IS MARDIANTO SISTEM TERSEBAR PERTEMUAN 11 Conventional Cryptography REFERENSI :

1. IS MARDIANTO SISTEM TERSEBAR PERTEMUAN 11 Conventional Cryptography REFERENSI : Duncan S. Wong City University of Hong Kong Outline · · · · · · · Stream Ciphers and Block Ciphers Confusion and Diffusion DES (Data Encryption Standard) Exhaustive Key Search Triple DES, DESX AES (Advanced Encryption Standard) Operation Modes Symmetric Key Cryptosystems · Stream ciphers – – – – – Operate on the plaintext a single bit (or sometimes byte) at a time Simple substitution Poly-alphabetic substitution Feedback Shift Register Sequences e.g. SEAL, RC4 (used by WLAN IEEE 802.11 in WEP) · Block ciphers – – Operate on the plaintext in groups of bits. The groups of bits are called blocks. Typical block size is 64 bits or multiple of it · E.g. 128 bits, 256 bits. – DES, AES (Rijndael) http://www.mercubuana.ac.id 1

2. – – – Security must not depend on secrecy of algorithm (Kerckhoff‟s principle) Must be easily and economically implemented Must be exportable Security of DES · Avalanche Effect – Change in one input bit produces independent changes in at least two output bits · Bit Independence – No dependence on the changes of input bits with the changes of output bits · Number of rounds – 15 or fewer rounds make cryptanalytic attacks against reduced-round DES easier than brute force key search (which needs to try a total of 256 keys in the worst case) · Security of DES mainly relies on the nonlinearity of the f (i.e. the S-boxes) DES Controversy · · · · · When DES was proposed as a standard in 1975, there was considerable criticism. One objection to DES concerned the S-boxes: all computations in DES, with the exception of the S-boxes, are linear. The S-boxes, being the non-linear component of the cryptosystem, are vital to its security. However, the design criteria of the S-boxes are not completely known. Due to the NSA collaboration, several people have suggested that the S- boxes might contain hidden “trapdoors” which would allow the NSA to decrypt messages while maintaining that DES is “secure”. It is of course, impossible to disprove such an assertion, but no evidence has come to light that indicates that trapdoors in DES do in fact exist. The most pertinent criticism of DES is the reduction of key length from original 112-bits down to 56-bits. The size of the keyspace, 256, is “too small” to be really secure. http://www.mercubuana.ac.id 3

3. · DESX: three 56-bit keys C = K3 DES(K2 , M K1) DES K2  K3 C  K1 M · Similar security to DES using differential cryptanalysis and linear cryptanalysis · But much harder to break using exhaustive key search than DES. DES Replacements · · · · · · The most popular DES replacements in US are RC2, RC4 and RC5. The first two are used by SSL version 3. The most popular DES replacement in Europe is IDEA The most popular DES replacement in Japan is FEAL-N. AES (Advanced Encryption Standard) is the „official‟ replacement of DES. The AES algorithm is called Rijndael. DES & AES Chronology 1972 - The NBS (National Bureau of Standards, now NIST, the National Institute of Standards and Technology) initiated a program to protect computer and communications data. – May 1973 The NBS published a solicitation for cryptosystems in the Federal Register. Design Criteria: – – – – – The algorithm must have a high level of security, completely specified, easy to understand, and available to all users. The security of the algorithm must reside in the key. Adaptable for use in diverse applications. Economically implementable in electronic devices (at that time in hardware) and must be efficient. The algorithm must be able to be validated and exportable. http://www.mercubuana.ac.id 5