Explaining Triple Data Encryption Standard (3DES)

There are many questions as to what Triple Data Encryption Standard (3DES) is and how it works. In order to understand it, we need to know what 3DES is and how it originated.

3DES is a modern variation of DES (Data Encryption Standard), which uses a block of plaintext 64 bits in length, with a 56 bit key. The actual key length equals that of the plaintext. However, the last bit on the right of the key is a parity bit (think of it as padding), and is disregarded as insignificant, which is why 56 bits are the result. (It would be helpful to note that 8 bits equal one byte, you have 8 bytes, each containing 8 bits, equaling a 64 bit block) There were many concerns about the weakness of DES against brute force attacks due to the key length, so 3DES was developed in response to needing a stronger encryption method. 

3DES works in much the same way as DES, except that goes through three cycles during the encryption process, using three keys: encryption, decryption, and another encryption. It has a key length of 192 bits (64 bits x 3 keys), but its actual strength is 168 bits (56 bits x 3 keys). This method is three times as strong as DES, yet it also means that it is three times slower because of the triple processing. (Strong Encryption Package, Triple DES Encryption, n.d.)

Encryption using 3DES is represented as C = E(K3, D(K2,E(K1,P))). Similarly, decryption is the same process backwards: P = D(K1,E(K2,D(K3,C))). (Stallings, 2011) So for both algorithms, assume:

P= Plaintext

C = ciphertext

D= decryption function. 

E = encryption function

Kx = key ordered by placement in operation

Think of ciphertext as the scrambled message you get after encrypting a message and the key as the scrambler of the plaintext or other ciphertext. To explain in further detail, assume that your key is A = B, B = C, and so on until you reach the end of the alphabet. (This is a sample key, but you can design it however you choose. However, nobody else but the intended recipients should have access to the key, as then it would be too easy to decrypt the message, defeating the purpose of encrypting it.) Your message in plaintext is “Don’t forget to drink your Ovaltine”. The key scrambles the plaintext, producing the ciphertext “Epou gpshu up esjol zpvs pwbmujof”. This process is known as the encryption function. The decryption function would take the ciphertext and key to produce the plaintext message.

To continue with the 3DES algorithm, the innermost parentheses are worked first according to mathematical principles, moving outward. In this example, the innermost parentheses are K1 and P, which indicate the first key combined with the plaintext, and are encrypted (note the “E” directly outside of the first set of parenthesis). This produces the first ciphertext, which is in turn combined with the second key (K2), and decrypted (“D” on outside of second set of parenthesis). The resulting ciphertext is combined with the third key (K3), and encrypted one more time (E on the outside of the first set of parenthesis). The third ciphertext is the final outcome of this operation (indicated by “C”). This follows the encrypt-decrypt-encrypt cycle (EDE):

1. Encrypt using first key and plaintext to produce first ciphertext
2. Decrypt using first ciphertext and second key to produce second ciphertext
3. Encrypt using second ciphertext and third key to produce final ciphertext

To decrypt the ciphertext, the same operation is performed backwards, as stated in the beginning. The decryption algorithm is stated as P = D(K1,E(K2,D(K3,C))). Recalling the legend in the above example, we are looking to decipher the plaintext, and start with the innermost parenthesis, K3 and C. Starting with the third key (K3), it is combined with the final ciphertext (C) of the encrypted message to perform the first decryption (“D” on outside of innermost set of parenthesis). The resulting ciphertext is then combined with the second key (K2) to encrypt it (“E” on outside of second set of parenthesis), producing the first ciphertext in the example above. The first ciphertext is combined with the first key (K1) to decrypt it a last time (“D” on outside of all parenthesis), producing the original plaintext. This follows the decrypt-encrypt-decrypt cycle (DED):

1. Decrypt using the third key and final ciphertext to produce the second ciphertext
2. Encrypt using the second ciphertext and the second key to produce the first ciphertext
3. Decrypt using the first ciphertext and the first key to produce the plaintext

One thing to remember is that all three keys should be different. If any of the keys are the same, it would be easier for a hacker to discover the plaintext. For this purpose, several modes of operation were designed for symmetric block ciphers such as 3DES. They include the Electronic Codebook mode (ECB), Cipher Block Chaining mode (CBC), Cipher Feedback mode (CFB), and Counter mode (CTR). While explaining these in detail are out of the scope for this discussion, ECB is a good example of why the same key should not be used. ECB uses the same key for each block of plaintext, and is considered unsecure for long messages. If any two blocks are the same, the ciphertext would be identical. A hacker could decipher the message by method of deduction. (Stallings, 2011)

To summarize, 3DES uses 64-bit symmetric block encryption with three keys, each corresponding to an encryption or decryption function, and follows the EDE cycle to encrypt plaintext, or the DED cycle to decrypt ciphertext. The keys must be kept secret to deter hackers from gaining access to the original plaintext, and should all be independent. 

On a final note, 3DES is the current standard adopted by the National Institute of Standards and Technology (NIST). It is only a temporary fix until the next generation of encryption is fully integrated, the Advanced Encryption Standard (AES). (Strong Encryption Package, Triple DES Encryption, n.d.)

References

1.  Callas, J. (n.d.). Expert advice: Encryption 101 -- Triple DES explained. Information Security information, news and tips - SearchSecurity.com. Retrieved September 11, 2011, from http://searchsecurity.techtarget.com/tip/Expert-advice-Encryption-101-Triple-DES-explained 
2. Distributed Security. (n.d.). Microsoft TechNet: Resources for IT Professionals. Retrieved September 11, 2011, from http://technet.microsoft.com/en-us/library/cc767123.aspx
3. Stallings, W. (2011). Symmetric Encryption and Message Confidentiality. Network security essentials: applications and standards (4th ed., pp. 36-53). Alexandria, VA: Prentice Hall.
4. Strong Encryption Package, Triple DES Encryption. (n.d.). Tropical Software, Security and Privacy Products. Retrieved September 11, 2011, from http://www.tropsoft.com/strongenc/des3.html

  .

Tips for Using Online Storage

Online storage has recently become popular for people who wish to access their information from any computer, backup certain data, speedily transfer files to a designated party, or just need additional storage space that is affordable. Unfortunately, many others take advantage of this service to pirate publicly shared information, mostly music and/or movies. Some storage sites include Rapidshare, Megaupload, and Mediafire. Youtube can technically be considered as online storage, though it is limited to videos.

Don't get me wrong - file sharing can be a really convenient way of transferring data to another party, if you follow some hard and fast rules. First, make sure that you own the file, or gain approval from the owner before uploading. If you choose an online storage site, you might want to consider setting your files to "private" so that it does not turn up in search engines. In addition, protect each file with a password, preferably a different one for each file. That way, if someone does gain access to your link, they will not be able to download the file without the password. Likewise, if they gain access to one password, they will not be able to repeat the process with all your stored files. It may seem like a pain to remember all those passwords, but it is better than a lawsuit for leaking information.

In closing, it is probably not a good idea to store files with sensitive information or copyrighted material. I hope I do not have to reiterate that piracy is a criminal offense, and that online storage should NEVER be used to that end.