### Create a StudySoup account

#### Be part of our community, it's free to join!

Already have a StudySoup account? Login here

# Network Security CSC 474

NCS

GPA 3.94

### View Full Document

## 6

## 0

## Popular in Course

## Popular in ComputerScienence

This 30 page Class Notes was uploaded by Jaden Jakubowski on Thursday October 15, 2015. The Class Notes belongs to CSC 474 at North Carolina State University taught by Staff in Fall. Since its upload, it has received 6 views. For similar materials see /class/223820/csc-474-north-carolina-state-university in ComputerScienence at North Carolina State University.

## Reviews for Network Security

### What is Karma?

#### Karma is the currency of StudySoup.

#### You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 10/15/15

NC STATE UNIVERSITY ComPUIEFSCience CSC 474574 Information Systems Security Topic 22 Secret Key Cryptography CSC 4745 7A Agenda 15 lectures Generic block cipher Feistel cipher DES self study Modes of block ciphers Multiple encryptions Message authentication through secret key crypto graphy NC STATE UNIVERSITY ComputerScience csc 474574 Dr PengNing Y Computer Science Generic Block Cipher 30 474574 Dr Peng ng Generic Block Cipher Plaintext block NC STATE UNIVERSITY ComputerScience csc 474574 Dr PengNing Cipher block O H Secret key of length N Generic Block Encryption Cont d 0 Convert one block to another onetoone 0 Long enough to avoid knownplaintext attack but not too long performance 64 bit typical Na39139ve 264 input values 64 bits each 0 Output should look random No correlation between plaintext and ciphertext Bit spreading Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning Generic Block Encryption Cont d Achieve by substitution 7 Need to know how to substitute each plaintext message 7 How many bits for k bit blocks bits Achieve by permutation 7 Need to know which position each bit is placed 7 How many bits for k bit blocks bits Achieve by combinations of substitutions and permutations 7 How about S P S S P 7 How about S P P S 7 Lesson NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 6 Feistel Cipher Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning Feistel Cipher Confusion 7 Make the relationship between the plainteXtkey and the cipherteXt as complex as possible 7 Achieved by complex substitution algorithm Diffusion 7 Dissipate the statistical structure of the plainteXt 7 Achieved by having each plainteXt digit affect many cipherteXt digit 7 Equivalently having each cipherteXt digit affected by many plainteXt digit NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 8 Feistel Cipher cont d 0 Alternate diffusion and confusion Equivalently alternate substitution and permutation Nc STATE UNIVERSTTY Computer Science csc 474574 Dr Peng Ning 9 Feistel Cipher Structure Plaintext 2W bits Encryption La Ra Round 1 Round 139 Round 71 Ciphertext 2W bits NC STATE UNIVERSTTY Computer Science csc 474574 Dr Peng Ning 10 Feistel Cipher Structure cont d Ciphertext 2W bits Decryption Plaintext 2W bits Nc STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning 11 One Round Feistel Cipher Plaintext 2W bits Encryption Decryption L I L 2 NC STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning 12 Realization of Feistel Cipher Parameters Block Size typically 64 bits Key Size commonly 128 bits Number of Rounds l6 Subkey Generation algorithm Round Function NC SIATE UNIVERSITY ComputerScience csc 474574 Dr PengNing 13 NC STATE UNIVERSITY ComputerSCience DES Data Encryption Standard Self Study CSC 4745 74 Dr Pang Niug DES Data Encryption Standard Published in 1977 standardized in 1979 expired in l 998 Similar structure to Feistel cipher Key 64 bit quantity8 bit parity56bit key 7 Every 8th bit is a parity bit 64 bit input 64 bit output 64 bit M 64 bit C 39 DES quot Encryption 56 bits Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 15 DES Top View Initial Permutation 48bitKl 48bit K2 48bitK16 Swap 32bit halves Final Permutation NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 16 Bit Permutation lto l Input Output 1 0 1 1 1 2261332 3 Nc STATE UNIVERSITY Computer Science csc 474574 Dr Peng Ning 17 Initial and Final Permutations Initial permutation IP View the input as M 8byte X 8bit matrix Transform M into M1 in two steps Transpose row X into column 9X 0ltXlt9 Apply permutation on the rows For even row y it becomes row y2 For odd row y it becomes row 5y2 0 Final permutation FP IP391 Why NC STATE UNIVERSITY Computer Science csc 474574 Dr Peng Ning 18 PerRound Key Generation Cii28bits Di128bits Circular Left Shift Circular Left Shift Rounci 12916 single shift Other two bits Permutation with Discard 48 its lt7 Ki Ci 28 bits Di 28 bits Nc STATE UNIVERSiTY Computer Science csc 474574 Dr Peng Ning 19 A DES Round 32 its H 32 bits One Round Ki Encryption Mangier Funct10n gt 32 bits 32 bits H 32 bits NC STATE UNIVERSiTY Computer Science csc 474574 Dr Peng Ning 20 Bits Expansion 1 4 5 32 Input 1 10 11 1 111 11 1 Output 11101011101110111 1101 1 2 3 4 5 6 7 8 48 ComputerScience csc474574 DrPengNing 21 E Box of DES How is the E Box de ned 32 1 2 3 4 5 4 5 6 7 8 9 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 NC STATE UNIVERS1TY Computer Science CSC 474574 Dr Peng Ning 22 Mangler Function The permutation produces spread among the chunksSboxes Computer Science csc 474574 Dr Peng Ning S Box Substitute and Shrink 48 bits gt 