Dizin

AES BloN Şifresinin Anahtar Genişletme Rutininin Geliştirilmesi ve

download Şikayet

Transkript

AES BloN Şifresinin Anahtar Genişletme Rutininin Geliştirilmesi ve 
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
AES %ORNùLIUHVLQLQ$QDKWDU*HQLúOHWPH
RutiniQLQ*HOLúWLULOPHVLYH%LU%ORNùLfreden
%D÷ÕPVÕ]$QDKWDU*HQLúOHWPH RutiniQLQ7DVDUÕPÕ
)DWPD%\NVDUDoR÷OX SakallÕ(UFDQ%XOXú0XKDUUHP 7ROJD6DNDOOÕ+VH\LQ9XUDO
g]HW—AES (Advanced Encryption Standard) bORN úLIUHVL
\ÕOÕQGD VWDQGDUW ROPXú |QHPOL ELU VLPHWULN úLIUHOHPH
DOJRULWPDVÕGÕU%XQXQODEHUDEHU$(6EORNúLIUHVLQLQVDOGÕUÕODUD
LPNkQ WDQÕ\DQ HQ |QHPOL ]DDIÕ DQDKWDU JHQLúOHWPH UXWLQLQLQ
\DYDú \D\ÕOÕP YH ELW VÕ]ÕQWÕ SUREOHPOHULQH VDKLS ROPDVÕGÕU %X
oDOÕúPDGD $(6 EORN úLIUHVLQLQ DQDKWDU JHQLúOHWPH UXWLQLQGHNL
bu problemleri gideren bir anahtar JHQLúOHWPH UXWLQL
JHOLúWLULOPHNWHGLU ve bu rutinden faydalanarak bir EORNúLIUHGHQ
ED÷ÕPVÕ] DQDKWDU JHQLúOHWPH UXWLQLQLQ QDVÕO WDVDUODQDELOHFH÷L
WDUWÕúÕOPDNWDGÕr.
Anahtar Kelimeler—$(6 EORN úLIUHVL EORN úLIUHOHU DQDKWDU
JHQLúOHWPHUXWLQL\HQLELUDQDKWDUJHQLúOHWPHPLPDULVL.
Abstract—AES (Advanced Encryption Standard) block
cipher, which has been deployed as a standard in 2001, is an
important symmetric cipher. However, the key expansion
routine of the AES has two important weaknesses, slow
diffusion and bit leakage, which are used to execute some
important attacks against AES. In the present study, a new
improved key expansion routine for the AES eliminating these
weaknesses is developed and how to design a key expansion
routine independent from a block cipher is discussed.
Index Terms— AES block cipher, block ciphers, key
expansion routine, a new key expansion routine structure
I. Gø5øù
\ÕOÕQGD '(6 (Data Encryption Standard) [1]
úLIUHOHPH DOJRULWPDVÕQÕQ \HULQL Dlan ve standart haline
gelen AES (Advanced Encryption Standard) [2] blok
úLIUHVL -ELW YHUL EORNODUÕQÕ -bit, 192-bit ve 256-bit
DQDKWDU VHoHQHNOHUL LOH úLIUHOH\HQ EiU EORN úLIUHOHPH
DOJRULWPDVÕGÕU >-3]. '|QJ VD\ÕVÕ 128-bit, 192-bit ve 256ELWDQDKWDUVHoHQHNOHULLoLQVÕUDVÕ\ODYHG|QJGU
+HUG|QJG|UWDGÕPLoHULU
2
i) 6XE%\WHV%\WH<HUGH÷LúWLUPH
Fatma %\NVDUDoR÷OX 6DNDOOÕ, 7UDN\D hQLYHUVLWHVL
0KHQGLVOL÷L%|OP(GLUQHIEX\[email protected]
Bilgisayar
(UFDQ%XOXú1DPÕN.HPDOhQLYHUVLWHVL%LOJLVD\DU0KHQGLVOL÷L%|OP,
dRUOX-7HNLUGD÷HUFDQEXOXV#QNX.edu.tr
Muharrem 7ROJD6$.$//,7UDN\DhQLYHUVLWHVL%LOJLVD\DU0KHQGLVOL÷L
%|OP(GLUQHtolga@ trakya.edu.tr
ii) 6KLIW5RZV6DWÕUODUÕgWHOHPH
iii) 0L[&ROXPQV6WXQODUÕ.DUÕúWÕUPD
iv) $GG5RXQG.H\'|QJ$QDKWDUÕ(NOHPH
+HUG|QJGHVÕUDVÕ\ODJHUoHNOHúWLULOHQEXDGÕPODUGDQE\WH
\HU GH÷LúWLUPH DGÕPÕQGD -ELW E\WH GH÷HUOHUL IDUNOÕ -bit
E\WH GH÷HUOHUL LOH \HU GH÷LúWLULOLU (S-kutusu) %X G|QúP
GR÷UXVDOROPD\DQELUG|QúPGUYH*)8) sonlu cisminde
WHUV KDULWDODPD WDEDQOÕGÕU [2-5] 6DWÕUODUÕ |WHOHPH DGÕPÕQGD
E\WH GH÷HUOHULQLQ SHUPWDV\RQX LOH E\WH GH÷HUOHULQLQ VÕUDVÕ
GH÷LúWLULOLUNHQ 0L[&ROXPQV GR÷UXVDO G|QúPGH -bit
JLULúGH÷HUOHULQGHQVDELWELUPDWULVoDUSÕPÕ\DUGÕPÕ\OD-bit
oÕNÕú GH÷HUOHUL HOGH HGLOPHNWHGLU 'L÷HU \DQGDQ VRQ DGÕP
RODQ G|QJ DQDKWDUÕ HNOHPH HYUHVLQGH -bit anahtar
VHoHQH÷L LOH úLIUHOHPH \DSDQ $(6 úLIUHVL LoLQ DQDKWDU
JHQLúOHWPH evresinden gelen 128-ELWDQDKWDUGH÷HULOHRDQNL
