Professional Documents
Culture Documents
IS 302: Information Security and Trust Week 3: From DES To AES
IS 302: Information Security and Trust Week 3: From DES To AES
2011
Review
– Kerckhoff principle
– Attacks to cryptosystem
© Yingjiu Li 2007 2
Modern Symmetric Ciphers
• DES
• AES
© Yingjiu Li 2007 3
Two Types of Ciphers
• Stream Cipher and Block Cipher
• Classify the following ciphers
– Caesar, Vigenere, Zimmerman, Vernam
– DES, AES
© Yingjiu Li 2007 4
DES
• 1972-1974 NBS call for proposal
• IBM’s DES Horst Feistel’s Lucifer cipher
• 1976 US Federal standard
© Yingjiu Li 2007 5
Jeff Moser: http://www.moserware.com/2009/09/stick-figure-
© Yingjiu Li 2007 guide-to-advanced.html 6
© Yingjiu Li 2007 7
© Yingjiu Li 2007 8
© Yingjiu Li 2007 9
© Yingjiu Li 2007 10
One Round in Encoding
• 56-bits key 16 48-bits A round of encoding a block
sub-key in DES (repeat 16 times)
• 64-bits blocks
– Right half left half Left half block Right half block
– Left half mixed with
encrypted right half right
half substitution Sub key
permutation f
© Yingjiu Li 2007 11
Overall Diagram
http://en.wikipedia.org/wiki/Data_Encryption_Standard
f function
© Yingjiu Li 2007 12
DES procedure visualization
• Cryptool:
– Indiv. procedures visualization of algorithms
DES
© Yingjiu Li 2007 13
Multiple DES
• Two-Key DES
Data
K1 E K2 E C
– Total key size is 56x2=112 bits; but the effective key size is only
57 bits only!
• Triple DES (3DES)
Data C
K1 E K2 D K1 E
© Yingjiu Li 2007 15
Security Concerns
56 bit key is too short
– Can be broken on average in 2^55 ≈3.6*10^16
trials
– Moore’s law: speed of processor doubles per
1.5 yr
– 1997: 3500 machines broke DES in about 4
months
– 1998: 1M dollar machine broke DES in about 4
days
© Yingjiu Li 2007 16
© Yingjiu Li 2007 17
© Yingjiu Li 2007 18
© Yingjiu Li 2007 19
© Yingjiu Li 2007 20
© Yingjiu Li 2007 21
© Yingjiu Li 2007 22
© Yingjiu Li 2007 23
© Yingjiu Li 2007 24
AES
• 1997 NIST call
• Final five
– Rijndael(Joan Daemen and Vincent Rijmen),
– Serpent(Ross Anderson),
– Twofish(Bruce Schneier),
– RC6(Don Rivest, Lisa Yin),
– MARS (Don Coppersmith, IBM)
• 2000 Rijndael won
• 2002 Rijndael became AES
© Yingjiu Li 2007 25
AES vs DES
DES AES
© Yingjiu Li 2007 26
High-Level Cipher Algorithm
© Yingjiu Li 2007 32
Four Modes of Block Ciphers
• How are multiple blocks processed?
– ECB: Electronic Code Book
– CBC: Cipher Block Chaining
– CFB: Cipher Feedback
– OFB: Output Feedback
© Yingjiu Li 2007 33
Electronic codebook (ECB)
mode
© Yingjiu Li 2007 34
Cipher-block Chaining (CBC) Mode
© Yingjiu Li 2007 35
ECB vs CBC
• Which mode would you choose?
© Yingjiu Li 2007 36
Hands-On Exercise
• AES Encryption and Decryption
– OpenSSL
– JCE
© Yingjiu Li 2007 37
Part I: OpenSSL
• Download Lab.doc
• Lab exercise 2.1: OpenSSL AES
encryption/decryption
© Yingjiu Li 2007 38
Part II: JCE
• Download Lab.doc
• Lab exercise 2.2: JCE AES encryption and
decryption
© Yingjiu Li 2007 39
Class:Javax.crypto.Cipher
• This class provides the functionality of a cryptographic
cipher for encryption and decryption
• Methods:
– getInstance(String algorithm )
• Generates a Cipher object that implements the specified algorithm.
– init(int opmode, Key key )
• The cipher is initialized with a key for either encryption or
decryption.
– doFinal(byte[] input )
• Encrypts or decrypts data depending on how this cipher was
initialized.
© Yingjiu Li 2007 41
Example: AES Encryption cont’d
//Create a byte array with the size of the file.
byte[] plaintext = new byte[(int) length];
//Close file
fi.close();
// Now encrypt the text and store it in the byte array ciphertext
byte[] ciphertext = cipher.doFinal(plaintext);
© Yingjiu Li 2007 42
Example: AES Decryption
• The following sample decrypts a file “encryptedfile”and save the output as a file
named “decryptedfile”.
© Yingjiu Li 2007 43
Example: AES Decryption cont’d
//Create a byte array with the size of the file.
byte[] ciphertext = new byte[(int) length];
//Close file
fi.close();
// Now decrypt the text and store it in the byte array ciphertext
byte[] plaintext = cipher.doFinal(ciphertext);
© Yingjiu Li 2007 44
Review Questions
• Which of the following is stream cipher
1) DES 2) AES 3) Vernam
• What is effective key size for 4-DES
1) 112 bits 2) 113 bits 3) 168 bits
• Increasing key size from 56 bits to 128
bits, how many times more effort an
attacker needs to spend in brute force
attack?
1) 72 2) 2^72 3) 2^184
© Yingjiu Li 2007 45
Individual Assignment 1 (5%)
• Due in two week using an on-line submission system (see
below)
– Textbook 1.11 Exercises 3, 12, 15 (pages 32-33 in 3rd edition,
pages 34-36 in 4th edition)
– Textbook 2.13 Exercises 1, 13, 17, 19 (pages 91-93 in 3rd edition,
pages 94-97 in 4th edition)
© Yingjiu Li 2007 46