32 bits 86 gt 8 4 2 bits used to select amongst 4 permutations for the rest of the 4bit quantity 2 bits row 01 02 03 I O4 4 bits an 1nteger between 0 and 15 column 118 NC STATE UNIVERSiTY Computer Science csc 474574 Dr Peng Ning 24 S1 p 71 Each row and column contain different numbers 0 l 2 3 4 5 6 15 0 14 4 13 l 2 15 ll 1 0 15 7 4 14 2 l3 2 4 l 14 8 l3 6 2 3 15 12 8 2 4 9 l Example input 100110 output NC STATE UNIVERSlTY Computer Science CSC 474574 Dr Peng Ning DES Standard Cipher Iterative Action 64 bits 7 Key 48 bits 7 Output 64 bits 7 Input h Key Generation BOX 7 Input 56 bits 7 Output 48 bits NC STATE UNIVERSlTY Computer Science CSC One round Total 16 rounds 474574 Dr Peng Ning Avalanche Effect A small change in either the plaintext or the key should produce a significant change in the ciphertext DES has a strong avalanche effect Example 7 Plaintexts 0X0000000000000000 and 0X8000000000000000 7 Same key 0X016B24621C181C32 7 34 bits difference in ciphertexts 7 Similar result with same plainteXt and slightly different keys Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 27 Concerns About DES Key space problem 56 bit key 256 7 DESCHALL recovered RSA challenge I key on June 17 1997 6 month into the contest 7 25m total cost July 15 1998 RSA DES challenge 11 key recovered in 56 hours Cryptanalysis 7 Sixteen Weak and semiweak keys 7 Differential cryptanalysis require less tries using chosen plainteXtciphertext Biham 1993 Effective up to 15 rounds DES is well designed to defeat differential analysis 7 Linear cryptanalysis requires only known plainteXtciphertext Matsui 1993 NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 28 IIESSunnnmy 0 Simple easy to implement Hardwaregigabitssecond softwaremegabitssecond 56bit key DES maybe acceptable for non critical applications but triple DES DES3 should be secure for most applications today 0 Supports several operation modes ECB CBC OFB CFB NC SIAIE UNIVERSITY ComputerScience csc 474574 Dr PengNing 29 NC STATE UNIVERSITY ComputerSCience Modes of Block Cipher Operations csc 474574 Dr Pang Niug 3U Encrypting a Large Message 0 Modes of block cipher operations ECB Electronic Code Book CBC Cipher Block Chaining Mode OFB Output Feedback Mode CFB Cipher Feedback Mode NC STATE UNIVERS TY Computer Science CSC 474574 Dr PengNing 31 Electronic Code Book ECB M1 M7 M2 MA 64 i i 64 i i 64 i 46 M i icliicziic3i Divide and conquer iC4i NC STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning ECB Properties M1 M3 gt Nc STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning 33 ECB Properties Cont d Cipher block substitution and rearrangement attacks fabrication of specific information o No error propagation NC STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning 34 Cipher Block Chaining CBC M2 M4 64 l 46 M M l 61 IV Hg Initialization Vector ENC l Cl l 437 C2 C3 M1 M3 very unlikely leads to C1 C3 Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 35 CBC Decryption w ill 2i NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 36 CBC Properties Chaining dependency Each ciphertext block depends on all preceding plaintext blocks Error propagation Each error in cJ affects decipherment of cJ and cJ 1 Predictable bit change in nil1 by alert corresponding bits of cj Error recovery An error in cJ doesn t propagate beyond cJ 1 Can recover from loss of cipher text blocks Nc STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning 37 Output Feedback Mode OFB Like a Random Number Generator 2 EM 3 c M Q M4 6 i i CJ CJ 03 NC STATE UNIVERStTY Computer Science csc 474574 Dr Peng Ning 38 OFB Properties Chaining dependencies 7 Key stream is plainteXtindependent 7 Allow precomputing of pseudorandom stream OneTime Pad XOR can be implemented very efficiently No error propagation problem as in CBC Error recovery 7 Can recover from bit error 7 But not from block loss If the attacker knows the plaintext he can change the ciphertext by XORing it with the plaintext and then XORing with whatever he wants to transmit Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 39 General kbit CFB NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 40 CFB Properties Chaining dependencies 7 Ciphertext block cj depends on all preceding plaintext blocks Error propagation 7 Bit error in one ciphertext block affects the next several blocks Error recovery 7 Can recover from bit errors after several blocks 7 Can resynchronize after loss of blocks Secure against known plaintext attack plaintext substitution Less vulnerable to tampering with ciphertext cipher Ci s impact on rni H is subtle through encryption function and thus less predictable NC SIAIE UNIVERSITY ComputerScience csc 474574 Dr PengNing 41 NC STATE UNIVERSITY ComputerSCience Multiple Encryption csc 474574 Dr Pang Niug 4 Triple DES Maj or limitation of DES Key length is too short 56 bits 0 Question Can we apply DES multiple times to increase the strength of encryption Advantage preserve the existing investment in software and equipment Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 43 Triple DES Cont d Double DES Encrypt the plaintext twice with two different DES keys Key length increases to 112 bits Two concerns Is DES a group Ek2Ek1P Ek3P Implication Meetin themiddle attack NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 44 Meetinthemiddle attack Encryption X P c 4 Observation K1 K N Decryption X7EK1PDKZC P l X l H E C