EORN;25¶ODPD LúOHPLQH WDELWXWXOXUùHNLO1WHNG|QJON
SPN mimarisine uygun AES algoritmDVÕQÕJ|VWHUPHNWHGLU
$(6 EORN úLIUHVLQLQ DQDKWDU JHQLúOHWPH DOJRULWPDVÕ KHU QH
kadar basit olsa da, ED]Õ |QHPOL VDOGÕUÕODUÕQ
JHUoHNOHúWLULOPHVLQGH GR÷UXGDQ HWNLVL ROPDVÕQGDQ GROD\Õ
G|QJ IRQNVL\RQX NDGDU JoO GH÷LOGLU %X VDOGÕUÕODUÕQ
QHGHQL $(6 DQDKWDU JHQLúOHWPH UXWLQLQLQ \DYDú \D\ÕOÕP YH
ELW VÕ]ÕQWÕ SUREOHPOHULQH VDKLS ROPDVÕGÕU <DYDú \D\ÕOÕP
problemi, AES-192 (192-bit anahtar kullanan AES blok
úLIUHVL YH $(6-256 (256-bit anahtar kullanan AES blok
úLIUHVL LoLQ LOLúNLOL DQDKWDU VDOGÕUÕODUÕQGD NXOODQÕOPÕúWÕU >613@ %LW VÕ]ÕQWÕ SUREOHPLQGH ise VDOGÕUJDQ YHULOHQ ELU DOW
DQDKWDUELOJLVLLOHGL÷HUDOWDQDKWDUODUÕHOGHHGLOHELOPHNWHGLU
Bu problem 7-G|QJON$(6-192 ve AES-LoLQLPNkQVÕ]
GLIHUDQVL\HO VDOGÕUÕVÕQGD NXOODQÕODELOPHNWHGLU >14]. May vd.
[15] $(6 EORN úLIUHVLQGH NXOODQÕODQ DQDKWDU JHQLúOHWPH
UXWLQLQLQJoOHQGLULOPHVLLoLQ$(6G|QJIRQNVL\RQXQXQo
GHID \UWOG÷ KHU DOW DQDKWDUÕQ ELUELULQGHQ ED÷ÕPVÕ]
olarak elde edLOGL÷L YH X\JXODPD PDOL\HWL \NVHN \HQL ELU
DQDKWDU JHQLúOHWPH UXWLQLQL |QH VUPúOHUGLU %X oDOÕúPDGD
$(6 EORN úLIUHVLQLQ DQDKWDU JHQLúOHWPH UXWLQLQLQ RULMLQDO
\DSÕVÕQÕ ER]PDGDQ YH EDKVHGLOHQ SUREOHPOHUL JLGHren yeni
bir anahtar geQLúOHWPHUXWLQL|QHULOPHNWHGLU$\UÕFD|QHULOHQ
bu yeni DQDKWDU JHQLúOHWPH UXWLQLQGHQ HVLQOHQHUHN elde
edilen EORN úLIUHGHQ ED÷ÕPVÕ] \HQL ELU DQDKWDU JHQLúOHWPH
mimarisi incelenmektedir.
+VH\LQ 9XUDO, Trakya hQLYHUVLWHVL %LOJLVD\DU 0KHQGLVOL÷L %|OP
Edirne, [email protected]
20-21 September /Eylül 2013 | Ankara / TURKEY
347
Proceedings/Bildiriler Kitabı
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
ùHNLO7HNG|QJON$(6DOJRULWPDVÕ
II. AES ANAHTAR *(1øù/(70( 587ø1ø
B. .HOLPH<HUGH÷LúWLUPH6XE:RUG
%X E|OPGH $ES- LoLQ DQDKWDU JHQLúletme rutini
incelenmektedir %ORN úLIUHQLQ $(6-192 ve AES-256 iki
YHUVL\RQX LoLQ GH ED]Õ NoN GH÷LúLNOLNOHU LOH ELUOLNWH rutin
AES-¶LQNLLOHD\QÕGÕUùHNLOGHJHQHOúHNOLYHULOHQ$(612DQDKWDUJHQLúOHWPHUXWLQL DúD÷ÕGDNLJibi ifade edilebilir:
%X UXWLQ $(6 úLIUHVLQGH NXOODQÕODQ %\WH \HUGH÷LúWLUPH
6XE%\WHV G|QúPQH EHQ]HPHNWHGLU $QFDN VDGHFH E\WH¶DX\JXODQÕU%XG|QJNHOLPHGHNLKHUE\WHGH÷HULQLDOÕU
YHGL÷HUELUE\WHLOH\HUGH÷LúWLULU
1- øONNHOLPH (w0 , w1, w2 , w3 ) gizli anahtardan elde edilir.
Gizli anahtar k 0 dan k15 ¶HNDGDUE\WHELUGL]LRODUDN
GúQOU øON E\WH k 0 dan k 3 ¶H w0 , ikinci 4 byte
( k 4 ¶WHQ k 7 ¶\H w1 YHEHQ]HUúHNLOGHGL÷HUNHOLPHOHU w2
ve w3 ¶WH JL]OL DQDKWDUÕQ NHOLPHOHU úHNOLQGH \DQ \DQD
NRQPDVÕLOHHOGHHGLOLU
2- Di÷HU NHOLPHOHU wi (i GHQ ¶H NDGDU DúD÷ÕGDNL
úHNLOGHHOGHHGLOLU
C. '|QJ6DELWOHULRound Constants):
a. (÷HU i PRG  LVH wi wi 1 † wi4 úHNOLQGH
WDEORGDQ GD J|UOG÷ JLEL VROGDQ YH VWWHQ ELU
GH÷HUGHQHOGHHGLOLU
b. (÷HUi (mod 4) = 0 ise wi t † wi 4 úHNOLQGHHOGH
edilir. Burada t JHoLFLELUEHOOHNYHLNLUXWLQLQ wi 1
]HULQGHNL X\JXODPD VRQXFXGXU 6XE:RUG YH
RotWord. t¶QLQ HOGHHGLOPHVUHFLELUG|QJVDELWL
5&RQLOH;25ODPDLúOHPL LOHVRQODQÕU
'L÷HUELUGH\LúOH
t SubWord( RotWord(wi 1 )) † RConi / 4 .
$QDKWDU JHQLúOHWPH UXWLQL KHU G|QJGH IDUNOÕ VDELW GH÷HU
NXOODQÕU %X VDELW 5&RQ E\WH GH÷HULQGH YH HQ VD÷GDNL E\WH¶Õ RODQ ELU GH÷HUGLU $(6- LoLQ G|QJ LoLQ
faUNOÕ G|QJ VDELWOHUL 7DEOR ¶GH J|VWHULOPHNWHGLU Buna ek
