Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Advanced Encryption Standard” & “Modes of Operation”

Similar presentations


Presentation on theme: "“Advanced Encryption Standard” & “Modes of Operation”"— Presentation transcript:

1 “Advanced Encryption Standard” & “Modes of Operation”

2 The AES Cipher - Rijndael  designed by Rijmen-Daemen in Belgium  has 128/192/256 bit keys, 128 bit data  an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes processes data as block of 4 columns of 4 bytes operates on entire data block in every round operates on entire data block in every round  AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic operations over a finite field, and XOR with a key.

3 AES Encryption Process

4 How to use a block cipher?  Block ciphers encrypt fixed-size blocks e.g. DES encrypts 64-bit & AES 128 bit blocks e.g. DES encrypts 64-bit & AES 128 bit blocks  We need some way to encrypt a message of arbitrary length e.g. a message of 1000 bytes e.g. a message of 1000 bytes  NIST defines several ways to do it have block and stream modes called modes of operation called modes of operation

5 Five Modes of Operation  Electronic codebook mode (ECB)  Cipher block chaining mode (CBC) – most popular  Output feedback mode (OFB)  Cipher feedback mode (CFB)  Counter mode (CTR) 5

6 Message Padding  The plaintext message is broken into blocks, P 1, P 2, P 3,...  The last block may be short of a whole block and needs padding.  Possible padding: Known non-data values (e.g. nulls) Known non-data values (e.g. nulls) Or pad last block along with count of pad size Or pad last block along with count of pad size eg. [ b1 b2 b ]eg. [ b1 b2 b ] means have 3 data bytes, then 5 bytes pad+countmeans have 3 data bytes, then 5 bytes pad+count 6

7 Electronic Code Book (ECB)  The plaintext is broken into blocks, P 1, P 2, P 3,...  Each block is encrypted independently with the same key: C i = E K (P i ) C i = E K (P i )  The term codebook is used because, for a given key, there is a unique ciphertext for every 64-bit block of plaintext.  We can imagine a gigantic codebook in which there is an entry for every possible B-bit plaintext pattern showing its corresponding ciphertext. 7

8 Advantages & Limitation of ECB  Strength: it’s simple.  Weakness: Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. If the same message (e.g., an SSN) is encrypted (with the same key) and sent twice, their ciphertexts are the same. If the same message (e.g., an SSN) is encrypted (with the same key) and sent twice, their ciphertexts are the same. Can be used for very few blocks Can be used for very few blocks  Typical application: secure transmission of short pieces of information (e.g. Session encryption key) 8

9 Cipher Block Chaining (CBC) 9  The plaintext is broken into blocks, P1, P2, P3,...  Each Plain text is XOR (Chained) with the previous cipher block before encryption. C i = E K (P i XOR C i-1 )  First block of ciphertext, an initialization vector (IV)/ nonce is XOR with the first block of plaintext. C 1 = E K (IV XOR P 1 )  Decryption: P i = C i-1 XOR D k (C i )  Uses: bulk data encryption, authentication.

10 Cipher Block Chaining (CBC) 10

11 Advantages and Limitations of CBC  A ciphertext block depends on all blocks.  Any change to a block affects all following ciphertext blocks.  Need Initialization Vector (IV) Which must be known to sender & receiver Which must be known to sender & receiver If sent in clear, attacker can change bits of first block, and change IV to compensate If sent in clear, attacker can change bits of first block, and change IV to compensate Hence IV must either be a fixed value or must be sent encrypted in ECB mode before rest of message Hence IV must either be a fixed value or must be sent encrypted in ECB mode before rest of message

12 Stream Modes of Operation  block modes encrypt entire block  may need to operate on smaller units real time data real time data  convert block cipher into stream cipher cipher feedback (CFB) mode cipher feedback (CFB) mode output feedback (OFB) mode output feedback (OFB) mode counter (CTR) mode counter (CTR) mode  Use pseudo-random number generator

13 Cipher FeedBack (CFB)  message is treated as a stream of bits  added to the output of the block cipher  result is feed back for next stage (hence name)  standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc denoted CFB-1, CFB-8, CFB-64, CFB-128 etc  most efficient to use all bits in block (64 or 128) C i = P i XOR E K (C i-1 ) C 1 = IV  uses: stream data encryption, authentication

14 Encryption in CFB Mode 14

15 Remark on CFB The block cipher is used as a stream cipher. The block cipher is used as a stream cipher. Appropriate when data arrives in bits/bytes. Appropriate when data arrives in bits/bytes. A ciphertext segment depends on the current and all preceding plaintext segments. A ciphertext segment depends on the current and all preceding plaintext segments. A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments. A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments. 15

16 Output FeedBack (OFB)  message is treated as a stream of bits  output of cipher is added to message  output is then feed back (hence name)  feedback is independent of message

17 Cipher Feedback Output Feedback 17

18 Advantages and Limitations of OFB  needs an IV which is unique for each use  more resistant to transmission errors; a bit error in a ciphertext segment affects only the decryption of that segment.  sender & receiver must remain in sync  No padding required.

19 Counter (CTR)  a “new” mode, though proposed early on  similar to OFB but encrypts counter value rather than any feedback value  must have a different key & counter value for every plaintext block (never reused) O i = E K (i) C i = P i XOR O i  uses: high-speed network encryptions

20 Counter (CTR)

21 Remark on CTR  Strengthes: Needs only the encryption algorithm Needs only the encryption algorithm Fast encryption/decryption; blocks can be processed (encrypted or decrypted) in parallel. Fast encryption/decryption; blocks can be processed (encrypted or decrypted) in parallel. Good for high speed links Good for high speed links Random access to encrypted data blocks Random access to encrypted data blocks  IV should not be reused.  No padding required. 21

22 Typical Stream Ciphers  process message bit by bit (as a stream)  have a pseudo random keystream  combined (XOR) with plaintext bit by bit  randomness of stream key completely destroys statistically properties in message C i = M i XOR StreamKey i C i = M i XOR StreamKey i  but must never reuse stream key  Just like VERNAM Cipher

23 Stream Cipher Structure

24 Stream Cipher Properties  some design considerations are: long period with no repetitions long period with no repetitions statistically random statistically random depends on large enough key depends on large enough key large linear complexity large linear complexity  properly designed, can be as secure as a block cipher with same size key  but usually simpler & faster


Download ppt "“Advanced Encryption Standard” & “Modes of Operation”"

Similar presentations


Ads by Google