1 / 19

Security of symmetric algorithms

Security of symmetric algorithms. TE/CS 536 Network Security Spring 2005 – Lecture 8. DES Top View. 56-bit Key. 64-bit Input. 48-bit K1. Generate keys. LPT RPT. Initial Permutation. 48-bit K1. Round 1. 48-bit K2. Round 2. …. 48-bit K16. Round 16. Swap 32-bit halves. Swap.

cain-petersen
Download Presentation

Security of symmetric algorithms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security of symmetric algorithms TE/CS 536 Network Security Spring 2005 – Lecture 8

  2. DES Top View 56-bit Key 64-bit Input 48-bit K1 Generate keys LPT RPT Initial Permutation 48-bit K1 Round 1 48-bit K2 Round 2 …... 48-bit K16 Round 16 Swap 32-bit halves Swap Final Permutation Permutation 64-bit Output

  3. Per-Round Key Generation Initial Permutation of DES key C i-1 D i-1 28 bits 28 bits Circular Left Shift Circular Left Shift One round Round 1,2,9,16: single shift Others: two bits Permutation with 8 bits Discard 48 bits Ki C i D i 28 bits 28 bits

  4. A DES Round 32 bits Ln 32 bits Rn E One Round Encryption 48 bits F Function 48 bits Ki S-Boxes P 32 bits 32 bits Ln+1 32 bits Rn+1

  5. 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 S1 S2 S3 S4 S5 S6 S7 S8 + + + + + + + + Permutation F Function Key is XORed in eight 6-bit chunks with the expanded permuted RPT The permutation produces “spread” among the chunks/S-boxes!

  6. 2 bits row I1 I2 I3 I4 I5 I6 S O1 O2 O3 O4 i 4 bits column = 1,…8. i S-Box • 48 bits ==> 32 bits. (8*6 ==> 8*4) • 2 bits used to select amongst 4 permutations for the rest of the 4-bit quantity

  7. Decryption • Apply the same operations with the keys Ki in the reverse sequence: K16 … K1 • To generate keys in the reverse sequence, the bits are circularly shifted right (instead of left) during the key generation process.

  8. Cipher Iterative Action : Input: 64 bits Key: 48 bits Output: 64 bits Key Generation Box : Input: 56 bits Output: 48 bits DES Standard Total 16 rounds

  9. DES Box Summary • Simple, easy to implement: • Hardware gigabits/second • Software megabits/second • Supports several operation modes • ECB • CBC • OFB • CFB

  10. What is a Brute force attack • Brute force attack • Algorithm is known but key is secret • Test all possible keys to recover plaintext from a given ciphertext • Correct key is found by testing candidate plaintexts for similarity to plaintext language (e.g. English encoded in ASCII) • A cipher is secure (un-breakable) if there is no method less expensive than a BF

  11. Brute force attacks on DES • 1977: Diffie-Hellman • $20 M paper design • Search speed (2^38) keys/sec • Will recover one key/day • Cost per key = $50,000 (averaged over 1 year)

  12. Brute force attacks on DES - 2 • 1993: Michael Weiner • Search speed (2^38) keys/sec -- $100K • Will recover one key/35hours • Cost per key = $6.59 (averaged over 1 year) • Other options • Speed (2^41.39) keys/sec -- $1M, 3.5 hours • Speed (2^44.71) keys/sec -- $10M, 21 mins

  13. Brute force attacks on DES - 3 • 1997: DESCHALL • In response to RSA challenge, distributed effort • Searched 51.8% key space • Average speed overall = (2^32.16) = 4.8 bkeys/s • Max speed = (2^32.70) = 7 billion keys per sec • Machines involved = max. 14000 in single day • Time to find the key = 90 days

  14. Brute force attacks on DES - 4 • 1998: Electronic Frontier Foundation (EFF) • $250K DES Cracker machine with 18,000 custom chips : first hardware design actually built (RSA challenge 1998) • Time to find the key 56.05 hours • Searched 24.8% key space • Ave speed (2^36.37) 88.8 b kps

  15. To foil attacks on DES • NIST recommends 128 bits for symmetric key algorithms (1024 bits for asymmetric) • Keys should be generated properly • Usually keys are derived from a user-selected password or passphrase – which should have 128 bits entropy (16 different words), e.g. • sqrnf oikas ocmpe vflte krbqa jwf • iTb.\ / & / - } I t / P ; ^ + 2 2 q • serf bare qd jab weld hum jf sheet gallop neve

  16. Double DES • Multiple encryption to compensate for the short basic DES key • Effective Key size = 128? • If yes, key search space = (2^128) K1K2 • Plain text -------->T--------> C

  17. Double DES – meet-in-the-middle attack • Given a (P,C) pair • Step 1: Calculate Te = E(K1, P) – search space (2^56) • Step 2: Calculate Td = D(K2, C) – search space (2^56) • Step 3: Check if Te = Td  K1 and K2 found, work needed: (2^57) • Memory requirement for storing T from step 1: (2^56) 64-bit blocks or (10^17) bytes

  18. Triple DES • Multiple encryption compensates short key • Standard practice: E(K3, D(K2, E(K1, P))) -- 168-bit DES • K1=K3 Two key Triple DES – 112 bit E(K1, D(K2, E(K1, P))) • To launch meet-in-the-middle attack T = D(K2, E(K1, P)) requires exploring a (2^112) search space.

  19. DES3 Issues • Efficiency demands schemes with longer keys to begin with! • DES3 runs one third as fast as DES on the same platform • New candidates - RC5 (64 bit?), IDEA, AES

More Related