7 & 8 - NS - Modes Chap 4

1
Network Security: Modes of Operation Chap # 4
Network Security: Private

Communication in a Public world by Charlie
Kaufman , Radia Perlman & Mike Speciner
Punjab University College Of Information & Technology Lahore
Umair Bilal Chaudhry; Umair.bilal@pucit.edu.pk

Secret Key Cryptography Modes of Operation
Encrypting Large Messages
Most secret key ciphers are block cipher w/ fixed size input
How to encrypt a large message?
Fall 2014 28 / 42
Encrypting Large Messages
Most secret key ciphers are block cipher w/ fixed size input
How to encrypt a large message?
Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
k-Bit Cipher Feedback Mode (CFB)
k-Bit Output Feedback Mode (OFB)
Counter Mode (CTR)
Fall 2014 28 / 42
Issues to Consider
Information leakage
does it reveal info about the plaintext blocks?
Fall 2014 29 / 42
Issues to Consider
Information leakage
Ciphertext manipulation
can an attacker modify ciphertext in a way that will produce a
predictable/desired change in the decrypted plaintext?
Fall 2014 29 / 42
Issues to Consider
Information leakage
Parallel/Sequential
can the cipher encrypt/decrypt blocks in parallel?
Fall 2014 29 / 42
Issues to Consider
Information leakage
Parallel/Sequential
can the cipher encrypt/decrypt blocks in parallel?
Error propagation
how many blocks will be affected by a garbled ciphertext block?
Fall 2014 29 / 42
Encrypt each block independently with the key, decrypt the same
Fall 2014 30 / 42
Information leakage?
Fall 2014 30 / 42
ciphertext for identical plaintext blocks are the same
Fall 2014 30 / 42
Ciphertext manipulation?
Fall 2014 30 / 42
attacker can cut and paste ciphertext blocks
Fall 2014 30 / 42
Parallel encryption/decryption?
Fall 2014 30 / 42
Error propagation?
Fall 2014 30 / 42
Fall 2014 31 / 42
Encryption
previous ciphertext block to the message block, then encrypt it
Cn = K { mn Cn1} = E(mn Cn1, K )
use IV (not secret) so ciphertext of same messages is different
each ciphertext block depends on all previous blocks
Fall 2014 31 / 42
Encryption
previous ciphertext block to the message block, then encrypt it
Cn = K { mn Cn1} = E(mn Cn1, K )
use IV (not secret) so ciphertext of same messages is different
each ciphertext block depends on all previous blocks
Decryption
mn = D(Cn, K ) Cn1
each plaintext block depends on ??? ciphertext blocks
Fall 2014 31 / 42
Fall 2014 32 / 42
ciphertext for identical plaintext blocks are different
Fall 2014 32 / 42
Jo knows plaintext of a certain byte of cypher text.
Ex: he knows his last byte is his salary and he knows
his salary to be 54000. Whatever the last cypher will
be will map to 54000. To make 54000 into 74000, he
needs to change the previous cypher so when it is
xord with 54000 gives 74000
Fall 2014 32 / 42
modifying cn predictably changes mn+1 (= D(cn+1, K ) cn), but
garbles mn because mn = D(cn, K ) cn1
Fall 2014 32 / 42
rearranging ciphertext blocks with known < mi , ci > pairs allows
calculation of decrypted plaintext: mn = D(cn, K ) cn1
Fall 2014 32 / 42
Fall 2014 32 / 42
2 nd attack used mostly to
garble data and destroy it
Fall 2014 32 / 42
Cipher Feedback Mode (CFB)
CFB is a stream cipher very similar to OFB

Converts a Block Cipher to Stream Cipher
Does not require waiting for complete block for encryption
k bits shifted are k-bit ciphertext, instead of k-bit one-time pad
one-time pad cannot be generated in advance
Every byte requires a DES encryption
Rearranging attack not that harmful as not much data would
be in 8 bits
Fall 2014 35 / 42
Fall 2014 36 / 42
modifying cn predictably changes mn, but garbles ??? blocks
Fall 2014 36 / 42
encyption - No, decryption - Yes, why???
Fall 2014 36 / 42
encyption - No, decryption - Yes, why???
Fall 2014 36 / 42
Output Feedback Mode (OFB)
OFB is a stream cipher:one-time pad to be ed to message

