Block Cipher Modes of Operation

Similar documents
Block Cipher Modes of Operation

Block Cipher Operation. CS 6313 Fall ASU

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CSC 474/574 Information Systems Security

Lecture 1 Applied Cryptography (Part 1)

Content of this part

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Using block ciphers 1

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Chapter 3 Block Ciphers and the Data Encryption Standard

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

ECE 646 Lecture 8. Modes of operation of block ciphers

Symmetric key cryptography

CPSC 467b: Cryptography and Computer Security

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

Double-DES, Triple-DES & Modes of Operation

Chapter 6 Contemporary Symmetric Ciphers

Secret Key Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CPSC 467b: Cryptography and Computer Security

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Misuse-resistant crypto for JOSE/JWT

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Crypto: Symmetric-Key Cryptography

Modern Symmetric Block cipher

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Fundamentals of Computer Security

3 Symmetric Cryptography

Scanned by CamScanner

L9: Stream and Block Ciphers. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Block Cipher Operation

Practical Aspects of Modern Cryptography

Computer Security CS 526

Introduction to Cryptography. Lecture 3

Geldy : A New Modification of Block Cipher

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Introducing the PIC24F GB2 MCU Family: extreme Low Power with Hardware Crypto Engine

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Some Aspects of Block Ciphers

Summary on Crypto Primitives and Protocols

The Rectangle Attack

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

1 Achieving IND-CPA security

CSE509: (Intro to) Systems Security

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

IDEA, RC5. Modes of operation of block ciphers

Appendix A: Introduction to cryptographic algorithms and protocols

Computer Security 3/23/18

Symmetric-Key Cryptography

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven

Network Security Essentials Chapter 2

Stream Ciphers. Stream Ciphers 1

Stream Ciphers An Overview

CPSC 467: Cryptography and Computer Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security

Information Security CS526

Introduction to Symmetric Cryptography

Introduction to Cryptography. Lecture 3

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Stream Ciphers and Block Ciphers

Data Encryption Standard (DES)

Symmetric Encryption. Thierry Sans

Introduction to cryptology (GBIN8U16)

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CSE484 Final Study Guide

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

MTAT Applied Cryptography

Message authentication codes

Unit 8 Review. Secure your network! CS144, Stanford University

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

CS155. Cryptography Overview

Cryptography 2017 Lecture 3

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Face Protection by Fast Selective Encryption in a Video

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Stream Ciphers and Block Ciphers

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

PROTECTING CONVERSATIONS

CSCE 548 Building Secure Software Symmetric Cryptography

Symmetric Encryption

Transcription:

Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney

Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book (ECB) 2.3 Cipher Block Chaining (CBC) 2.4 Output Feedback Mode (OFB) 2.5 Counter Mode (CTR) 2.6 Galois/Counter Mode (GCM)

Crypto-Bulletin

Crypto-Bulletin How the AFP nabbed an Aussie Anonymous hacker https://www.itnews.com.au/news/how-the-afp-nabbed-an-aussie-anonymous-hacker-455142 Wikileaks publishes large trove of CIA hacking tools https://www.itnews.com.au/news/wikileaks-publishes-large-trove-of-cia-hacking-tools-453899 Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam https://krebsonsecurity.com/2017/03/govt-cybersecurity-contractor-hit-in-w-2-phishing-scam/ This time last year: Slew of dangerous Adobe Flash flaws patched Remote code execution vulnerabilities galore. http://www.itnews.com.au/news/slew-of-dangerous-adobe-flash-flaws-patched-416771

Modes Of Operation

Cipher Modes of Operation Once a key k is chosen and loaded into a block cipher, E k only operates on single blocks of data. 1. Block size usually small (16 byte blocks for AES) 2. Message to be sent usually large (web page + assets 500kB) 3. Need a way to repeatedly apply the cipher with the same key to a large message. By using different modes of operation, messages of an arbitrary length can be split into blocks and encrypted using a block cipher. Each mode of operation describes how a block cipher is repeatedly applied to encrypt a message and each has certain advantages and disadvantages.

