SlideShare une entreprise Scribd logo

Chap06 block cipher operation

Nam Yong Kim
Nam Yong Kim

OFB 는 CFB 모드와 비슷하다 암호의 출력 기능은 피드백되어 다음 ofb 에 입력된다. CFB에서 출력 XOR 단위는 다음 블록을 암호화하기위한 입력이되도록 피드백됩니다. 다른 차이점은 OFB 모드가 S 비트 서브 세트가 아닌 일반 텍스트 및 암호 텍스트의 전체 블록에서 작동한다는 것입니다. CBC 및 CFB의 경우 OFB 모드에는 초기화 벡터 (IV)가 필요합니다. OFB에서 IV는 nonce 여야합니다. 암호화 출력 블록 Oi의 시퀀스는 키와 IV에만 의존하며 일반 텍스트에 의존하지 않습니다. 주어진 키와 IV, 평문 비트 스트림과 XOR하는 데 사용되는 출력 비트 스트림이 고정됩니다. OFB 방법의 장점은 전송의 비트 오류가 전파되지 않는다는 것입니다. OFB의 단점은 CFB보다 메시지 스트림 수정 공격에 더 취약하다는 것입니다. 단일 블록에서의 작동 (1) j 데이터 단위 내의 128 비트 블록의 순차 번호. (2) i 128 비트 비틀기의 가치. 각 데이터 단위 (섹터)가 할당됩니다. j 함수는 동일한 평문 블록이 데이터 유닛 내의 서로 다른 두 위치에 나타나면 두 개의 서로 다른 암호문 블록으로 암호화 함을 보장합니다. i 함수는 동일한 평문 블록이 두 개의 다른 데이터 단위에서 같은 위치에 나타나는 경우 두 개의 다른 암호문 블록으로 암호화 함을 보장합니다. Reference William Stallings/“Cryptography and Network Security(Sixth Edition)”/PEARSON/2014

