Computer Security Lecture 3 - Symmetric Cryptography

Questions and Answers

What is the purpose of the collision-resistance property in hashing functions?

• To make it impossible to reverse the hash to find the original message
• To prevent two distinct messages from generating the same hash value (correct)
• To allow the original message to be easily reconstructed from the hash
• To ensure that the hash output is of fixed length

Given a hash output of $k$ bits, approximately how many hashing operations are necessary to find a collision?

• $2^k$ operations
• $2^{k/2}$ operations (correct)
• $2^{k+1}$ operations
• $k^2$ operations

Which of the following hash functions is considered to be secure for current use?

• MD4
• SHA-2 (correct)
• MD5
• SHA-1

What is the one-way property of a hash function?

Finding an original input from its hash output is computationally infeasible (A)

Which of the following statements about SHA-3 is correct?

It is the winner of the NIST hash function competition (A)

What is the size of the input block for the DES encryption process?

64 bits (C)

What is the purpose of the initial permutation in the DES encryption process?

To rearrange the bits of the input block (C)

How many rounds of processing does the DES encryption perform on the data?

16 rounds (D)

What is the role of the key schedule in the DES process?

To create multiple subkeys for each round (C)

What type of operation is performed on the left and right halves of the input during each DES round?

XOR operation (C)

What is the final output size of the DES encryption process after the last round?

64 bits (A)

Which of the following statements is true about the mangler function used in DES?

It combines the right half with a key to produce the output. (B)

The initial key used in DES has how many bits?

56 bits (B)

What is the primary characteristic of stateless signatures?

They do not require the signer to maintain key states. (C)

Which of the following is a known example of hash-based signatures?

SPHINCS+ (C)

Which standard deals with modes of operation for an n-bit block cipher?

ISO/IEC 10116 (D)

What is the useful bit length of the key used in DES?

56 bits (B)

What does the key schedule in DES produce for each round?

One 48-bit key (B)

What type of algorithms is described by ISO/IEC 17972?

Authenticated Encryption (B)

Which of the following is NOT a mode of operation mentioned for block ciphers?

GCM (C)

In the context of DES, which bits are considered parity bits?

Bits at positions 8, 16, 24, 32, 40, 48, 56, and 64 (C)

What is the outcome of the mangler function in the DES decryption process?

It transforms the input using the current round key. (C)

What happens to the halves Li and Ri during the DES decryption rounds?

They are input in reverse order compared to encryption. (A)

What is necessary to retrieve Li and Ri from Li+1 and Ri+1 in DES decryption?

Apply the XOR operation with the mangler function. (C)

What is a limitation of DES that TripleDES addresses?

The key size is too small. (A)

How does the key schedule in TripleDES differ from that in single DES?

It applies key derivation from a longer key length. (C)

In DES decryption, which statement is true regarding the final permutation?

It has no role in the decryption process. (A)

What is an essential property of the mangle function during the DES process?

It does not require previous outputs to function. (B)

Which of the following statements about TripleDES is correct?

It provides key sizes of 112 or 168 bits. (D)

What is the first step in the AES decryption operation?

S = AddRoundKey(C, Kn) (A)

Which operation is performed last in the AES decryption process?

AddRoundKey(S, K0) (C)

In the AES decryption process, how many times does the loop execute for n rounds?

n-1 times (D)

What is the primary function of the MixColumns operation in AES?

To provide diffusion by mixing the columns of the state (C)

Which property of a hash function ensures that it is infeasible to find an input that maps to a given hash output?

Pre-image resistance (C)

What does the operation S = SubBytes-1(S) achieve during AES decryption?

It performs a byte substitution using the inverse S-box (A)

What is a key feature of the hash function described in the text?

It maps variable-length data to a fixed-length output (C)

For which purpose is a hash function NOT used according to the content?

Encrypting data (C)

What is the main purpose of hashing a password before storing it?

To protect the password in case the database is compromised (C)

What does adding a salt to a hashed password help to prevent?

Brute-force attacks with precomputed hashes (B)

Which attack method is specifically mentioned as being mitigated by using salts?

Rainbow table attacks (A)

How does the process of storing a password in encrypted form differ from storing it in hashed form?

Encryption requires a key, while hashing does not. (C)

What is a potential risk if the key used for encrypting passwords is compromised?

The encrypted passwords can be decrypted and accessed by unauthorized users (B)

What security measure can be adopted to slow down brute-force attacks on hashed passwords?

Implementing repeated hashing in the computation (A)

Why is storing passwords in encrypted form considered better than hashed form when securing sensitive data?

Encrypted passwords can be recovered if the key is available, whereas hashed passwords cannot. (C)

What fundamental security issue remains even when passwords are stored using hashing or encryption?

Compromise of the password management system (C)

Flashcards

DES (Data Encryption Standard)

A cryptographic algorithm that uses a 56-bit key to encrypt 64-bit blocks of data.

Initial Permutation (IP)

The initial permutation rearranges bits of the 64-bit plaintext message before the first round of encryption.

Final Permutation (IP-1)

The final permutation undoes the initial permutation, restoring the original bit order.