64-bit OFB has a one-time pad of b0|b1|b2|b3|... with
b0 = K { IV } , b1 = K { b0} , b2 = K { b1} ...
Fall 2014 33 / 42

b0 = K { IV } , b1 = K { b0} , b2 = K { b1} ...
IV must never repeat!!!
Fall 2014 33 / 42

b0 = K { IV } , b1 = K { b0} , b2 = K { b1} ...
pad is independent of the message, can be generated in advance
Fall 2014 33 / 42

b0 = K { IV } , b1 = K { b0} , b2 = K { b1} ...
pad is independent of the message, can be generated in advance
k-bit OFB: only k bits of bn are used
Fall 2014 33 / 42

Fall 2014 34 / 42

Fall 2014 34 / 42

Fall 2014 34 / 42

A few garbled bits would damage only certain bits in the
message and wont effect other messages
Fall 2014 34 / 42

Fall 2014 34 / 42

one-time pad can be generated sequentially
parallel encryption/decryption is possible with pre-generated pad
Fall 2014 34 / 42
Counter Mode
Stream cipher: one-time pad is K { IV } , ..., K { IV + n} , ...

one-time pad can be pre-computed
parallel encryption/decryption is supported
Fall 2014 37 / 42
Secret Key Cryptography Message Authentication Code
Message Authentication
Encryption provides confidentiality for a message

How to use encryption to authenticate a message?
prove the message was created by someone with the key
prove it hasnt been modified except by someone with the key
Fall 2014 38 / 42
Message Integrity with CBC Residue

Encrypt message using CBC mode with IV set to 0
The final ciphertext block is called CBC residue, transmit it with the
plaintext
Confidentiality doesnt matter but integrity does
CBC residue depends on all previous blocks
only someone with the key can generate the correct CBC residue
(except with a probability of 2164)
Fall 2014 39 / 42
Ensuring Privacy and Integrity
Encryption alone doesnt guarantee integrity

decryption just transfers the ciphertext to some message
Fall 2014 40 / 42

CBC encryption plus CBC residue doesnt work
just repeat the final ciphertext block as the CBC residue
Fall 2014 40 / 42

CBC encryption plus CBC residue doesnt work
just repeat the final ciphertext block as the CBC residue
CBC encryption of plaintext plus CBC residue doesnt work
the final ciphertext block is always K0, why?
Fall 2014 40 / 42

7 &amp; 8 - NS - Modes Chap 4

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

7 &amp; 8 - NS - Modes Chap 4

Uploaded by

Copyright:

Available Formats

1

Network Security: Modes of Operation Chap # 4

Network Security: Private

Punjab University College Of Information & Technology Lahore

Umair Bilal Chaudhry; Umair.bilal@pucit.edu.pk

Encrypting Large Messages

Encrypting Large Messages

Electronic Code Book (ECB)

Electronic Code Book (ECB)

Electronic Code Book (ECB)

Electronic Code Book (ECB)

Electronic Code Book (ECB)

Electronic Code Book (ECB)

Electronic Code Book (ECB)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Block Chaining (CBC)

Cipher Feedback Mode (CFB)

CFB is a stream cipher very similar to OFB

Cipher Feedback Mode (CFB)

Cipher Feedback Mode (CFB)

Cipher Feedback Mode (CFB)

Cipher Feedback Mode (CFB)

Output Feedback Mode (OFB)

OFB is a stream cipher:one-time pad to be ed to message

Output Feedback Mode (OFB)

OFB is a stream cipher:one-time pad to be ed to message

Output Feedback Mode (OFB)

OFB is a stream cipher:one-time pad to be ed to message

Output Feedback Mode (OFB)

OFB is a stream cipher:one-time pad to be ed to message

Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

Output Feedback Mode (OFB)

Stream cipher: one-time pad is K { IV } , ..., K { IV + n} , ...

Encryption provides confidentiality for a message

Message Integrity with CBC Residue

Ensuring Privacy and Integrity

Encryption alone doesnt guarantee integrity

Ensuring Privacy and Integrity

Encryption alone doesnt guarantee integrity

Ensuring Privacy and Integrity

Encryption alone doesnt guarantee integrity

You might also like

7 & 8 - NS - Modes Chap 4

7 & 8 - NS - Modes Chap 4