1CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingLecture Outline Confidentiality with Symmetric Encryption– Fundamental– Symmetric Block Encryption Hashing© MadartistsCSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingSymmetric Encryption Plaintext: This is the original message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key. If people know the algorithm, how is the ciphertext not deciphered by everyone?2CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingSymmetric Encryption Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.There are two requirements for secure use of symmetric encryption:1. We need a strong encryption algorithm2. Sender and receiver must securely obtain, & keep secure, the secret keyCSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingAttacking Symmetric Encryption There are 2 general approaches to attacking a symmetric encryption cryptanalysis– rely on nature of the algorithm – plus some knowledge of plaintext characteristics– even some sample plaintext-ciphertext pairs– exploits characteristics of algorithm to deduce specific plaintext or key brute-force attack– try all possible keys on some ciphertext until get an intelligible translation into plaintext3CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingExhaustive Key SearchJul ’98 Electronic Frontier Foundation (EFF) broke the DES encryption using a special-purpose "DES cracker" machine that was built for less than $250,000 (source code)BUT: there is more to a key-search attack than simply running through all possible keys. Unless known plaintext is provided, the analyst must be able to recognize plaintext as plaintext. If the message is just plain text in English, then the result pops out easily. If the message is some more general type of data, such as a numerical file, and this has been compressed, the problem becomes even more difficult to automate.CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingSymmetric Encryption Algorithms The most commonly used symmetric encryption algorithms are block ciphers A block cipher processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block The algorithm processes longer plaintext amounts as a series of fixed-size blocks. The most important symmetric algorithms, all of which are block ciphers, are the Data Encryption Standard (DES), triple DES, and the Advanced Encryption Standard (AES)4CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingDES and Triple-DES Data Encryption Standard (DES) is the most widely used encryption scheme (1977)– adopted in 1977 by the National Bureau of Standards, now the NIST – uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertextblock– concerns about algorithm & use of 56-bit key Triple-DES (1985)– repeats basic DES algorithm three times– using either two or three unique keys– much more secure but also much slowerCSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingData Encryption Standard (DES) National Security Agency (NSA) and National Institute of Standards and Technology (NIST) are responsible for the DES– NIST wanted a means of protecting sensitive but unclassified data. In the early ’70s it invited vendors to submit data encryption algorithms– NIST accepted the already created Lucifer (IBM), but NSA modified it by reducing the key size from 128 bits to 64 bits and named it Data Encryption Algorithm (DEA) – not very original but… Was one of the most popular cryptographic algorithms Even though DES uses 64-bit encryption, only 56 bits are effectively used and 8 bits are used for parity DES is an example of bit-level encryption. Designed by IBM and adopted by the US government for nonmilitary and non classified use Encrypts a 64-bit plaintext, using a 56-bit key The text is put through 19 different and very complex procedures to create a 64-bit ciphertext The 56-bit key is no longer considered secure enough to be used – it has been broken in as little as 3.5 hours by fast computers5CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingData Encryption Standard (DES)Subkey GeneratorTranspositionComplexComplexTranspositionSwappingTransposition12 3 171819K1K2 K16Subkeys: each 48 bitsKey: 56 bitsplaintextciphertext………………………………………….CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and LawrieCryptography II – Symmetric and HashingData Encryption Standard (DES) – Subkey GenerationKey - 56 bits28 bits 28 bitsRotate Rotate28 bits 28 bitsCombineDivide56 bits48 bit subkeyCompressed Permutation4-bit key has 16 possibilities56-bit key has76 quadrillion possibilitiesBut parallel processing can guess keysEffective key length is 56 bits6CSCI 415: Computer and Network Security Dr. Nazli HardyAdapted from Computer Security: Principles and Practice, Stallings and