302: Information Security and Trust Week 3: From DES To AES
IS 302: Information Security and Trust Week 3: From DES To AES
IS 302: Information Security and Trust Week 3: From DES To AES
2010
Review
– Caesar, Vigenere, Zimmerman, Vernam
– Permutation substitution, transposition
– Kerckhoff principle
© Yingjiu Li 2007 2
Outline
• Stream cipher and block cipher
• DES
• AES
• Modes of block ciphers
© Yingjiu Li 2007 3
Stream Cipher and Block Cipher
© Yingjiu Li 2007 4
Stream Cipher
• What is stream cipher?
– Convert symbols one by one
© Yingjiu Li 2007 5
Block Cipher
• What is block cipher?
– Convert symbols block by block
– DES, AES
© Yingjiu Li 2007 6
Comparison
© Yingjiu Li 2007 7
DES
© Yingjiu Li 2007 8
Introduction
• wiki DES
– http://en.wikipedia.org/wiki/Data_Encryption_Standard
– Motivation
• public need vs DoD, DoS
• Private vendors’ systems cannot exchange information
• No independent party capable of testing/evaluating the devices
– Timeline
• 1972 NBS first call, 1974second call
• IBM’s DES based on Horst Feistel’s Lucifer cipher
• 1976 US Federal standardJan 15, 1977 published
© Yingjiu Li 2007 9
Controversies
• Controversies
– Shorted key length (64 bits 56 bits + 8 bits parity)
– Mysterious S-boxes as evidence of improper interference
• Alan Konheim (one of the designers of DES) commented, "We sent
the S-boxes off to Washington. They came back and were all
different.”
• Another member of the DES team, Walter Tuchman, is quoted as
saying, "We developed the DES algorithm entirely within IBM using
IBMers. The NSA did not dictate a single wire!"
• Current status
– 1998 3DES valid till 2030 extensively used in banking industry
– May 26, 2002, superseded by AES since brute force attack can
be easily done in hours to break 56 bit key nowadays
© Yingjiu Li 2007 10
Strength
• 1990 Biham and Shamir showed that the
design of DES is optimal
– Almost any change to DES weakens it
© Yingjiu Li 2007 11
One Round in Encoding
• 56-bits key 16 48-bits A round of encoding a block
sub key in DES (repeat 16 times)
• 64-bits blocks
– Right half left half Left half block Right half block
– Left half mixed with
encrypted right half right
half substitution Sub key
permutation f
© Yingjiu Li 2007 12
Overall Diagram
http://en.wikipedia.org/wiki/Data_Encryption_Standard
f function
© Yingjiu Li 2007 13
Demo
• Cryptool: DES process
© Yingjiu Li 2007 14
Triple DES
• Two-Key DES
Data
K1 E K2 E C
– Total key size is 56x2=112 bits; but the effective key size is only
57 bits only!
• Triple DES (3DES)
Data C
K1 E K2 D K1 E
© Yingjiu Li 2007 16
Security Concerns
56 bit key is too short
– Can be broken on average in 2^55 ≈3.6*10^16
trials
– Moore’s law: speed of processor doubles per
1.5 yr
– 1997: 3500 machines broke DES in about 4
months
– 1998: 1M dollar machine broke DES in about 4
days
© Yingjiu Li 2007 17
AES
© Yingjiu Li 2007 18
Introduction
• Wiki AES
– http://en.wikipedia.org/wiki/Advanced_Encrypt
ion_Standard_process
– Timeline
• 1997 NIST call
• Final five
– Rijndael(Joan Daemen and Vincent Rijmen , 86/10),
– Serpent(Ross Anderson, 59/7),
– Twofish(Bruce Schneier, 31/21),
– RC6(Don Rivest, Lisa Yin, 23/37),
– MARS (Don Coppersmith, IBM,13/83)
• 2000 Rijndael wins
• 2002 standard
© Yingjiu Li 2007 19
AES vs DES
DES AES
© Yingjiu Li 2007 20
High-Level Cipher Algorithm
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
• KeyExpansion using Rijndael's key schedule
• Initial Round
– AddRoundKey (one 128/192/256 key to 9/11/13 128-bit subkeys)
• Steps in each of 9/11/13 rounds (state: 4*4=16-array of bytes = 128
bit-block)
– SubBytes — a non-linear substitution step where each byte is replaced
with another according to a lookup table.
