SLIDE 1
Using DE S to Implement ATM Cell E ncryption on the APIC
David Ruppel
- Dr. Mansoor Alam
Using DE S to Implement ATM Cell E ncryption on the APIC David - - PowerPoint PPT Presentation
Using DE S to Implement ATM Cell E ncryption on the APIC David - - PowerPoint PPT Presentation
Using DE S to Implement ATM Cell E ncryption on the APIC David Ruppel Dr. Mansoor Alam Department of Electrical Engineering and Computer Science The University of Toledo Data E ncryption Standard (DE S) Data E ncryption Standard (DE S)
SLIDE 2
SLIDE 3
Why Use DE S? Why Use DE S?
!TDEA uses 3 keys
!Encryption is:
!DES encrypt with key 1 !DES decrypt with key 2 !DES encrypt with key 3
!Decryption inverts the operations in reverse order
!Currently, the US government recommends either TDEA
- r AES for non-classified applications
!DES underlies TDEA and is thus a starting point
SLIDE 4
Main Points Main Points
!Recirculating 64-bit block product cipher !Uses a 64-bit key
!56 bits are random !8 bits used for odd parity
!Permutations and selection tables are static !Key is the only variable in the algorithm
SLIDE 5
E ncryption E ncryption
!64-bit data block is
permuted (IP)
Data 64 bits L block 32 bits R block 32 bits Permuted Data 64 bits P
!Resulting 64-bit block is
divided into two 32-bit subblocks (L and R)
SLIDE 6
E ncryption (cont) E ncryption (cont)
!56 random key bits are
partitioned into two subblocks
Key - 56 bits
!Subblocks are shifted and
permuted
!Subblocks are
concatenated and 48 bits are selected for the key
Key - 48 bits concatenate and shift Permuted and shifted C block Permuted and shifted D block permute and shift C block 28 bits D block 28 bits partition
SLIDE 7
E ncryption (cont) E ncryption (cont)
!A key and one data
subblock (R) are combined using a non- linear function (F)
Key Subblock R
!The function result is
XOR’d with the other data subblock (L)
New subblock R XOR
- utput from F
Subblock L F
SLIDE 8
E ncryption (cont) E ncryption (cont)
!The two subblocks are interchanged
!L’ = R !R’ = L XOR F(R,K)
!Process is repeated for a total of 16 iterations !The two subblocks are interchanged and
concatenated into a 64-bit block
!64-bit block is permuted (IP-1)
SLIDE 9
F unction (F ) F unction (F )
!32-bit data subblock is
expanded to 48 bits by repetition of selected bits
32- bit subblock R
!Two 48-bit subblocks are
XOR’d
48- bit key 48- bit subblock XOR 48- bit subblock repeat bits
SLIDE 10
F unction (F ) (cont) F unction (F ) (cont)
! Result is divided into eight 6-bit
sub-subblocks
48 bits
! Each sub-subblock is associated
with a different 4 x 16 static table
! 4-bit values ! 0 to 15 in each row
! The 6 bits in the sub-subblock are
used as look-up indices into a table (4 x 16) of 4-bit values
! 1st & 6th bits are row ! Remaining bits are column
! The results from the 8 tables are
concatenated into a 32-bit block
6 6 6 6 6 6 6 6 partition 4 4 4 4 4 4 4 4 Table lookup 32 bit result conatenate
SLIDE 11
F unction (F ) (cont) F unction (F ) (cont)
!Concatenation result is
permuted (P)
Previous 32 bit result Output of F P
SLIDE 12
Decryption Decryption
!Repeat the encryption process on the encrypted
data
!Use the encryption keys in reverse order !The usage of L and R are interchanged, i.e., L is
used as input to F rather than R
SLIDE 13
E ncrypting ATM Cells E ncrypting ATM Cells
!Encrypt entire 53-byte cell
! Hides the VC !Masks destination
!One cell generates 6-5/8 blocks of encrypted
data
!Eight input cells will be encrypted in nine output
cells
!12.5 % traffic load overhead
SLIDE 14
APIC/ SPC Processing APIC/ SPC Processing
!Assume VC is set up between two end-users !Assume two APICs are on the route !APICs establish a different VC between them !Original VC between APICs can be torn down or
left unused
!APIC captures traffic on original VC
!Encrypts !Forwards to the other APIC
SLIDE 15
APIC/ SPC Processing (cont) APIC/ SPC Processing (cont)
!Traffic arrives at second APIC
!Decrypts !Forwards to end-user recipient
!When done, VCs are torn down
SLIDE 16