Slide #1.

Variants Modes of DES of operation for Block ciphers
More slides like this


Slide #2.

Multiple Encryption & DES  clearly a replacement for DES was needed   Vulnerable to brute-force key search attacks Can DES be patched and saved?
More slides like this


Slide #3.

Double-DES?  could use 2 DES encrypts on each block  C = EK2(EK1(P)) issue of reduction to 1-DES; “is DES a group?”  Campbell, Wiener in 1992: NO!  “meet-in-the-middle” attack        works whenever use a cipher twice since X = EK1(P) = DK2(C) attack by encrypting P with all keys and store then decrypt C with keys and match X value Basic round of the attack takes 2 * 256 encryptions/decryptions; we may have to repeat it a few times. Show on board
More slides like this


Slide #4.

Triple-DES with Two-Keys  hence must use 3 encryptions  would seem to need 3 distinct keys  but can use 2 keys with E-D-E sequence    C = EK1(DK2(EK1(P))) because encrypt & decrypt equivalent in security if K1=K2 then can work with single DES  standardized in ANSI X9.17 & ISO8732  no current known practical attacks
More slides like this


Slide #5.

Triple-DES with Three-Keys  although are no practical attacks on two- key, Triple-DES has some drawbacks  can use Triple-DES with Three-Keys to avoid even these  C = EK3(DK2(EK1(P)))  has been adopted by some Internet applications, eg PGP, S/MIME
More slides like this


Slide #6.

Modes of Operation  block ciphers encrypt fixed size blocks  eg. DES encrypts 64-bit blocks with 56-bit key  need some way to en/decrypt arbitrary amounts of data in practice  ANSI X3.106-1983 Modes of Use (now FIPS 81) defines 4 possible modes  There are 5 modes that are in common use
More slides like this


Slide #7.

Electronic Codebook Book (ECB)  message is broken into independent blocks which are encrypted  each block is a value which is substituted, like a codebook, hence name  each block is encoded independently of the other blocks Ci = DESK1(Pi)  uses: secure transmission of single values
More slides like this


Slide #8.

Electronic Codebook Book (ECB)
More slides like this


Slide #9.

Problems with ECB  message repetitions may show in ciphertext   if aligned with message block or with messages that change very little, which become a code-book analysis problem  Used rarely; main use is sending a few blocks of data
More slides like this


Slide #10.

Cipher Block Chaining (CBC)  message is broken into blocks  linked together in encryption operation  each previous cipher blocks is chained with current plaintext block, hence name  use Initial Vector (IV) to start process Ci = EK(Pi XOR Ci-1) C-1 = IV  uses: bulk data encryption
More slides like this


Slide #11.

Cipher Block Chaining (CBC)
More slides like this


Slide #12.

Advantages and Limitations of CBC     a ciphertext block depends on all blocks before it any change to a block affects all following ciphertext blocks Initialization Vector (IV) : different IV hides patterns and repetitions Error propagation:  one error during encryption (rare) affects all subsequent blocks;  One error during transmission affects 2 blocks, the current one and the next one.
More slides like this


Slide #13.

Cipher FeedBack (CFB)    message is treated as a stream of bits or bytes result is feed back for next stage (hence name) standard allows any number of bit (1,8, 64 or 128 etc) to be feed back   denoted CFB-1, CFB-8, CFB-64, CFB-128 etc most efficient to use all bits in block (64 or 128) Ci = Pi XOR EK(Ci-1) C-1 = IV  Used for stream data encryption
More slides like this


Slide #14.

Cipher FeedBack (CFB)
More slides like this


Slide #15.

Advantages and Limitations of CFB  appropriate when data arrives in bits/bytes  most common stream mode  note that the block cipher is used in encryption mode at both ends  errors during transmission propagate for several blocks only (till the “dirty” part is eliminated from the shift register).
More slides like this


Slide #16.

Output FeedBack (OFB)  message is treated as a stream of bits  output of cipher is added to message  output is then feed back (hence name)  feedback is independent of message  So feedback can be computed in advance
More slides like this


Slide #17.

Output FeedBack (OFB)
More slides like this


Slide #18.

Advantages and Limitations of OFB  bit errors do not propagate  Encryption and decryption of blocks can be done in parallel
More slides like this


Slide #19.

Counter (CTR)  a “new” mode, though proposed early on  similar to OFB but encrypts counter value rather than any feedback value  must have a different counter value for every plaintext block (never reused) Ci = Pi XOR Oi Oi = DESK1(i)  uses: high-speed network encryptions
More slides like this


Slide #20.

Counter (CTR)
More slides like this


Slide #21.

Advantages and Limitations of CTR  efficiency   can do parallel encryptions in h/w or s/w can preprocess in advance of need  random access to encrypted data blocks  provable security (good as other modes)  but must ensure never reuse key/counter values, otherwise could break.
More slides like this


Slide #22.

Stream Ciphers      process message bit by bit (as a stream) have a pseudo random streamkey combined (XOR) with plaintext bit by bit Similar to one-time pad, but pseudo-rand. key instead of random key randomness of streamkey completely destroys statistically properties in message   Ci = Mi XOR StreamKeyi but must never reuse stream key  otherwise can recover messages
More slides like this


Slide #23.

Stream Cipher Structure general idea:
More slides like this


Slide #24.

Stream Cipher Properties  some design considerations are:    long period with no repetitions statistically random depends on large enough key (current recommendation: >= 128 bits)  properly designed, can be as secure as a block cipher with same size key  but usually simpler & faster
More slides like this


Slide #25.

RC4       a proprietary cipher owned by RSA company another Ron Rivest design, simple but effective variable key size, byte-oriented stream cipher widely used (web SSL/TLS, wireless WEP) key forms random permutation of all 8-bit values uses that permutation to scramble input info processed a byte at a time
More slides like this


Slide #26.

RC4 Key Schedule    starts with an array S of numbers: 0..255 use key to well and truly shuffle S forms internal state of the cipher // initialization for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) // initial perm. of S j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j])
More slides like this


Slide #27.

RC4 Encryption  encryption continues shuffling array values  sum of shuffled pair selects "stream key" value from permutation  XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte Mi i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Ci = Mi XOR S[t]
More slides like this


Slide #28.

RC4 Overview
More slides like this


Slide #29.

RC4 Security  claimed secure against known attacks  There are some attacks, none practical  result is very non-linear  since RC4 is a stream cipher, must never reuse a key  There are concerns with WEP, but due to key handling rather than RC4 itself
More slides like this


Slide #30.

Summary  Triple-DES  Modes of Operation  ECB, CBC, CFB, OFB, CTR  stream ciphers  RC4
More slides like this