欢迎来到淘文阁 - 分享文档赚钱的网站! | 帮助中心 好文档才是您的得力助手!
淘文阁 - 分享文档赚钱的网站
全部分类
  • 研究报告>
  • 管理文献>
  • 标准材料>
  • 技术资料>
  • 教育专区>
  • 应用文书>
  • 生活休闲>
  • 考试试题>
  • pptx模板>
  • 工商注册>
  • 期刊短文>
  • 图片设计>
  • ImageVerifierCode 换一换

    密码编码学与网络安全:原理与实践-第四版英文-Cryptography-and-Network-Se.ppt

    • 资源ID:83284915       资源大小:1.86MB        全文页数:39页
    • 资源格式: PPT        下载积分:9金币
    快捷下载 游客一键下载
    会员登录下载
    微信登录下载
    三方登录下载: 微信开放平台登录   QQ登录  
    二维码
    微信扫一扫登录
    下载资源需要9金币
    邮箱/手机:
    温馨提示:
    快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如填写123,账号就是123,密码也是123。
    支付方式: 支付宝    微信支付   
    验证码:   换一换

     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    密码编码学与网络安全:原理与实践-第四版英文-Cryptography-and-Network-Se.ppt

    Cryptography and Network SecurityChapter 3Fifth Editionby William StallingsLecture slides by Lawrie BrownChapter 3 Block Ciphers and the Data Encryption StandardAll the afternoon Mungo had been working on All the afternoon Mungo had been working on Sterns code,principally with the aid of the latest Sterns code,principally with the aid of the latest messages which he had copied down at the messages which he had copied down at the Nevin Square drop.Stern was very confident.Nevin Square drop.Stern was very confident.He must be well aware London Central knew He must be well aware London Central knew about that drop.It was obvious that they didnt about that drop.It was obvious that they didnt care how often Mungo read their messages,so care how often Mungo read their messages,so confident were they in the impenetrability of the confident were they in the impenetrability of the code.code.Talking to Strange Men,Talking to Strange Men,Ruth RendellRuth RendellModern Block Ciphersnow look at modern block ciphersone of the most widely used types of cryptographic algorithms provide secrecy/authentication servicesfocus on DES(Data Encryption Standard)to illustrate block cipher design principlesBlock vs Stream Ciphersblock ciphers process messages in blocks,each of which is then en/decrypted like a substitution on very big charactersl l64-bits or more 64-bits or more stream ciphers process messages a bit or byte at a time when en/decryptingmany current ciphers are block ciphersl lbetter analysedbetter analysedl lbroader range of applicationsbroader range of applicationsBlock Cipher Principlesmost symmetric block ciphers are based on a most symmetric block ciphers are based on a Feistel Cipher StructureFeistel Cipher Structureneeded since must be able to needed since must be able to decryptdecrypt ciphertext ciphertext to recover messages efficientlyto recover messages efficientlyblock ciphers look like an extremely large block ciphers look like an extremely large substitution substitution would need table of 2would need table of 26464 entries for a 64-bit block entries for a 64-bit block instead create from smaller building blocks instead create from smaller building blocks using idea of a product cipher using idea of a product cipher Ideal Block CipherClaude Shannon and Substitution-Permutation CiphersClaude Shannon introduced idea of substitution-Claude Shannon introduced idea of substitution-permutation(S-P)networks in 1949 paperpermutation(S-P)networks in 1949 paperform basis of modern block ciphers form basis of modern block ciphers S-P nets are based on the two primitive S-P nets are based on the two primitive cryptographic operations seen before:cryptographic operations seen before:l lsubstitutionsubstitution(S-box)(S-box)l lpermutation permutation(P-box)(P-box)provide provide confusionconfusion&diffusiondiffusion of message&key of message&keyFeistel Cipher StructureHorst Feistel devised the feistel cipherl lbased on concept of invertible product cipherbased on concept of invertible product cipherpartitions input block into two halvesl lprocess through multiple rounds whichprocess through multiple rounds whichl lperform a substitution on left data halfperform a substitution on left data halfl lbased on round function of right half&subkeybased on round function of right half&subkeyl lthen have permutation s halvesthen have permutation s halvesimplements Shannons S-P net conceptFeistel Cipher StructureData Encryption