Information system security wk3-1

IT346 Information
System Security

Week 3-1: Symmetric-Key
Cryptography

Faculty of Information Technology

Page

1

Cryptography
 Cryptography

graph

crypto

“
 Cryptography

Cryptography
”
3

‣ Symmetric Key Cryptography

Key Cryptography

‣ Asymmetric Key Cryptography

Key Cryptography


Secret
Public
Page

Cryptography
 Cryptanalysis

Cryptography
 Sensitive Data


Page

Symmetric-Key
Cryptography
 Plaintext –
 Encryption algorithm –

(substitutions)
(transformations)
plaintext
 Secret Key –
substitutions/transformations
encryption
 Ciphertext –
substitutions/transformations
Key
Key
 Decryption –
Plaintext
Ciphertext
encryption
Encryp
Decryp

tion C encryption  P
tion
E(P,K) 
D(C,K)
key


Plaintex

Page



DES (Data Encryption
Standard)
‣ Key size 56 bits

3-DES (Triple-DES)






IDEA (International Data
Encryption Algorithm)



AES (Advanced Encryption
Standard)
‣ Key size 128, 192, 256 bits


Page

5

DES Algorithm
 DES

Data Encryption

Standard
(Block cipher)
Lucifer
IBM

Lucifer

DES
US NIST (US
National Institute of Standards and
Technology)
 DES

(Block
Page

6

DES Overview
64-bit Plaintext
…

64-bit Key

Initial Permutation

PC1

64 bit

Round 0
64 bit

Round 1

…

K1

48 bit

K2

48 bit

56 bit
PC2
PC2

Left Circular Shift
56 bit

64 bit

Round 15

56-bit Key

56-bit Key
Left Circular Shift

56-bit Key
K16

48 bit

PC2

56 bit

Left Circular Shift

64 bit

32-bit Swap
64 bit
Inverse Initial Permutation

…
64-bit Ciphertext

Page

7

DES Overview


Data Block

1)Data Block

(IP)
2)Data Block

DES Algorithm
bits
Initial Permutation

16
(substitution)
(permutation)
key
3)Data Block
4)Data Block

Permutation


Key Block


48 bits

Inverse Initial

DES Algorithm
Page

8

Data Block Data Block

16

Round 0

64-bit
L0 (32 bits)

R0 (32 bits)

f

K1

XOR

Round 1

L1=R0

R1=(L0 XOR f(R0,K1))

f

K2

XOR

L2=R3


R2=(L1 XOR f(R1,K2))

Page

9

Data Block


K


f(Ri,Ki-1)



f

(Round 0 – 15)
(Ri)
bits
f(Ri,Ki-1)
(Li)
XOR

XOR
(Ri+1)
(Ri)
(Li+1)

Page

10

Data f
Block


(Ri)

f
bits

bits

key


Key

bits
bits

XOR
bits
(substitution)

bits


(Permutation)

Page

11

Data Block


f
S-box

f

8
map
6 bits
4 bits
S(18 09 12 3d 11 17 38 39) =
5fd25e03


Page

12

Data Block


Page

13

Key

Block


subkeys

DES

key
initial permutation (Permutation Choice
1, PC1)
56bits
2
28bit
‣
16
:
‣

•
•


28 bit
1
2
key rotation schedule
24 bits
PC2
data block
Page

14

DES Decryption
(decryption)



Block Cipher


DES

(encryption)

(decryption)
(encryption)

subkeys (K1 … K16)


Hardware

decryption
subkeys

Encryption
K16 … K1

Page

15

DES Decryption
 DES decryption

Encryption
‣

‣
‣
‣
‣

DES

Initial Permutation
decryption
encryption
Round 0
K16
Round
encryption
….
Round 15
K1
Round
encryption
decryption


Page

16

Avalanche Effect
 Avalanche Effect


 DES


encryption algorithm
input
key
bit
bits
output
Avalanche Effect

Page

17

Strength of DES –
Key Size
 Key

56-bit
256 = 7.2 x 1016

brute force search

brute
DES Algorithm



force search
1997
Internet
‣
1998
‣

‣

key

Distribution.net
EFF

hardware

1999 Distribution.net


EFF
Page

18

DES



bits
‣

Key

DES

DES
Bit



crack

bits
crack
DES

bit

Bit

DES

DES

Triple-DES ( DES)


Page

19

Triple-DES (3DES) with
Two-Keys
 Triple-DES

DES

DES

DES



key



‣



Triple-


C = EK1(DK2(EK1(P)))
Encryption
Encrypt-Decrypt-Encrypt

K1 = K2

DES

Triple-DES

Page

20

Triple-DES (3DES) with
Two-Keys


Key

Encryption

3DES

64-bit Plaintext

DES Encryption

Key 1

DES Decryption

Key 2

DES Encryption

Key 1

64-bit Ciphertext

Page

21

AES (Advance
Encryption Standard)
 AES (Advance Encryption Standard)
AES


DES

break

NIST
data block

DES

NIST
bit





Rijndael
Page

22

AES
 AES

Bytes

 Data Block
bits = 16 bytes
‣
Data Block 16 bytes
x
4
‣
bytes
Current State
out
in in in in
s s s
s s s s bytesout out out
‣ Current State s
0

4

8

12

0,0

0,1

0,2

0,3

0,0

0,1

0,2

0,3

in1 in5 in9 in13

s10 s1,1 s1,2 s1,3

s10 s1,1 s1,2 s1,3

in2 in6 in10 in14

s2,0 s2,1 s2,2 s2,3

s2,0 s2,1 s2,2 s2,3

in3 in7 in11 in15

s3,0 s3,1 s3,2 s3,3

s3,0 s3,1 s3,2 s3,3

State
ciphertext
input
State Array
encryption


0

4

8

12

out1 out5 out9 out13

Current


output
Page

23

AES
bits

= 16 bytes

Key Block 16 bytes

‣

x4

‣ Key

k4

k8 k12

k1

k5

k9 k13

k2

 Key Block

k0

k6 k10 k14

k3

k7 k11 k15

w0 w1 w2 w3

(Key

Expansion)

f

+ + + +
w4 w5 w6 w7

word

44 words
k k k k
(1kword = 32 bits = 4
k
k k
w w
bytes)k
k k k

Key Expansion

Key Expansion

0

4

8

12

1

5

9

13

0

2

k3

6

10

1

…

w43

14

k7 k11 k15


Page

24

AES
AES
(Initial Round)



AddRoundKey

‣

(Rounds)


‣

SubBytes, ShiftRows, MixColumns
AddRoundKey

(Final Rounds)


‣




SubBytes, ShiftRows
AddRoundKey (
MixColumns)

round key (sub-key

Page

25

AES (Initial Round)
(Rounds)

(Final Round)
Mix Columns


Page

26

AES
AddRoundKey



XOR
round

‣
‣

key

Key
words
= 16 bytes

w

Page

27

AES
SubBytes


‣

non-linear substitution
lookup table

‣


Page

28

AES
ShiftRows


‣

,3
‣


Page

29

AES
MixColumns


‣
‣


Page

30

Information system security wk3-1

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Information system security wk3-1

Ähnlich wie Information system security wk3-1 (20)

Mehr von Bee Lalita

Mehr von Bee Lalita (12)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Information system security wk3-1