Lecture 4: Using Block Ciphers - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Lecture 4: Using Block Ciphers

Description:

Electronic Code Book (ECB) How to use a block cipher to encrypt a large message? M2 ... padi=e(padi-1,key) k-bit shifting (see pic) advantages ... – PowerPoint PPT presentation

Number of Views:109
Avg rating:3.0/5.0
Slides: 17
Provided by: Charlie138
Category:
Tags: block | ciphers | lecture | padi | using

less

Transcript and Presenter's Notes

Title: Lecture 4: Using Block Ciphers


1
Lecture 4 Using Block Ciphers
  • Outline
  • encrypting large messages
  • checking integrity
  • securing DES

2
Electronic Code Book (ECB)
  • How to use a block cipher to encrypt a large
    message?

break message into blocks
encrypt eachblock separately with secret key
3
Problems with ECB
  • same plaintext block produces same ciphertext
  • can be analyzed, rearranged

plaintext
ECB encrypted ciphertext
4
One-Time Pad
  • proven (Shannon) XOR a message with a (truly)
    random number (never reuse it again)
    unbreakable (no information is given away)
  • one-time pad such usage of random numbers
  • stream cipher generates one-time pad and XORs
    it with the stream of plaintext to generate
    ciphertext

5
Fixing ECB
  • consider this generate random numbers and XOR
    with blocks before encoding

M1
M2
M3
M4
transmit r1, c1, r2, c2, r3, c3, r4, c4
r1
r2
r3
r4
E
E
E
E
C1
C2
C3
C4
  • problems
  • need to send twice as much data
  • can still rearrange blocks
  • if two ciphertext blocks equal, know XOR of two
    plaintext blocks XOR of the corresponding two
    random numbers

6
Cipher Block Chaining (CBC)
  • randomizes output by using previous ciphertext
    block
  • first block is randomized using initialization
    vector (IV)

IV
M1
M2
M3
M4
E
E
E
E
IV
C1
C2
C3
C4
  • how does CBC do decoding?

7
CBC Decryption Analysis
IV
C1
C2
C3
C4
D
D
D
D
IV
M1
M2
M3
M4
  • What happens if Ci gets lost or garbled? How
    much data gets lost?
  • assume an attacker knows block Mi and wants to
    change it, what does it need to change?
  • can encryption/decryption be done in parallel?

8
Output Feedback (OFB) Mode
  • OFB is a stream cipher
  • IV based, IV is transmitted in clear
  • two versions
  • no shifting
  • pad1e(IV, key)
  • pad2e(pad1, key)
  • padie(padi-1,key)
  • k-bit shifting (see pic)
  • advantages
  • the pad can be pre-generated no costly
    operations at run-time (good for multimedia or
    resource-constrained devices)
  • how much info is affected if portion of
    ciphertext is garbled/lost?
  • problems
  • if known plaintext, can be altered
  • is random access possible?
  • can encryption/decryption be done in parallel?

k-bit shifting version of OFB
9
Cipher Feedback (CFB) Mode
  • similar to OFB
  • message data is alsoused to generatepadding
  • advantages
  • is random access possible?
  • what if part of ciphertext is garbled/lost/duplica
    ted?
  • problems
  • is OFB-like pad pre-generation possible?
  • can it be altered if plaintext is known
  • can encryption/decryption be done in parallel?

10
Counter (CTR) Mode
  • CTR is another stream cipher
  • to create pad, IV is incrementedand encrypted
  • is random access possible?
  • what if part of ciphertext is garbled/lost/duplica
    ted?
  • is pad pre-generation possible
  • can encryption/decryption be done in parallel?
  • is known plaintext alteration possible?

11
Integrity checking
  • automated integrity checking computer should be
    able to detect tampering (a human presence should
    not be required any garbage can pass through)
  • message authentication code (MAC) a
    cryptographic checksum generated with the help of
    a key
  • CBC, OFB, CFB and CTR good security, integrity
    vulnerable

12
CBC Residue
  • Do CBC encryption on M using key K, throw away
    all but last block.
  • send message in clear the residue,
  • Used in banking
  • Has property that if you dont know the key you
    cant generate (or verify) the MAC, or modify the
    message without (probably) changing the MAC
  • however, can generate an arbitrary message
    matching MAC

13
Joint Privacy and Integrity
  • concurrently use two CBCs one for privacy, the
    other for integrity
  • why cant use only one for both?

14
Securing DES
  • purpose retain the same mechanism, expand key
    size
  • why not double DES?
  • encrypt with K1 twice. How much more work (over
    DES) for good guys? Bad guys?
  • encrypt with K1 then K2. What is time/memory for
    bad guys? Good guys?
  • subject to subtle known plaintext attack

15
3DES
  • Defined as doing EDE with K1, K2, K3, but
    standardly K1 is set equal to K3.
  • reason because of known-plaintext attack, 3DES
    is considered to only have time-strength equal to
    112 bit key, not 168.
  • also, 112 bits considered enough (for now).
  • why EDE instead of EEE?
  • Initial and final permutations would cancel each
    other out with EEE (minor advantage to EDE)
  • EDE compatible with single DES if K1K2K3.

16
3DES and CBC
  • CBC is defined to be done on the outside of 3DES
  • same integrity problems as with regular CBC
  • CBC can potentially be done on the inside of 3DES
  • more secure against tampering
  • but
  • more work
  • garbling/loosing/duplicating of one block garbles
    the rest of message
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Lecture 4: Using Block Ciphers" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!