Scribd Logo
Upload

Welcome to Scribd!

  • CS6701 Cryptography and Network Security Block Cipher: Modes of Operation

    Uploaded by

    Tam Remedies
    12 views29 pages
    This document discusses modes of operation for block ciphers. It begins by describing Triple DES, which uses three encryptions with DES to strengthen security. It then covers various modes of operation like electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB) and output feedback (OFB). These modes allow block ciphers to encrypt arbitrary amounts of data by linking blocks together during encryption.

    Original Description:

    Modes of security

    Original Title

    Modes

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses modes of operation for block ciphers. It begins by describing Triple DES, which uses three encryptions with DES to strengthen security. It then covers various modes of operation like electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB) and output feedback (OFB). These modes allow block ciphers to encrypt arbitrary amounts of data by linking blocks together during encryption.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views29 pages

    CS6701 Cryptography and Network Security Block Cipher: Modes of Operation

    Uploaded by

    Tam Remedies
    This document discusses modes of operation for block ciphers. It begins by describing Triple DES, which uses three encryptions with DES to strengthen security. It then covers various modes of operation like electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB) and output feedback (OFB). These modes allow block ciphers to encrypt arbitrary amounts of data by linking blocks together during encryption.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    CS6701

    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation CS6701 Cryptography and Network
    Unit-II
    Security
    Triple DES

    Modes of
    Block cipher: modes of operation
    operation

    Unit-II

    Lecture -2

    July 9, 2018
    Session Meta Data

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II
    Author Dr. J. Bhuvana
    Triple DES
    Reviewer
    Modes of
    operation Version Number 1.2
    Date July 9, 2018
    Session Objectives

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES
    Studying the working of Double DES, Triple DES
    Modes of
    operation
    Different modes of operations
    Session Outcomes

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES At the end of this session, participants will be able to


    Modes of Discuss the Multiple Encryption principles
    operation
    Discuss various modes of block cipher operations
    Agenda

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES
    1 Triple DES
    Modes of
    operation

    2 Modes of operation
    Presentation Outline

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES
    1 Triple DES
    Modes of
    operation

    2 Modes of operation
    Multiple Encryption & DES

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation
    Clear a replacement for DES was needed
    Unit-II
    Theoretical attacks that can break it
    Triple DES

    Modes of
    Demonstrated exhaustive key search attacks
    operation
    AES is a new cipher alternative
    Prior to this alternative was to use multiple encryption
    with DES implementations
    Triple-DES is the chosen form
    Why not Double-DES?

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation could use 2 DES encrypts on each block
    Unit-II C = EK2 (EK 1 (P))
    Triple DES
    concern at time of reduction to single stage
    Modes of
    meet-in-the-middle attack
    operation works whenever use a cipher twice
    since X = EK1 (P) = DK 2 (C)
    attack by encrypting P with all keys and store
    then decrypt C with keys and match X value
    can show takes O(256 ) steps
    Requires known plaintext
    Triple-DES with Two-Keys

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II
    Hence must use 3 encryptions
    would seem to need 3 distinct keys
    Triple DES

    Modes of
    But can use 2 keys with E-D-E sequence
    operation C = EK 1 (DK 2 (EK 1 (P)))
    n.b. encrypt & decrypt equivalent in security
    if K1=K2 then can work with single DES
    no current known practical attacks
    Triple-DES with Three-Keys

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II Although are no practical attacks on two-key Triple-DES


    Triple DES
    have some indications
    Modes of Can use Triple-DES with Three-Keys to avoid even these
    operation
    C = EK 3 (DK 2 (EK 1 (P)))
    Has been adopted by some Internet applications, e.g.,
    PGP, S/MIME
    Presentation Outline

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES
    1 Triple DES
    Modes of
    operation

    2 Modes of operation
    Modes of Operation

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation Block ciphers encrypt fixed size blocks e.g., DES encrypts
    Unit-II 64-bit blocks
    Triple DES Need some way to en/decrypt arbitrary amounts of data in
    Modes of practice
    operation
    NIST SP 800-38A defines 5 modes
    Have block and stream modes
    To cover a wide variety of applications
    Can be used with any block cipher
    Electronic Codebook Book (ECB)

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II
    Message is broken into independent blocks that are
    encrypted
    Triple DES
    Each block is a value which is substituted, like a
    Modes of
    operation codebook, hence name
    Each block is encoded independently of the other blocks
    Ci = EK (Pi )
    Uses: secure transmission of single values
    ECB