olarDN 7DEORODUGD NXOODQÕODQ WP LNLOL GH÷HUOHU hexadecimal
(h DOW VLPJHVL LOH J|VWHULOPLúWLU VD\Õ VLVWHPL LOH WHPVLO
edilmektedir.
TABLO 1
AES-128 aQDKWDUJHQLúOHWPHUXWLQLQGHNXOODQÕODQG|QJVabitleri
A. .HOLPH'|QGUPH5RW:RUG
%X UXWLQ $(6 úLIUHVLQGH NXOODQÕODQ VDWÕUODUÕ |WHOHPH
6KLIW5RZV G|QúPQH EHQ]HPHNWHGLU $QFDN VDGHFH VDWÕUD X\JXODQÕU %X UXWLQ ELU NHOLPH\L E\WHOÕN ELU GL]LVL
RODUDNDOÕUYHKHUE\WH¶ÕVRODGDLUHVHORODUDN|WHOHU
Proceedings/Bildiriler Kitabı
348
20-21 September /Eylül 2013 | Ankara / TURKEY
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
ùHNLO AES -LoLQDQDKWDUJHQLúOHWPHUXWini (Nr G|QJVD\ÕVÕQÕWHPVLOHWPHNWHGLU
III.
AES ANAHTAR *(1øù/(70( 587ø1ø1'(.ø ø.ø
g1(0/ø (.6ø./ø.
%LU EORN úLIUH GDKD |QFH GH EHOLUWLOGL÷L JLEL G|QJOHUGHQ
YH G|QJOHUGHNL D\QÕ DGÕPODUGDQ ROXúPDNWDGÕU 'ROD\ÕVÕ\OD
G|QJOHUGHNL VLPHWUL\L ER]PDN LoLQ KHU G|QJGH IDUNOÕ ELU
DQDKWDU PDWHU\DOLQLQ NXOODQÕOPDVÕ JHUHNOLGLU Anahtar
JHQLúOHWPH UXWLQOHUL JL]OL DQDKWDUGDQ KHU G|QJGH
NXOODQÕODFDN IDUNOÕ DQDKWDUODUÕQ DOW DQDKWDUODUÕQ HOGH
HGLOPHVLQL VD÷OD\DQ DOJRULWPDODUGÕU +HU EORN úLIUHGH IDUNOÕ
rutinler kullaQÕODELOPHNWHGLU YH úLIUHOHPH DOJRULWPDVÕQGD
NXOODQÕODQ \DSÕODU tercih edilerek bu rutinler JHOLúWLULOHELOLU
Lars Knudsen [16] JoO ELU DQDKWDU JHQLúOHWPH UXWLQLQLQ
|]HOOLNOHULQLDúD÷ÕGDNLJLELYHUPHNWHGLU
1- dDUSÕúPD\DGD\DQÕNOÕWHN\|QOIRQNVL\RQRQH-way
function) olma,
2- 7P DOW DQDKWDUODU YH JL]OL DQDKWDU DUDVÕQGD
PLQLPXPNDUúÕOÕNOÕLOLúNLEXOXQPD
3- 8\JXODPDHWNLQOL÷L
7P DOW DQDKWDUODU YH JL]OL DQDKWDU DUDVÕQGD PLQLPXP
NDUúÕOÕNOÕ LOLúNL |]HOOL÷L EORN úLIUHOHU ]HULQH VDOGÕUÕ
VHQDU\RODUÕQÕQ NDUPDúÕNOÕ÷ÕQÕ D]DOWDUDN VDOGÕUJDQD \DUGÕPFÕ
RODFDN LOLúNLOHUL yok edecektir [15] %X WU LOLúNLOHULQ
NXOODQÕOGÕ÷Õ VDOGÕUÕODUD |UQHNOHU '(6 EORN úLIUHVLQH NDUúÕ
GR÷UXVDO NULSWDQDOL] [17], diferansiyel kriptanaliz [18] gibi
VDOGÕUÕODU LOH $(6 EORN úLIUHVLQH NDUúÕ Rlan LOLúNLOL DQDKWDU
VDOGÕUÕVÕ WDEDQOÕ oHúLWOL VDOGÕUÕODU YHULOHELOLU <LQH [12]
oDOÕúPDVÕQÕQ \D]DUODUÕ ³%D]Õ VDOGÕUÕODUÕQ JHQLúOHWLOHQ DQDKWDU
ELWOHUL DUDVÕQGDNL LOLúNLOHUL NXOODQGÕNODUÕQÕ YH EX LOLúNLOHULQ
RODPDPDVÕ GXUXPXQGD VDOGÕUÕODUÕQ GDKD \NVHN NDUPDúÕNOÕN
JHUHNWLUHFH÷LQL´EHOLUWPLúOHUGLU
20-21 September /Eylül 2013 | Ankara / TURKEY
ùLIUHOHPH DOJRULWPDVÕ YH DQDKWDU JHQLúOHWPH DOJRULWPDVÕ
JYHQOLN DoÕVÕQGDQ ROGX÷X NDGDU X\JXODPD \|Q\OH GH
ELUELUOHULQL WDPDPODPDOÕGÕUODU %X DoÕGDQ EDNÕOGÕ÷ÕQGD
DQDKWDU JHQLúOHWPH DOJRULWPDVÕQGDúLIUHOHPH DOJRULWPDVÕQGD
NXOODQÕODQ RSWLPL]H HGLOHQ HOHPDQODUÕQ WHNUDU NXOODQÕOPDVÕ
bir avantaj olarak kabul edilebilir [15].
$QDKWDU JHQLúOHWPH DOJRULWPDODUÕ LOH HOGH HGLOHQ DOW
DQDKWDUODUÕQ]HULQGH\UWOHQLNL|QHmli test, frekans testi
ve oÕ÷NULWHULWHVWLGLU)UHNDQVWHVWLELWNDUÕúWÕUPD|]HOOL÷LQLQ
|OoOPHVLQGH
6KDQQRQ¶QÕQ
NDUÕúWÕUPD
|]HOOL÷LQLQ
|OoOPHVLQGHWHPHOWHúNLOHGHUNXOODQÕOÕUNHQoÕ÷NULWHULWHVWL
ELW\D\ÕOÕP|]HOOL÷LQLQ|OoOPHVLQGHNXOODQÕOÕU%XWHVWJLULú
EOR÷XQGDELUELWGH÷LúLPLQoÕNÕúEOR÷XQGDNLELWOHULQ\DUÕVÕQÕQ
GH÷LúLPLQL NRQWURO HGHU 6KDQQRQ¶QÕQ \D\ÕOÕP |]HOOL÷LQLQ
|OoPQVD÷ODU
AES- EORN úLIUHVLQLQ DQDKWDU JHQLúOHWPH DOJRULWPDVÕ
GúQOG÷QGH ùHNLO ¶GH JHQHO IRUPX YHULOPLúWLU
\XNDUÕGD YHULOHQ |]HOOLNOHUGHQ VDGHFH oQF |]HOOL÷L
