annou ouncem cements ts
play

Annou ouncem cements ts Homework 1 is released Available on - PowerPoint PPT Presentation

Aug 31, 2022 •206 likes •560 views

Annou ouncem cements ts Homework 1 is released Available on the course website Due in two weeks : 10/22/19 11:59pm Submit through GradeScope TA Sam gave a tutorial last Wednesday 1 Lecture 4 Encryption II Suggested

  1. Annou ouncem cements ts Homework 1 is released • Available on the course website • Due in two weeks : 10/22/19 11:59pm • Submit through GradeScope • TA Sam gave a tutorial last Wednesday 1

  2. Lecture 4 Encryption II Suggested Readings: • Chs 3 & 4 in KPS (recommended) • Ch 3 in Stinson (optional) [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 2

  3. Conventional (Symmetri ric) Cryptography K AB K AB decryption encryption ciphertext plaintext plaintext algorithm algorithm m m = K ( ) K (m) K (m) AB AB AB 3

  4. “Modern” Block Ciphers Data En Encryption Standard ( (DES)

  5. DES Syst ystem Encryption Process Key Schedule 64 Bit Plaintext 64 Bit Key Initial Permutation Permutation Choice 1 Building 32 Bit L 0 32 Bit R 0 56 Bit Key Blocks + F(R 0 ,K 1 ) 28 Bit C 0 28 Bit D 0 Left Shift Left Shift 32 Bit L 1 32 Bit R 1 K 1 (48 bits) C 1 D 1 32 Bit L 15 32 Bit R 15 Permuted Choice 2 + F(R 15 ,K 16 ) C 16 D 16 K 16 (48 bits) 32 Bit L 16 32 Bit R 16 Permuted Choice 2 Final Permutation 64 Bit Ciphertext 27

  6. Function n F L i-1 R i-1 32 bits 32 bits 56 bits Key Permuted Choice Expansion (E) 48 bits Permutation 48 bits S-Box Substitution choses 32 bits P-box Permutation L i R i 32 bits 32 bits 28

  7. DES S Substi titu tution B Boxes Operation 7 29

  8. Operation Tables o of D DES IP -1 , E (I (IP, IP E and P) P) 8 30

  9. 9 31

  10. 10 32

  11. Breaking DES (Cryptanalysis) DES Key size = 56 bits • Brute force = 2 55 attempts on avg • Differential cryptanalysis  2 47 chosen plaintexts [BS’89] • Linear cryptanalysis  2 43 known plaintexts [M’93] • More than 16 rounds do not make it any stronger • DES Key Problems: • Weak keys (all 0s, all 1s, a few others) • Key size = 56 bits = 8 * 7-bit ASCII • Alphanumeric-only password converted to uppercase 8 * ~5-bit chars = 40 bits 33

  12. Modes es of O Oper eration on (not just st for D r DES, for r any block cipher) r) … … P 1 P 2 P i P i+1 P n-1 P n ENCRYPTION … … C 1 C 2 C i C i+1 C n-1 C n http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation 35

  13. "Na Native” ” ECB Mode Electronic Code-Book (ECB) Mode • Input to encryption algorithm is current plaintext block: C i = E ( K, P i ) P i = D ( K, C i ) • Duplicate plaintext blocks (patterns) visible in ciphertext • What if Alice encrypts one word per plaintext block? • Ciphertext block rearrangement is possible • To detect it, need explicit block numbering in plaintext • Parallel encryption and decryption (random access) • Error in one ciphertext block  one-block loss • One-block loss in ciphertext? 36

  14. CBC Mode Cipher-Block Chaining (CBC) Mode • Input to encryption algorithm is the XOR of current plaintext block and preceding ciphertext block: C i = E ( K, P i XOR C i-1 ) C 0 =IV P i = D ( K, C i ) XOR C i-1 • Duplicate plaintext blocks (patterns) NOT exposed • Block rearrangement is detectable • No parallel encryption • How about parallel decryption? • Error in one ciphertext block  two-block loss • One-block ciphertext loss? 37

  15. 15

  16. OFB Mo Mode Output Feedback (OFB) Mode • Key-stream is produced by repeated encryption of V o : C i = E ( K, V i-1 ) XOR P i V 0 =IV, . . . ,V i = E ( K, V i-1 ) P i = E ( K, V i-1 ) XOR C i • Duplicate plaintext blocks (patterns) NOT exposed • Block rearrangement is detectable • Key-stream is independent of plaintext • How does that affect speed of encryption? Parallelism? • Bit error in one ciphertext block  one-bit error in plaintext • One-block ciphertext loss  big mess  39 • Can encrypt less than block size

