Scribd Logo
Upload

Welcome to Scribd!

  • Dvanced Etwork Ecurity: M Z Q D C S F, I

    Uploaded by

    Zee Shan
    8 views17 pages

    Original Title

    ANS-Lecture-5-BlockCiphers-ModesOfOperations

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views17 pages

    Dvanced Etwork Ecurity: M Z Q D C S F, I

    Uploaded by

    Zee Shan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    ADVANCED NETWORK SECURITY

    Lecture 5 – Block Ciphers Modes of Operations

    M UHAMMAD Z ESHAN Q URASHI


    D EPARTMENT OF C OMPUTER S CIENCE
    F UUAST,I SLAMABAD
    Lecture Agenda
    To show how modern standard ciphers, such as DES or AES, can be used to encipher long
    messages

    To discuss five modes of operation designed to be used with modern block ciphers

    To define which mode of operation creates stream ciphers out of the underlying block ciphers

    ADVANCED NETWORK SECURITY 2


    Message Padding
    The plaintext message is broken into blocks, P1, P2, P3, ...
    The last block may be short and may needs padding
    Possible padding:
    ◦ Known non-data values (e.g. NULLS)
    ◦ Or a number indicating the size of the pad
    ◦ Or a number indicating the size of the plaintext
    ◦ The last two schemes may require an extra block.

    ADVANCED NETWORK SECURITY 3


    Modes of Operations

    ADVANCED NETWORK SECURITY 4


    Electronic Code Book - ECB
    The simplest mode of operation - ECB
    For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block
    has an entry, hence the name Electronic Code Book is used.

    ADVANCED NETWORK SECURITY 5


    About ECB
    Strength: it’s simple.
    No Error Propagation
    Weakness:
    ◦ Repetitive information contained in the plaintext may show in the ciphertext
    ◦ If the same message (e.g., an CNIC) is encrypted (with the same key) and sent twice, their ciphertexts are the same.

    Typical application
    ◦ Secure transmission of short pieces of information (e.g. a temporary encryption key)

    ADVANCED NETWORK SECURITY 6


    Error Propagation?
    A single bit error in transmission can create errors in several in the corresponding block.
    However, the error does not, in ECB, have any effect on the other blocks.

    ADVANCED NETWORK SECURITY 7


    ECB Weakness
    Assume that Eve works in a company a few hours per month (her monthly payment is very low).
    She knows that the company uses several blocks of information for each employee in which the
    seventh block is the amount of money to be deposited in the employee’s account.
    Eve can intercept the ciphertext sent to the bank at the end of the month, replace the block with
    the information about her payment with a copy of the block with the information about the
    payment of a full-time colleague.
    Each month Eve can receive more money than she deserves.

    This is known as Replay attack

    ADVANCED NETWORK SECURITY 8


    ECB Weakness
    ECB can leave plaintext data patterns in the ciphertext, as can be seen when ECB mode is used to
    encrypt a bitmap image which uses large areas of uniform color. Although each individual pixel is
    encrypted, the overall image may still be discerned as the pattern of identically colored pixels in the
    original remains in the encrypted version.

    ADVANCED NETWORK SECURITY 9


    Cipher Block Chaining - CBC
    In CBC mode, each plaintext block is XOR-ed with the previous ciphertext block before being
    encrypted. Invented by IBM in 1976

    ADVANCED NETWORK SECURITY 10


    Cipher Block Chaining - CBC
    CBC has been the most commonly used mode of operation.
    The initialization vector (IV) should be known by the sender and the receiver.
    Disadvantages
    ◦ Encryption is sequential (i.e., it cannot be parallelized)
    ◦ A single bit error in ciphertext block during transmission may create error in most bits in
    plaintext block
    ◦ The message must be padded to a multiple of the cipher block size.
    Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent
    plaintext blocks will be correct.
    Note: Decryption can be parallelized

    ADVANCED NETWORK SECURITY 11


    Cipher Feedback (CFB) Mode
    The previous block’s ciphertext is re-
    encrypted and XOR-ed with plain text.

    Note that encryption algorithm is used in


    both CFB Encryption and Decryption

    ADVANCED NETWORK SECURITY 12


    CFB as Stream Cipher

    ADVANCED NETWORK SECURITY 13


    Output Feedback (OFB) Mode
    The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher.

    ADVANCED NETWORK SECURITY 14


    Counter (CTR) Mode
    In the counter (CTR) mode, there is no feedback. The pseudorandomness in the key stream is
    achieved using a counter.

    ADVANCED NETWORK SECURITY 15


    Counter (CTR) Mode as a Stream Cipher

    ADVANCED NETWORK SECURITY 16


    Summary

    ADVANCED NETWORK SECURITY 17

    You might also like