Logiciels
1  sur  37
NamYong Kim UCS Lab Email: nykim@seoultech.ac.kr SeoulTech
UCS Lab 5. OUTPUT FEEDBACK MODE 6. Counter Mode 7. XTS-AES Mode for Block-Oriented Storage Devices - Storage Encryption Requirements - Operation on a Single Block - Operation on a Sector
UCS Lab • Output feedback (OFB) mode is similar in structure to that of CFB. • The output of the encryption function is fed back to become input for encrypting the next block in OFB. • In CFB, the output XOR unit is fed back to become input for encrypting the next block. • Other difference is that the OFB mode operates on full blocks of plaintext and ciphertext, not on an S-bit subset. • Cj = Pj ⊕E(K, Oj-1) • Oj-1 = E(K, Oj-2) • ENCRYPTION : Cj = Pj ⊕E(K, [Cj-i ⊕ Pj-1]) • DECRYPTION: Pj = Cj ⊕E(K, [Cj-i ⊕ Pj-1])
UCS Lab CFB Mode OFB Mode • CFB and OFB Compare S-bits
UCS Lab • (a) ENCRYPTION
UCS Lab • OFB Mode • size of a block be b. • Last block of plaintext contains U bits (indicated by *), with u<b the most significant bits of the last output block ON are used for the XOR operation. OFB I1 = Nonce Ij =Oj-1 j= 2,....., N Oj = E(K, Ij) j=1,..., N Cj = Pj ⊕ Oj j=1,..,N-1 C*N = P*N⊕MSBu(ON) I1 = Nonce Ij =LSBb-s(Ij-1)||Cj-1 j = 2,....., N Oj = E(K, Ij) j = 1,......, N Pj = Cj ⊕ Oj j = 1,......., N-1 P*N = C*N⊕MSBu(ON)
UCS Lab • In computing, the most significant bit (MSB, also called the high-order bit) is the bit position in a binary number having the greatest value. The MSB is sometimes referred to as the left-most bit due to the convention in positional notation of writing more significant digits further to the left. • In computing, the least significant bit (LSB) is the bit position in a binary integer giving the units value, that is, determining whether the number is even or odd. The LSB is sometimes referred to as the right-most bit, due to the convention in positional notation of writing less significant digits further to the right.
UCS Lab • CBC and CFB, the OFB mode requires an initialization vector(IV). • In OFB, the IV must be a nonce. • The sequence of encryption output blocks Oi ,depends only on the key and the IV and does not depend on the plaintext. • A given key and IV, the stream of output bits used to XOR with the stream of plaintext bits is fixed. • Advantage of the OFB method is that bit errors in transmission do not propagate. • Disadvantage of OFB is that it is more vulnerable to a message stream modification attack than is CFB.
UCS Lab • (b) DECRYPTION
UCS Lab • Counter (CTR) mode has increased recently with applications to ATM (asynchronous transfer mode) network security and IP security. • A counter equal to the plaintext block size is used. • The counter value must be different for each plaintext block that is encrypted. • The counter is initialized to some value and then incremented by 1. • The counter is encrypted and then XORed with the plaintext block to produce the ciphertext block , there is no chaining. • For decryption, the same sequence of counter values is used
UCS Lab OFB Mode CTR Mode • OFB and CTR Compare Fedback for Next block cipher Counter +1 for Next block cipher
UCS Lab • CTR Mode • we do not need to use padding because of the structure of the CTR mode. • Counter value is used multiple times, then the confidentiality of all of the plaintext blocks corresponding to that counter value may be compromised. • output allows any other plaintext blocks that are encrypted using the same counter value. CTR Cj = Pj ⊕E(K, Tj) j = 1,...., N – 1 C*N = P*N⊕MSBu[E(K, TN)] Pj = Cj ⊕E(K,Tj) j = 1,..., N – 1 P*N = C*N⊕MSBu[E(K, TN)]
UCS Lab • (a) ENCRYPTION
UCS Lab • (b) DECRYPTION
UCS Lab • Hardware Efficiency: Unlike the three chaining modes, encryption (or decryption) in CTR mode can be done in parallel on multiple blocks of plaintext or ciphertext. • Software efficiency: because of the opportunities for parallel execution in CTR mode, processors that support parallel features, such as aggressive pipelining, multiple instruction dispatch per clock cycle, a large number of registers, and Single Instruction Multiple Data(SIMD) instructions, can be effectively utilized. • Preprocessing: The execution of the underlying encryption algorithm does not depend on input of the plaintext or ciphertext.
UCS Lab • Random access: The ith block of plaintext or ciphertext can be processed in random-access fashion with the chaining modes. Applications in which a ciphertext is stored and it is desired to decrypt just one block • Provable security: It can be shown that CTR is at least as secure as the other modes. • Simplicity: Unlike ECB and CBC modes, CTR mode requires only the implementation of the encryption algorithm and not the decryption algorithm.