  17. CFB Mo Mode Cipher Feedback (CFB) Mode • Key-stream is produced by re-encryption of preceding ciphertext -- C i-1 : C i = P i XOR E (K, C i-1 ) C 0 =IV P i = E ( K, C i-1 ) XOR C i • Duplicate plaintext blocks (patterns) NOT exposed • Block rearrangement is detectable • Key-stream is dependent on plaintext • How does that affect speed of encryption? Parallelism? • Bit error in one ciphertext block  one-bit + one-block loss in plaintext • Adversary can still selectively flip/change bits • One-block ciphertext loss  1-extra-block loss • Can encrypt less than block size 40

  18. CTR Mode Counter (CTR) Mode • Key-stream is produced by encryption increasing counter: C i = E ( K, CTR ) XOR P i CTR ++ P i = E ( K, CTR ) XOR C i • Duplicate plaintext blocks (patterns) NOT exposed, unless ? • Block rearrangement is detectable • Key-stream is independent of plaintext • Parallel encryption and decryption (random access) • Bit error in one ciphertext block  one-bit error in plaintext • One-block ciphertext loss  big mess • Can encrypt less than block size 41

  19. MA MAC Mo Mode Message Authentication Code (MAC) Mode • Encryption is the same as in CBC mode, but, ciphertext is NOT sent! C i = E ( K, P i XOR C i-1 ) C 0 =IV What is sent or stored : P 1 , . . ., P n , C n = MAC Receiver recomputes C n with K and compares • Any change in plaintext results in unpredictable changes in MAC 42

  20. Ho How to stren engthen en DES: S: the case of d double DES • 2DES: C = DES ( K1, DES ( K2, P ) ) • Seems to be hard to break by “brute force”, approx. 2 111 trials • Assume Eve is trying to break 2DES and has a single (P,C) pair Meet-in-the-middle ATTACK: For each possible K’ i (where 0 < i < 2 56 ) I. 1. Compute C’ i = DES ( K’ i , P ) 2. Store: [C’ i , K’ i ] in look-up table T (indexed by C’ i ) For each possible K” i (where 0 < i < 2 56 ) II. Compute C” i = DES -1 ( K” i , C ) 1. 2. Look up C” i in T 3. If lookup succeeds, output: K1=K’ i , K2=K” i TOTAL COST: O( 2 56 +2 56 ) operations + O(2 64 ) storage 43

  21. DES V Variants o 2-DES: o C = E(K2,E(K1, P))  57 effective key bits (meet-in-the-middle attack) o 3-DES (Triple DES) o C = E(K3, D(K2, E(K1,P) ) )  112 effective key bits (meet-in-the-middle attack) o C = E(K1, D(K2, E(K1,P) ) )  <=80 effective key bits o DESX o C= K3 XOR E(K2, (K1 XOR P) )  seems like 184 key bits o Effective key bits  approx. 118 o Another simple variation: o C = K2 XOR E(K1, P)  weak! NOTE: The same variants can be constructed out of any cipher 44

  22. DES V Variants Why does 3-DES (or generally n-DES) work? Because, as a function, DES is not a group… A “group” is an algebraic structure. One of its properties is that, taking any 2 elements of the group (a,b) and applying an operator F() yields another element c in the group. Suppose: C = DES(K1,DES(K2,P)) There is no K, such that: for each possible plaintext P, DES(K,P) = C 45

  23. DES S Summ mmary • Feistel network based block cipher • DES “aging” • 64-bit data blocks • 2-DES: meet-in-the-middle • 56-bit keys (8 parity bits) attack • 16 rounds (shifts, XORs) • 3-DES: 112-bit security • Key schedule • DESX: 118-bit security • S-box selection secret … 46

  24. Advanced d Encryp yption Stand ndard d (AES): The Rijnda dael Block k Cipher 55

  25. Introduction on a and Hi Histor ory • National Institute of Science and Technology (NIST) regulates standardization in the US • By mid-90s, DES was an aging standard that no longer met the needs for strong commercial-grade encryption • Triple-DES: Endorsed by NIST as a “de facto” standard • But … slow in software and large footprint (code size) • Advanced Encryption Standard (AES) • Goal is to define the Federal Information Processing Standard (FIPS) by selecting a new encryption algorithm suitable for encrypting (non-classified non-military) government documents • Candidate algorithms must be: • Symmetric-key ciphers supporting 128, 192, and 256 bit keys • Royalty-Free • Unclassified (i.e., public domain) • Available for worldwide export • 1997: NIST publishes request for proposal • 1998-1999: 15 submissions -> 5 finalists 56 • 2000: NIST chooses Rijndael as AES

