# ITIS 3200: Introduction to Information Security and Privacy

Overview of the DES A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit performs both substitution and transposition (permutation) on the bits Cipher consists of 16 rounds (iterations), each with a 48-bit round key generated from the 64-bit key 1 Generation of Round Keys Round keys are 48 bits each

key PC-1 C0 D0 LSH LSH C1 D1 LSH

LSH PC-2 K1 PC-2 K16 2 Encipherment input IP L0

R0 f L1 = R0 K1 R1 = L0 f(R0 , K1) L16 = R15 R16 = L15 f(R15, K16) IP1 output

3 The f Function Ri1 (32 bits) Ki (48 bits) E R i1 (48 bits) S1 S2 S3 S4

6 bits into each S5 S6 S7 S8 4 bits out of each P 32 bits 4 S-Box There are eight S-Box, each maps 6-bit input to 4-bit output

Each S-Box is a look-up table This is the only non-linear step in DES and contributes the most to its safety P-Box A permutation 5 Controversy Considered too weak Diffie, Hellman said in a few years technology would allow DES to be broken in days DES Challenge organized by RSA In 1997, solved in 96 days; 41 days in early 1998; 56 hours in late 1998; 22 hours in Jan 1999 http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESC racker/HTML/19990119_deschallenge3.html

Design decisions not public S-boxes may have backdoors 6 Undesirable Properties 4 weak keys They are their own inverses 12 semi-weak keys Each has another semi-weak key as inverse Complementation property DESk(m) = c DESk(m) = c S-boxes exhibit irregular properties Distribution of odd, even numbers non-random Outputs of fourth box depends on input to third box

7 Number of rounds After 5 rounds, every cipher bit is impacted by every plaintext bit and key bit After 8 rounds, cipher text is already a random function When the number of rounds is 16 or more, brute force attack will be the most efficient attack for known plaintext attack So NSA knows a lot when it fixes the DES 8 Differential Cryptanalysis A chosen ciphertext attack Requires 247 (plaintext, ciphertext) pairs Revealed several properties

Small changes in S-boxes reduce the number of (plaintext, ciphertext) pairs needed Making every bit of the round keys independent does not impede attack Linear cryptanalysis improves result Requires 243 (plaintext, ciphertext) pairs 9 Multiple encryption of DES Before we study multiple DES, a question must be answered. Is DES a group? EK2( EK1(P)) = EK3(P) It is proven that DES is not a group in 1993 10

Double encryption Encrypt the plaintext twice with different keys C = EK2(EK1(P)), P = DK1(DK2(C)) If DES uses 56 bit key, can we get 112 bit key security? Meet-in-the-middle attack makes the safety to 57 bits instead of 112 bit Tradeoff storage and search for computation Double encryption will not achieve your goal 11 DES Modes Electronic Code Book Mode (ECB) Encipher each block independently Cipher Block Chaining Mode (CBC) Xor each plaintext block with previous ciphertext block

Requires an initialization vector for the first one The initialization vector can be made public 12 CBC Mode Encryption init. vector m1 m2

DES DES c1 c2 sent sent 13

CBC Mode Decryption init. vector c1 c2 DES DES m1 m2

14 Self-Healing Property What will happen if a bit gets lost during transmission? All blocks will not be aligned When one bit in a block flipped, only the next two blocks will be impacted. Plaintext heals after 2 blocks

15 Current Status of DES Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998 Several challenges to break DES messages solved using distributed computing NIST selected Rijndael as Advanced Encryption Standard, successor to DES Designed to withstand attacks that were successful on DES 16

## Recently Viewed Presentations

• hexaflex. zorg voor een strook met 10 gelijkzijdige. driehoeken; vouw de randen. plak de 1e en de 10e omgekeerd op elkaar. kleur de drie delen creatief in. NWD 2016. van vlak naar volume. kruisgewelf / kloostergewelf. bouwplaat / met kokers....
• Field Slaves. Skin color made a difference in the slave social structure. Slaves with lighter complexions often had positions inside the plantation house. This meant better clothes or hand-me-downs, food, and huts. (It was illegal for slaves to learn to...
• Beyond the minimum PFR, up to 60% of total FRS can come from Load Resources on UFR or FFR. Generation. Online or offline capacity that can be converted to energy within 10 minutes. Dispatched by SCED. Load Resources (UFR not...
• Deforestation and Forest Degradation Reduced. Intermediate Result . 1.2. Access to Renewable Energy Increased . Intermediate Result . 1.1. ... Short-term assistance will be implemented in PNG for the 2012 elections and in Fiji for the FY 2014 elections.
• Explain the five phases of the systems development life cycle. Discuss the people involved in systems development and the roles they play. Explain the importance of systems development planning and describe planning techniques. Discuss the various types of feasibility analysis...
• A useful process for planning your evaluation is to develop a "theory of change" for your service. This can be useful way of articulating and providing a visual representation of the links between the various activities of service and how...
• CINCO DE MAYO ¡Viva México! ¡Viva Juárez! WHY? In 1861, the Mexican Congress suspended repayment of foreign debts for 2 years, due to financial instability. Creditors in England, Spain and France decided intervention was needed. France secretly planned to impose...
• It's possible "soft skills" simply came about as an antonym to "hard skills" Misleading due to the connotations of "soft," like… easy, pliable, or readily yielding to pressure. We have hard data, hard evidence, and hard thinking . If hard...