Cryptography II Symmetric and Hashing Lecture Outline Confidentiality with Symmetric Encryption Fundamental Symmetric Block Encryption Hashing Madartists CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie Cryptography II Symmetric and Hashing Symmetric Encryption Plaintext This is the original message or data that is fed into the algorithm as input Encryption algorithm The encryption algorithm performs various substitutions and transformations on the plaintext Secret key The secret key is also input to the encryption algorithm The exact substitutions and transformations performed by the algorithm depend on the key If people know the algorithm how is the ciphertext not deciphered by everyone CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie 1 Cryptography II Symmetric and Hashing Symmetric Encryption Decryption algorithm This is essentially the encryption algorithm run in reverse It takes the ciphertext and the secret key and produces the original plaintext There are two requirements for secure use of symmetric encryption 1 We need a strong encryption algorithm 2 Sender and receiver must securely obtain keep secure the secret key CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie Cryptography II Symmetric and Hashing Attacking Symmetric Encryption There are 2 general approaches to attacking a symmetric encryption cryptanalysis rely on nature of the algorithm plus some knowledge of plaintext characteristics even some sample plaintext ciphertext pairs exploits characteristics of algorithm to deduce specific plaintext or key brute force attack try all possible keys on some ciphertext until get an intelligible translation into plaintext CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie 2 Cryptography II Symmetric and Hashing Exhaustive Key Search Jul 98 Electronic Frontier Foundation EFF broke the DES encryption using a special purpose DES cracker machine that was built for less than 250 000 source code BUT there is more to a key search attack than simply running through all possible keys Unless known plaintext is provided the analyst must be able to recognize plaintext as plaintext If the message is just plain text in English then the result pops out easily If the message is some more general type of data such as a numerical file and this has been compressed the problem becomes even more difficult to automate CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie Cryptography II Symmetric and Hashing Symmetric Encryption Algorithms The most commonly used symmetric encryption algorithms are block ciphers A block cipher processes the plaintext input in fixed size blocks and produces a block of ciphertext of equal size for each plaintext block The algorithm processes longer plaintext amounts as a series of fixed size blocks The most important symmetric algorithms all of which are block ciphers are the Data Encryption Standard DES triple DES and the Advanced Encryption Standard AES CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie 3 Cryptography II Symmetric and Hashing DES and Triple DES Data Encryption Standard DES is the most widely used encryption scheme 1977 adopted in 1977 by the National Bureau of Standards now the NIST uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block concerns about algorithm use of 56 bit key Triple DES 1985 repeats basic DES algorithm three times using either two or three unique keys much more secure but also much slower CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie Cryptography II Symmetric and Hashing Data Encryption Standard DES National Security Agency NSA and National Institute of Standards and Technology NIST are responsible for the DES NIST wanted a means of protecting sensitive but unclassified data In the early 70s it invited vendors to submit data encryption algorithms NIST accepted the already created Lucifer IBM but NSA modified it by reducing the key size from 128 bits to 64 bits and named it Data Encryption Algorithm DEA not very original but Was one of the most popular cryptographic algorithms Even though DES uses 64 bit encryption only 56 bits are effectively used and 8 bits are used for parity DES is an example of bit level encryption Designed by IBM and adopted by the US government for nonmilitary and non classified use Encrypts a 64 bit plaintext using a 56 bit key The text is put through 19 different and very complex procedures to create a 64 bit ciphertext The 56 bit key is no longer considered secure enough to be used it has been broken in as little as 3 5Dr hours by fast computers Nazli Hardy CSCI 415 Computer and Network Security Adapted from Computer Security Principles and Practice Stallings and Lawrie 4 Cryptography II Symmetric and Hashing Data Encryption Standard DES Key 56 bits Subkey Generator 3 CSCI 415 Computer and Network Security Dr Nazli Hardy Transposition Swapping 2 K16 Transposition Complex 1 Complex Transposition plaintext Subkeys each 48 bits K2 K1 17 18 19 ciphertext Adapted from Computer Security Principles and Practice Stallings and Lawrie Cryptography II Symmetric and Hashing Data Encryption Standard DES Subkey Generation Effective key length is 56 bits Key 56 bits Divide 28 bits 28 bits Rotate Rotate 28 bits 28 bits 4 bit key has 16 possibilities 56 bit key has76 quadrillion possibilities But parallel processing can guess keys Combine 56 bits Compressed Permutation 48 bit subkey CSCI 415 Computer and Network Security Dr Nazli Hardy Adapted from Computer Security Principles and Practice Stallings and Lawrie 5 Cryptography II Symmetric and Hashing Advanced Encryption Standard AES Needed a better replacement for DES NIST called for proposals in 1997 for the new Advanced Encryption Standard AES The specifications were as follows have a security strength equal to or better than 3DES and significantly improved efficiency symmetric block cipher with a block length of 128 bits and support for key lengths of 128 192 and 256 bits Other evaluation