UCS Lab • The Feedback mechanism, it is useful to think of the encryption function as taking input from a input register whose length equals the encryption block length and with output stored in an output register. • The input register is updated one block at a time by the feedback mechanism. • Both OFB and CTR produce output that is independent of both the plaintext and the ciphertext.
UCS Lab • FEEDBACK CHARACTERISTIC OF MODES OF OPERATION
UCS Lab • FEEDBACK CHARACTERISTIC OF MODES OF OPERATION
UCS Lab
UCS Lab
UCS Lab PART – Storage Encryption Requirements – Operation on a Single Block – Operation on a Sector • In 2010, NIST approved an additional bock cipher mode of operation XTS-AES. This mode is also an IEEE Std 1619-2007. • This standard describes a method of encryption for data stored in sector-based devices. • XTS-AES mode is based on the concept of a tweakable block cipher. • Standard has received widespread industry support.
UCS Lab Tweakable Block Ciphers – XTS = XEX(Xor-Encrypt-Xor)based Tweaked Codebook mode with Ciphertext Stealing – XTS-AES modeis based on the concept of a tweakable block cipher. – A tweakable block cipher is one that has three inputs: a plaintext P, a symmetric key K, and a tweak T. and produces a ciphertext output C. (C = E(K, T, P)) – The tweak need not be kept secret. – Whereas the purpose of the key is to provide security, the purpose of the tweak is to provide variability. – the use of different tweaks with the same plaintext and same key produces different outputs.
UCS Lab Tweakable Block Ciphers – ENCRYPTION : C = H(T)⊕E(K, H(T)⊕P) – where H is a hash function. – For decryption, the same structure is used with the plaintext as input and decryption as the function instead of encryption. – DECRYPTION : H(T)⊕C=E(K, H(T)⊕P) D[K, H(T)⊕C]=H(T)⊕P H(T)⊕D(K, H(T)⊕C)=P – This overcomes the principal security weakness of ECB, which is that two encryptions of the same block yield the same ciphertext.
UCS Lab Tweakable Block Ciphers
UCS Lab STORAGE ENCRYPTION REQUIREMENTS (1) The ciphertext is freely available for an attacker a. In DataBase, other users can retrieve an encrypted record but are unable to read it without the key. b. An unauthorized user manages to gain access to encrypted records. c. Data disk or laptop is stolen, giving the adversary access to the encrypted data. (2) Data layout is not changed on the storage medium and in transit. (3) Data are accessed in fixed sized blocks independently from each other.
UCS Lab (4) Encryption is performed in 16-byte blocks, independently from other blocks. (5) No other metadata used, except the location of the data blocks within the whole data set. (6) The same plaintext is encrypted to different ciphertexts at different locations, but always to the same ciphertext when written to the same location again. (7) A standard conformant device can be constructed for decryption of data encrypted by another standard conformant device.
UCS Lab • CTR mode, an adversary with write access to the encrypted media can flip any bit of the plaintext by flipping the corresponding ciphertext bit. • CBC, An adversary with read/write access to the encrypted disk can copy a ciphertext sector from one position to another.
UCS Lab OPERATION ON A SINGLE BLOCK (1) j sequential number of the 128-bit block inside the data unit. (2) i The value of the 128-bit tweak. Each data unit (sector) is assigned. • j functions assures that if the same plaintext block appears at two different positions within a data unit, it will encrypt to two different ciphertext blocks. • i functions assures that, if the same plaintext block appears at the same position in two different data units, it will encrypt to two different ciphertext blocks.
UCS Lab • XTS-AES Operation on Single Block (a) ENCRYPTION (b) DECRYPTION
UCS Lab • Encryption and decryption of a single block : • Encryption: C = CC ⊕ T = E(K1, PP) ⊕ T = E(K1, P ⊕ T) ⊕ T • Decryption: P = PP ⊕ T = D(K1, CC) ⊕ T = D(K1, C ⊕ T) ⊕ T • Substitute C: P=(P ⊕ T) ⊕ T = P XTS-AES block Operation T = E(K2, i) ⊕ αj PP = P ⊕ T CC = E(K1, PP) C = CC ⊕ T T = E(K2, i) ⊕ αj CC = C ⊕ T PP = D(K1, CC) P = PP ⊕ T
UCS Lab OPERATION ON A SECTOR • Plaintext of a sector or data unit is organized into blocks of 128 bits. Blocks are P0, P1,….., Pm. • Encryption and decryption, each block is treated independently. • The last two blocks are encrypted/decrypted using a ciphertext-stealing technique instead of padding scheme. • Use to make ciphertext length same as plaintext length. • Requires more than one block of plaintext.
UCS Lab XTS-AES Mode
UCS Lab XTS-AES Mode
UCS Lab XTS-AES Mode – Block Encryption: XTS-AES-blockEnc(K, Pj, i, j) – Block Decryption: XTS-AES-blockDec(K, Cj, i, j)
UCS Lab • William Stallings/“Cryptography and Network Security(Sixth Edition)”/PEARSON/2014 • 조상진/알기쉬운 정보보안기사/산업기사 “Engineer Information security”/KISA /2015 • Wikipedia
UCS Lab Q & A