Standard(DES)most widely used block cipher in world adopted in 1977 by NBS(now NIST)l las FIPS PUB 46as FIPS PUB 46encrypts 64-bit data using 56-bit keyhas widespread usehas been considerable controversy over its securityDES Design Controversyalthough DES standard is publicwas considerable controversy over design l lin choice of 56-bit key(vs Lucifer 128-bit)in choice of 56-bit key(vs Lucifer 128-bit)l land because design criteria were classified and because design criteria were classified subsequent events and public analysis show in fact design was appropriateuse of DES has flourishedl lespecially in financial applicationsespecially in financial applicationsl lstill standardised for legacy application usestill standardised for legacy application useDES Encryption OverviewDES Round Structureuses two 32-bit L&R halvesas for any Feistel cipher can describe as:L Li i =R Ri i11R Ri i =L Li i11 F(F(R Ri i11,K Ki i)F takes 32-bit R half and 48-bit subkey:l lexpands R to 48-bits using perm Eexpands R to 48-bits using perm El ladds to subkey using XORadds to subkey using XORl lpasses through 8 S-boxes to get 32-bit resultpasses through 8 S-boxes to get 32-bit resultl lfinally permutes using 32-bit perm Pfinally permutes using 32-bit perm PDES Round StructureSubstitution Boxes Shave eight S-boxes which map 6 to 4 bits each S-box is actually 4 little 4 bit boxes l louter bits 1&6(outer bits 1&6(rowrow bits)select one row of 4 bits)select one row of 4 l linner bits 2-5(inner bits 2-5(colcol bits)are substituted bits)are substituted l lresult is 8 lots of 4 bits,or 32 bitsresult is 8 lots of 4 bits,or 32 bitsrow selection depends on both data&keyl lfeature known as autoclaving(autokeying)feature known as autoclaving(autokeying)example:l lS(18 09 12 3d 11 17 38 39)=5fd25e03S(18 09 12 3d 11 17 38 39)=5fd25e03 DES Key Scheduleforms subkeys used in each roundl linitial permutation of the key(PC1)which initial permutation of the key(PC1)which selects 56-bits in two 28-bit halves selects 56-bits in two 28-bit halves l l16 stages consisting of:16 stages consisting of:rotating rotating each halfeach half separately either 1 or 2 places separately either 1 or 2 places depending on the depending on the key rotation schedulekey rotation schedule K K selecting 24-bits from each half&permuting them selecting 24-bits from each half&permuting them by PC2 for use in round function F by PC2 for use in round function F note practical use issues in h/w vs s/wDES Decryptiondecrypt must unwind steps of data computation decrypt must unwind steps of data computation with Feistel design,do encryption steps again with Feistel design,do encryption steps again using subkeys in reverse order(SK16 SK1)using subkeys in reverse order(SK16 SK1)l lIP undoes final FP step of encryption IP undoes final FP step of encryption l l1st round with SK16 undoes 16th encrypt round1st round with SK16 undoes 16th encrypt roundl l.l l16th round with SK1 undoes 1st encrypt round 16th round with SK1 undoes 1st encrypt round l lthen final FP undoes initial encryption IP then final FP undoes initial encryption IP l lthus recovering original data value thus recovering original data value Avalanche in DESAvalanche Effect key desirable property of encryption algwhere a change of one input or key bit results in changing approx half output bitsmaking attempts to“home-in”by guessing keys impossibleDES exhibits strong avalancheStrength of DES Key Size56-bit keys have 256=7.2 x 1016 valuesbrute force search looks hardrecent advances have shown is possiblel lin 1997 on Internet in a few months in 1997 on Internet in a few months l lin 1998 on dedicated h/w(EFF)in a few days in 1998 on dedicated h/w(EFF)in a few days l lin 1999 above combined in 22hrs!in 1999 above combined in 22hrs!still must be able to recognize plaintextmust now consider alternatives to DESStrength of DES Timing Attacksattacks actual implementation of cipheruse knowledge of consequences of implementation to derive information about some/all subkey bitsspecifically use fact that calculations can take varying times depending on the value of the inputs to itparticularly problematic on smartcards Differential Cryptanalysisone of the most