introduction to computer security ©2004 matt bishop information security principles assistant...
TRANSCRIPT
Introduction to Computer Security©2004 Matt Bishop
Information Security Principles
Assistant Professor
Dr. Sana’a Wafa Al-Sayegh
1st Semester 2008-2009
ITGD 2202
University of Palestine
Introduction to Computer Security©2004 Matt Bishop
Data Encryption Standard
• Overview of the DES
• Generation of Round Keys
• Encipherment
• DES Modes
Introduction to Computer Security©2004 Matt Bishop
Overview of the DES
• A block cipher:– encrypts blocks of 64 bits using a 64 bit key– outputs 64 bits of ciphertext
• A product cipher– basic unit is the bit– performs both substitution and transposition
(permutation) on the bits
• Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
Introduction to Computer Security©2004 Matt Bishop
Generation of Round Keys
key
PC-1
C0 D0
LSH LSH
D1
PC-2 K1
K16LSH LSH
C1
PC-2
• Round keys are 48 bits each
Introduction to Computer Security©2004 Matt Bishop
PC-1
PC-2
Introduction to Computer Security©2004 Matt Bishop
Key
ASCII
1 2 3 4 5 6 7 8
A 65 0 1 1 0 0 1 0 1
9 10 11 12 13 14 15 16
B 66 0 1 1 0 0 1 1 0
17 18 19 20 21 22 23 24
C 67 0 1 1 0 0 1 1 1
25 26 27 28 29 30 31 32
D 68 0 1 1 0 1 0 0 0
33 34 35 36 37 38 39 40
E 69 0 1 1 0 1 0 0 1
41 42 43 44 45 46 47 48
F 70 0 1 1 1 0 0 0 0
49 50 51 52 53 54 55 56
G 71 0 1 1 1 0 0 0 1
57 58 59 60 61 62 63 64
H 72 0 1 1 1 0 0 1 0
C0
0 0 0 0 0 0 0
0 1 1 1 1 1 1
1 1 1 1 1 1 1
1 1 1 1 1 1 0
D0
1 0 0 0 0 1 1
0 0 0 0 0 0 1
1 1 0 0 0 1 1
0 0 0 0 0 0 0
PC-1
Introduction to Computer Security©2004 Matt Bishop
LSH
Introduction to Computer Security©2004 Matt Bishop
LSHBefore After
C0
0 0 0 0 0 0 0
0 1 1 1 1 1 1
1 1 1 1 1 1 1
1 1 1 1 1 1 0
D0
1 0 0 0 0 1 1
0 0 0 0 0 0 1
1 1 0 0 0 1 1
0 0 0 0 0 0 0
C0
0 0 0 0 0 0 0
1 1 1 1 1 1 1
1 1 1 1 1 1 1
1 1 1 1 1 0 0
D0
0 0 0 0 1 1 0
0 0 0 0 0 1 1
1 0 0 0 1 1 0
0 0 0 0 0 0 1
Introduction to Computer Security©2004 Matt Bishop
PC-2
C0
0 0 0 0 0 0 0
1 1 1 1 1 1 1
1 1 1 1 1 1 1
1 1 1 1 1 1 0
D0
0 0 0 0 1 1 0
0 0 0 0 0 1 1
1 0 0 0 1 1 0
0 0 0 0 0 0 1
1 0 0
0 0
0 0
0 0
Introduction to Computer Security©2004 Matt Bishop
Enciphermentinput
IP
L0 R0
f K1
L1 = R0 R1 = L0 f(R0, K1)
R16 = L15 f (R15, K16) L16 = R15
IP1 ذ
output
Introduction to Computer Security©2004 Matt Bishop
IP58 50 42 34 26 18 10 260 52 44 36 28 20 12 462 54 46 38 30 22 14 664 56 48 40 32 24 16 857 49 41 33 25 17 9 159 51 43 35 27 19 11 361 53 45 37 29 21 13 563 55 47 39 31 23 15 7
IP-140 8 48 16 56 24 64 3239 7 47 15 55 23 63 3138 6 46 14 54 22 62 3037 5 45 13 53 21 61 2936 4 44 12 52 20 60 2835 3 43 11 51 19 59 2734 2 42 10 50 18 58 2633 1 41 9 49 17 57 25
Introduction to Computer Security©2004 Matt Bishop
The f Function
Ri1 (bits 32) ذ
E
Ri1 (bits 48) ذ
Ki (48 bits)
S1 S2 S3 S4 S5 S6 S7 S8
6 bits into each
P
32 bits
4 bits out of each
Introduction to Computer Security©2004 Matt Bishop
E BIT-SELECTION TABLE
32 1 2 3 4 54 5 6 7 8 9 8 9 10 11 12 13
12 13 14 15 16 1716 17 18 19 20 2120 21 22 23 24 2524 25 26 27 28 2928 29 30 31 32 1
P16 7 20 2129 12 28 17 1 15 23 26 5 18 31 10 2 8 24 1432 27 3 919 13 30 622 11 4 25
S1Column Number
RowNo. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Introduction to Computer Security©2004 Matt Bishop
DES Modes
• Electronic Code Book Mode (ECB)– Encipher each block independently
• Cipher Block Chaining Mode (CBC)– Xor each block with previous ciphertext block– Requires an initialization vector for the first one
• Encrypt-Decrypt-Encrypt Mode (2 keys: k, k)– c = DESk(DESk
–1(DESk(m)))
• Encrypt-Encrypt-Encrypt Mode (3 keys: k, k, k) – c = DESk(DESk (DESk(m)))
Introduction to Computer Security©2004 Matt Bishop
CBC Mode Encryption
init. vector m1
DES
c1
m2
DES
c2
sent sent
…
…
…
Introduction to Computer Security©2004 Matt Bishop
CBC Mode Decryption
init. vector c1
DES
m1
…
…
…
c2
DES
m2