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES

    Modes of
    operation
    Advantages and Limitations of ECB

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation message repetitions may show in ciphertext
    Unit-II if aligned with message block
    particularly with data such graphics
    Triple DES
    or with messages that change very little, which become a
    Modes of
    operation code-book analysis problem
    weakness is due to the encrypted message blocks being
    independent
    vulnerable to cut-and-paste attacks
    main use is sending a few blocks of data
    Cipher Block Chaining (CBC)

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation
    message is broken into blocks
    Unit-II linked together in encryption operation
    Triple DES
    each previous cipher block is chained with current
    Modes of plaintext block, hence name
    operation
    use Initial Vector (IV) to start process
    Ci = EK (Pi ⊕ Ci−1 )
    C−1 = IV
    IV prevents same P from making same C
    uses: bulk data encryption, authentication
    CBC

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES

    Modes of
    operation
    Advantages and Limitations of CBC

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    a ciphertext block depends on all blocks before it
    operation
    any change to a block affects all following ciphertext
    Unit-II
    blocks
    Triple DES
    need Initialization Vector (IV) which must be known to
    Modes of
    operation sender & receiver
    if sent in clear, attacker can change bits of first block, by
    changing corresponding bits of IV
    hence IV must either be a fixed value
    or derived in way hard to manipulate
    or sent encrypted in ECB mode before rest of message
    or message integrity must be checked otherwise
    Stream Modes of Operation

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation
    block modes encrypt entire block
    Unit-II
    may need to operate on smaller units - real time data
    Triple DES

    Modes of
    convert block cipher into stream cipher
    operation cipher feedback (CFB) mode
    output feedback (OFB) mode
    counter (CTR) mode
    use block cipher as some form of pseudo-random number
    generator...
    Cipher FeedBack (CFB)

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    message is treated as a stream of bits
    operation
    added to the output of the block cipher
    Unit-II
    result is feed back for next stage (hence name)
    Triple DES
    standard allows any number of bits (1,8, 64 or 128 etc) to
    Modes of
    operation be feed back
    denoted CFB-1, CFB-8, CFB-64, CFB-128, etc.
    most efficient to use all bits in block (64 or 128)
    Ci = Pi ⊕ EK (Ci−1 )
    C−1 = IV
    uses: stream data encryption, authentication
    CFB

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES

    Modes of
    operation
    Advantages and Limitations of CFB

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation
    most common stream mode
    Unit-II
    appropriate when data arrives in bits/bytes
    Triple DES

    Modes of
    limitation is need to stall while do block encryption after
    operation every s-bits
    note that the block cipher is used in encryption mode at
    both ends (XOR)
    errors propagate for several blocks after the error
    Output FeedBack (OFB)

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation
    message is treated as a stream of bits
    Unit-II output of cipher is added to message
    Triple DES
    output is then feed back (hence name)
    Modes of Oi = EK (Oi−1 )
    operation
    Ci = Pi ⊕ Oi
    O−1 = IV
    feedback is independent of message
    can be computed in advance
    uses: stream encryption on noisy channels
    OFB

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES

    Modes of
    operation
    Advantages and Limitations of OFB

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of needs an IV which is unique for each use
    operation
    if ever reuse attacker can recover outputs
    Unit-II
    OTP
    Triple DES

    Modes of can pre-compute


    operation
    bit errors do not propagate
    more vulnerable to message stream modification
    change arbitrary bits by changing ciphertext
    sender & receiver must remain in sync
    only use with full block feedback
    Counter (CTR)

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II
    similar to OFB but encrypts counter value rather than any
    feedback value
    Triple DES
    Oi = EK (i)
    Modes of
    operation Ci = Pi ⊕ Oi
    must have a different key & counter value for every
    plaintext block (never reused) again, OTP issue
    uses: high-speed network encryptions
    CTR

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES

    Modes of
    operation
    Advantages and Limitations of CTR

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of efficiency
    operation

    Unit-II
    can do parallel encryptions in h/w or s/w
    can preprocess in advance of need
    Triple DES

    Modes of good for bursty high speed links


    operation
    random access to encrypted data blocks
    provable security (good as other modes)
    never have cycle less than 2b
    but must ensure never reuse key/counter values, otherwise
    could break (cf OFB)
    Summary

    CS6701
    Cryptography
    and Network
    Security
    Block cipher:
    modes of
    operation

    Unit-II

    Triple DES Multiple Encryption & Triple-DES


    Modes of
    operation Modes of Operation
    ECB, CBC, CFB, OFB, CTR,

    You might also like