Block Cipher Mode of Operation

Loading...

From the course by University of Colorado System

Basic Cryptography and Programming with Crypto API

6 оценки

University of Colorado System

Basic Cryptography and Programming with Crypto API

6 оценки

Course 2 of 4 in the Specialization Fundamentals of Computer Network Security

In this MOOC, we will learn the basic concepts and principles of crytography, apply basic cryptoanalysis to decrypt messages encrypted with mono-alphabetic substitution cipher, and discuss the strongest encryption technique of the one-time-pad and related quantum key distribution systems. We will also learn the efficient symmetric key cryptography algorithms for encrypting data, discuss the DES and AES standards, study the criteria for selecting AES standard, present the block cipher operating modes and discuss how they can prevent and detect the block swapping attacks, and examine how to defend against replay attacks. We will learn the Diffie-Hellman Symmetric Key Exchange Protocol to generate a symmetric key for two parties to communicate over insecure channel. We will learn the modular arithmetic and the Euler Totient Theorem to appreciate the RSA Asymmetric Crypto Algorithm, and use OpenSSL utility to realize the basic operations of RSA Crypto Algorithm. Armed with these knowledge, we learn how to use PHP Crypto API to write secure programs for encrypting and decrypting documents and for signing and verify documents. We then apply these techniques to enhance the registration process of a web site which ensures the account created is actually requested by the owner of the email account.

From the lesson

Symmetric Key Cryptography

In this module we present the basic mechanism of symmetric key crytography algorithms, discuss the DES and AES standard, describe the criteria for selecting AES standard, present the block cipher operating modes and discuss how the block swapping attacks and replay attacks can be prevented and detected.

Block Cipher Mode of Operation11:08

Meet the Instructors

Edward Chow
Professor
Computer Science

In this lesson, we discuss different block cipher modes of operation,

dealing with different operation environment or requirement.

A mode of operations describe how repeatedly to apply

a cipher's single-block operation securely to transform

the amount of data larger than just a block.

IV is defined to be Initialization Vectors.

Most of cipher mode of operation require a unique binary sequence,

often called an initialization vector for each encryption operation.

They need to be random and non-repeating.

It ensure different ciphertext that

generated even though with the same plaintext appear differently.

Different at multiple times- that could appear at multiple times in the messages.

The simplest encryption mode is ECB,

Electronic Code Book Mode.

In this case, in this mode,

no IV, Initialization Vector, is used.

Every plaintext block is encrypted with the same key,

will produce the same ciphertext.

And with this kind of ciphertext,

same ciphertext appear for same plaintext with the same key,

could be used or guessed by the attacker and is susceptible to block swapping attack.

Ehrsam, Meyer, Smith and Tuchman invented the Cipher Block Chaining mode,

CBC mode of operation, in 1976.

Every plaintext blocks in their design is usable with Initialization Vector first.

The ciphertext is used as IV for the next block.

For encryption, each block need to wait for

the initial vector from previous block encryption to be generated,

and therefore the encryption cannot be parallelized.

They have to wait one at a time in a sequential manner.

Since IV is the previous ciphertext blocks

which typically receive before the current block on the receiving side,

no computation is required in terms of decryption.

For getting the IV you can do random

read so long as the previous cipher block is also ready.

Let's consider the situation where bit can be garbled in transmission.

What happen if a bit got garbled during the transmission.

How many block of the receiving block will not be decrypt correctly.

Say one bit in the cipher block zero is not correctly received.

The plain box zero and block number one,

plain block number one will not be corrected since C zero,

the cipher block zero,

is also used as a initial vector for the second block decryption and therefore all

together two block is affected and there are

techniques that other mode try to reduce this.

Here, we show the famous example.

The original Linux logo image is encrypted using the AES ECB mode.

Since there are so many image block

in the original message that has the same pixel values,

the encrypted blocks also have the same cipher values.

When the encrypted image is displayed,

we can see the contour and the same color region as shown,

even though that's not exactly the same color values.

The encrypted image on the rightmost on the other hand we use other mode and you

cannot even see any information into the contour and the shape of the image.

For terminal type application,

waiting for eight character before sending the ciphertext is not an option.

We'd rather see character sent and received right away for a better response time.

In cipher feedback mode,

we use shift register and set it to some initial pattern, initial vector.

For example, its value is encrypted with a key and

the leftmost byte is included with

the first byte of the plaintext as the first byte of the ciphertext,

send it right away,

immediate, out to the receiver.

The cipher characters are also shift in to the shift radius from the right.

And this process will go on for each characters and what is shown in

the picture is how the test character is encrypted and put it back to a shift register.

The right side is a proven decryption process.

Note that the same encryption box is used,

not the decryption box.

Since each cipher character need to wait

for the previous shift register encryption result,

the characters cannot be encrypted in parallel,

it has to be done in sequential manner.

For decryption side, once you receive

enough previous ciphertext character to fill in the rest of the shift register,

you can start the decryption process.

Therefore, decryption can be parallelized.

So is the random read access.

In output feedback mode,

or so-called string cipher mode,

the key string sequence of bit called keystream is generated only with IV,

IV and the key.

And that string is then,

it's useable with the plaintext.

Therefore,

early ciphertext or cipher bit does not involve with the later encryption.

With this isolation effects,

one bit transmission arrow only result in one bit in the plaintext arrow,

not garble the whole block.

It is much better than the previous mode where the whole block is garbled.

So then dealing with unreliable kind of transmission.

However, since the keystream pattern is depend on the previous block, IV,

we saw IV after IV, therefore

it cannot be parallelized both in encryption and decryptions.

Yeah, we need to wait way for the keystream to

generate one at a time and there's a feedback loop there.

And it also cannot produce,

provide random read access.

Counter mode is designed to make

both encryption and decryption process can be done in parallel,

so performer is a requirement and a priority here.

Here in the initialization vector of block n is very

straightforward to compute without having to wait for previous IV.

Is IV+n, a simple n.

Here we show how the cipher mode or operation I used too such as

OpenSSL to specify the actual encryption and decryption operation.

In OpenSSL utility command,

the cipher type of option you can use dash dash help to generate that and

the cipher type operation is specified by first the encryption standard followed by

the key size number followed by

the short name of the cipher mode operation we discussed in the previous lesson.

For example, aes 256 bit key with cipher block chaining mode is specified as,

dash as an option, aes-256-cbc.

CBC is a short name for cipher block chaining mode.

The last command show, in this big block,

show how plaintext file is encrypted in this cipher type and save in

base 64 mode using -base64 as option as output file ciphertext.txt.

Note that there are other modes such as GCM and XTS.

GCM is a new mode approved by the NIST.

GCM stand for, Galois Counter Mode.

It combines a counter mode encryption with authentication operation.

In the same method operation both encryption and authentication can be done.

The encrypted text is then contend the IV,

Initial Vector, ciphertext, and also indication code.

XTS on the other hand is used in

disk encryptions and is considered to be de facto standard.

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play