Block Cipher Modes of Operation

Similar documents
Block Cipher Modes of Operation

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Block Cipher Operation. CS 6313 Fall ASU

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CSC 474/574 Information Systems Security

Content of this part

Using block ciphers 1

Lecture 1 Applied Cryptography (Part 1)

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Chapter 3 Block Ciphers and the Data Encryption Standard

CPSC 467b: Cryptography and Computer Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

CIS 4360 Secure Computer Systems Symmetric Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

ECE 646 Lecture 8. Modes of operation of block ciphers

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Double-DES, Triple-DES & Modes of Operation

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Chapter 6 Contemporary Symmetric Ciphers

Misuse-resistant crypto for JOSE/JWT

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

CPSC 467b: Cryptography and Computer Security

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Symmetric key cryptography

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Secret Key Cryptography

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Modern Symmetric Block cipher

Computer Security CS 526

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Practical Aspects of Modern Cryptography

Stream Ciphers An Overview

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Fundamentals of Computer Security

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

3 Symmetric Cryptography

Computer Security 3/23/18

Summary on Crypto Primitives and Protocols

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Crypto: Symmetric-Key Cryptography

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Geldy : A New Modification of Block Cipher

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

The Rectangle Attack

Scanned by CamScanner

Some Aspects of Block Ciphers

L9: Stream and Block Ciphers. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Appendix A: Introduction to cryptographic algorithms and protocols

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

CSE509: (Intro to) Systems Security

Information Security CS526

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Block Cipher Operation

Introduction to Cryptography. Lecture 3

Network Security Essentials Chapter 2

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Stream Ciphers. Stream Ciphers 1

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Data Encryption Standard (DES)

1 Achieving IND-CPA security

Symmetric Cryptography

Introduction to Symmetric Cryptography

Cryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

IDEA, RC5. Modes of operation of block ciphers

Symmetric-Key Cryptography

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven

CSCE 548 Building Secure Software Symmetric Cryptography

Message authentication codes

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

MTAT Applied Cryptography

Unit 8 Review. Secure your network! CS144, Stanford University

05 - WLAN Encryption and Data Integrity Protocols

CPSC 467: Cryptography and Computer Security

Symmetric Encryption

Introducing the PIC24F GB2 MCU Family: extreme Low Power with Hardware Crypto Engine

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Stream Ciphers and Block Ciphers

Introduction to Cryptography. Lecture 3

PROTECTING CONVERSATIONS

SOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS

CSE 127: Computer Security Cryptography. Kirill Levchenko

Stream Ciphers and Block Ciphers

Indect Block Cipher Application

Symmetric Encryption. Thierry Sans

Introduction to cryptology (GBIN8U16)

6. Symmetric Block Cipher BLOWFISH Performance. Memory space. 3. Simplicity The length of the key. The length of the data block is 64.

Transcription:

Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney

Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book (ECB) 2.3 Cipher Block Chaining (CBC) 2.4 Output Feedback Mode (OFB) 2.5 Counter Mode (CTR) 2.6 Galois/Counter Mode (GCM)

Crypto-Bulletin

Crypto-Bulletin 15-Year-old Finds Flaw in Ledger Crypto Wallet https://krebsonsecurity.com/2018/03/15-year-old-finds-flaw-in-ledger-crypto-wallet/ GrayKey iphone unlocker poses serious security concerns https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/ Github: Weak cryptographic standards removed https://blog.github.com/2018-02-23-weak-cryptographic-standards-removed/

Modes Of Operation

Cipher Modes of Operation Once a key k is chosen and loaded into a block cipher, E k only operates on single blocks of data. 1. Block size usually small (16 byte blocks for AES) 2. Message to be sent usually large (web page + assets 500kB) 3. Need a way to repeatedly apply the cipher with the same key to a large message. By using different modes of operation, messages of an arbitrary length can be split into blocks and encrypted using a block cipher. Each mode of operation describes how a block cipher is repeatedly applied to encrypt a message and each has certain advantages and disadvantages.

