Transcript Modesofoperation.ppt

Modes of Operation
CS 795
Electronic Code Book (ECB)
• Each block of the message is encrypted
with the same secret key
• Problems: If two identical blocks are in the
same message, cipher text would be
identical.
• Cipher blocks can be rearranged to alter
the message
Cipher Block Chaining (CBC)
• This over comes the repeated message block problem.
• Initially, a random initialization vector IV is Modulo-2
ORed with the 1st message block and then encrypted
with secret key.
• The encrypted output of block 1 is then used in place of
IV in step 1; and so on.
• CBC Threat 1: Modifying Ciphertext Blocks: (i) Modifying
cn would have predictable effect on mn+1, and so on.
• CBC Threat 2: Rearranging Ciphertext blocks: By
rearranging the ciphertext, the message can be
changed.
Output Feedback Mode (OFB)
• Stream cipher
• Mod-2 OR the message with the one-time pad generated
by OFB
• Generate a random number IV, encrypt it with secret
key; call it b0; use any part of b0 and mod-2 OR with the
message to get ciphertext.
• For next block of message, use b0 instead of IV; and so
on.
• Problems: If the plaintext and ciphertext are known by a
bad guy, he can modify the plaintext into anything he
wants by simply OR-ing the ciphertext with the known
plaintext, and OR-ing the result with whatever message
he wants to transmit.
Cipher Feedback Mode (CFB)
• Similar to OFB---k bits are generated and
ORed with the message block.
• But the input to the next block is the cipher
output of the current block.
• Less subject to tampering than CBC or
OFB.
Counter Mode (CTR)
• Similar to OFB
• A one-time pad is generated and modulo-2 ORed
with the data
• But the random bits are generated by incrementing
the IV and encrypting it with the secret key
Comparison
ECB
Each message block encrypted with the same
shared key
CBC
Each message block is Or-ed with either IV or the
ciphertext from previous message block; The
output is encrypted with the secret key
OFB
The IV or the intermediate output from previous
block is encrypted with the shared key and then kbits of it is OR-ed with the k-bit data block
IV or the ciphertext from previous block is
encrypted with the shared key; k-bits of it are then
OR-ed with the k-bit message block
IV, IV+1, IV+2, …are encrypted with the shared key
in blocks 1,2,3,… k-bits of that is OR-ed with k-bit
message block
CFB
CTR
Generating MACs
• (i) Ensuring privacy and integrity together:
Use CBC where the ciphertext of the last
block is also used as the MAC; preferable
to use two different keys for CBC for
privacy and integrity separately.
Multiple Encryption 3DES
• Two keys are used: K1 and K2
m  Encrypt with K1  Decrypt with K2
 Encrypt with K1  ciphertext