Encryption Notes
Encryption Notes
Common ciphers
o Monoalphabetic substitution cipher (can be broken w/ frequency analysis)
o Polyalphabetic substitution cipher
o DES (key size=56 bits, block size=64 bits), AES (key size=128,196… bits, block
size=128 bits)
Attack models
o Ciphertext attack: the attacker only knows the ciphertext. If this does not lead to
leakage of further information, the encryption is considered secure.
o Plaintext attack: the attacker knows both plaintext and ciphertext. If this does not
lead to leakage of further information, the encryption is considered secure.
o Chosen plaintext attack: the attacker can choose a specific plaintext and obtain its
corresponding ciphertext. If this does not lead to leakage of further information,
the encryption is considered secure.
Encryption modes
o Electronic Codebook Mode (ECB)
The problem of this encryption mode is the lack of diffusion: identical plaintext
will result in identical ciphertext, which means the structure of plaintext can be
leaked.
int main(){
int i;
for(i = 0; i < 200; ++i){
printf("%x ", xyz[i]);
}
}
Now, we can locate the xyz array inside the program’s binary, and we can divide the
program into three parts:
1. The prefix (whose length must be a multiple of 64)
2. The center (whose length must be 128)
3. The suffix
The center must be inside array xyz completely since it needs to be filled with arbitrary
content without affecting the program’s control logic. We run the MD5 collision
generator on prefix+center, and we require the prefix part of two generated messages to
be the same. As a result, we are able to come up with two versions of this program, which
can be represented by
4. Version 1: prefix+Q
5. Version 2: prefix+P
, where P and Q are different, but both versions have the same hash value. The next step
is to use the length extension technique to concatenate the suffix to these two versions.
As a result, we have created two programs
6. Program 1: prefix+Q+suffix
7. Program 2: prefix+P+suffix
which have identical hash value but have different data stored in xyz array.
To alter the control logic of program 1 and program 2 in the attacker’s favor, one can
check if xyz is still filled with all A’s in later code sections. If xyz is not all A’s, then the
program can start to execute some malicious code. That is to say, we can create two
programs that have the same hash value, but one is benign and the other one is malicious.