significant recent(public)advances in cryptanalysis known by NSA in 70s cf DES designMurphy,Biham&Shamir published in 90spowerful method to analyse block ciphers used to analyse most current block ciphers with varying degrees of successDES reasonably resistant to it,cf LuciferDifferential Cryptanalysis Compares Pairs of Encryptions with a known difference in the input searching for a known difference in outputwhen same subkeys are usedDifferential Cryptanalysishave some input difference giving some output difference with probability pif find instances of some higher probability input/output difference pairs occurringcan infer subkey that was used in roundthen must iterate process over many rounds(with decreasing probabilities)Differential CryptanalysisDifferential Cryptanalysisperform attack by repeatedly encrypting plaintext pairs perform attack by repeatedly encrypting plaintext pairs with known input XOR until obtain desired output XOR with known input XOR until obtain desired output XOR when foundwhen foundl lif intermediate rounds match required XOR have a if intermediate rounds match required XOR have a right pairright pairl lif not then have a if not then have a wrong pairwrong pair,relative ratio is S/N for attack,relative ratio is S/N for attack can then deduce keys values for the roundscan then deduce keys values for the roundsl lright pairs suggest same key bitsright pairs suggest same key bitsl lwrong pairs give random values wrong pairs give random values for large numbers of rounds,probability is so low that for large numbers of rounds,probability is so low that more pairs are required than exist with 64-bit inputs more pairs are required than exist with 64-bit inputs Biham and Shamir have shown how a 13-round iterated Biham and Shamir have shown how a 13-round iterated characteristic can break the full 16-round DES characteristic can break the full 16-round DES Linear Cryptanalysisanother recent development also a statistical method must be iterated over rounds,with decreasing probabilitiesdeveloped by Matsui et al in early 90sbased on finding linear approximationscan attack DES with 243 known plaintexts,easier but still in practise infeasibleLinear Cryptanalysisfind linear approximations with prob p!=PiPi1 1,i,i2 2,.,i,.,ia a CjCj1 1,j,j2 2,.,j,.,jb b=KkKk1 1,k,k2 2,.,k,.,kc c where iwhere ia a,j,jb b,k,kc c are bit locations in P,C,K are bit locations in P,C,K gives linear equation for key bitsget one key bit using max likelihood algusing a large number of trial encryptions effectiveness given by:|p1/2 2|DES Design Criteriaas reported by Coppersmith in COPP947 criteria for S-boxes provide for l lnon-linearitynon-linearityl lresistance to differential cryptanalysisresistance to differential cryptanalysisl lgood confusiongood confusion3 criteria for permutation P provide for l lincreased diffusionincreased diffusionBlock Cipher Designbasic principles still like Feistels in 1970snumber of roundsl lmore is better,exhaustive search best attackmore is better,exhaustive search best attackfunction f:l lprovides“confusion”,is nonlinear,avalancheprovides“confusion”,is nonlinear,avalanchel lhave issues of how S-boxes are selectedhave issues of how S-boxes are selectedkey schedulel lcomplex subkey creation,key avalanchecomplex subkey creation,key avalancheSummaryhave considered:l lblock vs stream ciphersblock vs stream ciphersl lFeistel cipher design&structureFeistel cipher design&structurel lDESDES detailsdetails strengthstrengthl lDifferential&Linear CryptanalysisDifferential&Linear Cryptanalysisl lblock cipher design principlesblock cipher design principles

    注意事项

    本文(密码编码学与网络安全:原理与实践-第四版英文-Cryptography-and-Network-Se.ppt)为本站会员(可****阿)主动上传,淘文阁 - 分享文档赚钱的网站仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知淘文阁 - 分享文档赚钱的网站(点击联系客服),我们立即给予删除!

    温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。




    关于淘文阁 - 版权申诉 - 用户使用规则 - 积分规则 - 联系我们

    本站为文档C TO C交易模式,本站只提供存储空间、用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。本站仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知淘文阁网,我们立即给予删除!客服QQ:136780468 微信:18945177775 电话:18904686070

    工信部备案号:黑ICP备15003705号 © 2020-2023 www.taowenge.com 淘文阁 

    收起
    展开