CS 381: Network

Security
Week-5 Lecture-2
Block Cipher Modes of Operation

Dr. Razi Arshad

 Outline
 Modes of Operation
 Electronic Codebook (ECB) Mode
 Cipher Block Chaining (CBC) Mode
 Cipher Feedback (CFB) Mode
 Output Feedback (OFB) Mode
 Counter (CTR) Mode
 Modes of Operation
 A mode of operation is a technique for enhancing
the effect of a cryptographic algorithm
 To apply a block cipher in a variety of applications,
four "modes of operation" were defined by NIST
(FIPS 811) in 1980
 As new applications and requirements appeared,
NIST has expanded the list of recommended
modes to five in Special Publication (SP 800-38A2)
in 2001
1.https://csrc.nist.gov/csrc/media/publications/fips/81/archive/1980-12-
02/documents/fips81.pdf
2.https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-
38a.pdf
 Criteria for Block Cipher
Modes of Operation
 Overhead – Are there any additional operations
for encryption and decryption using the block
cipher
 Error propagation – Whether an error in the ith
ciphertext block is inherited by ith plaintext block and
subsequent plaintext blocks
 Diffusion – How are the plaintext statistics reflected
in the ciphertext
 Security – Do ciphertext blocks leak information
about the plaintext blocks
 Electronic Codebook (ECB)
Mode
 Each plaintext block is independently encrypted
with the same key
 Last block is padded appropriately (using 000…)
 Useful for transmission of a single block (e.g.
session key) or a small number of blocks
 Called a codebook because, for a given key, each
block of plaintext produces a unique ciphertext
Electronic Codebook (ECB)
Mode
 Electronic Codebook (ECB)
Mode Limitations
 May not be secure for lengthy message
 Same plaintext blocks always produce the same
ciphertext block
Name Position Bonus

A d a m s , L e s l i e C l e r k $ 1 0

B l a c k , R o b i n B o s s $ 5 0 0

C o l l i n s , K i m M a n a g e r $ 1 0 0

D a v i s , B o b b i e J a n i t o r $ 5

Bytes 16 8 8
 Cipher Block Chaining
(CBC) Mode
 An appropriate mode for encrypting messages of length
greater than 64/128 bits for DES/AES
 Same plaintext blocks produce different ciphertext blocks
 Prior to encrypting a plaintext block, XOR it with the
previous ciphertext block
 For first block, need “initialization vector”, IV
 IV must be known to sender and receiver only

 Each ciphertext block is dependent on all message blocks

before it.
 Most common mode of use when data available in advance
(email, ftp, web)
Cipher Block Chaining
(CBC) Mode
 Cipher Block Chaining
(CBC) Mode Limitations
 Each ciphertext block is dependent on all
message blocks before it

 Error in one block corrupts several blocks in

succession