– ShiftRows — a transposition step where each row of the state is shifted
cyclically a certain number of steps.
– MixColumns — a mixing operation which operates on the columns of the
state, combining the four bytes in each column
– AddRoundKey — each byte of the state is combined with the round key;
each round key is derived from the cipher key using a key schedule.
• Final Round (no MixColumns)
– SubBytes
– ShiftRows
– AddRoundKey
© Yingjiu Li 2007 21
© Yingjiu Li 2007 22
© Yingjiu Li 2007 23
© Yingjiu Li 2007 24
© Yingjiu Li 2007 25
Demo
• Cryptool: AES process
• AES-128-CBC
© Yingjiu Li 2007 26
Modes of Block Ciphers
© Yingjiu Li 2007 27
Four Modes
• How are multiple blocks processed?
– ECB: Electronic Code Book
– CBC: Cipher Block Chaining
– CFB: Cipher Feedback
– OFB: Output Feedback
© Yingjiu Li 2007 28
Electronic codebook (ECB)
mode
© Yingjiu Li 2007 29
Cipher-block Chaining (CBC) Mode
© Yingjiu Li 2007 30
ECB vs CBC
• Which mode would you choose?
© Yingjiu Li 2007 31
ECB vs CBC
• ECB:
– chain dependency: blocks are enciphered independently
– identical plaintext blocks result in identical ciphertext
– error propagation: within a single block
• CBC:
– chain dependency: proper decryption requires a correct
preceding cipher block.
– identical plaintext blocks result in different ciphertext
– error propagation: a bit error in cipher affects
decipherment of following blocks
© Yingjiu Li 2007 32
Hands-On Exercise: AES Encryption
and Decryption
© Yingjiu Li 2007 33
Part I: OpenSSL
• Download Lab.doc
• Lab exercise 2.1: OpenSSL AES
encryption/decryption
© Yingjiu Li 2007 34
Part II: JCE
• Download Lab.doc
• Lab exercise 2.2: JCE AES encryption and
decryption
© Yingjiu Li 2007 35
Class:Javax.crypto.Cipher
• This class provides the functionality of a cryptographic
cipher for encryption and decryption
• Methods:
– getInstance(String algorithm )
• Generates a Cipher object that implements the specified algorithm.
– init(int opmode, Key key )
• The cipher is initialized with a key for either encryption or
decryption.
– doFinal(byte[] input )
• Encrypts or decrypts data depending on how this cipher was
initialized.
© Yingjiu Li 2007 37
Example: AES Encryption cont’d
//Create a byte array with the size of the file.
byte[] plaintext = new byte[(int) length];
//Close file
fi.close();
// Now encrypt the text and store it in the byte array ciphertext
byte[] ciphertext = cipher.doFinal(plaintext);
© Yingjiu Li 2007 38
Example: AES Decryption
• The following sample decrypts a file “encryptedfile”and save the output as a file
named “decryptedfile”.
© Yingjiu Li 2007 39
Example: AES Decryption cont’d
//Create a byte array with the size of the file.
byte[] ciphertext = new byte[(int) length];
//Close file
fi.close();
// Now decrypt the text and store it in the byte array ciphertext
byte[] plaintext = cipher.doFinal(ciphertext);
© Yingjiu Li 2007 40
Review Questions
• Which of the following is stream cipher
1) DES 2) AES 3) Vernam
• What is effective key size for 4-DES
1) 112 bits 2) 113 bits 3) 168 bits
• Increasing key size from 56 bits to 128
bits, how many times more effort an
attacker needs to spend in brute force
attack?
1) 72 2) 2^72 3) 2^184
© Yingjiu Li 2007 41