exam 2 notes

Introduction to Feistel Ciphers and DES

• Presentation by Michael McAlpin at University of Central Florida (CIS3360 Tier Security in Computing).

Readings

• Text Reference: Computer Security: Principles and Practice, 4th Edition, by William Stallings and Lawrie Brown, Sec. 20.2.

Additional Information Resources

• Online resources on Feistel Ciphers and DES include:

  • Wikipedia: Feistel Cipher

  • Wikipedia: Data Encryption Standard (DES)

Outline of Presentation

• Overview of Key Topics:

  • Block Cipher Review

  • Substitution-Permutation Networks

  • Diffusion and Confusion

  • Feistel Cipher Structure

  • DES and Triple-DES

Block Cipher Review

Characteristics of Block Ciphers

• Operate on fixed-size blocks of data.

• Compared to traditional ciphers: e.g., Playfair (block size of 2) and Hill cipher (block size determined by key matrix).

• Typical modern block sizes are 64, 128, or 256 bits.

• Examples in focus: DES and AES (next lecture).

Block Size Handling

• In block ciphers:

  • Plaintext and ciphertext processed in blocks of fixed length (e.g., 128 bits).

  • Plaintext divided into sequence of blocks (P[0] to P[m-1]).

  • Total plaintext length (n) constrained by block size (b).

  • Last block may require padding.

Substitution-Permutation Networks

• Introduced by Claude Shannon as a foundation for modern block ciphers.

• Involves:

  • Substitution (S-box): Replaces parts of data with other data.

  • Permutation (P-box): Rearranges the order of bits to confuse and diffuse.

Diffusion and Confusion

• Objective: Obscure plaintext statistical properties.

• Diffusion: Changes in plaintext should affect multiple bits of the ciphertext.

• Confusion: Changing a bit in the key should also affect many bits in the ciphertext.

Feistel Cipher Structure

• Created by Horst Feistel at IBM; implemented first in the Lucifer cipher.

• Features:

  • Invertible product cipher concept enhancing security.

  • Repetitive structure for both encryption and decryption using the same algorithm.

  • Introduction of multiple subkeys for different rounds.

Operation of Feistel Cipher

Round Process

1. Split input into left (L) and right (R) halves.

2. For each round:

   • R remains unchanged and is used to modify L.

   • L undergoes a substitution step, involving the Feistel function (F) and subkey.

   • Halves are permuted through swapping.

Computation Steps

• Given a plaintext block P split into L0 and R0:

  • For Round 1:

    • L1 = R0

    • R1 = L0 ⊕ F(R0, K1)

  • For Round i:

    • Li = Ri-1

    • Ri = Li-1 ⊕ F(Ri-1, Ki)

DES Overview

General Information

• Widely utilized block cipher adopted by NBS (now NIST) in 1977.

• Controversy surrounding its security; cracked in 1999.

• Transition to “Triple DES” (3DES) due to security flaws followed, ultimately replaced by AES for Federal usage.

DES Functionality and Structure

• Uses 16-round Feistel structure.

• Operates on 64-bit data with a 56-bit key.

• Generates subkeys from a single encryption key via a detailed Feistel function.

DES Processing Steps

Feistel Function Breakdown

1. Expansion Permutation (E-step): Expands R from 32 to 48 bits.

2. Key Mixing: XOR's R with the round key.

3. Substitution via S-boxes: Outputs 32 bits from 48-bit input.

4. Final Permutation: Applies a P-box.

Key Schedule

• Composed of 56 bits with parity considerations.

• Key is permuted initially and subsequently shifted to derive round keys.

Security Features of DES

• Notorious for its efficient diffusion and confusion properties.

• Key strength and challenges against brute force attacks discussed.

• 3DES enhances security by encrypting three times, with dual or triple key configurations.

Advanced Encryption Standard (AES)

AES Fundamentals

• Ratified in 2001, based on the Rijndael cipher (unlike Feistel).

• Variable key sizes of 128, 192, or 256 bits with a fixed block size of 128 bits.

AES Round Processing Steps

• Utilizes a square array structure with iterative transformations on message blocks, including substitutions and permutations.

Digital Signatures and Message Authentication

Introduction to Digital Signatures

• Essential for verifying message authenticity and integrity against alterations.

• Utilizes the RSA process but reversed for signing messages.

HMAC (Hash-based Message Authentication)

• Combines hash functions with secret keys for message authentication.

• Security, structure, and common vulnerabilities discussed.

Final Notes on Integrity and Access Control

Integrity Checking

• Mechanisms such as checksums, CRCs, and hash functions to ensure data integrity.

Access Control Policies

• Overview of DAC, MAC, RBAC, and ABAC principles as mechanisms to implement access control in computing environments.