  26. Introduction on a and Hi Histor ory • AES Round-3 Finalist Algorithms (ranked by vote # in AES Round-2, high to low): • Rijndael • by Joan Daemen and Vincent Rijmen (Belgium) • Serpent • by Ross Anderson (UK), Eli Biham (ISR) and Lars Knudsen (NO) • Twofish • From Counterpane Internet Security, Inc. (MN) • RC6 • By Ron Rivest of MIT & RSA Labs, creator of the widely used RC4/RC5 algorithm and “R” in RSA • MARS • Candidate offering from IBM Research 57

  27. Rijnda dael The Winner: Rijndael • Joan Daemen (of Proton World International) and Vincent Rijmen (of Katholieke Universiteit Leuven) . • Pronounced “Rhine-doll” • Allows only 128, 192, and 256-bit key sizes (unlike other candidates) • Variable input block length: 128, 192, or 256 bits. All nine combinations of key-block length possible. • A block is the smallest data size the algorithm will encrypt • Vast speed improvement over DES in both hw and sw implementations • 8,416 bytes/sec on a 20MHz 8051 • 8.8 Mbytes/sec on a 200MHz Pentium Pro 58

  28. Rijnda dael Key K Key Expansion KE Round Keys k 1 k 2 k 3 K n-2 K n-1 k n P C r 1 r 2 r 3 R n-2 R n-1 r n Encryption Rounds r 1 … r n • Key is expanded to a set of n round keys • Input block P put thru n rounds, each with a distinct round sub-key. • Strength of algorithm relies on difficulty of obtaining intermediate results (or state ) of round i from round i+1 without the round key. 59

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Annou ouncem cements ts Midterm exam Next Thursday , in class (2-3:20pm) Bring your

Annou ouncem cements ts Midterm exam Next Thursday , in class (2-3:20pm) Bring your

Annou ouncem cements ts Midterm exam Next Thursday , in class (2-3:20pm) Bring your photo ID with you Next Tuesday: No Class!! I am travelling to the security area PI meeting in DC Please use the time to prepare for the

590 views • 34 slides
Annou ouncem emen ents This Wednesday: No office hour from me I am travelling to DC for

Annou ouncem emen ents This Wednesday: No office hour from me I am travelling to DC for

Annou ouncem emen ents This Wednesday: No office hour from me I am travelling to DC for CPS PI meeting This Thursday: Guest Lecture on Machine Learning Security One of the hottest security research topics today Some of you

979 views • 30 slides
Annou ouncem emen ents The room for TA/reader office hour is changed to ICS2 214, 215, 216, 217

Annou ouncem emen ents The room for TA/reader office hour is changed to ICS2 214, 215, 216, 217

Annou ouncem emen ents The room for TA/reader office hour is changed to ICS2 214, 215, 216, 217 . Time: still Thu 5-6 PM About course prerequisite CS161 + one or two of (CS143A, CS131, CS132) is the ideal background If not

594 views • 40 slides
Lecture: Sampling and Standard Error 6.0002 LECTURE 8 1 Annou An ouncem emen ents Relevant

Lecture: Sampling and Standard Error 6.0002 LECTURE 8 1 Annou An ouncem emen ents Relevant

Lecture: Sampling and Standard Error 6.0002 LECTURE 8 1 Annou An ouncem emen ents Relevant reading: Chapter 17 No lecture Wednesday of next week! 6.0002 LECTURE 8 2 Re Recall Inferential Statistics Inferential statistics: making

505 views • 33 slides
Sustainable Cements and Sustainable Cements and Concretes for the Future Concretes for the Future

Sustainable Cements and Sustainable Cements and Concretes for the Future Concretes for the Future

Sustainable Cements and Sustainable Cements and Concretes for the Future Concretes for the Future Jay Sanjayan Professor of Concrete Structures Centre for Sustainable Infrastructure Swinburne University of Technology Swinburne University of

461 views • 27 slides
Le Lecture ture 2 Re Representational presentational Di Dimensions mensions 1 ANNOU NOUNC