VD÷ODGÕ÷Õ [15] EHOLUWLOPLúWLU %XQXQ \DQÕQGD $(6¶LQ DQDKWDU
JHQLúOHWPH DOJRULWPDVÕQÕQ N|W \D\ÕOÕP |]HOOL÷L LOLúNLOL
DQDKWDU VDOGÕUÕODUÕ JLEL ED]Õ VDOGÕUÕODUGD HWNLQ RODUDN
NXOODQÕOPDNWDGÕU %X WU VDOGÕUÕODU JHUoHN KD\DWWD KHU QH
kadar pratik olmasalar da AES-192 (192-bit anahtar
NXOODQDQ $(6 EORN úLIUHVL YH $(6-256 (256-bit anahtar
NXOODQDQ$(6EORNúLIUHVLLoLQLOLúNLOLDQDKWDUVDOGÕUÕODUÕQQH
NDGDU ID\GDOÕ ROGX÷X [19,20] oDOÕúPDODUÕQGD J|VWHULOPLúWLU
Bunun temel nedeni olarak AES-192 ve AES-256
YHUVL\RQODUÕQGDNL DQDKWDU SODQODPD DOJRULWPDVÕQÕQ$(6-128
(128-ELWDQDKWDUNXOODQDQ$(6EORNúLIUHVLYHUVL\RQXQDJ|UH
GDKD \DYDú \D\ÕOÕP |]HOOL÷L VD÷ODPDVÕ RODUDN YHULOHELOLU
$\UÕFD ]DPDQ NDUPDúÕNOÕ÷Õ DoÕVÕQGDQ %LU\XNRY YG >] 10
G|QJ\H NDGDU ELU $(6 DOJRULWPDVÕQD SUDWLN ELU VDOGÕUÕ\Õ
J|VWHUPLúOHUGLU 'L÷HU \DQGDQ $(6¶LQ DQDKWDU JHQLúOHWPH
349
Proceedings/Bildiriler Kitabı
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
DOJRULWPDVÕQGD ELW VÕ]ÕQWÕVÕ ELW OHDNDJH SUREOHPL
EXOXQPDNWDGÕU %X SUREOHP NXOODQÕODUDN oHúLWOL VDOGÕUÕODUGD
ELUDOWDQDKWDUGDQID\GDODQDUDNGL÷HUDOWDQDKWDUGDQSDUoDODU
HOGH HGLOHELOPHNWHGLU gUQH÷LQ [14] oDOÕúPDVÕQGD EX VÕ]ÕQWÕ
problemi LPNkQVÕ] GLIHUDQVL\HO VDOGÕUÕVÕQGD NXOODQÕOPÕúWÕU
%XSUREOHPLQ|QQHJHoPHNLoLQDOWDQDKWDUODUÕQELUELULQGHQ
ED÷ÕPVÕ]RODUDNUHWLOPHVLELU\|QWHPRODUDNNXOODQÕODELOLU
IV.
AES ANAHTAR *(1øù/(70( 587ø1ø1ø1
*hd/(1'ø5ø/0(6ø
%|OP ¶WH LIDGH HGLOGL÷L JLEL $(6 DQDKWDU JHQLúOHWPH
UXWLQLLNL|QHPOL]DDIDVDKLSWLU \DYDú\D\ÕOÕPYHELWVÕ]ÕQWÕ.
Bu ]DDIODUGDQ UXWLQGHNL \DYDú \D\ÕOÕPÕQ JLGHULOPHVL LoLQ
|QFHOLNOH JHoLFL ti GH÷HUOHUL HOGH HGLOLUNHQ ELU \D\ÕOÕP
HOHPDQÕQD daha LKWL\Do GX\XOGX÷X J|]OHQPHNWHGLU
'ROD\ÕVÕ\OD EX HNVLN \D\ÕOÕP HOHPDQÕ $(6 úLIUHVLQLQ G|QJ
IRQNVL\RQXQGD
NXOODQÕODn
Mi[&ROXPQV
6WXQODUÕ
.DUÕúWÕUPD G|QúPQQ NXOODQÕOPDVÕ LOH JLGHULOHELOLU
'L÷HU \DQGDQ ùHNLO ¶WH YHULOHQ \HQL DQDKWDU JHQLúOHWPH
UXWLQLQGH J|VWHULOGL÷L JLEL GHID orijinal AES anahtar
JHQLúOHWPHUXWLQLQLQ\UWOPHVLYHJHoLFLti GH÷HUOHULQLQHOGH
HGLOGL÷L \HQL \DSÕQÕQ NXOODQÕPÕ LOH L\L \D\ÕOÕP VD÷OD\DQ ELU
rutin elde edilebilir. $OWDQDKWDUODUÕQ HOGHHGLOPHVLHVQDVÕQGD,
JL]OL DQDKWDU LOH ;25¶ODPD LúOHPLQH JLUHQ G|QJ VDELWLQLQ
VRQXFDHNOHQPHVLELWVÕ]ÕQWÕSUREOHPLQLGHJLGHUHFHNWLUYine
fDUNOÕ DOW DQDKWDUODUÕQ HOGH HGLOPHVL LoLQ NXOODQÕODQ G|QJ
VDELWLQLQWHUVVÕUDGD5&21R 1) sonuca eklenmesi ile RCON
GH÷HUOHULQLQ JL]OL DQDKWDU ROPDVÕ GXUXPXQGD bu gizli
DQDKWDUODUÕQ IDUNOÕ DOW DQDKWDUODU UHWHELOPHVL VD÷ODQDFDN YH
ROXúDELOHFHN ELU VLPHWUL JLGHULOHELOHFHNWLU 5&21 GH÷HUL
(r0 , r1,...,r15 ) úHNOLQGH E\WH GH÷HULQL WHPVLO HGHUVH,
RCONR GH÷HUi (r15 , r14 ,...,r0 ) E\WHGH÷HULQWHUVVÕUDVÕQÕ
temsil eder. 6RQXo RODUDN ùHNLO ¶WHNL YHULOHQ \HQL DQDKWDU
JHQLúOHWPHUXWLQLQGHGL÷HUDQDKWDUODUÕQHOGHHGLOPHVLVDGHFH
IDUNOÕ 5&21 GH÷HUOHULQLQ EX \DSÕ\D X\JXODQPDVÕ LOH
VD÷ODQDFDNWÕU AES-192 ve AES 2 YHUVL\RQODUÕ LoLQ
DQDKWDU JHQLúOHWPH UXWLQL ùHNLO ¶WH YHULOHQ \DSÕ LOH D\QÕ
ROPDNOD EHUDEHU G|QJ VDELWL GH÷HUOHUL VÕUDVÕ\OD -bit ve
256-ELW GH÷HUOHUH VDKLS RODFDNWÕU %XQD HN RODUDN GHID
X\JXODQDQ RULMLQDO $(6 DQDKWDU JHQLúOHWme rutinindeki 4
kelime \HULQHVÕUDVÕ\ODYHNHOLPHNXOODQÕODFDNWÕU
ùHNLO AES -LoLQ|QHULOHQDQDKWDUJHQLúOHWPHUXWLQL
TABLO 2
AES-LoLQ|QHULOHQanahtaUJHQLúOHWPHUXWLQLLoLQLONDOW
DQDKWDUÕQHOGHHGLOPHVL
gUQHN7DEOR¶GHYHULOHQ-biWE\NO÷QGHNLELUJL]OL
DQDKWDUGDQ EORN úLIUH LoLQ LON DOW DQDKWDUÕQ HOGH HGLOPHVL
J|VWHULOPHNWHGLU
gUQHN 7DEOR ¶WH YHULOHQ DUDODUÕQGD -ELW GH÷LúLPH VDKLS
LNL JL]OL DQDKWDU LoLQ DOW DQDKWDUODU DUDVÕQGDNL ELW GH÷LúLPL
%'J|VWHULOPHNWHGLU
gUQHN 7DEOR ¶WH $(6- LoLQ |QHULOHQ DQDKWDU
JHQLúOHWPH UXWLQL LoLQ KHU JL]OL DQDKWDUÕQ IDUNOÕ ELW
pozisyonunda 1-ELWGH÷LúLPLVRQXFXHOGHHGLOHQRUWDODPDELW
GH÷LúLPL YHULOPLúWLU $\UÕFD EX RUWDODPDODU KHU G|QJ
DQDKWDUÕ YH IDUNOÕ JL]OL DQDKWDU LoLQ HOGH HGLOPLúWLU
6RQXoODUoÕ÷|]HOOL÷LDoÕVÕQGDQL\LVRQXoODUYHUPHNWHGLU
TABLO 3
Proceedings/Bildiriler Kitabı
350
20-21 September /Eylül 2013 | Ankara / TURKEY
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
AES-128 için önerilen DQDKWDUJHQLúOHWPHUXWLQLLOHUHWLOPLúELUELWGH÷LúLPHVDKLSLNLJL]OLDQDKWDUGDQHOGHHGLOHQG|QJ
DQDKWDUODUÕ NPHVLQLQELWGH÷LúLPOHULDoÕVÕQGDQNDUúÕODúWÕUÕOPDVÕ
TABLO 4
AES-128 için önerilen DQDKWDUJHQLúOHWPHUXWLQLLOHJL]OLDQDKWDUGDQUHWLOPLúDOWDQDKWDUODUÕQIDUNOÕELWSR]LV\RQXLoLQ
RUWDODPDELWGH÷LúLPOHUL
V. %ø5 BLOK ùø)5('(1 %$ö,06,= ANAHTAR
*(1øù/(70( 587ø1ø1 TASARIMI
BöOP ¶WH $(6 EORN úLIUHVL LoLQ |QH VUOHQ rutinden
\ROD oÕNDUDN ELU EORN úLIUHGHQ ED÷ÕPVÕ] DQDKWDU JHQLúOHWPH
UXWLQLPLPDULVLRUWD\DNRQDELOLU*QP]GHNXOODQÕODQEORN
úLIUHOHU JHQHOOLNOH NHQGL EQ\HOHULQGH EXOXQDQ HOHPDQODUÕ
kullanan DQDKWDU JHQLúletme rutinlerine sahiptir. Bununla
beraber EX EORN úLIUHOHULQ G|QJ IRQNVL\RQODUÕQÕQ
WDVDUÕPÕQGD yer GH÷LúWLUPH NDWPDQÕ RODUDN NXOODQÕODQ 6kutXODUÕ 4-bit (lightweight-KDILIVLNOHWEORNúLIUHOHUya da 8bit boyutunda RODFDN úHNLOGH tercih edilmektedir. 'L÷HU
\DQGDQ X\JXODPD HWNLQOL÷L DQDKWDU JHQLúOHWPH UXWLQOHUL LoLQ
önemli bir kriterdir. ùHNLO ¶WH YHULOHQ PLPDULGH JHoLFL ti
GH÷HUOHULQLQ HOGH HGLOPHVL LoLQ LNL IDUNOÕ PLPDUL RUWD\D
konabilir:
1- <D\ÕOÕP –<HU GH÷LúWLUPH – <D\ÕOÕP '6'
Diffusion-Substitution-Diffusion),
2- <HU GH÷LúWLUPH –<D\ÕOÕP – <HU GH÷LúWLUPH 6'6
Substitution-Diffusion-Substitution).
9HULOHQEXLNLPLPDULGH\D\ÕOÕPNDWPDQÕQÕQL\LX\JXODPD
20-21 September /Eylül 2013 | Ankara / TURKEY
|]HOOL÷LQH \NVHN GDOODQPD VD\ÕVÕ EUDQFK QXPEHU
GH÷HULQH YH RODELOGL÷LQFH D] VDELW QRNWDVD\ÕVÕna [21] sahip
ROPDVÕ VDELW QRNWD LVWHQHELOHFHN |]HOOLNOHU RODUDN
NDUúÕPÕ]D oÕNDFDNWÕU %ORN úLIUHGHQ ED÷ÕPVÕ] WDVDUODQDFDN
DQDKWDUJHQLúOHWPHUXWLQLQGHQIDUNOÕER\XWODUGDDOWDQDKWDUODU
UHWLOHELOPHVL YH JHQLúOHWPH UXWLQLQin S-kutusunun
E\NO÷QGHQ ED÷ÕPVÕ]RODELOPHVLL\LELU\D\ÕOÕPHOHPDQÕQ
VHoLPL LOH VD÷ODQDELOLU 'ROD\ÕVÕ\OD EDKVHGLOHQ |]HOOLNOHUL
NDUúÕOD\DELOHFHN \D\ÕOÕP HOHPDQÕ RODUDN LNLOL PDWULVOHU
GDOODQPD VD\ÕVÕ \NVHNVDELWQRNWDVD\ÕVÕGúNYHVDGHFH
;25 LúOHPL WDEDQOÕ VHoLOHELOLU gUQH÷LQ î î î
ER\XWXQGD LNLOL PDWULVOHULQ PDNVLPXP GDOODQPD VD\ÕODUÕ
VÕUDVÕ\OD YH ¶WLU [22] YH VDGHFH ;25 LúOHPL WDEDQOÕ
RODUDN X\JXODPDODUÕ JHUoHNOHúWLULOHELOLU Sahip olunan SNXWXVXE\NO÷YHUHWLOHFHNDOWDQDKWDUE\NO÷QHJ|UH
ùHNLO ¶WH YHULOHQ \DSÕ JHoLFL ti GH÷HUOHULQLQ HOGH HGLOPHVL
LoLQ LNL IDUNOÕ PLPDULGHQ ELULQLQ VHoLOPHVL YH X\JXQ
|]HOOLNOHUGHLNLOLPDWULVLQNXOODQÕOPDVÕLOHLVWHQHQER\XWWDDOW
DQDKWDU UHWHQ ELU DQDKWDU JHQLúOHWPH UXWLQL KDOLQH
getirilebilir.
gUQHN 256-bit alW DQDKWDU UHWHQ EORN úLIUHGHQ ED÷ÕPVÕ]
