Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
55 views30 pages

InfoSec Lect 6

This document discusses various modes of operation for block ciphers including ECB, CBC, CFB, OFB, CTR, and XTS. It explains how each mode encrypts blocks of data and their advantages and limitations. It also introduces the concept of a tweakable block cipher which XTS-AES is based on for encrypting data stored on sector-based storage devices.

Uploaded by

Taha Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views30 pages

InfoSec Lect 6

This document discusses various modes of operation for block ciphers including ECB, CBC, CFB, OFB, CTR, and XTS. It explains how each mode encrypts blocks of data and their advantages and limitations. It also introduces the concept of a tweakable block cipher which XTS-AES is based on for encrypting data stored on sector-based storage devices.

Uploaded by

Taha Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Information Security

Block Cipher Operation


Modes of Operation
 Block ciphers encrypt fixed size blocks
 eg. DES encrypts 64-bit blocks, with 56-bit key
 Need a way to use in practise, as we usually
have arbitrary amount of information to
encrypt
 Mode of Operation is a technique for
enhancing the effect of a cryptographic
algorithm or adapting the algorithm for an
application
Modes of Operation
 To apply a block cipher in a variety of
applications, initially five modes of operation
were defined by NIST
 The five modes are intended to cover a wide
variety of applications of encryption for which
a block cipher could be used
 These modes are intended for use with any
symmetric block cipher, including triple DES
and AES
 Have block and stream modes
Modes of Operation
Electronic Codebook (ECB)
 message is broken into independent blocks
which are encrypted
 each block is a value which is substituted, like a
codebook, hence name
 each block is encoded independently of the
other blocks
 uses: secure transmission of single values
Electronic Codebook Book (ECB)
Advantages and Limitations of ECB
 repetitions in message may show in ciphertext
 if aligned with message block
 particularly with data such graphics
 or with messages that change very little, which
become a code-book analysis problem
 weakness due to encrypted message blocks
being independent
 main use is sending or storing a few blocks of
data
Cipher Block Chaining (CBC)
 message is broken into blocks
 but these are linked together in the encryption
operation
 each previous cipher blocks is chained with
current plaintext block, hence name
 use Initial Vector (IV) to start process
 uses: bulk data encryption, authentication
Cipher Block Chaining (CBC)
Advantages and Limitations of CBC
 a ciphertext block depends on all blocks before it
 any change to a block affects all following
ciphertext blocks
 need Initialization Vector (IV)
 which must be known to sender & receiver
 if sent in clear, attacker can change bits of first block,
and change IV to compensate
 hence IV must either be a fixed value (as in EFTPOS)
 or must be sent encrypted in ECB mode before rest of
message
Cipher FeedBack (CFB)
 message is treated as a stream of bits
 added to the output of the block cipher
 result is feed back for next stage (hence name)
 standard allows any number of bit (1,8, 64 or 128
etc) to be feed back
 denoted CFB-1, CFB-8, CFB-64, CFB-128 etc
 most efficient to use all bits in block (64 or 128)
Ci = Pi XOR EK(Ci-1)
C-1 = IV
 uses: stream data encryption, authentication
Cipher FeedBack (CFB)
Cipher FeedBack (CFB)
Advantages and Limitations of CFB
 appropriate when data arrives in bits/bytes
 most common stream mode
 limitation is need to stall while do block
encryption after every n-bits
 note that the block cipher is used in
encryption mode at both ends
 errors propagate for several blocks after the
error
Output FeedBack (OFB)
 message is treated as a stream of bits
 output of cipher is added to message
 output is then feed back (hence name)
 feedback is independent of message
 can be computed in advance
Oi = EK(Oi-1)
Ci = Pi XOR Oi
O-1 = IV or Nonce
 A nonce is an arbitrary number that may only be
used once.
 uses: stream encryption on noisy channels
Output FeedBack (OFB)
Output FeedBack (OFB)
Advantages and Limitations of OFB
 needs an IV which is unique for each use
 bit errors do not propagate
 more vulnerable to message stream
modification
 sender & receiver must remain in sync
 only use with full block feedback
 subsequent research has shown that only full block
feedback (ie CFB-64 or CFB-128) should ever be
used
Counter (CTR)
 a “new” mode, though proposed early on
 similar to OFB but encrypts counter value
rather than any feedback value
 must have a different key & counter value for
every plaintext block (never reused)
Oi = EK(i)
Ci = Pi XOR Oi
 uses: high-speed network encryptions
Counter
(CTR)

20
Advantages and Limitations of CTR
 efficiency
 can do parallel encryptions in advance of need
 good for bursty high speed links
 random access to encrypted data blocks
 provable security (good as other modes)
 but must ensure never reuse key/counter
values, otherwise could break (compare: OFB)
Comparison
RQ 23
XTS-AES Mode for Block-Oriented
Storage Devices
 Approved as an additional block cipher mode
of operation by NIST in 2010
 Mode is also an IEEE Standard, IEEE Std 1619-
2007
 Standard describes a method of encryption for data
stored in sector-based devices where the threat
model includes possible access to stored data by
the adversary
 Designed to address the requirements for
encrypting stored data (data at rest) that differ
somewhat from those for transmitted data
Tweakable Block Ciphers
 XTS-AES mode is based on the concept of a
tweakable block cipher
 General structure:
 Has three inputs:

A A A
symmet-
plaintext ric key tweak Produces
P T a
K
ciphertext
output
C
 Tweak need not be kept secret
 Purpose of the key is to provide security
 Purpose of the tweak is to provide variability
Tweakable Block Cipher

 In essence, the ECB mode is used but for each block the
tweak is changed.
 This overcomes the principal security weakness of ECB
 i.e. two encryptions of the same block yield the same ciphertext.
XTS-AES Operation on a Block

Key A concatenation of two fields of equal size called Key1 and Key2
j The sequential number of the 128-bit block inside the sector
i The value of the 128-bit tweak. Each sector is assigned a tweak value. The
tweak values are consecutive integers, starting from an arbitrary number.
⍺ j A primitive element of GF(2128) multiplied by itself j times, in GF(2128)
⊕ Bitwise XOR
⊗ Modular multiplication in GF(2128)
XTS-AES Operation on a Sector
A sector is
organized into
128-bit blocks.

Ciphertext
stealing (CTS) is
a technique for
encrypting
plaintext using a
block cipher,
without padding
the message to a
multiple of the
block size, so
the ciphertext is
the same size as
the plaintext. 28
XTS-AES
 AES:
 Advanced Encryption Standard

 XTS:
 XEX-based Tweaked-codebook mode with
ciphertext Stealing

 XEX:
 XOR – Encrypt – XOR
Summary
 Modes of Operation
 ECB
 CBC
 CFB
 OFB
 CTR
 XTS

You might also like