1 / 44

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Lecture 10 September 21, 2004. Contents. DES assignment More Student Presentations Advanced Encryption Standard (AES) Cryptographic Hash Mehmet’s Presentation. DES Group Exercise.

roz
Download Presentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Lecture 10 September 21, 2004

  2. Contents • DES assignment • More Student Presentations • Advanced Encryption Standard (AES) • Cryptographic Hash • Mehmet’s Presentation

  3. DES Group Exercise What would be the 64-bit output of round 1 be using the plaintext and key given below (in hexadecimal format): P = 2D 75 F4 DB A3 3E 3F 89 K = D4 3C B1 9A E4 90 D7 C6

  4. Student presentations • 9/21 Mehmet • 9/23 Padmaraj • 9/28 • 9/30 • 10/5

  5. Advanced Encryption Standard (ASE) • By mid 1990s, virtually all cryptologists agreed that DES needed to be replaced by an advanced encryption standard for the 21st century • In 1997, NIST issued a request for candidate AES algorithms.

  6. The minimum requirements for a proposed algorithm: • A symmetric-key cryptosystem • A block cipher • Capable of supporting a block size of 128 bits • Capable of supporting key length of 128, 192, and 256 bits • Available on a worldwide, non-exclusive, royalty-free basis

  7. Criteria for Evaluation • Security • Soundness of the mathematical basis for an algorithm’s claimed strength • Research community search for flaws • Computational Efficiency • Memory Requirements • Flexibility • Simplicity

  8. Advanced Encryption Standard (ASE) • NIST chose 15 algorithms for evaluation in the first round, 9 of them were descendants of DES • One was selected out of five made it to the second round • Rijndael (Rine dahl)  Vincent Rijmen & Joam Daemen • In 2001, it was formally adopted by US

  9. ASE (cont) • Regular Rounds (9, 11, 13) • Additional final Round is different (10th, 12th, 14th) • Each regular round consists of 4 steps • Byte substitution (BSB) • Shift row (SR) • Mix column (MC) • Add Round key (ARK)

  10. ASE Overview Plaintext (128) ARK Subkey0 9 rounds BSB SR Ciphertext (128) ARK Subkey10

  11. Round i BSB SR CM ARK Subkeyi

  12. State • 128-bit block  4 x 4 matrix • 128 bits  16 bytes  b0, b1, b2, .., b15

  13. Key • 128-bit key  4 x 4 matrix • 128 bits  16 bytes  k0, k1, k2, .., k15

  14. 4 Operations 1. s[i,j]  s’[i,j] (predefined substitution table, Table 10-11 page 663) 2. Rows – left circular shift 3. The 4 elements in each column are multiplied by a polynomial 4. Key is derived and added to each column

  15. Exercise Using the table, Find the substitution of 6b, ff, 6e, 09

  16. Shift Row

  17. Byte Representation as polynomial One byte  8 bits B7, B6, B5, B4, B3, B2, B1, B0 B7x7 + B6 x6 + B5 x5 + B4 x4 + B3 x3 + B2 x2 + B1 x + B0 Example: E5 (hex) = 1110 0101 (binary) = x7 + x6 + x5 + x2 + 1 (poly)

  18. Mix Column = * Multiplying by 1  no change Multiplying by 2 shift left one bit Multiplying by 3  shift left one bit and XOR with original value More than 8 bits  100011011 is subtracted

  19. Exercise = *

  20. Add Key kx = b’x bx XOR

  21. Example k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12 B = e5 a8 6f 33 0a 52 31 9c c2 75 f8 1e b0 46 de 3a B’ = fa 9c 63 9e 50 7b 8a ed ac d6 68 ef f7 90 55 28

  22. 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes Key Generation Circular left shift 1byte S-box X-OR Round constant X-OR

  23. Round Constant Table

  24. Group Exercise k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f147 d6 8b 12 Final 4 bytes = 47 d6 8b 12 After shift = d6 8b 12 47 Find the next sub key

