0% found this document useful (0 votes)
12 views27 pages

Week 6 Modes

Uploaded by

Haris Ramay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
12 views27 pages

Week 6 Modes

Uploaded by

Haris Ramay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

INFORMATION SECURITY

SENS-4533

Week 7
Block Cipher Modes

Dr Nauman Mazhar
Faculty of Information Technology
University of Central Punjab (UCP)
Outline

 Block cipher modes of operation


◦ Electronic Codebook (ECB)

◦ Cipher Block Chaining (CBC)

◦ Cipher Feedback (CFB)

◦ Output Feedback (OFB)

◦ Counter (CTR)

2
Modes of Operation
 Block ciphers encrypt fixed size blocks
◦ DES 64 bit block, AES 128 bit block

 If plaintext larger than block size


◦ break into smaller blocks

 When multiple blocks encrypted with same key, security


issues arise... !!
 Block Cipher Modes…
“modes are defined to adapt encryption algo for an application,
to enhance effectiveness of algo”
 5 modes defined for block ciphers; cover a range of appl

3
Block Cipher Modes of Operation

 Electronic Codebook (ECB)


Block Modes
 Cipher Block Chaining (CBC)

 Cipher Feedback (CFB)


 Output Feedback (OFB) Stream Modes
 Counter (CTR)

4
Block Modes

5
Electronic Codebook Book (ECB)
 Message broken into ’b’ bit blocks
 All blocks encrypted with same key
Ci = E(K, Pi)
Pi = D(K, Ci)

each block encrypted independent of others

 Cipher regarded as gigantic ‘Codebook’...


for one key → a unique Ci block exists for every Pi block
(one entry for every plaintext block & its ciphertext)

 Use: secure Tx of single, short values; e.g encryption keys

6
Electronic
Codebook
Book
(ECB)

7
Limitations
 If b bit plaintext block appears more than once in message,
always produces same ciphertext
 ECB not secure for lengthy & highly structured messages...
◦ if message has repeating elements (at multiple of b bits)
 cryptanalysis is easier
 modification attack – attacker can substitute/rearrange blocks
 replay attack possible
◦ if message has predefined fields
 known plaintext ciphertext pairs become available
 Weakness due to...
message blocks being encrypted independently

8
Cipher Block Chaining (CBC)
 A technique that produces different ciphertext blocks
for repeated plaintext blocks, using same key
 CBC Mode:
◦ current plaintext block XORed with previous ciphertext block,
& then encrypted
(previous cipher block chained with current plaintext block)

Ci = E(K,[Pi XOR Ci-1])

 Use Initialization Vector (IV) at the start...


C0 = IV
 Prevents same P from making same C
9
CBC

10
Cipher Block Chaining (CBC)
 Initialization Vector (IV) known to sender & receiver
◦ should be unpredictable
 To generate IV…
◦ generate random data block using random number generator
◦ apply encryption to a Nonce
Nonce (NIST SP-800-90)
A time-varying value, with a negligible
chance of repeating
may be a counter, timestamp, or message number,
unique to each execution of encryption operation
 CBC Use: bulk data encryption
11
Advantages/Limitations of CBC
 Each ciphertext block depends on all earlier message blocks
◦ memory-based chaining
◦ identical plaintext Pi = Pk do not result in same output
◦ prevents Replay Attacks

 IV needs to be protected...
◦ attacker can change IV bits to change corresponding bits of
received plaintext P1
IV bit “1” → P bit value inverted
IV bit “0” → P bit value same

 IV may be sent encrypted in ECB mode

12
Message Padding
 Padding is needed, when message size less than cipher block
size
◦ possible short block, at the end of message

 How to pad data...


◦ pad with known Non-data value
e.g, NULLs

◦ pad last block along with count of pad size


e.g, [ b1 b2 b3 0 0 0 0 5]
means, 3 data bytes, then 5 padded bytes (padding+count)

13
Stream Modes

14
Stream Modes of Operation
 Block modes encrypt entire block
 Block cipher may be used as Stream cipher
o operate on smaller units (e.g, bytes, for real time data)
o no need of padding

 Block cipher used as Pseudo Random Number generator


◦ generates key stream

 Following modes used…


o Cipher Feedback (CFB) mode
o Output Feedback (OFB) mode
o Counter (CTR) mode

15
Cipher FeedBack (CFB)
 CFB regards unit of encryption as ‘s’ bits
◦ most common value of ‘s’ is 8

 Message ‘P’ treated as plaintext stream of ‘s’ bits


◦ encryption function is used to generate key stream
◦ to encrypt/drcrypt, message XORed with output of encryption
function
◦ resulting cipherext fed back for next stage
(hence named)

 Units of plaintext chained together


◦ ciphertext is function of all preceding plaintext

16
s-bit
Cipher
Feedback
(CFB-s)

17
CFB
 Input to encryption function is b bit shift register
◦ initially set to some IV

 Leftmost ‘s’ bits of encryption output, XORed with s bit


plaintext, to produce s bit ciphertext C1
 For next operation, shift register contents shifted s bit left,
and C1 placed in rightmost ‘s’ bits
Ci = Pi XOR MSBs[Oi]
Oi = E(K,Ii)
Ii = LSBb-s[Ii-1] || Ci-1
I0 = IV
 Uses: stream data encryption
18
Advantages/Limitations of CFB
 Block cipher used in encryption mode at both ends
 Viewed as stream cipher, but structure not exactly same
Stream Cipher:
◦ IV & key used to generate a random bitstream (keystream)
◦ keystream then XORed with plaintext
CFB:
◦ bitstream XORed with plaintext, also depends on plaintext

 Error propagates, after a Tx bit error


◦ ciphertext (at receiver) effects next block too
◦ not good for noisy links

19
Output FeedBack (OFB)
 OFB mode similar in structure to CFB, except...
◦ output of encryption function fed back to shift register
◦ feedback independent of message
 OFB operates on full blocks (not ‘s’ bits)
Ci = Pi XOR Oi
Oi = E(K,Oi-1)
O0 = IV = Nonce
 If block size is ‘b’ and last block is ‘u’ bits (u<b)
◦ most significant ‘u’ bits of last output block ON used for XOR
 Typical stream cipher structure
◦ bitstream generated using IV/key – independent of plaintext

20
OFB

21
Advantages/Limitations of OFB
 Output values can be pre-computed
 Tx bit errors do not propagate
◦ Use: stream encryption over noisy channels

 Needs an IV (nonce), unique for each use


◦ for a given key/IV, sequence of output blocks Oi is same
◦ if two messages have identical plaintext blocks at same position,
result in same ciphertext blocks

 Vulnerable to message stream modification...


• inverting a ciphertext bit, inverts relevant plaintext bit
• controlled changes to recovered plaintext possible
• but attacker also needs to change message checksum

22
Counter (CTR)
 Similar to OFB but encrypts counter value rather than any
feedback value
◦ counter value T equal to plaintext block size ‘b’
◦ value different for each plaintext block
◦ usually, counter initialized, then incremented for each block

 Counter value encrypted; then XORed with plaintext


Ci = Pi XOR E(K,Ti)

 Need to share initial value of T with destination


 Uses: high-speed network encryptions

23
CTR

24
Counter (CTR)
 If block size is ‘b’ and last plaintext block is ‘u’ bits (u<b)
o most significant ‘u’ bits of last encrypted counter value used
for XOR
o remaining ‘b-u’ bits discarded
 No need to pad plaintext
◦ unlike ECB, CBC
 As with OFB, initial counter value must be a Nonce
◦ T1 must be different for all messages encrypted with same key
◦ If plaintext block known, corresponding to a Counter value, then
output of encryption function can be determined from associated
ciphertext
◦ allows to determine other plaintext blocks
(for same Counter value)
25
Advantages/Limitations of CTR
 Pre-Processing
◦ output of encryption function can be pre-processed in advance
◦ provided sufficient memory & security
 Efficiency
◦ no chaining – can do parallel encryptions (h/w or s/w)
◦ good for bursty high speed links
 Random Access
◦ blocks of plaintext/ciphertext can be processed in random
sequence; e.g, to decrypt just one block
 Simplicity
◦ requires only encryption

26
Summary
 Modes of Operation
◦ ECB, CBC, CFB, OFB, CTR

27

You might also like