Evaluating Block Ciphers & Modes To evaluate a cipher and a mode of operation, examine: Key Size: Block Size: Upper bound on security, but longer keys add costs (generation, storage, etc.) Larger is better to reduce overheads, but is more costly. Estimated Security Level: Confidence grows the more it is analysed. Throughput: How fast can it be encrypted/decrypted? Can it be pre-computed? Can it be parallelised? Error Propagation: What happens as a result of bit errors or bit loss? The first two points above are relevant only to the cipher, while the last three are relevant to both the cipher and a mode of operation.

Electronic Code Book (ECB) Electronic Code Book (ECB) encrypts each block separately. ECB is generally an insecure and naïve implementation, it is vulnerable to a range of attacks; including dictionary and frequency attacks. It should never be used.

Electronic Code Book (ECB) The problem with ECB: (a) Original Image (b) ECB mode (c) Other mode Encryption of Tux 1 image. It s a substitution cipher, with blocks instead of letters! 1 Tux is the Linux mascot

ECB Properties Identical plaintext blocks result in identical ciphertext blocks Since blocks are enciphered independently, a reordering of ciphertext blocks results in reordering of plaintext blocks. ECB is thus not recommended for messages > 1 block in length. Error propagation: Bit errors only impact the decoding of the corrupted block (block will result in gibberish) Error propagation in ECB

Cipher Block Chaining (CBC) In Cipher Block Chaining (CBC) blocks are chained together using XOR. The Initialisation Vector (IV) is a random value that is transmitted in the clear that ensures the same plaintext and key does not produce the same ciphertext. CBC Mode Encryption

CBC Properties Identical plaintexts result in identical ciphertexts when the same plaintext is enciphered using the same key and IV. Changing at least one of [k, IV, m 0 ] affects this. Rearrangement of ciphertext blocks affects decryption, as ciphertext part c j depends on all of [m 0, m 1,, m j ]. Error propagation: Bit error in ciphertext c j affects deciphering of c j and c j+1.recovered block m j typically results in random bits. Bit errors in recovered block m j+1 are precisely where c j was in error. Attacker can cause predictable bit changes in m j+1 by altering c j. Bit recovery: CBC is self-synchronising in that if a bit error occurs in c j but not c j+1, then c j+2 correctly decrypts to m j+2.

CBC Decryption Ciphertext errors only affect two plaintext blocks, one in a predictable way. Encryption must be done sequentially. Decryption can be random-access and is fully parallelisable. CBC Decryption

Output Feedback Mode (OFB) Output Feedback Mode (OFB) effectively turns a block cipher into a synchronous stream cipher.

OFB Properties Identical plaintext results in identical ciphertext when the same plaintext is enciphered using the same key and IV. Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext independent. Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks cause errors in the same position in the plaintext. Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit loss (misalignment of key stream) Throughput: Key stream may be calculated independently e.g. pre-computed before encryption/decryption become parallelisable. IV must change: Otherwise it becomes a two time pad.

Counter Mode (CTR) Counter Mode (CTR) modifies the IV for each block using a predictable counter function, turning the block cipher into a stream cipher. The counter can be any function (e.g. a PRNG), but it is commonly just an incrementing integer. CTR Mode Encryption

CTR Properties Identical plaintext results in identical ciphertext when the same plaintext is enciphered using the same key and IV. Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext independent. Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks cause errors in the same position in the plaintext. Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit loss (misalignment of key stream) Throughput: Both encryption and decryption can be randomly accessed and/or parallelised: the best we could hope for. IV must change: Otherwise it becomes a two time pad. OFB and CTR share a lot of these properties, because they both make the block cipher act as a stream cipher.

GCM Mode Galois/Counter Mode (GCM) mode is not strictly a cipher mode of operation since it also provides authentication: assurance the ciphertext has not been tampered with. An extension of CTR mode. While encryption happens, the ciphertext blocks are combined into something like a MAC. Unlike HMAC, is parallelisable (you can t combine two HMACs into one larger one). Used for low-latency, high-throughput dedicated hardware applications (network packets). GCM mode is an example of authenticated encryption.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback