1 / 28

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Lecture 8 September 14, 2004. Contents. Announcements More on DES Advanced Encryption Standard (AES) Saeed’s Presentation. Guest Lecture on 9/16. Electronic Crimes – Secret Service. Five Security Articles. IEEE Computer, June 2004

taryn
Download Presentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Lecture 8 September 14, 2004

  2. Contents • Announcements • More on DES • Advanced Encryption Standard (AES) • Saeed’s Presentation

  3. Guest Lecture on 9/16 Electronic Crimes – Secret Service

  4. Five Security Articles IEEE Computer, June 2004 • Securing the High-Speed Internet, pp 33 • Computer Security in the Real World, pp 37 • Worm Epidemics in High-Speed Networks, pp 48 • Making the Gigabit IPsec VPN Architecture Secure, pp 54 • A Quantitative Study of Firewall Configuration Errors, pp62

  5. Solution of Group Work on 9/9 Find keys d and e for the RSA cryptosystem with p = 7 and q = 11. Solution P*q = 77 (p-1) * (q-1) = 60 d = 13 e = 37 13 * 37 = 481 = 1 mod 60

  6. Does DES Work? • Differential Cryptanalysis Idea • Use two plaintext that barely differ • Study the difference in the corresponding cipher text • Collect the keys that could accomplish the change • Repeat

  7. Handouts • 3-round baby DES • Why the initial permutation? • Why 16 rounds? • Why these particular S-boxes?

  8. Cracking DES During the period NBS was soliciting comments on the proposed algorithm, the creators of public key cryptography, Martin Hellman and Whitfield Diffie, registered some objections to the use of DES. Hellman wrote: "Whit Diffie and I have become concerned that the proposed data encryption standard, while probably secure against commercial assault, may be extremely vulnerable to attack by an intelligence organization" (letter to NBS, October 22, 1975).

  9. Cracking DES (cont.) Diffie and Hellman then outlined a "brute force" attack on DES. (By "brute force" is meant that you try as many of the 2^56 possible keys as you have to before decrypting the ciphertext into a sensible plaintext message.) They proposed a special purpose "parallel computer using one million chips to try one million keys each" per second, and estimated the cost of such a machine at $20 million.

  10. Cracking DES (cont.) In 1998, under the direction of John Gilmore of the EFF (Electronic Frontier Foundation), a team spent $220,000 and built a machine that can go through the entire 56-bit DES key space in an average of 4.5 days. On July 17, 1998, they announced they had cracked a 56-bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each containing 64 chips, and is capable of testing 90 billion keys a second.

  11. In early 1999, Distributed. Net used the DES Cracker and a worldwide network of nearly 100,000 PCs to break DES in 22 hours and 15 minutes. The DES Cracker and PCs combined were testing 245 billion keys per second when the correct key was found. In addition, it has been shown that for a cost of one million dollars a dedicated hardware device can be built that can search all possible DES keys in about 3.5 hours. This just serves to illustrate that any organization with moderate resources can break through DES with very little effort these days. Cracking DES (cont.)

  12. As computers became progressively faster and more powerful, it was recognized that a 56-bit key was simply not large enough for high security applications. As a result, NIST (New name of NBS) abandoned their official endorsement of DES in 1997 and began work on a replacement, to be called the Advanced Encryption Standard (AES).Despite the growing concerns about its vulnerability, DES is still widely used by financial services and other industries worldwide to protect sensitive on-line applications. The Birth of AES

  13. DES Group Exercise What would be the 64-bit output of round 1 be using the plaintext and key given below (in hexadecimal format): P = 2D 75 F4 DB A3 3E 3F 89 K = D4 3C B1 9A E4 90 D7 C6

  14. Advanced Encryption Standard (ASE) • NIST, call 1997 • One was selected out of five • Rijndael (Rine dahl)  Vincent Rijmen & Joam Daemen • In 2001, it was formally adopted by US • 9, 11, 13 cycles (rounds) for keys of 128, 192, 256 bits

  15. ASE (cont) • Each cycle consists of 4 steps • Byte substitution (BSB) • Shift row (SR) • Mix column (MC) • Add Round key (ARK)

  16. ASE Overview Plaintext (128) ARK Subkey0 9 rounds BSB SR Ciphertext (128) ARK Subkey10

  17. Round i BSB SR CM ARK Subkeyi

  18. State • 128-bit block  4 x 4 matrix • 128 bits  b0, b1, b2, .., b15

  19. 4 Operations 1. s[i,j]  s’[i,j] (predefined substitution table, Table 10-11 page 663) 2. Rows – left circular shift 3. The 4 elements in each column are multiplied by a polynomial 4. Key is derived and added to each column

  20. Exercise Using the table, Find the substitution of 6b, ff, 6e, 09

  21. Shift Row

  22. Mix Column = * Multiplying by 1  no change Multiplying by 2 shift left one bit Multiplying by 3  shift left one bit and XOR with original value More than 8 bits  100011011 is subtracted

  23. Exercise = *

  24. Add Key kx = b’x bx XOR

  25. Example k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12 B = e5 a8 6f 33 0a 52 31 9c c2 75 f8 1e b0 46 de 3a B’ = fa 9c 63 9e 50 7b 8a ed ac d6 68 ef f7 90 55 28

  26. 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes Key Generation Circular left shift 1byte S-box X-OR Round constant X-OR

  27. Round Constant Table

  28. Group Exercise k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f147 d6 8b 12 Final 4 bytes = 47 d6 8b 12 After shift = d6 8b 12 47 Find the next sub key

More Related