Recommandé

Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For Authentication
Vittorio Giovara
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operation
Mazin Alwaaly
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
harshit chavda
 
Block cipher modes of operations
Block cipher modes of operationsBlock cipher modes of operations
Block cipher modes of operations
AkashRanjandas1
 
Modes of Operation
Modes of Operation Modes of Operation
Modes of Operation
Showkot Usman
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 

Recommandé

Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For Authentication
Vittorio Giovara
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operation
Mazin Alwaaly
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
harshit chavda
 
Block cipher modes of operations
Block cipher modes of operationsBlock cipher modes of operations
Block cipher modes of operations
AkashRanjandas1
 
Modes of Operation
Modes of Operation Modes of Operation
Modes of Operation
Showkot Usman
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
Mazin Alwaaly
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
Brandon Byungyong Jo
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Roman Oliynykov
 
13528 l8
13528 l813528 l8
13528 l8
ridhika_gulati
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
degarden
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
JAINAM KAPADIYA
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
Modern symmetric cipher
Modern symmetric cipherModern symmetric cipher
Modern symmetric cipher
Rupesh Mishra
 
Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4
Federal Urdu University
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
Ch03
Ch03Ch03
Ch03
Joe Christensen
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
tarekiceiuk
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphers
Roman Oliynykov
 
Class3
Class3Class3
Class3
ankitasinghbsc
 
Unit 2
Unit 2Unit 2
Unit 2
KRAMANJANEYULU1
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
ramya marichamy
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodel
priyapavi96
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
Information Security Awareness Group
 
RC 4
RC 4 RC 4
RC 4
Sovan Paul
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.ppt
ssuseraaf866
 
4.ppt
4.ppt4.ppt
4.ppt
TapodhirAcharjee2
 

Contenu connexe

Tendances

Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
degarden
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
tarekiceiuk
 

Tendances (20)

Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
13528 l8
13528 l813528 l8
13528 l8
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
 
Modern symmetric cipher
Modern symmetric cipherModern symmetric cipher
Modern symmetric cipher
 
Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Ch03
Ch03Ch03
Ch03
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphers
 
Class3
Class3Class3
Class3
 
Unit 2
Unit 2Unit 2
Unit 2
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodel
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
 
RC 4
RC 4 RC 4
RC 4
 

Similaire à Chap06 block cipher operation

THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHMTHE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
cscpconf
 
ImplementingCryptoSecurityARMCortex_Doin
ImplementingCryptoSecurityARMCortex_DoinImplementingCryptoSecurityARMCortex_Doin
ImplementingCryptoSecurityARMCortex_Doin
Jonny Doin
 
osdi23_slides_lo_v2.pdf
osdi23_slides_lo_v2.pdfosdi23_slides_lo_v2.pdf
osdi23_slides_lo_v2.pdf
gmdvmk
 
Iisrt swathi priya(26 30)
Iisrt swathi priya(26 30)Iisrt swathi priya(26 30)
Iisrt swathi priya(26 30)
IISRT
 

Similaire à Chap06 block cipher operation (20)

CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.ppt
 
4.ppt
4.ppt4.ppt
4.ppt
 
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHMTHE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
 
182
182182
182
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 
AES Presentation.pptx
AES Presentation.pptxAES Presentation.pptx
AES Presentation.pptx
 
ch06.ppt
ch06.pptch06.ppt
ch06.ppt
 
SymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfSymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdf
 
Symmetric
SymmetricSymmetric
Symmetric
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
ImplementingCryptoSecurityARMCortex_Doin
ImplementingCryptoSecurityARMCortex_DoinImplementingCryptoSecurityARMCortex_Doin
ImplementingCryptoSecurityARMCortex_Doin
 
osdi23_slides_lo_v2.pdf
osdi23_slides_lo_v2.pdfosdi23_slides_lo_v2.pdf
osdi23_slides_lo_v2.pdf
 
Block ciphers &amp; public key cryptography
Block ciphers &amp; public key cryptographyBlock ciphers &amp; public key cryptography
Block ciphers &amp; public key cryptography
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
Lec05
Lec05Lec05
Lec05
 
Iisrt swathi priya(26 30)
Iisrt swathi priya(26 30)Iisrt swathi priya(26 30)
Iisrt swathi priya(26 30)
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
 
Encryption techniqudgfhgvj,hbkes (2).pptx
Encryption techniqudgfhgvj,hbkes (2).pptxEncryption techniqudgfhgvj,hbkes (2).pptx
Encryption techniqudgfhgvj,hbkes (2).pptx
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection Mechanisms
 

Plus de Nam Yong Kim

효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구
효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구
효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구
Nam Yong Kim
 
Algorithm (MAC/GCM/GMAC)
Algorithm (MAC/GCM/GMAC)Algorithm (MAC/GCM/GMAC)
Algorithm (MAC/GCM/GMAC)
Nam Yong Kim
 
A secure system for pervasive social network based healthcare
A secure system for pervasive social network based healthcareA secure system for pervasive social network based healthcare
A secure system for pervasive social network based healthcare
Nam Yong Kim
 
Cloud tech or SecaaS
Cloud tech or SecaaSCloud tech or SecaaS
Cloud tech or SecaaS
Nam Yong Kim
 
ZodiacWX_Northbound Networks manual1
ZodiacWX_Northbound Networks manual1ZodiacWX_Northbound Networks manual1
ZodiacWX_Northbound Networks manual1
Nam Yong Kim
 