Le Lecture ture 2 Re Representational presentational Di Dimensions mensions 1 ANNOU NOUNC

Computer Science CPSC 322 Le Lecture ture 2 Re Representational presentational Di Dimensions mensions 1 ANNOU NOUNC NCEMENT EMENT You need to register your Clicker in Connect if you have never done so before Otherwise your

628 views • 60 slides
Announce cements Different circumstancesin keeping with recommendations from the CDC, we

Announce cements Different circumstancesin keeping with recommendations from the CDC, we

Announce cements Different circumstancesin keeping with recommendations from the CDC, we have cancelled the remaining classes of Lamplighters. We will post the last three lectures online, as they become available (i.e. todaythe

231 views • 19 slides
Nurse as First Responder Roles &amp; Expectations During Critical Events Annou Davi MSN, RN, CCRN

Nurse as First Responder Roles &amp; Expectations During Critical Events Annou Davi MSN, RN, CCRN

Nurse as First Responder Roles &amp; Expectations During Critical Events Annou Davi MSN, RN, CCRN Erin Espinoza BSN, RN Amy Manidis BSN, RN, CCRN Presenters UCSF Medical Center staff members No disclosures Course overview Background of

539 views • 37 slides
A A 3D 3D-Ad Adver ert t Cr Crea eati tion System em for Product ct Place cements

A A 3D 3D-Ad Adver ert t Cr Crea eati tion System em for Product ct Place cements

A A 3D 3D-Ad Adver ert t Cr Crea eati tion System em for Product ct Place cements ADAPT SFI Research Centre, Trinity College Dublin, Ireland Introduction The common contextual advertising platforms utilize the information provided

343 views • 19 slides
SAGAR CEMENTS LIMITED Mumbai - 400 001 CIN : L26942TG Phone : +91-40-23351571, 23356572 Fax:

SAGAR CEMENTS LIMITED Mumbai - 400 001 CIN : L26942TG Phone : +91-40-23351571, 23356572 Fax:

SAGAR CEMENTS LIMITED Mumbai - 400 001 CIN : L26942TG Phone : +91-40-23351571, 23356572 Fax: +91-40-23356573 infp@sagarcements.in wwx.sagarcementt.in Registered Ofgice : Plot No. 111, Road No.10,Jubilee Hills, Hyderabad - 500 033 Compaoy

834 views • 30 slides
By-products valorisation in sulfobelite cements Maria D. Kamitsou 1,2,* , Dimitra G. Kanellopoulou

By-products valorisation in sulfobelite cements Maria D. Kamitsou 1,2,* , Dimitra G. Kanellopoulou

7th International Conference on Sustainable Solid Waste Management, Heraklion 26-29 June 2019. By-products valorisation in sulfobelite cements Maria D. Kamitsou 1,2,* , Dimitra G. Kanellopoulou 1,2 , Angeliki Christogerou 1,2 , George N.

418 views • 19 slides
Modelling of low-pH cement degradation in a KBS-3 HLNW repository F. Grandia, J. Salas, J.

Modelling of low-pH cement degradation in a KBS-3 HLNW repository F. Grandia, J. Salas, J.

Modelling of low-pH cement degradation in a KBS-3 HLNW repository F. Grandia, J. Salas, J. Molinero, D. Arcos AMPHOS XXI Consulting Motivation Low-pH cements. Why to use low-pH cements in radioactive waste repositories: Aqueous

267 views • 24 slides
Low pH cements for waste repositories : a review Cline CAU DIT COUMES Commissariat

Low pH cements for waste repositories : a review Cline CAU DIT COUMES Commissariat

Low pH cements for waste repositories : a review Cline CAU DIT COUMES Commissariat lEnergie Atomique Laboratoire dEtude de lEnrobage des Dchets Marcoule - FRANCE C. Cau Dit Coumes, Mechanisms and Modelling of Waste/Cement

745 views • 42 slides
For personal use only Company Announ cements Australian Securities Exchange Limited Dear

For personal use only Company Announ cements Australian Securities Exchange Limited Dear

11 March 2008 For personal use only Company Announ cements Australian Securities Exchange Limited Dear Sir/Madam We attach a series of slides, for presentation to investors and analysts, for immediate release to the market. Yours Sincerely

651 views • 47 slides
Michele Pisaroni The Problem Calcium Aluminate Cements (CAC) are very white, high purity hydraulic

Michele Pisaroni The Problem Calcium Aluminate Cements (CAC) are very white, high purity hydraulic

