Computer Security Lecture 3 - Symmetric Cryptography

Questions and Answers

What is the purpose of the collision-resistance property in hashing functions?

To make it impossible to reverse the hash to find the original message

To prevent two distinct messages from generating the same hash value (correct)

To allow the original message to be easily reconstructed from the hash

To ensure that the hash output is of fixed length

Given a hash output of $k$ bits, approximately how many hashing operations are necessary to find a collision?

$2^k$ operations

$2^{k/2}$ operations (correct)

$2^{k+1}$ operations

$k^2$ operations

Which of the following hash functions is considered to be secure for current use?

MD4

SHA-2 (correct)

MD5

SHA-1

What is the one-way property of a hash function?

Finding an original input from its hash output is computationally infeasible

Which of the following statements about SHA-3 is correct?

It is the winner of the NIST hash function competition

What is the size of the input block for the DES encryption process?

64 bits

What is the purpose of the initial permutation in the DES encryption process?

To rearrange the bits of the input block

How many rounds of processing does the DES encryption perform on the data?

16 rounds

What is the role of the key schedule in the DES process?

To create multiple subkeys for each round

What type of operation is performed on the left and right halves of the input during each DES round?

XOR operation

What is the final output size of the DES encryption process after the last round?

64 bits

Which of the following statements is true about the mangler function used in DES?

It combines the right half with a key to produce the output.

The initial key used in DES has how many bits?

56 bits

What is the primary characteristic of stateless signatures?

They do not require the signer to maintain key states.

Which of the following is a known example of hash-based signatures?

SPHINCS+

Which standard deals with modes of operation for an n-bit block cipher?

ISO/IEC 10116

What is the useful bit length of the key used in DES?

56 bits

What does the key schedule in DES produce for each round?

One 48-bit key

What type of algorithms is described by ISO/IEC 17972?

Authenticated Encryption

Which of the following is NOT a mode of operation mentioned for block ciphers?

GCM

In the context of DES, which bits are considered parity bits?

Bits at positions 8, 16, 24, 32, 40, 48, 56, and 64

What is the outcome of the mangler function in the DES decryption process?

It transforms the input using the current round key.

What happens to the halves Li and Ri during the DES decryption rounds?

They are input in reverse order compared to encryption.

What is necessary to retrieve Li and Ri from Li+1 and Ri+1 in DES decryption?

Apply the XOR operation with the mangler function.

What is a limitation of DES that TripleDES addresses?

The key size is too small.

How does the key schedule in TripleDES differ from that in single DES?

It applies key derivation from a longer key length.

In DES decryption, which statement is true regarding the final permutation?

It has no role in the decryption process.

What is an essential property of the mangle function during the DES process?

It does not require previous outputs to function.

Which of the following statements about TripleDES is correct?

It provides key sizes of 112 or 168 bits.

What is the first step in the AES decryption operation?

S = AddRoundKey(C, Kn)

Which operation is performed last in the AES decryption process?

AddRoundKey(S, K0)

In the AES decryption process, how many times does the loop execute for n rounds?

n-1 times

What is the primary function of the MixColumns operation in AES?

To provide diffusion by mixing the columns of the state

Which property of a hash function ensures that it is infeasible to find an input that maps to a given hash output?

Pre-image resistance

What does the operation S = SubBytes-1(S) achieve during AES decryption?

It performs a byte substitution using the inverse S-box

What is a key feature of the hash function described in the text?

It maps variable-length data to a fixed-length output

For which purpose is a hash function NOT used according to the content?

Encrypting data

What is the main purpose of hashing a password before storing it?

To protect the password in case the database is compromised

What does adding a salt to a hashed password help to prevent?

Brute-force attacks with precomputed hashes

Which attack method is specifically mentioned as being mitigated by using salts?

Rainbow table attacks

How does the process of storing a password in encrypted form differ from storing it in hashed form?

Encryption requires a key, while hashing does not.

What is a potential risk if the key used for encrypting passwords is compromised?

The encrypted passwords can be decrypted and accessed by unauthorized users

What security measure can be adopted to slow down brute-force attacks on hashed passwords?

Implementing repeated hashing in the computation

Why is storing passwords in encrypted form considered better than hashed form when securing sensitive data?

Encrypted passwords can be recovered if the key is available, whereas hashed passwords cannot.

What fundamental security issue remains even when passwords are stored using hashing or encryption?

Compromise of the password management system

Study Notes

Computer Security Lecture 3 - Symmetric Cryptography (II)

• Review of previous lecture topics: block ciphers (e.g., DES and AES), padding, modes of operation (e.g., ECB, CBC, CTR), error propagation, message authentication codes (MACs), MACs based on block ciphers, and authenticated encryption.
• Lecture Structure:
  • DES: Data Encryption Standard
  • AES: Advanced Encryption Standard
  • Hash functions
  • MACs based on hash functions
  • Hash-based signatures.

