1Lecture 5Page 1CS 239, Winter 2005Cryptography and Encryption AlgorithmsCS 239Computer Security January 26, 2005Lecture 5Page 2CS 239, Winter 2005Outline• Uses of cryptography • Symmetric cryptography• Asymmetric cryptographyLecture 5Page 3CS 239, Winter 2005Uses of Cryptography• What can we use cryptography for?• Lots of things–Secrecy–Authentication–Prevention of alterationLecture 5Page 4CS 239, Winter 2005Cryptography and Secrecy• Pretty obvious• Only those knowing the proper keys can decrypt the message–Thus preserving secrecy• Used cleverly, it can provide other forms of secrecyLecture 5Page 5CS 239, Winter 2005Cryptography and Zero-Knowledge Proofs• With really clever use, cryptography can be used to prove I know a secret–Without telling you the secret• Seems like magic, but it can work• Basically, using multiple levels of cryptography in very clever waysLecture 5Page 6CS 239, Winter 2005Cryptography and Authentication• How can I prove to you that I created a piece of data?• What if I give you the data in encrypted form?– Using a key only you and I know• Then only you or I could have created it– Unless one of us told someone else the key . . .2Lecture 5Page 7CS 239, Winter 2005Some Limitations on Cryptography and Authentication• If both parties cooperative, cryptography can authenticate– Problems with non-repudiation, though• What if three parties want to share a key?– No longer certain who created anything– Public key cryptography can solve this problem• What if I want to prove authenticity withoutsecrecy?Lecture 5Page 8CS 239, Winter 2005Cryptography and Non-Alterability• Changing one bit of an encrypted message completely garbles it – For many forms of cryptography• If a checksum is part of encrypted data, that’s detectable• If you don’t need secrecy, can get the same effect– By just encrypting the checksumLecture 5Page 9CS 239, Winter 2005Symmetric and Asymmetric Cryptosystems• Symmetric - the encrypter and decrypter share a secret key–Used for both encrypting and decrypting• Asymmetric – encrypter has different key than decrypterLecture 5Page 10CS 239, Winter 2005Description of Symmetric Systems• C = E(K,P)• P = D(K,C)• E() and D() are not necessarily symmetric operationsLecture 5Page 11CS 239, Winter 2005Advantages of Symmetric Key Systems+ Encryption and authentication performed in a single operation+ Well-known (and trusted) ones perform faster than asymmetric key systems+ Doesn’t require any centralized authority • Though key servers help a lotLecture 5Page 12CS 239, Winter 2005Disadvantage of Symmetric Key Systems– Encryption and authentication performed in a single operation• Makes signature more difficult– Non-repudiation hard without servers– Key distribution can be a problem– Scaling3Lecture 5Page 13CS 239, Winter 2005Scaling Problems of Symmetric CryptographyK1K1K2K2K3K3K4K4K5K5K6K6How many keys am I going to need to handle the entire Internet????Lecture 5Page 14CS 239, Winter 2005Sample Symmetric Key Ciphers• The Data Encryption Standard• The Advanced Encryption Standard• There are many othersLecture 5Page 15CS 239, Winter 2005The Data Encryption Standard• Probably the best known symmetric key cryptosystem• Developed in 1977• Still much used–Which implies breaking it isn’t trivial• But showing its ageLecture 5Page 16CS 239, Winter 2005History of DES• Developed in response to National Bureau of Standards studies• Developed by IBM• Analyzed , altered, and approved by the National Security Agency• Adopted as a federal standard• One of the most widely used encryption algorithmsLecture 5Page 17CS 239, Winter 2005Overview of DES Algorithm• A block encryption algorithm– 64 bit blocks• Uses substitution and permutation– Repeated applications• 16 cycles worth• 64 bit key– Only 56 bits really used, thoughLecture 5Page 18CS 239, Winter 2005More On DES Algorithm• Uses substitutions to provide confusion– To hide the set of characters sent• Uses transpositions to provide diffusion– To spread the effects of one plaintext bit into other bits• Uses only standard arithmetic and logic functions and table lookup4Lecture 5Page 19CS 239, Winter 2005Description of DES Algorithm• Alternate applications of two different ciphers–A product cipher• Starts by breaking block in half • The algorithm goes through 16 rounds• Each round consists of a substitution followed by a permutationLecture 5Page 20CS 239, Winter 2005One DES Round• Select 48 bits from the key • Expand right half of block to 48 bits• XOR with key bits• Look up result in an S-box– Resulting in 32 bits• Perform a permutation using a P-box• XOR with left half of block• Result is new right half• Old right half becomes new left halfLecture 5Page 21CS 239, Winter 2005DES Round DiagramLeft Right KeyShift ShiftCompressExpand+SubstitutionPermutation+Left RightKeyLecture 5Page 22CS 239, Winter 2005S-Boxes• Table lookups to perform substitutions• Permanently defined for DES• Eight different S-boxes–Six bits out of 48 bits go to each–Four bits come out of each• Choice of contents of S-boxes believed to strongly impact security of DESLecture 5Page 23CS 239, Winter 2005P-Box• Maps 32 input bits to 32 output bits• A single, straight permutation–Unlike S-boxes, which are table lookupsLecture 5Page 24CS 239, Winter 2005Decrypting DES•For DES, D() is the same as E()• You decrypt with exactly the same algorithm• If you feed ciphertext and the same key into DES, the original plaintext pops out5Lecture 5Page 25CS 239, Winter 2005Is DES Secure?• Apparently, reasonably• No evidence NSA put a trapdoor in– Alterations believed to have increased security against differential cryptanalysis• Some keys are known to be weak with DES– So good implementations reject them• To date, only brute force attacks have publicly cracked DESLecture 5Page 26CS 239, Winter 2005Key Length and DES• Easiest brute force attack is to try all keys–Looking for a meaningful output• Cost of attack proportional to number of possible keys• Is 256enough keys?Lecture 5Page 27CS 239, Winter 2005DES Cracking Experiments• RSA Data Security issued challenge to crack a DES-encrypted message• Various people got together to do so–Harnessing computers across the Internet–Using a brute-force approach• Done in 1998Lecture 5Page 28CS 239, Winter 2005How the