ELUDQDKWDUJHQLúOHWPHUXWLQLQWDVDUÕPÕiçin elimizde 8-bit Skutusu (AES S-NXWXVX î ER\XWXQGD (GDOODQPD VD\ÕVÕ
351
Proceedings/Bildiriler Kitabı
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
GH÷HUL YH VDELW QRNWD\D VDKLS [23]) ikili matris olsun.
%XQDHNRODUDNùHNLO¶te AES-LoLQ|nerilen rutinde 32ELW JHoLFL ti GH÷HUOHUL \HULQH -bit ti GH÷HUOHUL NXOODQÕOVÕQ
OrijLQDO $(6 DQDKWDU UXWLQLQLQ \UWOPH VD\ÕVÕ 4 olarak
VHoLOVLQ 7HNUDU HWPH LúOHPLQLQ VD\ÕVÕ GHQH\VHO VRQXoODUOD
belirlenmesi GDKDX\JXQRODFDNWÕU. ùHNLOYHùHNLO¶WH bir
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
EORNúLIUHGHQED÷ÕPVÕ]DQDKWDUJHQLúOHWPHUXWLQL bu rutinde
NXOODQÕODFDN JHoLFL ti GH÷HUOHULnin elde edilmesinde
NXOODQÕODFDN LNL PLPDUL YH |UQHN ELU î ER\XWXQGD
GDOODQPD VD\ÕVÕ GH÷HUL YH VDELW QRNWD\D VDKLS ikili
matris verilmektedir.
ùHNLO %ORNúLIUHGHQED÷ÕPVÕ]-ELWDQDKWDUJHQLúletme rutini (dw: double word-64-ELWGH÷HULWHPVLOHGHU
ùHNLO5. 256-ELWDQDKWDUJHQLúOHWPHUXWLQLQGHJHoLFLti GH÷HUOHULQLQHOGHHGLOPHVLQGHNXOODQÕODELOHFHNLNLPLPDUL
Proceedings/Bildiriler Kitabı
352
20-21 September /Eylül 2013 | Ankara / TURKEY
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
VI. 6218d/$5
%X oDOÕúPDGD $(6 EORN úLIUHVLQGH NXOODQÕODQ DQDKWDU
JHQLúOHWPH UXWLQL LQFHOHPLú YH EX UXWLQGHNL SUREOHPOHU
LUGHOHQPLúWLU $(6 EORN úLIUHVLQLQ DQDKWDU JHQLúOHWPH
UXWLQLQGHNL ]DDIODUÕ JLGHUHQ YH RULMLQDO \DSÕ ]HULQGH EDVit
GH÷LúLNOLNOHU \DSÕODUDN HOGH HGLOHQ JHOLúPLú \HQL bir anahtar
JHQLúOHWPH UXWLQL RUWD\D NRQPXúWXU dDOÕúPDQÕQ VRQ
E|OPQGHGHEXJHOLúWLULOHQUXWLQGHQID\GDODQÕODUDNELUEORN
úLIUHGHQ ED÷ÕPVÕ] oHúLWOL E\NONOHUGH DOW DQDKWDU UHWHQ
DQDKWDU JHQLúOHWPH UXWLQLQLQ QDVÕO WDVDUÕPÕQÕQ \DSÕODFD÷Õ
WDUWÕúÕODUDN Eu tip bir anahtar JHQLúOHWPH UXWLQL LoLQ |UQHN
YHULOPLúWLU
KAYNAKLAR
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
US National Institute of Standards and Technology, Data Encryption
Standard, Federal Information Processing Standards Publications, No.
46-3, 1999.
US National Institute of Standards and Technology, Advanced
Encryption Standard, Federal Information Processing Standards
Publications}, No. 197, 2001.
B. A. Forouzan, Cryptography and Network Security, McGraw-Hill
International Edition, 2008.
%$VODQ076DNDOOÕ(%XOXúhV+DULWDODPD7DEDQOÕ&HELUVHOELW JLULú -ELW oÕNÕúOÕ 6-NXWXODUÕQÕQ 6ÕQÕIODQGÕUÕOPDVÕ $÷ YH %LOJL
Ulusal Sempozyumu 2, Girne-.ÕEUÕV
%$VODQ076DNDOOÕ(%XOXú&ODVVLI\LQJ-bit to 8-bit S-boxes
based on Power Mappings from the point of DDT and LAT
Distributions, In Proceedings of International Workshop on the
Arithmetic of Finite Fields, WAIFI 2008, Lecture Notes in Computer
Science, Vol. 5130, Springer-Verlag, 2008; 123-133.
G. Jakimoski, Y. Desmedt, Related-Key Differential Cryptanalysis of
192-bit Key AES Variants, In Proceedings of Selected Areas in
Cryptography (SAC 2003), Lecture Notes in Computer Science, Vol.
3006, Springer-Verlag, 2004; 208-221.
E. Biham, O. Dunkelman, N. Keller, Relate-Key Impossible
Differential Attacks on 8-Round AES-192, In Proceedings of Topics
in Cryptology-CT-RSA 2006, The Cryptographers' Track at the RSA
Conference 2006, Lecture Notes in Computer Science, Vol. 3860,
Springer-Verlag, 2006; 21-33.
