Chapter 3 Encryption Algorithms & Systems (Part D)

Chapter 3

Encryption Algorithms & Systems (Part D)

csci5233 computer security & integrity (Chap. 3)

2

Outline

NP-completeness & EncryptionNP-completeness & Encryption Symmetric (secret key) vs Asymmetric (public key) Symmetric (secret key) vs Asymmetric (public key)

EncryptionsEncryptions Popular Encryption AlgorithmsPopular Encryption Algorithms

– Merkle-Hellman KnapsacksMerkle-Hellman Knapsacks– RSA EncryptionRSA Encryption– El Gamal AlgorithmsEl Gamal Algorithms– DES

Hashing AlgorithmsHashing Algorithms Key Escrow & Clipper


3

Key Escrow and Clipper 1993: AT&T started to market a telephone encryption

device, using a new encryption key for each conversation.

Law enforcement wanted a means to break the encryption without weakening the encryption enough that interceptors could break the encryption as well.

Public concerns about government abuse of power… The Clipper proposal

NSA developed the key escrow concept (Fig. 3-20, p.119)


4

Key Escrow and Clipper The Skipjack algorithm, the Clipper chip, the MOSAIC

program, Fortezza, Tessera, the Capstone chip Public reaction to the announcement of the Clipper

proposal was strongly negative, mainly because the algorithm was classified.

NSA would release only hardware implementation of the algorithm, as a computer chip or as an encryption device.


5

Key Escrow and Clipper Technical aspects

32 rounds of scrambling process

80-bit key

64-bit blocks of plaintext

Each piece of data transmission is accompanied by a law enforcement agents’ field (LEAF): Fig. 3-21, p.121


6

Key Escrow and Clipper E( (E(k,u)&n&a), f) Each unit has two keys.

f: an 80-bit encryption key for the entire family of Clipper chips

u: unique key for each of the unit, guarded by two escrow agencies (half by each)

n: a 30-bit number identifying the unit a: an escrow authenticator k: the session key under which a communication was

encrypted


7

Key Escrow and Clipper p.121: Fig. 3-21

M, the original message is encrypted by k, the session key.

k, is encrypted by u, the escrow key.

The encrypted k, n and a are encrypted by f, which is known to the law enforcement authority.

Steps taken by a law enforcement authority to decrypt a conversation: p.120


8

Key Escrow and Clipper 1993: A panel of cryptography experts reviewed the

design of the Skipjack algorithm and concluded the design was sound and secure.

p.121

What’s the current status of the proposal?

“Securing Cyberspace: The National Strategy”. ZDNet Tech Update. September 18, 2002.http://techupdate.zdnet.com/techupdate/filters/specialreport

/0,14622,6023471,00.html


9

Data Encryption Standard (DES) 1976: officially adopted as a U.S. federal standard Was authorized for use on all public and private

sector unclassified communication Later became an international standard by the ISO The strength of DES comes from repeated

application of the two encryption techniques, substitution and permutation, one on top of the other, for a total of 16 cycles.

Product cipher:

C = E2 ( E1(P) )

A secret key method


10

Data Encryption Standard (DES) 16 cycles of substitutions and permutations: Fig.3-12

(p.104)

Steps in a single cycle: Fig. 3-14, Fig. 3-16

Operates on blocks of data: 64 bits per block

Splits a data block in half: left half, right half (32 bits)

Scrambles each half independently: shifted left, permuted

Combines the key with the right half: the result is then combined with the left half

Swaps the two halves: T = right half; right half += key; right half += left half; left half = T.


11

Key Transformation 64-bit key, but only 56 of the bits are used (bits 8, 16,

24, 32, 40, 48, 56, 64 are parity bits) At each step, the key is split into two 28-bit halves. The halves are shifted by a specified number of digits

(Table 3-4, p.107), pasted together again, and then 48 of these 56 bits are permuted as a key during this step (choice permutation: Table 3-5).


12

How to combine a 32-bit right half with a 56-bit key?

p.106: Fig. 3-15

Expansion permutation: The 32-bit half is expanded to 48 bits by repeating certain bits

See Table 3-3, Fig. 3-17: p.107

Permuted choices: The 56-bit key is reduced to 48 bits by choosing only certain bits (See Table 3-5, p.108)

Fig. 3-16: a detailed single cycle

Data Encryption Standard (DES)


13

Substitutions and S-boxes An S-box is a table in which 6 bits of data are

replaced by 4 bits. The 48-bit input is divided into eight 6-bit blocks

8 S-boxes for substitutions (Table 3-6, p.109) Substitutions by S-boxes (Fig. 3-18, p.108)


14

S-box substitutions Use Table 3-6

Input: Bj = 6 bits (b1 b2 b3 b4 b5 b6)

Output: a 4-bit binary number

Process:

1. r = b1 b6

2. c = b2 b3 b4 b5

3. result = the value at (r, c) of the S-box j (Sj) of

Table 3-6.

4. Convert the result to a binary number.


15

S-box substitutions Example: p.108

Input = Bj = B7 = 010011b

r = 01b = 1

c = 1001b = 9

result = (r, c) = (1, 9) in S7 = 3 = 0011b

Suppose the Input = B4 = 101010b. What’s the

output of the substitution?


16

P-box permutations Permutations:

Initial permutation Permutation in each cycleFinal inverse permutation

inverse & final permutations: Table 3-8, 3-9, p.110

Per-cycle permutation:p.109: Table 3-7Examples

Bit 1 bit 9Bit 23 bit 11Bit 19 ?Bit 27 ?


17

Summary of DES Encryption Fig. 3-19, p.111 Input = (64-bit data block, 64-bit key) process

64-bit key 56 bitsInitial permutation16 cycles:

Key transformation (split, shift, permuted)Data blocks substitution & permutation

Lj = Rj-1 ; Rj = Lj-1 XOR f(Rj-1, kj)

S-boxes, P-boxes

Final permutation Output = 64-bit ciphertext


18

DES Decryption Encryption: (Lj-1 , Rj-1) (Lj , Rj)

Lj = Rj-1 ;

Rj = Lj-1 XOR f(Rj-1, kj)

Decryption: (Lj , Rj) (Lj-1 , Rj-1)

Rj-1 = Lj

Lj-1 = Rj XOR f(Lj, kj)

Reverse key transformation


19

Security of the DES DES is in general a secure method; although it

suffers minor weakness caused by complements, weak keys, design, key clustering, and differential cryptanalysis.

Nobody has yet shown serious flaws in the DES, nor do people really believe that hardware power has reached the point where a brute force attack can feasibly break the DES.

The problem with DES is not that it is known, or even suspected, to have been broken; it is just becoming more likely that it could be broken.

A “black box” approach (the NSA’s Clipper program)


20

NSA’s Role in Computer Security 1984: President Reagan issued the National Security

Decision Directive ("NSDD") 145. NSDD-145 gave NSA the authority to develop a

national policy on computer and communications security.

1987: The “Computer Security Act of 1987” gave the responsibility to NIST.

An important point of this law is that it places an entirely new emphasis on computer security, not only on classified data, but also on unclassified information that are national interest.


21

Summary Hard problems Asymmetric Encryptions:

– Merkle-Hellman Knapsacks– RSA Encryption– El Gamal Algorithms

Symmetric Encryptions:– DES– Key Escrow & Clipper

Hashing Algorithms

Next: Ch. 4 (Protocols and practices)

Chapter 3 Encryption Algorithms & Systems (Part D)

Documents

Transcript of Chapter 3 Encryption Algorithms & Systems (Part D)