Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab - - PowerPoint PPT Presentation

Data Encryption Standard DES Modes of Operation

Systems and Network Security (NETW-1002)

• Dr. Mohamed Abdelwahab Saleh

IET-Networks, GUC

Spring 2020

Data Encryption Standard DES Modes of Operation

TOC

1

Data Encryption Standard

2

DES Modes of Operation

Data Encryption Standard DES Modes of Operation

DES Function Block

IP

• Gen. key

Swap left and right IP−1 fround fround fround 64-bit block of data 64-bit key = 56 bits + 8 parity bits Key1 Key2 Key16 round 1 round 2 round 16 64-bit block of encrypted data 48 bits 48 bits 48 bits

Data Encryption Standard DES Modes of Operation

DES–IP and IP−1

IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 IP−1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

Data Encryption Standard DES Modes of Operation

Genaration of Keys

Permute Key K (64 bits) Key K′ (56 bits) Split C0 (28 bits) D0 (28 bits) Rotate left Rotate left C1 (28 bits) D1 (28 bits) Choice of bits for the key Key K1 (48 bits) D1 (28 bits) One key generator D1 (28 bits) C1 (28 bits) One key generator Key K2 D2 (28 bits) C2 (28 bits)

Repeat to get the rest of the 16 keys

Combine 56 bits

Data Encryption Standard DES Modes of Operation

Genaration of Keys–Tables (Permutation and Key Choice)

PK 57 49 41 33 25 17 9 C0 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 D0 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 Key choice 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32

Data Encryption Standard DES Modes of Operation

Encryption Function

Input data (64 bits) Split Ln (32 bits) R′

n (32 bits)

Combine Output data (64 bits)

f ′

Key Kn XOR Ln+1 (32 bits) Rn+1 (32 bits) Rn (32 bits)

Data Encryption Standard DES Modes of Operation

f ′

Input data (32 bits) Expand 48 bits XOR Key Kn (48 bits) Split S1 S2 S3 S4 S5 S6 S7 S8 Combine Permute P 8 blocks of 6 bits each 8 blocks of 4 bits each 32 bits 32 bits

Data Encryption Standard DES Modes of Operation

f ′–Expansion Table

Expansion table 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1

Data Encryption Standard DES Modes of Operation

f ′–S-boxes

How to use the tables? – We start by a block of six bits: b1.b2.b3.b4.b5.b6 – The value of b1.b6, in decimal, determine a row r in the table. – The value of b2.b3.b4.b5, in decimal, determine a column c in the table. – The output of the S-box is the binary value at row r and column c.

S1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 14 4 13 1 2 15 11 8 3 10 6 12 5 9 7 1 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 3 15 12 8 2 4 9 1 7 5 11 3 14 10 6 13

Data Encryption Standard DES Modes of Operation

f ′–Permutation Table

The permutation table used to permute the combined output bits from the S-boxes is given below: Permutation table P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

Data Encryption Standard DES Modes of Operation

DES for Input Larger than 64 bits

Split . . . Process . . . Combine Cipher data Data > 64 bits 64-bit blocks Key K

Data Encryption Standard DES Modes of Operation

Electronic Code Book Mode

Split . . . . . . Combine Cipher data Data > 64 bits 64-bit blocks Key K Encrypt Encrypt Encrypt Encrypt Encrypt Encrypt

Data Encryption Standard DES Modes of Operation

Padding

There exists several methods for message padding. The most common of which is to add zeros at the end of the last block and store the number of added bytes as the last byte in the new 64-bit block. At the receiver side, reading the last byte of the decrypted data, one would now how many bytes to remove from the data in order to obtain the original message. Here, a confusion may arise in case no padding bytes were added, since, in this case, the last byte of the decrypted data will be an original byte of the message. The solution is to always add padding bytes, even if the message length is a multiple of 64 bits. Therefore, in the case of DES, the number of padding bytes will range from one to eight.

Data Encryption Standard DES Modes of Operation

Padding–Example

8 bytes 8 bytes 6 bytes 8 bytes 8 bytes 8 bytes 0002 in hexadecimal 8 bytes 8 bytes 8 bytes 8 bytes 0000000000000008 in hexadecimal 8 bytes 8 bytes 8 bytes Original blocks After padding Added bytes Added bytes Data length not multiple of 64 bits Data length multiple of 64 bits

Data Encryption Standard DES Modes of Operation

Cipher Block Chaining Mode

Splitting and padding . . . . . . Combine Cipher data Data > 64 bits 64-bit blocks Key K Encrypt Encrypt Encrypt Encrypt b1 b2 b3 bn c1 c2 c3 cn−1 cn Initialization vector Cipher blocks

Data Encryption Standard DES Modes of Operation

Output Feedback Mode

Splitting and padding . . . Cipher data Data > 64 bits 64-bit blocks Key K Encrypt b

1

b

2

b

3

b

n

si cn Cipher blocks si- 1 s1 s2 s3 sn = intialization vector (64 bits) = DES encryption of s0 by K = DES encryption of s1 by K Combine s0 s1 s2 . . .

Data Encryption Standard DES Modes of Operation

Difference between ECB and CBC

The original picture is at the top. At the bottom, the picture at the left is its ECB encryption, while the one at the right is the CBC encryption.