Lecture 4 Overview. Data Encryption Standard Combination of substitution and transposition –...
-
Upload
stephany-rich -
Category
Documents
-
view
215 -
download
0
description
Transcript of Lecture 4 Overview. Data Encryption Standard Combination of substitution and transposition –...
Lecture 4 Overview
Data Encryption Standard• Combination of substitution and transposition– Repeated for 16 cycles– Provides confusion and diffusion
• Product cipher– Two weak but complementary ciphers
can be made more secure by being applied together
CS 450/650 – Lecture 4: DES 2
A High Level Description of DES
Input - P
16 Cycles
Output - C
Key
IP
Inverse IP
3CS 450/650 – Lecture 4: DES
A Cycle in DES
4CS 450/650 – Lecture 4: DES
ERn-1 E(Rn-1 )
Expand each block Rn-1
• We'll call the use of this selection table the function E. • Thus E(Rn-1) has a 32 bit input block, and a 48 bit
output block.
5CS 450/650 – Lecture 4: DES
The Calculation of the function f
1- Expand Rn-1 E(Rn-1 )
2- XOR Kn + E(Rn-1) = B1B2B3B4B5B6B7B8
3- Substitution S-Boxes S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)
4- P permutation f = P(S1(B1)S2(B2)...S8(B8))
6CS 450/650 – Lecture 4: DES
Types of Permutations
CS 450/650 Fundamentals of Integrated Computer Security 7Pattern of Expansion Permutation
Lecture 5 DES & Rivest-Shamir-Adelman
CS 450/650
Fundamentals of Integrated Computer Security
Slides are modified from Hesham El-Rewini
Does DES Work?• Differential Cryptanalysis Idea– Use two plaintext that barely differ– Study the difference in the corresponding cipher
text– Collect the keys that could accomplish the change– Repeat
9CS 450/650 – Lecture 5: DES
Cracking DES• During the period NBS was soliciting comments on
the proposed algorithm, the creators of public key cryptography registered some objections to the use of DES. – Hellman wrote: "Whit Diffie and I have become concerned
that the proposed data encryption standard, while probably secure against commercial assault, may be extremely vulnerable to attack by an intelligence organization" • letter to NBS, October 22, 1975
10CS 450/650 – Lecture 5: DES
Cracking DES (cont.)• Diffie and Hellman then outlined a "brute
force" attack on DES– By "brute force" is meant that you try as many of
the 256 possible keys as you have to before decrypting the ciphertext into a sensible plaintext message
– They proposed a special purpose "parallel computer using one million chips to try one million keys each" per second
11CS 450/650 – Lecture 5: DES
Cracking DES (cont.)• In 1998, Electronic Frontier Foundation spent
$220K and built a machine that could go through the entire 56-bit DES key space in an average of 4.5 days– On July 17, 1998, they announced they had
cracked a 56-bit key in 56 hours• The computer, called Deep Crack– used 27 boards each containing 64 chips– was capable of testing 90 billion keys a second
12CS 450/650 – Lecture 5: DES
Cracking DES (cont.)• In early 1999, Distributed. Net used the DES Cracker
and a worldwide network of nearly 100K PCs to break DES in 22 hours– combined they were testing 245 billion keys per second
• It has been shown that a dedicated hardware device with a cost of $1M (is much less in 2010) can search all possible DES keys in about 3.5 hours
• This just serves to illustrate that any organization with moderate resources can break through DES with very little effort these days
13CS 450/650 – Lecture 5: DES
Triple DES• Triple-DES is just DES with two 56-bit keys applied. • Given a plaintext message, the first key is used to
DES- encrypt the message. • The second key is used to DES-decrypt the encrypted
message. – Since the second key is not the right key, this decryption
just scrambles the data further.
• The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext.
• This three-step procedure is called triple-DES.
14CS 450/650 – Lecture 5: DES
Algorithm Background
Analysis of Algorithms• Algorithms– Time Complexity– Space Complexity
• An algorithm whose time complexity is bounded by a polynomial is called a polynomial-time algorithm. – An algorithm is considered to be efficient if it runs
in polynomial time.