  25. Cryptographic Hash Functions (take notes) • Message Digest Functions • Protect integrity • Users create a message digest or fingerprint of a digital document • Message Authentication Codes (MACs) • Protect both integrity and authenticity • MACs produce fingerprints based on both a given document and a secret key

  26. Message Digest Functions • Checksums  fingerprint of a message • If the message changes, the checksum will not match • Most checksums are good in detecting accidental changes made to a message • They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum • Message digests are designed to protect against this possibility

  27. One-Way Hash Functions M H H(M) = h Example M = “Elvis” H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 H(M) = (5 + 12 + 22 + 9 + 19) mod 26 H(M) = 67 mod 26 H(M) = 15

  28. Collision x H H(x) = Example x = “Viva” Y = “Vegas” H(x) = H(y) = 2 y H H(y)

  29. Collision-resistant, One-way hash functions • Given M, it is easy to compute h • Given any h, it is hard to find any M such that H(M) = h • Given M1, it is difficult to find M2 (not identical to M1) such that H(M1) = H(M2) Functions that satisfy these criteria are called message digest. They produce a fixed-length digest (fingerprint)

  30. The Secure Hash Algorithm (SHA-1) SHA-1 160-bit message digest A message composed of b bits

  31. Step 1-- Padding • Padding  the total length of a padded message is multiple of 512 • Every message is padded even if its length is already a multiple of 512 • Padding is done by appending to the input: • A single bit, 1 • Enough additional bits, all 0, to make the final 512 block exactly 448 bits long • A 64-bit integer representing the length of the original message in bits

  32. Example • M = 01100010 110010101001 (20 bits) • Padding is done by appending to the input: • A single bit, 1 • 427 0s • A 64-bit integer representing 20 • Pad(M) = 01100010 1100101010011000 … 00010100

  33. Example • Length of M = 500 bits • Padding is done by appending to the input: • A single bit, 1 • 459 0s • A 64-bit integer representing 500 • Length of Pad(M) = 1024 bits

  34. Initialize 85 32-bit words (Hexa) • H0 = 67452301 • H1 = EFCDAB89 • H2 = 98BADCFE • H3 = 10325476 • H4 = C3D2E1F0 • K0 – K19 = 5A827999 • K20 – K39 = 6ED9EBA1 • K40 – K59 = 8F1BBCDC • K60 – K79 = CA62C1D6

  35. Step 2-- Dividing Pad(M) • Pad (M) = B1, B2, B3, …, Bn • Each Bi denote a 512-bit block • Each Bi is divided into 16 32-bit words W0, W1, …, W15

  36. Step 3– Use W0 - W15 to compute W16 – W79 • To Compute word Wj (16<=j<=79): • Wj-3, Wj-8, Wj-14 , Wj-16 are XORed • The result is circularly left shifted one bit

  37. Step 4– Copy H0 – H4 into A,B,C,D,E • A = H0 • B = H1 • C = H2 • D = H3 • D = H4

  38. Step 5– Four functions • For j = 0, 19 fj(B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) • For j = 20, 39 fj(B,C,D) = (B XOR C XOR D) • For j = 40, 59 fj(B,C,D) = (B AND C) OR ((NOT B) AND D) • For j = 60, 79 fj(B,C,D) = (B XOR C XOR D)

  39. Step 6– Loop For j = 0 to 79 Do TEMP = Circular_left_shift_5 (A) + fj(B,C,D) + E + Wj + Kj E = D; D = C; C = Circular_left_shift_30(B); B = A; A = TEMP Done +  addition (ignore overflow)

  40. Step 7– Final H0 = H0 + A H1 = H1 + B H2 = H2 + C H3 = H3 + D H4 = H4 + E

  41. Done Once these steps have been performed on each 512-bit block (B1, B2, …, Bn) of the padded message in turn, the 160-bit message digest is given by H0 H1 H2 H3 H4

  42. Message Authentication Codes (MACs) • A message authentication code (MAC) is a key-dependent message digest function: MAC(M,K) = h

  43. A MAC Based on a Block Cipher M1 M1 M1 XOR XOR Encrypt … Encrypt Encrypt MAC K K K

More Related