980 likes | 2.13k Views
DES Algorithm. Provides Confidentiality. Conventional Encryption Algorithms. Data Encryption Standard (DES) The most widely used encryption scheme The algorithm is reffered to the Data Encryption Algorithm (DEA) DES is a block cipher The plaintext is processed in 64-bit blocks
E N D
DES Algorithm Provides Confidentiality
Conventional Encryption Algorithms • Data Encryption Standard (DES) • The most widely used encryption scheme • The algorithm is reffered to the Data Encryption Algorithm (DEA) • DES is a block cipher • The plaintext is processed in 64-bit blocks • The key is 56-bits in length
Data Encryption Standard (DES) • The algorithm has 16 rounds. Each round has the following architecture: Li and Ri are each 32-bit long strings
DES • The overall processing at each iteration: • Li= Ri-1 • Ri = Li-1 F(Ri-1, Ki) • Concerns about: • The algorithm and the key length (56-bits)
X=IP(M) Upper Lower
DES • Before any rounds, the plaintext bits are permuted using an initial permutation. • Hence, at the end of the 16 rounds the inverse permutation is applied. • The initial permutation is public knowledge
DES • The key argument (J) is 48 bits. • The text argument needs to be expanded to 48 bits.
DES: Expansion Function Added • The 32-bits of R_I are permuted and 16 of them are repeated twice to obtain a 48 bit string.
DES Round Structure column
DES: S Blocks. • S blocks takes in as input 6-bit arguments and outputs four bits. • This is the substitution part of the cipher. • Each S block has a different functionality as defined by the corresponding tables.
DES • After substitution, the function output is now 32 bits and it goes through a fixed permutation. • Thus we perform “confusion” and “diffusion” steps in each round.
DES: Key generation for each round • The parity bits are stripped away. • The bits are permuted by PC-1 • LS_I represents cyclic shift by one position if I=1, 2, 9, or 16; otherwise shift by 2
Key Generation (Discard each 8th bit) Discard these
DES Permuted Choice Two (PC-21) Permuted Choice One (PC-1) • PC-2 converts 56 bits into 48 bits
DES • The overall effect is to pick at each round 48 of the 56 bits and permute the selected bits. Thus for each round one can perform a table look up to calculate K_I.
Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes • outer bits 1 & 6 (row bits) select one rows • inner bits 2-5 (col bits) are substituted • result is 8 lots of 4 bits, or 32 bits • row selection depends on both data & key • feature known as autoclaving (autokeying) • example:S(18 09 12 3d 11 17 38 39) = 5fd25e03
DES Key Schedule • forms subkeys used in each round • consists of: • initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves • 16 stages consisting of: • selecting 24-bits from each half • permuting them by PC2 for use in function f, • rotating each half separately either 1 or 2 places depending on the key rotation schedule K
DES Decryption • decrypt must unwind steps of data computation • with Feistel design, do encryption steps again • using subkeys in reverse order (SK16 … SK1) • note that IP undoes final FP step of encryption • 1st round with SK16 undoes 16th encrypt round • …. • 16th round with SK1 undoes 1st encrypt round • then final FP undoes initial encryption IP • thus recovering original data value
Triple DEA • Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt) • C = ciphertext • P = Plaintext • EK[X] = encryption of X using key K • DK[Y] = decryption of Y using key K • Effective key length of 168 bits C = EK3[DK2[EK1[P]]]
Other Symmetric Block Ciphers • International Data Encryption Algorithm (IDEA) • 128-bit key • Used in PGP • Blowfish • Easy to implement • High execution speed • Run in less than 5K of memory
Other Symmetric Block Ciphers • RC5 • Suitable for hardware and software • Fast, simple • Adaptable to processors of different word lengths • Variable number of rounds • Variable-length key • Low memory requirement • High security • Data-dependent rotations • Cast-128 • Key size from 40 to 128 bits • The round function differs from round to round
Cipher Block Modes of Operation • Cipher Block Chaining Mode (CBC) • The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block. • Repeating pattern of 64-bits are not exposed
Location of Encryption Device • Link encryption: • A lot of encryption devices • High level of security • Decrypt each packet at every switch • End-to-end encryption • The source encrypt and the receiver decrypts • Payload encrypted • Header in the clear • High Security: Both link and end-to-end encryption are needed (see Figure 2.9)
Key Distribution • A key could be selected by A and physically delivered to B. • A third party could select the key and physically deliver it to A and B. • If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. • If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.
Key Distribution (See Figure 2.10) • Session key: • Data encrypted with a one-time session key.At the conclusion of the session the key is destroyed • Permanent key: • Used between entities for the purpose of distributing session keys
Recommended Reading • Stallings, W. Cryptography and Network Security: Principles and Practice, 2nd edition. Prentice Hall, 1999 • Scneier, B. Applied Cryptography, New York: Wiley, 1996 • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001