DES (Data Encryption Standard)

• Adopted as a standard by the USA's National Institute of Standards and Technology (NIST) in 1976, ratified every 5 years.
• Ultimately replaced by AES (Advanced Encryption Standard) in 2001.
• Uses 56-bit keys (plus 8 for parity checks).
• 64-bit block cipher, encrypting in 64-bit (8-byte) blocks.
• Component Operations:
  • Exclusive-or (XOR)
  • Permutation
  • Lookups
  • Left Bitshift
  • Loops / Repeated Rounds.

DES Key

• Presented as 8 bytes (e.g., 9F 6D 32 6A 01 68 EC 5B).
• Contains 64 bits, but 8 bits (last bit of each byte) are parity bits.
• Parity bits are effectively ignored and are usually ignored.
• The least significant bit of each byte should be set to ensure an odd number of 1s in each key byte.
• The key effectively contains 56 bits of entropy.
• 56 bits are needed for encryption/decryption.

DES Key Schedule

• 64-bit DES key, ignore the 8-bit parity numbers (8, 16, 24, 32, 40, 48, 56, 64)
• The key schedule algorithm takes the remaining 56-bit DES key as input and generates 16 48-bit subkeys (K1, K2, ..., K16).
• Each subkey is used in one round.

DES Schematic

• Data flow illustrated graphically.

Initial and Final Permutations (IP and IP⁻¹)

• Defined in table format.
• Show reordering of bits in inputs and outputs.

DES Encryption Round

• The process in which the cipher does 16 rounds of operations on input blocks.
• Left half of the output is the right-hand half of the input
• Right half of the output is obtained by XORing the left-hand half of the input with right-half mangled using the round key

DES Decryption

• The steps in reversing the encryption process.
• The mangler function is not needed in decryption.

TripleDES

• DES has been deprecated, but TripleDES is still used.
• TripleDES uses a longer key (112 or 168 bits) for enhanced security than DES (56-bit key).
• Improved resistance against brute-force attacks.
• 112-bit key: k = k1 || k2 (encryption of block b in TripleDES consists of encrypt with k1, decrypt the block b with k2 then encrypt the result with k1).
• 168-bit key: k = k1 || k2 || k3 (encryption of block b in TripleDES consists of encrypt with k1, decrypt the block b with k2 then encrypt the result with k3).

Why not Double DES

• DoubleDES is not secure against brute-force attacks, and can be broken more quickly than DES.
• Meet-in-the-middle attack is possible.

AES (Advanced Encryption Standard)

• Current standard for encryption.
• NIST ran a competition to find a replacement for DES.
• Rijndael (a design by Joan Daemen and Vincent Rijmen) was selected.
• Block size: 128 bits.
• Key sizes: 128, 192, or 256 bits
• Similar principles to DES with a focus on performance optimization in both hardware and software.

AES further materials

• Official definition (NIST publication).
• YouTube conceptual overview (by Gideon Samid).
• Cartoon guide (explaining the principles without diving into the complex math).

AES Schematic

• Diagram shows input and output block data sizes.

AES Key Schedule

• Generates n+1 subkeys from a key.
• The number of rounds is 10, 12, or 14.

AES Operations in the Rounds

• Explanation of the key operations in the rounds.

AES Encryption and Decryption

• Descriptions, and detailed operations for encrypting and decrypting processes.

AES S-Box

• Table listing the mapping of input values to output values in the S-Box.

Hash Functions

• Function that maps variable-length input (x) to fixed-length output (y).
• Cryptographic hash functions have three important properties: one-way, second pre-image, collision-resistance.

Standard Hash Functions (SHA, MD)

• Various standard hash functions were and are widely used, including MD4, MD5, SHA-1, SHA-2, and SHA-3 (aka Keccak).

MAC (Message Authentication Code)

• MACs provide data integrity without considering confidentiality.
• Using hash functions to calculate MACs.
• HMAC (Hash-based Message Authentication Code), HMAC function is more widely used MAC than the basic MAC function because HMAC is more security.

Hash-based Signatures

• Discussion of various hash-based signature schemes. (Lamport, Winternitz, Merkle, etc.) and how they're used and their characteristics.
• Descriptions and details of different multi-level signatures (e.g., XMSS, LMS, SPHINCS+) and their characteristics.

Storing Passwords

• Various approaches for securely storing passwords: storing as plaintext, hashing, and encrypting.
• Discussion of the vulnerabilities of each approach.

Lab: AES and Hash Functions

• Lab exercises for demonstration and training.

Appendices

• Further information and explanations of topics.

Description

This quiz covers the core concepts of symmetric cryptography discussed in Lecture 3, including block ciphers like DES and AES, modes of operation, and message authentication codes. You will explore key operations and functionalities of these cryptographic standards, enhancing your understanding of data security mechanisms.