W. Zhang, W. Wu, L. Zhang, D. Feng , Improved Related-Key
Impossible Differential Attacks on Reduced-Round AES-192, In
Proceedings of Selected Areas in Cryptography (SAC 2006), Lecture
Notes in Computer Science, Vol. 4356, Springer-Verlag, 2007; 1527.
E. Biham, O. Dunkelman, N. Keller, Related-Key Boomerang and
Rectangle Attacks., In Proceedings of EUROCRYPT 2005, Lecture
Notes in Computer Science, Vol. 3494, Springer-Verlag, 2005; 507525.
J. Kim, S. Hong, B. Preneel, Related-Key Rectangle Attacks on
Reduced AES-192 and AES-256, In Proceedings of FSE 2007,
Lecture Notes in Computer Science, Vol. 4593, Springer-Verlag,
2007; 225-241.
A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich, A. Shamir,
Key Recovery Attacks of Practical Complexity on AES Variants With
Up To 10 Rounds, Cryptology ePrint Archive, Report 2009/374,
2009. Available at http://eprint.iacr.org/2009/374/.
N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner,
D. Whiting, Improved Cryptanalysis of Rijndael, In Proceedings of
FSE 2000, Lecture Notes in Computer Science, Vol. 1978, SpringerVerlag, 2001; 213-230.
E. Fleischmann, M. Gorski, S. Lucks, Attacking 9 and 10 Rounds of
AES-256, In Proceedings of ACISP 2009, Lecture Notes in Computer
Science, Vol. 5594, Springer-Verlag, 2009; 60-72.
RC-W. Phan, Impossible differential cryptanalysis of 7-round
Advanced Encryption Standard (AES), Information Processing
Letters, 2004; 91 (1):33-38.
L. May, M. Henricksen, W. Millan, G. Carter, E. Dawson,
Strengthening the Key Schedule of the AES, In Proceedings of
ACISP 2002, Lecture Notes in Computer Science, Vol. 2384,
Springer-Verlag, 2002; 226-240.
L. Knudsen, Practically Secure Feistel Ciphers, In Proceedings of
FSE 1993, Lecture Notes in Computer Science, Vol. 809, SpringerVerlag, 1993; 211-221.
20-21 September /Eylül 2013 | Ankara / TURKEY
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
[17] M. Matsui, Linear Cryptanalysis Method for DES Cipher, In
Proceedings of EUROCRYPT 93, Lecture Notes in Computer
Science, Vol. 765, Springer-Verlag, 1994; 386-397.
[18] E. Biham, A. Shamir, Differential Cryptanalysis of DES-like
&U\SWRV\VWHPV ,Q 3URFHHGLQJV RI &5<372¶ /HFWXUH 1RWHV LQ
Computer Science, Vol. 537, Springer-Verlag, 1990; 2-21.
[19] A. Biryukov, D. Khovratovich, Related-key Cryptanalysis of the Full
AES-192 and AES-256. Cryptology ePrint Archive, Report 2009/317,
2009. Available at http://eprint.iacr.org/2009/317/.
[20] A. Biryukov, Khovratovich D. Related-key Cryptanalysis of the Full
AES-192 and AES-256. In Proceedings of ASIACRYPT 2009,
Lecture Notes in Computer Science, Vol. 5912, Springer-Verlag,
2009; 1-18.
[21] M.R. Z'aba, Analysis of Linear Relationships in Block Ciphers, Ph.D.
Thesis, Queensland University of Technology, Brisbane, Australia,
2010.
[22] D. Kwon, S. H. Sung, J. H. Song, S. Park, Design of Block Ciphers
and Coding Theory, Trends in Mathematics, 2005; 8(1):13-20.
[23] % $VODQ 0 7 6DNDOOÕ $OJHEUDLFFRQVWUXFWLRQRIFU\SWRJUDSKLFDOO\
good binary linear transformations, Security and Communication
Networks (2012) doi:10.1002/sec.556.
353
Proceedings/Bildiriler Kitabı

