Data Encryption Standard DES Modes of Operation Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2020
Data Encryption Standard DES Modes of Operation TOC Data Encryption Standard 1 DES Modes of Operation 2
Data Encryption Standard DES Modes of Operation DES Function Block 64-bit block of data 64-bit key = 56 bits + 8 parity bits IP Gen. key Key1 round 1 f round 48 bits Key2 f round round 2 48 bits Key16 f round round 16 48 bits Swap left and right IP − 1 64-bit block of encrypted data
Data Encryption Standard DES Modes of Operation DES–IP and IP − 1 IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 IP − 1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
Data Encryption Standard DES Modes of Operation Genaration of Keys Key K (64 bits) Permute Key K ′ (56 bits) Split C 0 (28 bits) D 0 (28 bits) One key generator Rotate Rotate left left D 1 (28 bits) C 1 (28 bits) D 1 (28 bits) Combine 56 bits Choice of bits for the key Key K 1 (48 bits) C 1 (28 bits) D 1 (28 bits) One key generator C 2 (28 bits) D 2 (28 bits) Key K 2 Repeat to get the rest of the 16 keys
Data Encryption Standard DES Modes of Operation Genaration of Keys–Tables (Permutation and Key Choice) P K 57 49 41 33 25 17 9 1 58 50 42 34 26 18 C 0 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 D 0 14 6 61 53 45 37 29 21 13 5 28 20 12 4 Key choice 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32
Data Encryption Standard DES Modes of Operation Encryption Function Input data (64 bits) Split R n (32 bits) L n (32 bits) Key K n f ′ R ′ n (32 bits) L n +1 (32 bits) XOR R n +1 (32 bits) Combine Output data (64 bits)
Data Encryption Standard DES Modes of Operation f ′ Input data (32 bits) Expand 48 bits XOR Key K n (48 bits) Split 8 blocks of 6 bits each S 2 S 1 S 3 S 4 S 5 S 6 S 7 S 8 8 blocks of 4 bits each Combine 32 bits Permute P 32 bits
Data Encryption Standard DES Modes of Operation f ′ –Expansion Table Expansion table 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1
Data Encryption Standard DES Modes of Operation f ′ –S-boxes How to use the tables? – We start by a block of six bits: b 1 . b 2 . b 3 . b 4 . b 5 . b 6 – The value of b 1 . b 6 , in decimal, determine a row r in the table. – The value of b 2 . b 3 . b 4 . b 5 , in decimal, determine a column c in the table. – The output of the S-box is the binary value at row r and column c . S 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Data Encryption Standard DES Modes of Operation f ′ –Permutation Table The permutation table used to permute the combined output bits from the S-boxes is given below: Permutation table P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
Data Encryption Standard DES Modes of Operation DES for Input Larger than 64 bits 64-bit blocks Combine Cipher Data Process data > 64 bits Split . . . . . . Key K
Data Encryption Standard DES Modes of Operation Electronic Code Book Mode 64-bit blocks Encrypt Encrypt Encrypt Encrypt Combine Cipher Data Encrypt data > 64 bits Split . . . . . . Encrypt Key K
Data Encryption Standard DES Modes of Operation Padding There exists several methods for message padding. The most common of which is to add zeros at the end of the last block and store the number of added bytes as the last byte in the new 64-bit block. At the receiver side, reading the last byte of the decrypted data, one would now how many bytes to remove from the data in order to obtain the original message. Here, a confusion may arise in case no padding bytes were added, since, in this case, the last byte of the decrypted data will be an original byte of the message. The solution is to always add padding bytes, even if the message length is a multiple of 64 bits. Therefore, in the case of DES, the number of padding bytes will range from one to eight.
Data Encryption Standard DES Modes of Operation Padding–Example Data length not multiple of 64 bits Data length multiple of 64 bits Original 8 bytes 8 bytes 6 bytes 8 bytes 8 bytes 8 bytes blocks 8 bytes 8 bytes 8 bytes 8 bytes 8 bytes After 8 bytes 8 bytes padding 0002 0000000000000008 in hexadecimal in hexadecimal Added bytes Added bytes
Data Encryption Standard DES Modes of Operation Cipher Block Chaining Mode Initialization vector c 1 Encrypt b 1 c 2 Encrypt b 2 Splitting and padding c 3 Encrypt Combine Cipher b 3 Data data > 64 bits . . . . . . c n − 1 c n Encrypt b n 64-bit Cipher Key K blocks blocks
Data Encryption Standard DES Modes of Operation Output Feedback Mode s 1 b s i- 1 s i 1 s 2 Encrypt b 2 Key K Splitting and padding s 3 Cipher b Data 3 Combine data > 64 bits s 0 = intialization vector (64 bits) . . . s 1 = DES encryption of s 0 by K s 2 = DES encryption of s 1 by K . . . s n c n b n 64-bit Cipher blocks blocks
Data Encryption Standard DES Modes of Operation Difference between ECB and CBC The original picture is at the top. At the bottom, the picture at the left is its ECB encryption, while the one at the right is the CBC encryption.
Recommend
More recommend