Key Schedule

The key schedule generates 16 subkeys (K1 to K16), each 48 bits long, from the original 56-bit key.

DES Encryption Round

Each round takes a 64-bit message and a 48-bit key as input, producing a 64-bit output. It uses substitution and permutation operations on the data to encrypt it.

Mangler Function

The mangler function is a complex operation that mixes the right half of the input with the round key. It consists of several steps, including expansion, S-box substitution, and permutation.

Left Half of the Output

The left half of the output in each round is simply the right half of the input.

Right Half of the Output

The right half of the output is the left half of the input XORed with the right half of the input after it has been mangled with the round key (Ki+1).

Collision-resistance

It's computationally difficult to find two different messages that produce the same hash output. Imagine trying to find two identical fingerprints - it's practically impossible.

One-way property

Given a hash output, it's impossible to figure out the original message. Like trying to unscramble a scrambled egg, you can't get the original ingredients back.

Collision-resistance property

It's computationally infeasible to find two different messages that hash to the same value. Think of it like finding two identical snowflakes - it's practically impossible.

SHA-2

A family of hash functions offering various output lengths (224, 256, 384, and 512 bits). Currently recommended for secure hashing.

SHA-3 (Keccak)

The winner of the NIST hash function competition. Offering various output lengths (224, 256, 384, and 512 bits).

DES Decryption

In DES decryption, we reverse the process of encryption by undoing each round and permutation. This means retrieving the original left and right halves (Li and Ri) from the processed halves (Li+1, Ri+1).

Key Schedule in DES Decryption

DES decryption utilizes the same steps as encryption, but with the key schedule applied in reverse order. The key schedule is the process of generating round keys (Ki) from the original key (K).

Mangle Function in DES Decryption

The mangle function, used in the encryption process, is applied only in the forward direction. In decryption, we don't explicitly undo it; instead, we use the round key (Ki+1) and the processed halves (Li+1, Ri+1) to retrieve the original halves (Li, Ri).

TripleDES

TripleDES is a more secure version of DES that uses multiple rounds and key schedules to enhance security. It uses a longer key (either 112 bits or 168 bits) compared to DES's 56 bits.

Hash function

A function that maps data of variable length to a fixed-length output called a hash code; it does not use a key and aims to provide a unique fingerprint for the input data.

Second pre-image

For a given input, it's nearly impossible to find another input that creates the same hash code.

Shift Rows

One of the operations used in AES to transform data, involves shifting rows of the state matrix by different amounts, implementing a byte-level permutation.

SubBytes

In the AES algorithm, an operation that replaces each byte in the state matrix with a corresponding value from a fixed S-box, a lookup table.

Mix Columns

In the AES algorithm, an operation that multiplies the state matrix with a fixed matrix to achieve diffusion, spreading changes across the data.

Add Round Key

The last step in an AES round, it involves adding a round key (a secret key derived from the main key) to the state matrix, performing an XOR operation on the corresponding bytes.

Password Hashing

Storing passwords in a hashed format helps protect them from being read directly, but it's still vulnerable to brute-force attacks.

Salt (in password security)

A random value added to a password before hashing to make brute-force attacks more difficult. Each password has a unique salt.

Rainbow Table

Pre-computed tables containing hashes of common passwords used to crack passwords quickly. They're a threat to password hashing.

Repeated Hashing

A technique that repeatedly applies a hashing function to a password and salt to further slow down brute-force attacks.

Password Encryption

Storing passwords in encrypted form, using a key only known to the system. This prevents brute-force attacks.

Encryption Key Security

While encryption is strong against brute-force, it relies on the security of the encryption key. Losing this key weakens the entire system.

Brute-Force Attack

A brute-force attack where a system tries to guess a password by systematically testing all possible combinations.

Password Guessing

This involves using likely passwords, such as common words or dates, to guess a user's password.

Symmetric Key Encryption

A technique used in symmetric-key encryption, where the encryption key is the same as the decryption key.

Block Cipher

A symmetric cipher that operates on blocks of data, typically 64 or 128 bits. Block ciphers use a complex series of substitutions and permutations.

ECB (Electronic Codebook)

An encryption mode that operates on individual blocks of data independently, without considering the context of neighboring blocks. This makes it vulnerable to attack techniques such as frequency analysis.

CBC (Cipher Block Chaining)

An encryption mode that uses a chaining mechanism where each block of plaintext data is XORed with the ciphertext of the previous block before encryption. This makes it more secure than ECB by introducing dependencies between blocks.

Padding

A technique used to pad data when the input to an encryption algorithm does not match the required block size. Padding assures the data is divisible by the block size and prevents ambiguity in decryption.

Data Integrity

A process of verifying the integrity of data by using a cryptographic hash function. It ensures that the data has not been tampered with during transmission or storage.

MAC (Message Authentication Code)

A cryptographic algorithm that generates a tag (a short output) based on a message and a secret key. This tag is used for message authentication to verify the authenticity and integrity of the message.

Authenticated Encryption

A symmetric encryption scheme designed to provide both confidentiality and integrity. Authenticated encryption ensures that the data is both encrypted and authenticated simultaneously.