Counteracting ring formation in rotary kilns STAR GLOBAL CONFERENCE 2012 AMSTERDAM Michele Pisaroni The Problem Calcium Aluminate Cements (CAC) are very white, high purity hydraulic bonding agents providing controlled setting times and strength

632 views • 23 slides
Sagar Cements Limited Q 1F Y19 Results Pr esentation Industry Overview Perspective on Cement

Sagar Cements Limited Q 1F Y19 Results Pr esentation Industry Overview Perspective on Cement

Sagar Cements Limited Q 1F Y19 Results Pr esentation Industry Overview Perspective on Cement Prices West Demand growth remained healthy due to pick up in Infrastructure projects and favorable base Prices were higher on a sequential

440 views • 15 slides
7/1/2013 ENDOCRINE Elizabeth J. Murphy, MD, DPhil Associate Professor of Clinical Medicine,

7/1/2013 ENDOCRINE Elizabeth J. Murphy, MD, DPhil Associate Professor of Clinical Medicine,

7/1/2013 ENDOCRINE Elizabeth J. Murphy, MD, DPhil Associate Professor of Clinical Medicine, UCSF Chief, Division of Endocrinology, SFGH July 8, 2013 Endocrine Resources UpEndocrine Society Guidelineshttp ://www.endo-

855 views • 46 slides
Henry Moon Lecture I have nothing to disclose Ovarian tumors in the young Robert H. Young MD R.

Henry Moon Lecture I have nothing to disclose Ovarian tumors in the young Robert H. Young MD R.

Henry Moon Lecture I have nothing to disclose Ovarian tumors in the young Robert H. Young MD R. E. Scully Described Juvenile granulosa cell tumor Retiform Sertoli-Leydig cell tumor Small cell carcinoma, hypercalcemic type

962 views • 20 slides
Mole Mapping a safe way for early detection of malignant melanoma. Advanced skin cancer

Mole Mapping a safe way for early detection of malignant melanoma. Advanced skin cancer

Advanced skin cancer prevention... Mole Mapping a safe way for early detection of malignant melanoma. Advanced skin cancer prevention... Keep an eye on your skin! The melanoma is a malignant skin tumour which can arise from an existing

371 views • 21 slides
Julia Scarisbrick MD MBChBhons FRCP Consultant Dermatologist Centre of Rare Diseases University

Julia Scarisbrick MD MBChBhons FRCP Consultant Dermatologist Centre of Rare Diseases University

Julia Scarisbrick MD MBChBhons FRCP Consultant Dermatologist Centre of Rare Diseases University Hospital Birmingham University Hospital Birmingham Senior Lecturer Institute of Immunology and Immunotherapy University of Birmingham University

691 views • 34 slides
HOST DES ECE 495/595 DES Block Cipher DES: A remarkable well-engineered algorithm, thats old

HOST DES ECE 495/595 DES Block Cipher DES: A remarkable well-engineered algorithm, thats old

HOST DES ECE 495/595 DES Block Cipher DES: A remarkable well-engineered algorithm, thats old but had a powerful influ- ence on cryptography (still used in ATM machines) In 1972, NBS (now NIST) solicited for an encryption algorithm -- IBM

320 views • 4 slides
DTTF/NB479: Dszquphsbqiz Day 12 Announcements: Homework 2 returned Monday: Written

DTTF/NB479: Dszquphsbqiz Day 12 Announcements: Homework 2 returned Monday: Written

DTTF/NB479: Dszquphsbqiz Day 12 Announcements: Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers HW 3 due date pushed back to Tuesday Next 2 weeks: Data Encryption Standard (DES)

358 views • 11 slides
Roo2ng SIM cards The SRLabs Team SRLabs Template v12 SIM

Roo2ng SIM cards The SRLabs Team SRLabs Template v12 SIM

Roo2ng SIM cards The SRLabs Team SRLabs Template v12 SIM cards are fully programmable computer systems Applica'ons on modern SIM card Smartcard with

1k views • 21 slides
Introduction to symmetric crypto D. J. Bernstein How HTTPS protects connection: Public-key

Introduction to symmetric crypto D. J. Bernstein How HTTPS protects connection: Public-key

1 Introduction to symmetric crypto D. J. Bernstein How HTTPS protects connection: Public-key encryption system encrypts one secret message: a random 256-bit session key. Public-key signature system stops NSAITM attacks. Fast

1.03k views • 63 slides

More recommend