CS 291 Special Topics on Network Security
Download
Report
Transcript CS 291 Special Topics on Network Security
CS 285 Network Security
Block Cipher Modes of Operation
Fall 2008
@Yuan Xue ([email protected])
Introduction
How to encrypt a message with variable lengths
Decompose the message into blocks, padding if
necessary.
How should the encryption/decryption process of each
individual block interact with each other?
Modes of operation
@Yuan Xue ([email protected])
ECB (Electronic Codebook)
@Yuan Xue ([email protected])
@Yuan Xue ([email protected])
CBC (Cipher Block Chaining)
@Yuan Xue ([email protected])
CFB (Cipher Feedback)
E
@Yuan Xue ([email protected])
CFB vs. OFB
CFB
OFB
@Yuan Xue ([email protected])
OFB (Output Feedback Mode)
E
@Yuan Xue ([email protected])
CTR (Counter)
@Yuan Xue ([email protected])
Confidentiality and Integrity Protection
ECB
Same plaintext blocks produce same ciphertext blocks. This means that the
data pattern is revealed. For example, ECB mode will reveal the image
pattern if used to encrypt image files.
Rearranging the blocks is undetectable.
CBC
Random IV gurantees that even if the same message is repeated, the
ciphertext is different.
Modifying ciphertext blocks and rearranging ciphertext blocks undetected
are still possible.
CFB
No integrity protection; Better in detecting alterations than OFB
OFB
Able to make controlled changes to recovered plaintext. No integrity
protection; not as good as CFB
CTR
Same as OFB
@Yuan Xue ([email protected])
Application
ECB
Block oriented transmission
Not suitable for long messages or
highly structured messages. Good
for single values (e.g. keys)
CBC
Block-oriented transmission
General-purpose encryption
message authentication code
design
CTR
Block-oriented transmission
Able to preprocess to generate
one-time pad; Random access;
High performance requirement;
IPsec
@Yuan Xue ([email protected])
CFB
Stream-oriented transmission,
no need for padding;
ciphertext has the same length
of message;
pipeline is possible for
encryption, thus good for lowlatency real-time transmission
encryption.
OFB
Stream-oriented transmission
transmission over noisy channel
Able to preprocess to generate
one-time pad