Cryptography and Network Security: Principles and Practice Eighth Edition Chapter 7 Block Cip

Cryptography and Network Security:

Principles and Practice
Eighth Edition

Chapter 7

Block Cipher Operation

Figure 7.1 Multiple Encryption (1 of 2)

Meet-in-the-Middle Attack

The use of double D E S results in a mapping that is not

equivalent to a single D E S encryption

The meet-in-the-middle attack algorithm will attack this

scheme and does not depend on any particular property of

D E S but will work against any block encryption cipher

Figure 7.1 Multiple Encryption (2 of 2)

Figure 7.2 Known-Plaintext Attack on

Triple D E S

Triple D E S with Three Keys

Many researchers now feel that three-key 3D E S is the preferred

alternative

Three-key 3D E S has an effective key length of 168 bits and is

defined as:

C = E( K3, D( K2, E( K1, P)))

Backward compatibility with DES is provided by putting:

K3 = K2 or K1 = K2

A number of Internet-based applications have adopted three-key

3D E S including P G P and S/M I M E

Modes of Operation

A technique for enhancing the effect of a cryptographic

algorithm or adapting the algorithm for an application

To apply a block cipher in a variety of applications, five modes of

operation have been defined by N I S T

The five modes are intended to cover a wide variety of

applications of encryption for which a block cipher could be

used

These modes are intended for use with any symmetric block

cipher, including triple D E S and A E S

Table 7.1 Block Cipher Modes of Operation

Mode Description Typical Application

Electronic

Codebook (E C B)

Each block of plaintext bits is encoded

independently using the same key.

Secure transmission of single

values (e.g., an encryption
key)

Cipher Block

Chaining (C B C)

The input to the encryption algorithm is the

X O R of the next block of plaintext and the
preceding block of ciphertext.

General-purpose block-

oriented transmission
Authentication

Cipher Feedback

(C F B)

Input is processed s bits at a time.

Preceding ciphertext is used as input to the
encryption algorithm to produce
pseudorandom output, which is X O Red

with plaintext to produce next unit of
ciphertext.

General-purpose stream-

oriented transmission
Authentication

Output Feedback

(O F B)

Similar to C F B, except that the input to the

encryption algorithm is the preceding
encryption output, and full blocks are used.

Stream-oriented transmission

over noisy channel (e.g.,
satellite communication)

Counter (C T R) Each block of plaintext is X ORed with an

encrypted counter. The counter is
incremented for each subsequent block.

General-purpose block-

oriented transmission
Useful for high-speed

requirements

Figure 7.3 Electronic Codebook

(E C B) Mode

Criteria and properties for evaluating

and constructing block cipher modes

of operation that are superior to ECB:

Overhead

Error recovery

Error propagation

Diffusion

Security

Figure 7.4 Cipher Block Chaining

(C B C) Mode

Cipher Feedback Mode

For A E S, D E S, or any

block cipher, encryption is

performed on a block of b

bits

In the case of D E S b =

In the case of A E S b =

128

There are three modes

that make it possible to

convert a block cipher

into a stream cipher:

Cipher feedback (CFB)

mode

Output feedback (OFB)

mode

Counter (CTR) mode

Figure 7.5 s-bit Cipher Feedback

(C F B) Mode (1 of 2)

Figure 7.5 s-bit Cipher Feedback

(C F B) Mode (2 of 2)

Figure 7.6 Output Feedback (O F B)

Mode (1 of 2)

Figure 7.6 Output Feedback (O F B)

Mode (2 of 2)

Figure 7.7 Counter (C T R) Mode (1 of 2)

Figure 7.7 Counter (C T R) Mode (2 of 2)

Advantages of C T R

Hardware efficiency

Software efficiency

Preprocessing

Random access

Provable security

Simplicity

Figure 7.8 Feedback Characteristic of

Modes of Operation (1 of 4)

Figure 7.8 Feedback Characteristic of

Modes of Operation (2 of 4)

Figure 7.8 Feedback Characteristic of

Modes of Operation (3 of 4)

Figure 7.8 Feedback Characteristic of

Modes of Operation (4 of 4)

X T S-A E S Mode for Block-Oriented

Storage Devices
Approved as an additional block cipher mode of operation

by N I S T in 2010

Mode is also an I E EE Standard, I E EE Std 1619-2007

Standard describes a method of encryption for data

stored in sector-based devices where the threat model

includes possible access to stored data by the

adversary

Has received widespread industry support

Tweakable Block Ciphers

X T S-A E S mode is based on the concept of a tweakable

block cipher

General structure:

Has three inputs:

? A plaintext P

? A symmetric key K

? A tweak T

Produces a ciphertext output C

Tweak need not be kept secret

Purpose is to provide variability

Figure 7.9 Tweakable Block Cipher

Storage Encryption Requirements

The requirements for encrypting stored data, also referred to as data at rest,

differ somewhat from those for transmitted data

The P1619 standard was designed to have the following characteristics:

The ciphertext is freely available for an attacker

The data layout is not changed on the storage medium and in transit

Data are accessed in fixed sized blocks, independently from each other

Encryption is performed in 16-byte blocks, independently from each other

There are no other metadata used, except the location of the data blocks

within the whole data set

The same plaintext is encrypted to different ciphertexts at different
locations, but always to the same ciphertext when written to the same

location again

A standard conformant device can be constructed for decryption of data

encrypted by another standard conformant device

X T S-A E S Operation on Single Block

Figure 7.10 X T S-A E S Operation on Single Block

X T S-A E S Operation on Single Block

Figure 7.10 X T S-A E S Operation on Single Block

Figure 7.11 X T S-A E S Mode

Format-Preserving Encryption (F P E)

Refers to any encryption technique that takes a plaintext in

a given format and produces a ciphertext in the same

format

For example: credit cards consist of 16 decimal digits.

An F P E that can accept this type of input would

produce a ciphertext output of 16 decimal digits. (Note

that the ciphertext need not be, and in fact in unlikely to

be, a valid credit card number.) But it will have the

same format and can be stored in the same way as

credit card number plaintext.

Table 7.2 Comparison of Format-

Preserving Encryption and A E S

Blank Credit Card Tax I D Bank Account Number

Plaintext 8123 4512 3456 6780 219-09-9999 800N2982K-22

FPE 8123 4521 7292 6780 078-05-1120 709G9242H-35

AES (hex) af411326466add24

c86abd8aa525db7a

7b9af4f3f218ab25

07c7376869313afa

9720ec7f793096ff

d37141242e1c51bd

Motivation (1 of 2)

F P E facilitates the retrofitting of encryption technology to

legacy applications, where a conventional encryption mode

might not be feasible because it would disrupt data

fields/pathways

F P E has emerged as a useful cryptographic tool, whose

applications include financial-information security, data

sanitization, and transparent encryption of fields in legacy

databases

Motivation (2 of 2)

The principal benefit of F P E is that it enables protection of

particular data elements, while still enabling workflows that were

in place before F P E was in use

No database schema changes and minimal application

changes are required

Only applications that need to see the plaintext of a data

element need to be modified and generally these

modifications will be minimal

Some examples of legacy applications where F P E is desirable

are:

C O B O L data-processing applications

Database applications

F P E-encrypted characters can be significantly compressed

for efficient transmission

Difficulties in Designing an F P E

A general-purpose standardized F P E should meet a

number of requirements:

The ciphertext is of the same length and format as the

plaintext

It should be adaptable to work with a variety of

character and number types

It should work with variable plaintext length

Security strength should be comparable to that

achieved with A E S

Security should be strong even for very small plaintext

lengths

Figure 7.12 Feistel Structure for

Format-Preserving Encryption

Character Strings

The N I S T, and the other F P E algorithms that have been

proposed, are used with plaintext consisting of a string of

elements, called characters

A finite set of two or more symbols is called an alphabet

The elements of an alphabet are called characters

A character string is a finite sequence of characters from

an alphabet

Individual characters may repeat in the string

The number of different characters in an alphabet is called

the base (also referred to as the radix) of the alphabet

Table 7.3 Notation and Parameters Used in F P E

Algorithms. (a) Notation

[x]s Converts an integer into a byte string; it is the string of s bytes that encodes the

number x, with 0 = x < 28s. The equivalent notation is

LEN(X) Length of the character string X.

NUMradix(X) Converts strings to numbers. The number that the numeral string X represents in

base radix, with the most significant character first. In other words, it is the
nonnegative integer less than radixLEN(X) whose most-significant-character-first
representation in base radix is X.

PRFK(X) A pseudorandom function that produces a 128-bit output with X as the input, using

encryption key K.

Given a nonnegative integer x less than radixm, this function produces a

representation of x as a string of m characters in base radix, with the most significant
character first.

[i .. j] The set of integers between two integers i and j, including i and j.

X[i .. j] The substring of characters of a string X from X[i] to X[j], including X[i] and X[j].

REV(X) Given a bit string, X, the string that consists of the bits of X in reverse order.

2
)STR ( .

s
x

STR ( )
m

radix
x

Table 7.3 Notation and Parameters Used in F P E

Algorithms. (b) Parameters

radix The base, or number of characters, in a given plaintext

alphabet.

tweak Input parameter to the encryption and decryption functions

whose confidentiality is not protected by the mode.

tweakradix The base for tweak strings

minlen Minimum message length, in characters.

maxlen Maximum message length, in characters.

maxTlen Maximum tweak length

Figure 7.13 Algorithm P R F(X)

Figure 7.14 Algorithm FF1

(F FX[Radix])

Figure 7.15 Algorithm FF2 (V A E S3)

Figure 7.16 Algorithm FF3 (B P S-B C)

Summary

Analyze the security of multiple encryption schemes

Explain the meet-in-the-middle attack

Compare and contrast E C B, C B C, C F B, O F B, and counter

modes of operation

Present an overview of the X T S-A E S mode of operation

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.

Cryptography and Network Security: Principles and Practice Eighth Edition Chapter 7 Block Cip

We are the best

100% Guarantee