Evaluating Block Ciphers & Modes To evaluate a cipher and a mode of operation, examine: Key Size: Block Size: Upper bound on security, but longer keys add costs (generation, storage, etc.) Larger is better to reduce overheads, but is more costly. Estimated Security Level: Confidence grows the more it is analysed. Throughput: How fast can it be encrypted/decrypted? Can it be pre-computed? Can it be parallelised? Error Propagation: What happens as a result of bit errors or bit loss? The first two points above are relevant only to the cipher, while the last three are relevant to both the cipher and a mode of operation.

Electronic Code Book (ECB) Electronic Code Book (ECB) encrypts each block separately. ECB is generally an insecure and naïve implementation, it is vulnerable to a range of attacks; including dictionary and frequency attacks. It should never be used.

Electronic Code Book (ECB) The problem with ECB: (a) Original Image (b) ECB mode (c) Other mode Encryption of Tux 1 image. It s a substitution cipher, with blocks instead of letters! 1 Tux is the Linux mascot

ECB Properties Identical plaintext blocks result in identical ciphertext blocks Since blocks are enciphered independently, a reordering of ciphertext blocks results in reordering of plaintext blocks. ECB is thus not recommended for messages > 1 block in length. Error propagation: Bit errors only impact the decoding of the corrupted block (block will result in gibberish) Error propagation in ECB

Cipher Block Chaining (CBC) In Cipher Block Chaining (CBC) blocks are chained together using XOR. The Initialisation Vector (IV) is a random value that is transmitted in the clear that ensures the same plaintext and key does not produce the same ciphertext. CBC Mode Encryption

CBC Properties Identical plaintexts result in identical ciphertexts when the same plaintext is enciphered using the same key and IV. Changing at least one of [k, IV, m 0 ] affects this. Rearrangement of ciphertext blocks affects decryption, as ciphertext part c j depends on all of [m 0, m 1,, m j ]. Error propagation: Bit error in ciphertext c j affects deciphering of c j and c j+1.recovered block m j typically results in random bits. Bit errors in recovered block m j+1 are precisely where c j was in error. Attacker can cause predictable bit changes in m j+1 by altering c j. Bit recovery: CBC is self-synchronising in that if a bit error occurs in c j but not c j+1, then c j+2 correctly decrypts to m j+2.

CBC Decryption Ciphertext errors only affect two plaintext blocks, one in a predictable way. Encryption must be done sequentially. Decryption can be random-access and is fully parallelisable. CBC Decryption

Output Feedback Mode (OFB) Output Feedback Mode (OFB) effectively turns a block cipher into a synchronous stream cipher.

OFB Properties Identical plaintext results in identical ciphertext when the same plaintext is enciphered using the same key and IV. Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext independent. Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks cause errors in the same position in the plaintext. Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit loss (misalignment of key stream) Throughput: Key stream may be calculated independently e.g. pre-computed before encryption/decryption become parallelisable. IV must change: Otherwise it becomes a two time pad.

Counter Mode (CTR) Counter Mode (CTR) modifies the IV for each block using a predictable counter function, turning the block cipher into a stream cipher. The counter can be any function (e.g. a PRNG), but it is commonly just an incrementing integer. CTR Mode Encryption

CTR Properties Identical plaintext results in identical ciphertext when the same plaintext is enciphered using the same key and IV. Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext independent. Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks cause errors in the same position in the plaintext. Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit loss (misalignment of key stream) Throughput: Both encryption and decryption can be randomly accessed and/or parallelised: the best we could hope for. IV must change: Otherwise it becomes a two time pad. OFB and CTR share a lot of these properties, because they both make the block cipher act as a stream cipher.

GCM Mode Galois/Counter Mode (GCM) mode is not strictly a cipher mode of operation since it also provides authentication: assurance the ciphertext has not been tampered with. An extension of CTR mode. While encryption happens, the ciphertext blocks are combined into something like a MAC. Unlike HMAC, is parallelisable (you can t combine two HMACs into one larger one). Used for low-latency, high-throughput dedicated hardware applications (network packets). GCM mode is an example of authenticated encryption.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback