is 302: information security and trust week 3: from des to aes 2012
TRANSCRIPT
IS 302: Information Security and TrustWeek 3: From DES to AES
2012
© Yingjiu Li 2007 2
Review– Kerckhoff principle– Attacks to cryptosystem
– Caesar, Vigenere, Zimmerman, Vernam cipher– Confusion and diffusion
© Yingjiu Li 2007 3
Modern Symmetric Ciphers
• DES
• AES
© Yingjiu Li 2007 4
Block Ciphers vs Stream Ciphers
• Block ciphers– DES and AES…– For each block, perform multiple rounds of
confusion and diffusion operations
• Stream ciphers– Vernam,…– Bit by bit operations
© Yingjiu Li 2007 5
DES• 1972-1974 NBS call for proposal• IBM’s DES Horst Feistel’s Lucifer cipher• 1976 US Federal standard
• 1990 DES design is optimal – Almost any change to DES weakens it
• May 26, 2002, DES was superseded by AES – brute force attack can easily break 56-bit DES key
• 1998 3DES valid till 2030 – extensively used in banking industry
© Yingjiu Li 2007 6
Jeff Moser: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
© Yingjiu Li 2007 7
© Yingjiu Li 2007 8
© Yingjiu Li 2007 9
© Yingjiu Li 2007 10
© Yingjiu Li 2007 11
One Round in Encoding• 56-bits key 16 48-bits
sub-key• 64-bits blocks
– Right half left half
– Left half mixed with encrypted right half right half
A round of encoding a block in DES (repeat 16 times)
Left half block Right half block
New left half block
New right half block
substitution
permutation
Sub key
f
© Yingjiu Li 2007 12
Overall Diagram
f function
http://en.wikipedia.org/wiki/Data_Encryption_Standard
© Yingjiu Li 2007 13
DES procedure visualization
• Cryptool:– Indiv. procedures visualization of algorithms
DES
– You need Java runtime environment at least version 1.6 http://java.sun.com
– You also need to download and install the current version of ANIMAL animation software http://www.algoanim.info/Animal2/
© Yingjiu Li 2007 14
Multiple DESes• Two-Key DES
– Total key size is 56x2=112 bits; but the effective key size is only 57 bits only!
• Triple DES (3DES)
– This is a secure solution with effective key size of 112 bits
EDataK1 EK2 C
EDataK1 DK2
CEK1
© Yingjiu Li 2007 15
DES encryption demo
• Cryptoolencrypt/decryptsymmetric (modern)– DES (CBC) – 3-DES (CBC)
© Yingjiu Li 2007 16
Security Concerns
56 bit key is too short– Can be broken on average in 2^55 ≈3.6*10^16
trials– Moore’s law: speed of processor doubles per
1.5 yr– 1997: 3500 machines broke DES in about 4
months– 1998: 1M dollar machine broke DES in about 4
days
© Yingjiu Li 2007 17
© Yingjiu Li 2007 18
© Yingjiu Li 2007 19
© Yingjiu Li 2007 20
© Yingjiu Li 2007 21
© Yingjiu Li 2007 22
© Yingjiu Li 2007 23
© Yingjiu Li 2007 24
© Yingjiu Li 2007 25
AES• 1997 NIST call • Final five
– Rijndael(Joan Daemen and Vincent Rijmen),– Serpent(Ross Anderson), – Twofish(Bruce Schneier), – RC6(Don Rivest, Lisa Yin), – MARS (Don Coppersmith, IBM)
• 2000 Rijndael won • 2002 Rijndael became AES
© Yingjiu Li 2007 26
AES vs DESDES AES
Date 1976 1999
Block size 64 128
Key length 56 128, 192, 256
Number of rounds 16 9,11,13
Encryption primitives Substitution, permutation Substitution, shift, bit mixing
Cryptographic primitives Confusion, diffusion Confusion, diffusion
Design Open Open
Design rationale Closed Open
Selection process Secret Secret, but accept open public comment
Source IBM, enhanced by NSA Independent cryptographers
© Yingjiu Li 2007 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
27
High-Level Cipher Algorithm
• KeyExpansion (one 128/192/256-biy key to 10/12/14 128-bit subkeys)• Initial Round
– AddRoundKey (cipher key)• Steps in each of 9/11/13 rounds (state: 4*4=16-array of bytes = 128 bit-
block)– SubBytes — a non-linear substitution step where each byte is replaced with
another according to a lookup table.– ShiftRows — a transposition step where each row of the state is shifted
cyclically a certain number of steps. – MixColumns — a mixing operation which operates on the columns of the
state, combining the four bytes in each column– AddRoundKey — each byte of the state is combined with the round key;
each round key is derived from the cipher key using a key schedule. • Final Round (no MixColumns)
– SubBytes – ShiftRows – AddRoundKey
• How many rounds in total? How many round keys?
© Yingjiu Li 2007 28
© Yingjiu Li 2007 29
© Yingjiu Li 2007 30
© Yingjiu Li 2007 31
© Yingjiu Li 2007 32
Follow Me
• Cryptool: AES procedures – Invid. Procedures visualization of
algorithms AES– Web version: http://www.ccna-security.net/wp-
content/uploads/2008/10/rijndael_ingles2004.swf
• AES-128-CBC encryption– Encrypt/decrypt symmetric (modern)
AES
© Yingjiu Li 2007 33
Four Modes of Block Ciphers
• How are multiple blocks processed?– ECB: Electronic Code Book
– CBC: Cipher Block Chaining
– CFB: Cipher Feedback
– OFB: Output Feedback
© Yingjiu Li 2007 34
Electronic codebook (ECB) mode
P1 P2 P3
Enc
C1 C2 C3
K
C1 C2 C3
Dec
P1 P2 P3
K
© Yingjiu Li 2007
Cipher-block Chaining (CBC) Mode
P1 IV P2 C1 P3 C2
Enc
C1 C2 C3
K
C1 C2 C3
Dec
P1 IV P2 C1 P3 C2
K
P1 P2 P3
IV C1 C2
© Yingjiu Li 2007 36
Original image
ECB vs CBC
• Which mode would you choose?
• Which one is semantically secure?
Encrypted with ECB Encrypted with CBC
© Yingjiu Li 2007 37
Hands-On Exercise
• AES Encryption and Decryption– OpenSSL– JCE
• Download Lab.doc and follow instructions
© Yingjiu Li 2007 38
Introduction:Javax.crypto.Cipher
• This class provides the functionality of a cryptographic cipher for encryption and decryption
• Methods:– getInstance(String algorithm )
• Generates a Cipher object that implements the specified algorithm.
– init(int opmode, Key key )• The cipher is initialized with a key for either encryption or
decryption.
– doFinal(byte[] input )• Encrypts or decrypts data depending on how this cipher was
initialized.
Further details: http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/Cipher.htmlhttp://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/Cipher.html
© Yingjiu Li 2007 39
Example: AES Encryption
• The following sample encrypts a file “clear.txt”and save the output as a file named “encryptedfile”.
// Create a cipher object with algorithm “AES”.Cipher cipher = Cipher.getInstance("AES");
//Set the Cipher object to ENCRYPT MODE//Initialise it with the encryption key “mykey”. //Previous example demostrated how to retrieve this key from a keystore.cipher.init(Cipher.ENCRYPT_MODE, mykey);
//Create an input stream to read the file.File clr=new File(“clear.txt”);FileInputStream fi = new FileInputStream(clr);
//Get the size of the file.long length = clr.length(); …..cont’d
© Yingjiu Li 2007 40
Example: AES Encryption cont’d
//Create a byte array with the size of the file.byte[] plaintext = new byte[(int) length];
//Read data into the byte arrayfi.read(plaintext);
//Close file fi.close();
// Now encrypt the text and store it in the byte array ciphertext byte[] ciphertext = cipher.doFinal(plaintext);
//Write encrypted text into the output fileFile enc=new File(“encryptedfile”)FileOutputStream fo = new FileOutputStream(enc);fo.write(ciphertext);fo.close();
© Yingjiu Li 2007 41
Example: AES Decryption
• The following sample decrypts a file “encryptedfile”and save the output as a file named “decryptedfile”.
// Create a cipher object with algorithm “AES”Cipher cipher = Cipher.getInstance("AES");
//Set the Cipher object to DECRYPT MODE//Initialise it with the decryption key “mykey”. //Previous example demostrated how to retrieve this key from a keystore.cipher.init(Cipher.DECRYPT_MODE, mykey);
//Create an input stream to read the file.File enc=new File(“encryptedfile”);FileInputStream fi = new FileInputStream(enc);
//Get the size of the file.long length = enc.length(); …..cont’d
© Yingjiu Li 2007 42
Example: AES Decryption cont’d
//Create a byte array with the size of the file.byte[] ciphertext = new byte[(int) length];
//Read data into the byte arrayfi.read(ciphertext);
//Close file fi.close();
// Now decrypt the text and store it in the byte array ciphertext byte[] plaintext = cipher.doFinal(ciphertext);
//Write encrypted text into the output fileFile dec=new File(“decryptedfile”)FileOutputStream fo = new FileOutputStream(dec);fo.write(plaintexttext);fo.close();
© Yingjiu Li 2007 43
Review Questions• Which of the following is stream cipher
1) DES 2) AES 3) Vernam
• What is effective key size for 4-DES1) 112 bits 2) 113 bits 3) 168 bits
• Increasing key size from 56 bits to 128 bits, how many times more effort an attacker needs to spend in brute force attack?
1) 72 2) 2^72 3) 2^184
© Yingjiu Li 2007 44
Individual Assignment 1 (5%)• Due in week 4 (please submit hardcopy during
week 4 class)– Textbook 1.11 Exercises 3, 12, 15 (pages 32-33 in 3rd
edition, pages 34-36 in 4th edition)– Textbook 2.13 Exercises 1, 13, 17, 19 (pages 91-93 in
3rd edition, pages 94-97 in 4th edition)