CS 450/650 Lecture 5: Algorithm Background 16
Time and Space• Should be calculated as function of problem
size (n)– Sorting an array of size n, – Searching a list of size n, – Multiplication of two matrices of size n by n
• T(n) = function of n (time)
• S(n) = function of n (space)
17CS 450/650 Lecture 5: Algorithm Background
Growth Rate• We Compare functions by comparing their
relative rates of growth.
1000n vs. n2
18CS 450/650 Lecture 5: Algorithm Background
Definitions T(n) = O(f(n)): T is bounded above by fThe growth rate of T(n) <= growth rate of f(n)
T(n) = (g(n)): T is bounded below by gThe growth rate of T(n) >= growth rate of g(n)
T(n) = (h(n)): T is bounded both above and below by hThe growth rate of T(n) = growth rate of h(n)
T(n) = o(p(n)): T is dominated by pThe growth rate of T(n) < growth rate of p(n)
19CS 450/650 Lecture 5: Algorithm Background
Time Complexity C O(n) O(log n) O(nlogn) O(n2) … O(nk)
O(2n) O(kn) O(nn)
20CS 450/650 Lecture 5: Algorithm Background
Polynomial
Exponential
P, NP, NP-hard, NP-complete• A problem belongs to the class P if the problem can be
solved by a polynomial-time algorithm• A problem belongs to the class NP if the correctness of the
problem’s solution can be verified by a polynomial-time algorithm
• A problem is NP-hard if it is as hard as any problem in NP– Existence of a polynomial-time algorithm for an NP-hard problem
implies the existence of polynomial solutions for every problem in NP
• NP-complete problems are the NP-hard problems that are also in NP
21CS 450/650 Lecture 5: Algorithm Background
Relationships between different classes
NP
P
NP-complete
NP-hard
22CS 450/650 Lecture 5: Algorithm Background
Partitioning ProblemGiven a set of n integers, partition the integers into two subsets such that the difference between the sum of the elements in the two subsets is minimum
13, 37, 42, 59, 86, 100
23CS 450/650 Lecture 5: Algorithm Background
Bin Packing Problem• Suppose you are given n items of sizes
s1, s2,..., sn
• All sizes satisfy 0 si 1
• The problem is to pack these items in the fewest number of bins, – given that each bin has unit capacity
24CS 450/650 Lecture 5: Algorithm Background
Bin Packing ProblemExample (Optimal; Solution) for 7 items of sizes:
0.2, 0.5, 0.4, 0.7, 0.1, 0.3, 0.8.
0.8
0.2
0.3
0.7
0.50.10.4
Bin 1 Bin 2 Bin 325CS 450/650 Lecture 5: Algorithm Background
Rivest-Shamir-Adelman
RSA• Invented by Cocks (GCHQ), independently, by
Rivest, Shamir and Adleman (MIT)– in 1978
• Two keys e and d are used for Encryption and Decryption– The keys are interchangeable
• Based on the problem of factoring large numbers
• Let p and q be two large prime numbers• Let N = pq be the modulus
• Choose e relatively prime to (p1)(q1)– How?
• Find d such that ed = 1 mod (p1)(q1)
• Public key is (N,e)• Private key is d
Key Choice
RSA• To encrypt message M compute– C = Me mod N
• To decrypt C compute– M = Cd mod N
RSA• Recall that e and N are public
• If attacker can factor N, he can use e to easily find d – since ed = 1 mod (p1)(q1)
• Factoring the modulus breaks RSA
• It is not known whether factoring is the only way to break RSA
Does RSA Really Work?• Given C = Me mod N we must show – M = Cd mod N = Med mod N
• We’ll use Euler’s Theorem– If x is relatively prime to n then x(n) = 1 mod n
Does RSA Really Work?• Facts: – ed = 1 mod (p 1)(q 1) – By definition of “mod”, ed = k(p 1)(q 1) + 1– (N) = (p 1)(q 1)– Then ed 1 = k(p 1)(q 1) = k(N)
• Med = M(ed-1)+1 = MMed-1 = MMk(N) = M(M(N)) k mod N = M1 k mod N = M mod N