Presentation is loading. Please wait.

Presentation is loading. Please wait.

Block Cipher Modes of Operation and Stream Ciphers

Published byEzekiel Legan Modified over 10 years ago

Similar presentations

Presentation on theme: "Block Cipher Modes of Operation and Stream Ciphers"— Presentation transcript:

1 Block Cipher Modes of Operation and Stream Ciphers
CSE 651: Introduction to Network Security

2 Abstract We will discuss How to use block ciphers?
RC4: a widely used stream cipher Problems with WEP’s use of RC4

3 Modes of Operations

4 How to use a block cipher?
Block ciphers encrypt fixed-size blocks e.g. DES encrypts 64-bit blocks We need some way to encrypt a message of arbitrary length e.g. a message of 1000 bytes NIST defines several ways to do it called modes of operation

5 Five Modes of Operation
Electronic codebook mode (ECB) Cipher block chaining mode (CBC) – most popular Output feedback mode (OFB) Cipher feedback mode (CFB) Counter mode (CTR)

6 Message Padding The plaintext message is broken into blocks, P1, P2, P3, ... The last block may be short of a whole block and needs padding. Possible padding: Known non-data values (e.g. nulls) Or a number indicating the size of the pad Or a number indicating the size of the plaintext The last two schemes may require an extra block.

7 Electronic Code Book (ECB)
The plaintext is broken into blocks, P1, P2, P3, ... Each block is encrypted independently: Ci = EK(Pi) For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block has an entry, hence the name Electronic Code Book

8 Remarks on ECB Strength: it’s simple. Weakness:
Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. If the same message (e.g., an SSN) is encrypted (with the same key) and sent twice, their ciphertexts are the same. Typical application: secure transmission of short pieces of information (e.g. a temporary encryption key)

9 Cipher Block Chaining (CBC)

10 Cipher Block Chaining (CBC)

11 Remarks on CBC The encryption of a block depends on the current and all blocks before it. So, repeated plaintext blocks are encrypted differently. Initialization Vector (IV) Must be known to both the sender & receiver Typically, IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext.

12

13 Cipher feedback mode (basic version)
Plaintext blocks: p1, p2, … Key: k Basic idea: construct key stream k1, k2, k3, … Encryption:

14 Cipher Feedback (CFB) Mode

15 Generating Key Stream for CFB

16 Encryption in CFB Mode

17 Decryption in CFB Mode

18 Remark on CFB The block cipher is used as a stream cipher.
Appropriate when data arrives in bits/bytes. s can be any value; a common value is s = 8. A ciphertext segment depends on the current and all preceding plaintext segments. A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments. How many plaintext segments will be affected?

19 Output feedback mode (basic version)
Plaintext blocks: p1, p2, … Key: k Basic idea: construct key stream k1, k2, k3, … Encryption:

20 Output Feedback (OFB) Mode

21 Cipher Feedback Output Feedback

22 Remark on OFB The block cipher is used as a stream cipher.
Appropriate when data arrives in bits/bytes. Advantage: more resistant to transmission errors; a bit error in a ciphertext segment affects only the decryption of that segment. Disadvantage: Cannot recover from lost ciphertext segments; if a ciphertext segment is lost, all following segments will be decrypted incorrectly (if the receiver is not aware of the segment loss). IV should be generated randomly each time and sent with the ciphertext.

23 Counter Mode (CTR) Plaintext blocks: p1, p2, p3, … Key: k
Basic idea: construct key stream k1, k2, k3, … Encryption: T1 = IV (random) Ti = IV + i - 1 Ci = Pi ♁ EK(Ti) C = (IV, C1, C2, C3, ...)

24 Remark on CTR Strengthes: IV should not be reused.
Needs only the encryption algorithm Fast encryption/decryption; blocks can be processed (encrypted or decrypted) in parallel; good for high speed links Random access to encrypted data blocks IV should not be reused.

25 Stream Ciphers

26

27 Stream Cipher Diagram

28 Stream Ciphers

29 Stream Ciphers

30 The RC4 Stream Cipher Designed by Ron Rivest in 1987 for RSA Security.
Kept as a trade secret until leaked out in 1994. The most popular stream cipher. Simple and fast. With a 128 bits key, the period is > Used in the SSL/TLS standards (for secure Web communication), IEEE wireless LAN standard, Microsoft Point-to-Point Encryption, and many others.

31 RC4

32 RC4: Initial Permutation

33 RC4: Key Stream Generation

34 Security of RC4 The keystream generated by RC4 is biased.
The second byte is biased toward zero with high probability. The first few bytes are strongly non-random and leak information about the input key. Defense: discard the initial n bytes of the keystream. Called “RC4-drop[n-bytes]”. Recommended values for n = 256, 768, or 3072 bytes. Efforts are underway (e.g. the eSTREAM project) to develop more secure stream ciphers.

35 RC4 and WEP RC4 key: IV (24) Long-term key (40 or 104 bits)
WEP is a protocol using RC4 to encrypt packets for transmission over IEEE wireless LAN. WEP requires each packet to be encrypted with a separate RC4 key. The RC4 key for each packet is a concatenation of a 24-bit IV (initialization vector) and a 40 or 104-bit long-term key. RC4 key: IV (24) Long-term key (40 or 104 bits) l

36 802.11 frames using WEP Header IV Packet ICV FCS
l Header IV Packet ICV FCS encrypted ICV: integrity check value (for data integrity) FCS: frame check sequence (for error detection) Both use CRC32

37 WEP has been shown to be insecure.
There is an article, “Breaking 104 bit WEP in less than 60 seconds,” discussing how to discover the RC4 key by analyzing encrypted ARP packets.

Download ppt "Block Cipher Modes of Operation and Stream Ciphers"

Similar presentations

Symmetric Encryption Prof. Ravi Sandhu.

Symmetric Encryption Prof. Ravi Sandhu.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
1 Pretty Good Privacy (PGP) Security for Electronic Email.

1 Pretty Good Privacy (PGP) Security for Electronic .
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
SYMMETRIC CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

SYMMETRIC CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Chapter 4: Modes of Operation CS 472: Fall 2012. Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Name Convolutional codes Tomashevich Victor. Name- 2 - Introduction Convolutional codes map information to code bits sequentially by convolving a sequence.

Name Convolutional codes Tomashevich Victor. Name- 2 - Introduction Convolutional codes map information to code bits sequentially by convolving a sequence.
Basel-ICU-Journal Challenge18/20/2014. 2Basel-ICU-Journal Challenge8/20/2014.

Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..

1..
Analyzing Genes and Genomes

Analyzing Genes and Genomes
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.

©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
PSSA Preparation.

PSSA Preparation.
Essential Cell Biology

Essential Cell Biology
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Intercepting Mobile Communications: The Insecurity of 802.11 …or “Why WEP Stinks” Dustin Christmann.

1 Intercepting Mobile Communications: The Insecurity of …or “Why WEP Stinks” Dustin Christmann.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Similar presentations

Ads by Google