2.
Chapter 3 & Chapter 6 – Block Ciphers 、 DES 、 Others 3.1 Simplified DES 3.2 Block Cipher Principles 3.3 The Data Encryption Standard 3.4 The Strength of DES 3.5 Differential and Linear Cryptanalysis 3.6 Block Cipher Design Principles 3.7 Block Cipher Modes of Operation Ch06- Contemporary symmetric ciphers
IP -1 f K1 SW f K2 IP ( C ) = IP -1 f K1 SW f K2 IP IP -1 f K 2 SW f K 1 IP ( P ) = IP -1 f K1 SW f K2 f K 2 SW f K 1 IP ( P ) = IP -1 f K1 SW SW f K 1 IP ( P ) = IP -1 f K1 f K 1 IP ( P ) = IP -1 IP ( P ) = P
most symmetric block ciphers are based on a Feistel Cipher Structure
needed since must be able to decrypt ciphertext to recover messages efficiently
block ciphers look like an extremely large substitution
would need table of 2 64 entries for a 64-bit block
instead create from smaller building blocks
using idea of a product cipher
40.
Claude Shannon and Substitution-Permutation Ciphers
in 1949 Claude Shannon introduced idea of substitution-permutation (S-P) networks
modern substitution-transposition product cipher
these form the basis of modern block ciphers
S-P networks are based on the two primitive cryptographic operations we have seen before:
substitution (S-box)
permutation (P-box)
provide confusion and diffusion of message
41.
Shannon introduced the concept of a product cipher. A product cipher is a complex cipher combining substitution, permutation, and other components discussed in previous sections. 5.1.4 Product Ciphers
42.
Diffusion The idea of diffusion is to hide the relationship between the ciphertext and the plaintext. 5.1.4 Continued Diffusion hides the relationship between the ciphertext and the plaintext. Note
43.
Confusion The idea of confusion is to hide the relationship between the ciphertext and the key. 5.1.4 Continued Confusion hides the relationship between the ciphertext and the key. Note
44.
Rounds Diffusion and confusion can be achieved using iterated product ciphers where each iteration is a combination of S-boxes, P-boxes, and other components. 5.1.4 Continued
51.
Average time required for exhaustive key search 2.15 milliseconds 2 32 = 4.3 x 10 9 32 5.9 x 10 30 years 2 168 = 3.7 x 10 50 168 5.4 x 10 18 years 2 128 = 3.4 x 10 38 128 10 hours 2 56 = 7.2 x 10 16 56 Time required at 10 6 Decryption/ µs Number of Alternative Keys Key Size (bits)
92.
The first approach is to use double DES (2DES). 6.4.1 Double DES Meet-in-the-Middle Attack However, using a known-plaintext attack called meet-in-the-middle attack proves that double DES improves this vulnerability slightly (to 2 57 tests), but not tremendously (to 2 112 ).
99.
6.4.2 Continuous Triple DES with Three Keys The possibility of known-plaintext attacks on triple DES with two keys has enticed some applications to use triple DES with three keys. Triple DES with three keys is used by many applications such as PGP (See Chapter 16).
100.
IDEA… (International Data Encryption Algorithm)
Plain text = 64 bit.
Key =128 bit.
Sub key = 52. (16 bit each)
Cipher text = 64.
Number of identical rounds =8.(6 key in each round)
113.
WLAN WEP (WLAN security requirement and some attacks.ppt)
Problems with WEP
24-bit IVs are too short
The CRC checksum is used by WEP for integrity protection
WEP combines the IV with the key in a way that enables cryptanalytic attacks
Integrity protection for source and destination addresses is not provided
114.
WLAN WEP (WLAN security requirement and some attacks.ppt)
TKIP ： IEEE 802.11i short-term solution
A message integrity code (MIC), called Michael,to defeat forgeries;
A packet sequencing discipline, to defeat replay attacks
A per-packet key mixing function, to prevent attack
Long-term solution
A single key to provide confidentiality and integrity
Provide integrity protection for the plaintext packet header, as well as
115.
WLAN WEP (WLAN security requirement and some attacks.ppt) IEEE802.1X None Key Management Michael Enforcing IV sequencing CRC-32 None Packet Data Replay detection 48-bit IV TKIP mixing function 24-bit wrapping IV Concatenate IV to base key Key Lifetime Per-packet-key RC4 128-bit encryption 64-bit authentication RC4 40 or 104-bit encryption Cipher Key Size(s) TKIP WEP
116.
WLAN EAP (EAP series methods on wireless security.ppt)
IEEE 802.1X provide both authentication and key management