Benzer belgeler

Siber Saldırı Hedefleri ve TürNiye`de Siber GüvenliN Stratejisi

Siber Saldırı Hedefleri ve TürNiye`de Siber GüvenliN Stratejisi \|QHWPHN LoLQ NRQWURO PHUNH]LQL NXOODQPDN SHQHWUDV\RQ WHVWOHULQL \DSPDN JoO NLPOLN GR÷UXODPD DOJRULWPDODUÕQÕQ NXOODQÕOPDVÕQÕ VD÷ODPDN YH ORJ WDNLSOHULQLQ \DSÕOPDVÕQD |QHP YHU...

Detaylı

DNS Güçlendirme Saldırısı RisN Analizi

DNS Güçlendirme Saldırısı RisN Analizi oDOÕúPDDGÕPODUÕDúD÷ÕGDNLJLELGLU a) Betik, hedef olarak verilen sistemin DNS sorgu portuna (UDP/53) NHQGLNRQWUROQGHROPDVÕPPNQ ROPD\DQELUDODQDGÕLoLQ gULVFRUJ '16LVWHPFLVL LOH V...

Detaylı

Özgün Bir Şifreleme Algoritması Kullanan Güvenli E

Özgün Bir Şifreleme Algoritması Kullanan Güvenli E ùLIUHOHPHLúOHPLQHJHOHQNDUDNWHUOLNGL]LLONRODUDN\HU GH÷LúWLUPHLúOHPLQHWDELWXWXOXUøONNDUDNWHUYHVRQ NDUDNWHU\HUGH÷LúWLULU Detaylı

Gürültünün Mod-Kilitli Lazerlere Etkisi

Gürültünün Mod-Kilitli Lazerlere Etkisi HPGHQ JHQLú ELU IUHNDQV DUDOÕ÷ÕQGD oHYLUL-VÕQÕUOÕ ., sp ve 0 SDUDPHWUHOHULQLQ GH÷HULQLQ DUWPDVÕ\OD JUOW DUWPÕúWÕU <NVHN JUOW seviyesi, RIN spekrumunda çeviri-VÕQÕUOÕ GDUEHOHULQ UHWLOPHVLQ...

Detaylı

Donanımsal Truva Atı Tespiti EtNinliN Analizi

Donanımsal Truva Atı Tespiti EtNinliN Analizi ELOGLUPLúWLU )LUPD EXQODUÕQ UHWLP DúDPDVÕQGDNL GHQH\VHO oDOÕúPDODUGDQ VRQUD XQXWXODQ |]HOOLNOHU ROGX÷XQX LGGLD HWPLú ROPDNOD EHUDEHU GROD\OÕ ELU úHNLOGH EX DUND NDSÕODUÕQ YD...

Detaylı

Bulut Bilişim Kapsamında Ortaya ÇıNabileceN Hukukî Sorunlar

Bulut Bilişim Kapsamında Ortaya ÇıNabileceN Hukukî Sorunlar EXOXQPD\DQPHWLQOHUoHUoHYHV|]OHúPHQLQELUSDUoDVÕQÕ ROXúWXUXUODUPÕ" b) øONVRUX\D³eYHW´ GHQHELOLUVHEXPHWLQOHUGH\D]DQúDUWODU NDUúÕOÕNOÕ RODUDN J|UúOS NDEXO HGLOPHGHQ PXWODN RO...

Detaylı
2025 © doczz.biz.tr
Hakkımızda | DMCA / GDPR | Taciz