Computer Science CSC/ECE 574 Computer and Network Security Topic 3.2 Secret Key Cryptography – Modes of Operation CSC/ECE 574 Dr. Peng Ning 1 Computer Science Processing with Block Ciphers • Most ciphers work on blocks of fixed (small) size • How to encrypt long messages? • Modes of operation – ECB (Electronic Code Book) – CBC (Cipher Block Chaining) – OFB (Output Feedback) – CFB (Cipher Feedback) – CTR (Counter) CSC/ECE 574 Dr. Peng Ning 2 Computer Science Issues for Block Chaining Modes • Information leakage – Does it reveal info about the plaintext blocks? • Ciphertext manipulation – Can an attacker modify ciphertext block(s) in a way that will produce a predictable/desired change in the decrypted plaintext block(s)? – Note: assume the structure of the plaintext is known, e.g., first block is employee #1 salary, second block is employee #2 salary, etc. CSC/ECE 574 3 Dr. Peng Ning Computer Science Issues… (Cont’d) • Parallel/Sequential – Can blocks of plaintext (ciphertext) be encrypted (decrypted) in parallel? • Error propagation – If there is an error in a plaintext (ciphertext) block, will there be an encryption (decryption) error in more than one ciphertext (plaintext) block? CSC/ECE 574 4 Dr. Peng Ning Computer Science Electronic Code Book (ECB) • The easiest mode of operation; each block is independently encrypted CSC/ECE 574 5 E E E E Key 64 M1 M2 M3 M4 64 46 + padding 64 Plaintext ⇒ C1 C2 C3 C4 64 64 64 64 Ciphertext ⇒ Dr. Peng Ning Computer Science ECB Decryption • Each block is independently decrypted CSC/ECE 574 6 D D D D C1 C2 C3 C4 M1 M2 M3 M4 Key 64 64 64 64 64 64 46 + padding 64 Dr. Peng NingComputer Science ECB Properties • Does information leak? • Can ciphertext be manipulated profitably? • Parallel processing possible? • Do ciphertext errors propagate? CSC/ECE 574 7 D D D D M1 M4 M3 M2 Key 64 64 64 64 64 64 46 + padding 64 C1 C4 C3 C2 C1 C2 C3 C4 M1 M2 M3 M4 Dr. Peng Ning Computer Science Cipher Block Chaining (CBC) • Chaining dependency: each ciphertext block depends on all preceding plaintext blocks CSC/ECE 574 8 Initialization Vector E E E E Key C1 C2 C3 C4 64 64 64 64 M1 M2 M3 M4 64 64 46 + padding 64 Dr. Peng Ning Computer Science Initialization Vectors • Initialization Vector (IV) – Used along with the key; not secret – For a given plaintext, changing either the key, or the IV, will produce a different ciphertext – Why is that useful? • IV generation and sharing – Random; may transmit with the ciphertext – Incremental; predictable by receivers CSC/ECE 574 9 Dr. Peng Ning Computer Science CBC Decryption • How many ciphertext blocks does each plaintext block depend on? CSC/ECE 574 10 D C1 C2 C3 C4 M1 M2 M3 M4 Initialization Vector D D D Key 64 64 64 64 64 64 46 + padding 64 Dr. Peng Ning Computer Science CBC Properties • Does information leak? – Identical plaintext blocks will produce different ciphertext blocks • Can ciphertext be manipulated profitably? – ??? • Parallel processing possible? – no (encryption), yes (decryption) • Do ciphertext errors propagate? – yes (encryption), a little (decryption) CSC/ECE 574 11 Dr. Peng Ning Computer Science Output Feedback Mode (OFB) CSC/ECE 574 12 E Initialization Vector E E E Key 64 one-time pad C1 C2 C3 C4 64 64 64 64 64 64 46 + padding 64 M1 M2 M3 M4 Pseudo-Random Number Generator Dr. Peng NingComputer Science OFB Decryption CSC/ECE 574 13 one-time pad E IV E E E Key 64 C1 C2 C3 C4 64 64 64 64 M1 M2 M3 M4 64 64 46 + padding 64 No block decryption required! Dr. Peng Ning Computer Science OFB Properties • Does information leak? – identical plaintext blocks produce different ciphertext blocks • Can ciphertext be manipulated profitably? – ??? • Parallel processing possible? – no (generating pad), yes (XORing with blocks) • Do ciphertext errors propagate? – ??? CSC/ECE 574 14 Dr. Peng Ning Computer Science OFB … (Cont’d) • If you know one plaintext/ciphertext pair, can easily derive the one-time pad that was used – i.e., should not reuse a one-time pad! • Conclusion: IV must be different every time CSC/ECE 574 15 Dr. Peng Ning Computer Science Cipher Feedback Mode (CFB) • Ciphertext block Cj depends on all preceding plaintext blocks CSC/ECE 574 16 E C1 C2 C3 C4 IV E E E Key 64 M1 M2 M3 M4 64 64 46 + padding 64 64 64 64 64 64 64 64 64 Dr. Peng Ning Computer Science CFB Decryption • No block decryption required! CSC/ECE 574 17 E C1 C2 C3 C4 M1 M2 M3 M4 IV E E E Key 64 64 64 64 46 + padding 64 64 64 64 64 64 64 64 Dr. Peng Ning Computer Science CFB Properties • Does information leak? – Identical plaintext blocks produce different ciphertext blocks • Can ciphertext be manipulated profitably? – ??? • Parallel processing possible? – no (encryption), yes (decryption) • Do ciphertext errors propagate? – ??? CSC/ECE 574 18 Dr. Peng NingComputer Science Counter Mode (CTR) CSC/ECE 574 19 E IV E E Key 64 C1 C2 C3 64 64 64 64 64 64 M1 M2 M3 IV++ IV++ Dr. Peng Ning Computer Science CSC 474 Dr. Peng Ning 20 CTR Mode Properties • Does information leak? – Identical plaintext block produce different ciphertext blocks • Can ciphertext be manipulated profitably – ??? • Parallel processing possible – Yes (both generating pad and XORing) • Do ciphertext errors propagate? – ??? • Allow decryption the ciphertext at any location – Ideal for random access to ciphertext Computer Science CSC/ECE 574 Computer and Network Security Topic 3.3 Secret Key Cryptography – Triple DES CSC/ECE 574 Dr. Peng Ning 21 Computer Science Stronger DES • Major limitation of DES – Key length is too short • Can we apply DES multiple times to increase the strength of encryption? CSC/ECE 574 22 Dr. Peng Ning Computer Science Double Encryption with DES • Encrypt the plaintext twice, using two different DES keys • Total key material increases to 112 bits – is that the same as key strength of 112 bits? CSC/ECE 574