2. Chapter 3 & Chapter 6 – Block Ciphers 、 DES 、 Others 3.1 Simplified DES 3.2 Block Cipher Principles 3.3 The Data Encryption Standard 3.4 The Strength of DES 3.5 Differential and Linear Cryptanalysis 3.6 Block Cipher Design Principles 3.7 Block Cipher Modes of Operation Ch06- Contemporary symmetric ciphers

10. Sub-key generation

16. S-DES encryption

18. S-DES encryption (cont.)

25. S-DES encryption (cont.) S1( b1 b2 b3 b4 ) Example: S0(0 01 0)=00, S1(0 01 0)=10 11 00 01 10 11 00 01 00 11 10 11 01 00 10 01 11 10 10 00 00 11 10 01 00 b2b3 b1b4

27. S-DES encryption (cont.) 1001 1001 1001 1100 0011 0101 1010 01 00 1000

32. S-DES decryption

38. S-DES decryption Encrytion/Decryption e/d flag P/ C K 1 / K 2 K 2 / K 1 C/ P

41. Shannon introduced the concept of a product cipher. A product cipher is a complex cipher combining substitution, permutation, and other components discussed in previous sections. 5.1.4 Product Ciphers

42. Diffusion The idea of diffusion is to hide the relationship between the ciphertext and the plaintext. 5.1.4 Continued Diffusion hides the relationship between the ciphertext and the plaintext. Note

43. Confusion The idea of confusion is to hide the relationship between the ciphertext and the key. 5.1.4 Continued Confusion hides the relationship between the ciphertext and the key. Note

44. Rounds Diffusion and confusion can be achieved using iterated product ciphers where each iteration is a combination of S-boxes, P-boxes, and other components. 5.1.4 Continued

48. Feistel Cipher Structure

50. Feistel Cipher Decryption

51. Average time required for exhaustive key search 2.15 milliseconds 2 32 = 4.3 x 10 9 32 5.9 x 10 30 years 2 168 = 3.7 x 10 50 168 5.4 x 10 18 years 2 128 = 3.4 x 10 38 128 10 hours 2 56 = 7.2 x 10 16 56 Time required at 10 6 Decryption/ µs Number of Alternative Keys Key Size (bits)

56. A single round

57. 6.2.3 Continued Figure 6.10 Key generation

70. ECB mode (cont.)

72. ECB mode (cont.)

76. CBC mode (cont.)

78. CBC mode (cont.)

88. Counter (CTR)

92. The first approach is to use double DES (2DES). 6.4.1 Double DES Meet-in-the-Middle Attack However, using a known-plaintext attack called meet-in-the-middle attack proves that double DES improves this vulnerability slightly (to 2 57 tests), but not tremendously (to 2 112 ).

94. 6.4.1 Continued Figure 6.14 Meet-in-the-middle attack for double DES

95. 6.4.1 Continued Figure 6.15 Tables for meet-in-the-middle attack

96. 6.4.2 Triple DES Figure 6.16 Triple DES with two keys

99. 6.4.2 Continuous Triple DES with Three Keys The possibility of known-plaintext attacks on triple DES with two keys has enticed some applications to use triple DES with three keys. Triple DES with three keys is used by many applications such as PGP (See Chapter 16).

103. Encryption Key Generation.

104. Encryption Algorithm.

115. WLAN WEP (WLAN security requirement and some attacks.ppt) IEEE802.1X None Key Management Michael Enforcing IV sequencing CRC-32 None Packet Data Replay detection 48-bit IV TKIP mixing function 24-bit wrapping IV Concatenate IV to base key Key Lifetime Per-packet-key RC4 128-bit encryption 64-bit authentication RC4 40 or 104-bit encryption Cipher Key Size(s) TKIP WEP