Study Notes

Computer Security Lecture 3 - Symmetric Cryptography (II)

• Review of previous lecture topics: block ciphers (e.g., DES and AES), padding, modes of operation (e.g., ECB, CBC, CTR), error propagation, message authentication codes (MACs), MACs based on block ciphers, and authenticated encryption.
• Lecture Structure:
  • DES: Data Encryption Standard
  • AES: Advanced Encryption Standard
  • Hash functions
  • MACs based on hash functions
  • Hash-based signatures.

DES (Data Encryption Standard)

• Adopted as a standard by the USA's National Institute of Standards and Technology (NIST) in 1976, ratified every 5 years.
• Ultimately replaced by AES (Advanced Encryption Standard) in 2001.
• Uses 56-bit keys (plus 8 for parity checks).
• 64-bit block cipher, encrypting in 64-bit (8-byte) blocks.
• Component Operations:
  • Exclusive-or (XOR)
  • Permutation
  • Lookups
  • Left Bitshift
  • Loops / Repeated Rounds.

DES Key

• Presented as 8 bytes (e.g., 9F 6D 32 6A 01 68 EC 5B).
• Contains 64 bits, but 8 bits (last bit of each byte) are parity bits.
• Parity bits are effectively ignored and are usually ignored.
• The least significant bit of each byte should be set to ensure an odd number of 1s in each key byte.
• The key effectively contains 56 bits of entropy.
• 56 bits are needed for encryption/decryption.

DES Key Schedule

• 64-bit DES key, ignore the 8-bit parity numbers (8, 16, 24, 32, 40, 48, 56, 64)
• The key schedule algorithm takes the remaining 56-bit DES key as input and generates 16 48-bit subkeys (K1, K2, ..., K16).
• Each subkey is used in one round.

DES Schematic

• Data flow illustrated graphically.

Initial and Final Permutations (IP and IP⁻¹)

• Defined in table format.
• Show reordering of bits in inputs and outputs.

DES Encryption Round

• The process in which the cipher does 16 rounds of operations on input blocks.
• Left half of the output is the right-hand half of the input
• Right half of the output is obtained by XORing the left-hand half of the input with right-half mangled using the round key

DES Decryption

• The steps in reversing the encryption process.
• The mangler function is not needed in decryption.

TripleDES

• DES has been deprecated, but TripleDES is still used.
• TripleDES uses a longer key (112 or 168 bits) for enhanced security than DES (56-bit key).
• Improved resistance against brute-force attacks.
• 112-bit key: k = k1 || k2 (encryption of block b in TripleDES consists of encrypt with k1, decrypt the block b with k2 then encrypt the result with k1).
• 168-bit key: k = k1 || k2 || k3 (encryption of block b in TripleDES consists of encrypt with k1, decrypt the block b with k2 then encrypt the result with k3).

Why not Double DES

• DoubleDES is not secure against brute-force attacks, and can be broken more quickly than DES.
• Meet-in-the-middle attack is possible.

AES (Advanced Encryption Standard)

• Current standard for encryption.
• NIST ran a competition to find a replacement for DES.
• Rijndael (a design by Joan Daemen and Vincent Rijmen) was selected.
• Block size: 128 bits.
• Key sizes: 128, 192, or 256 bits
• Similar principles to DES with a focus on performance optimization in both hardware and software.

AES further materials

• Official definition (NIST publication).
• YouTube conceptual overview (by Gideon Samid).
• Cartoon guide (explaining the principles without diving into the complex math).

AES Schematic

• Diagram shows input and output block data sizes.

AES Key Schedule

• Generates n+1 subkeys from a key.
• The number of rounds is 10, 12, or 14.

AES Operations in the Rounds

• Explanation of the key operations in the rounds.

AES Encryption and Decryption

• Descriptions, and detailed operations for encrypting and decrypting processes.

AES S-Box

• Table listing the mapping of input values to output values in the S-Box.

Hash Functions

• Function that maps variable-length input (x) to fixed-length output (y).
• Cryptographic hash functions have three important properties: one-way, second pre-image, collision-resistance.

Standard Hash Functions (SHA, MD)

• Various standard hash functions were and are widely used, including MD4, MD5, SHA-1, SHA-2, and SHA-3 (aka Keccak).

MAC (Message Authentication Code)

• MACs provide data integrity without considering confidentiality.
• Using hash functions to calculate MACs.
• HMAC (Hash-based Message Authentication Code), HMAC function is more widely used MAC than the basic MAC function because HMAC is more security.

Hash-based Signatures

• Discussion of various hash-based signature schemes. (Lamport, Winternitz, Merkle, etc.) and how they're used and their characteristics.
• Descriptions and details of different multi-level signatures (e.g., XMSS, LMS, SPHINCS+) and their characteristics.

Storing Passwords

• Various approaches for securely storing passwords: storing as plaintext, hashing, and encrypting.
• Discussion of the vulnerabilities of each approach.

Lab: AES and Hash Functions

• Lab exercises for demonstration and training.

Appendices

• Further information and explanations of topics.