For a known pair RC 7 Encrypt P for all 256 values for K1 7 Store the results in a table sorted by the value of X 7 Decrypt C for all 256 values for K2 and for each result check the table 7 A match reveals a possible combination of key Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 45 Meetinthemiddle attack Cont d Analysis 7 With one pair PC keys that can survive the test is 2112264248 7 For each pair of keys K1 K2 the probability that it can nd a nonempty entry in the table is 2398 7 With another pair P C keys that can survive both tests is 2398239823915 7 The probability that the correct keys are determined is 12 Goal of double DES 7 Increase the difficulty of exhaustive key search 2112 keys 7 In effect the effort is on the order of 255 NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 46 Triple DES Cont d Encryption F E C K1 K2 K Decryption i y i P E lt l 1 C Apply DES encryptiondecryption three times 7 With two keys or three keys 39 Why EDE 7 It s not clear if DES is a group when this was proposed 7 If one key is used it s equivalent to doing DES once 1 Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 47 Triple DES Is Not Ideal Ef ciency demands schemes with longer keys to begin with Triple DES runs one third as fast as DES on the same platform 0 New candidates are numerous RC5 IDEA two sh CAST etc 0 New AES NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 48 NC STATE UNIVERSITY ComputerSCience Message Authentication through Secret Key Algorithms CSC 474571 Dr Peng ng Message Authentication Message authentication is the process to verify that received messages come from the alleged source and have not been altered The goals of message authentication is to prevent 7 Masquerade insertion of messages from a fraudulent source 7 Content modi cation change of messages 7 Sequence modi cation insertion deletion and reordering of messages 7 Timing modi cation delay or replay of messages NC STATE UNIVERSITY ComputerScience csc 474574 Dr PengNing 50 Message Authentication Functions 0 Message encryption 0 Message Authentication Code MAC 0 Hash function Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 51 Encryption for Message Authentication 0 Conventional cryptography Use the structure or pattern in the plaintext Accept the decrypted plainteXt if it is in an intelligible form No guarantee Append an errordetecting code Frame Check Sequence or FCS to the plaintext before encryption Encryption CEKPHFP Decryption P HFPDKC and then check if FP FP The order of FCS and encryption is critical NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 52 Message Authentication Code MAC MAC Also known as cryptographic checksum Message Integrity Code MIC Assumption the sender and the receiver share a common secret key A small fixedsize block generated from the message with secret key cryptography Usually appended to the original message Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 53 MAC Cont d Source Destination Compare CKM 0 Mode 1 Message authentication No confidentiality NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 54 MAC Cont d S ourc e Destination Mode 11 7 Message authentication and con dentiality 7 Authentication tied to plainteXt Nc STATE UNIVERSTTY Computer Science csc 474574 Dr Peng Ning 55 MAC Cont d Compare K K CK1EK2M Mode HI Message authentication and confidentiality Authentication tied to ciphertext NC STATE UNIVERSTTY Computer Science csc 474574 Dr Peng Ning 56 Requirements for MAC For M and CKM it s computationally infeasible to construct a message M such that CKM CKM CKM should be uniformly distributed in terms of M 7 For any two messages M and M PrCKM CKM 239quot where n is the number of bits in the MAC 7 Intuition prevent chosen plainteXt attack If M is equal to some known transformation on M then PrCKM CKM 239quot 7 This requirement is subsumed by the above one 7 Intuition no weak spot with respect to certain bits of the message Nc STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 57 MAC Based on DES CBC Mode Known as Data Authentication Algorithm DES CBC mode with IV being zero A message is padded with zeroes to form 64bit blocks The data authentication code DAC ie the MAC consists of either the entire last ciphertext block or the left M bits with 16 SM 564 NC STATE UNIVERSlTY Computer Science csc 474574 Dr Peng Ning 58 MAC Based on DES CBC Mode Cont d M1 M2 M3 M4 MN MN MN MW Cl C2 C3 C4 HC DAC 16 to 64 bits NC STATE UNIVERSWY Computer Science csc 474574 Dr Peng Ning 59

### BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.

### You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

## Why people love StudySoup

#### "I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

#### "I signed up to be an Elite Notetaker with 2 of my sorority sisters this semester. We just posted our notes weekly and were each making over $600 per month. I LOVE StudySoup!"

#### "Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

#### "Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

### Refund Policy

#### STUDYSOUP CANCELLATION POLICY

All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email support@studysoup.com

#### STUDYSOUP REFUND POLICY

StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here: support@studysoup.com

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to support@studysoup.com

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.