Plus de Nam Yong Kim (9)

Blockchain-based multiple AAA system in edge computing for IoT networks
Blockchain-based multiple AAA system in edge computing for IoT networksBlockchain-based multiple AAA system in edge computing for IoT networks
Blockchain-based multiple AAA system in edge computing for IoT networks
 
Hybrid Virtual Machine-based SDN System in Cloud
Hybrid Virtual Machine-based SDN System in CloudHybrid Virtual Machine-based SDN System in Cloud
Hybrid Virtual Machine-based SDN System in Cloud
 
Novel user allocation scheme for full duplex multi-user bidirectional Li-Fi n...
Novel user allocation scheme for full duplex multi-user bidirectional Li-Fi n...Novel user allocation scheme for full duplex multi-user bidirectional Li-Fi n...
Novel user allocation scheme for full duplex multi-user bidirectional Li-Fi n...
 
Specific innovative semi-transparent solar cell for indoor and outdoor LiFi a...
Specific innovative semi-transparent solar cell for indoor and outdoor LiFi a...Specific innovative semi-transparent solar cell for indoor and outdoor LiFi a...
Specific innovative semi-transparent solar cell for indoor and outdoor LiFi a...
 
효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구
효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구
효율적인 클라우드 환경을 위한 가상화 및 SDN/NFV 기술 연구
 
Algorithm (MAC/GCM/GMAC)
Algorithm (MAC/GCM/GMAC)Algorithm (MAC/GCM/GMAC)
Algorithm (MAC/GCM/GMAC)
 
A secure system for pervasive social network based healthcare
A secure system for pervasive social network based healthcareA secure system for pervasive social network based healthcare
A secure system for pervasive social network based healthcare
 
Cloud tech or SecaaS
Cloud tech or SecaaSCloud tech or SecaaS
Cloud tech or SecaaS
 
ZodiacWX_Northbound Networks manual1
ZodiacWX_Northbound Networks manual1ZodiacWX_Northbound Networks manual1
ZodiacWX_Northbound Networks manual1
 

Dernier

The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
Roberto Bettazzoni
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
Natan Silnitsky
 

Dernier (20)

WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 

Chap06 block cipher operation

  • 1. NamYong Kim UCS Lab Email: nykim@seoultech.ac.kr SeoulTech
  • 2. UCS Lab 5. OUTPUT FEEDBACK MODE 6. Counter Mode 7. XTS-AES Mode for Block-Oriented Storage Devices - Storage Encryption Requirements - Operation on a Single Block - Operation on a Sector
  • 3. UCS Lab • Output feedback (OFB) mode is similar in structure to that of CFB. • The output of the encryption function is fed back to become input for encrypting the next block in OFB. • In CFB, the output XOR unit is fed back to become input for encrypting the next block. • Other difference is that the OFB mode operates on full blocks of plaintext and ciphertext, not on an S-bit subset. • Cj = Pj ⊕E(K, Oj-1) • Oj-1 = E(K, Oj-2) • ENCRYPTION : Cj = Pj ⊕E(K, [Cj-i ⊕ Pj-1]) • DECRYPTION: Pj = Cj ⊕E(K, [Cj-i ⊕ Pj-1])
  • 4. UCS Lab CFB Mode OFB Mode • CFB and OFB Compare S-bits
  • 5. UCS Lab • (a) ENCRYPTION
  • 6. UCS Lab • OFB Mode • size of a block be b. • Last block of plaintext contains U bits (indicated by *), with u<b the most significant bits of the last output block ON are used for the XOR operation. OFB I1 = Nonce Ij =Oj-1 j= 2,....., N Oj = E(K, Ij) j=1,..., N Cj = Pj ⊕ Oj j=1,..,N-1 C*N = P*N⊕MSBu(ON) I1 = Nonce Ij =LSBb-s(Ij-1)||Cj-1 j = 2,....., N Oj = E(K, Ij) j = 1,......, N Pj = Cj ⊕ Oj j = 1,......., N-1 P*N = C*N⊕MSBu(ON)
  • 7. UCS Lab • In computing, the most significant bit (MSB, also called the high-order bit) is the bit position in a binary number having the greatest value. The MSB is sometimes referred to as the left-most bit due to the convention in positional notation of writing more significant digits further to the left. • In computing, the least significant bit (LSB) is the bit position in a binary integer giving the units value, that is, determining whether the number is even or odd. The LSB is sometimes referred to as the right-most bit, due to the convention in positional notation of writing less significant digits further to the right.
  • 8. UCS Lab • CBC and CFB, the OFB mode requires an initialization vector(IV). • In OFB, the IV must be a nonce. • The sequence of encryption output blocks Oi ,depends only on the key and the IV and does not depend on the plaintext. • A given key and IV, the stream of output bits used to XOR with the stream of plaintext bits is fixed. • Advantage of the OFB method is that bit errors in transmission do not propagate. • Disadvantage of OFB is that it is more vulnerable to a message stream modification attack than is CFB.
  • 9. UCS Lab • (b) DECRYPTION
  • 10. UCS Lab • Counter (CTR) mode has increased recently with applications to ATM (asynchronous transfer mode) network security and IP security. • A counter equal to the plaintext block size is used. • The counter value must be different for each plaintext block that is encrypted. • The counter is initialized to some value and then incremented by 1. • The counter is encrypted and then XORed with the plaintext block to produce the ciphertext block , there is no chaining. • For decryption, the same sequence of counter values is used
  • 11. UCS Lab OFB Mode CTR Mode • OFB and CTR Compare Fedback for Next block cipher Counter +1 for Next block cipher
  • 12. UCS Lab • CTR Mode • we do not need to use padding because of the structure of the CTR mode. • Counter value is used multiple times, then the confidentiality of all of the plaintext blocks corresponding to that counter value may be compromised. • output allows any other plaintext blocks that are encrypted using the same counter value. CTR Cj = Pj ⊕E(K, Tj) j = 1,...., N – 1 C*N = P*N⊕MSBu[E(K, TN)] Pj = Cj ⊕E(K,Tj) j = 1,..., N – 1 P*N = C*N⊕MSBu[E(K, TN)]
  • 13. UCS Lab • (a) ENCRYPTION
  • 14. UCS Lab • (b) DECRYPTION
  • 15. UCS Lab • Hardware Efficiency: Unlike the three chaining modes, encryption (or decryption) in CTR mode can be done in parallel on multiple blocks of plaintext or ciphertext. • Software efficiency: because of the opportunities for parallel execution in CTR mode, processors that support parallel features, such as aggressive pipelining, multiple instruction dispatch per clock cycle, a large number of registers, and Single Instruction Multiple Data(SIMD) instructions, can be effectively utilized. • Preprocessing: The execution of the underlying encryption algorithm does not depend on input of the plaintext or ciphertext.
  • 16. UCS Lab • Random access: The ith block of plaintext or ciphertext can be processed in random-access fashion with the chaining modes. Applications in which a ciphertext is stored and it is desired to decrypt just one block • Provable security: It can be shown that CTR is at least as secure as the other modes. • Simplicity: Unlike ECB and CBC modes, CTR mode requires only the implementation of the encryption algorithm and not the decryption algorithm.
  • 17. UCS Lab • The Feedback mechanism, it is useful to think of the encryption function as taking input from a input register whose length equals the encryption block length and with output stored in an output register. • The input register is updated one block at a time by the feedback mechanism. • Both OFB and CTR produce output that is independent of both the plaintext and the ciphertext.
  • 18. UCS Lab • FEEDBACK CHARACTERISTIC OF MODES OF OPERATION
  • 19. UCS Lab • FEEDBACK CHARACTERISTIC OF MODES OF OPERATION
  • 22. UCS Lab PART – Storage Encryption Requirements – Operation on a Single Block – Operation on a Sector • In 2010, NIST approved an additional bock cipher mode of operation XTS-AES. This mode is also an IEEE Std 1619-2007. • This standard describes a method of encryption for data stored in sector-based devices. • XTS-AES mode is based on the concept of a tweakable block cipher. • Standard has received widespread industry support.
  • 23. UCS Lab Tweakable Block Ciphers – XTS = XEX(Xor-Encrypt-Xor)based Tweaked Codebook mode with Ciphertext Stealing – XTS-AES modeis based on the concept of a tweakable block cipher. – A tweakable block cipher is one that has three inputs: a plaintext P, a symmetric key K, and a tweak T. and produces a ciphertext output C. (C = E(K, T, P)) – The tweak need not be kept secret. – Whereas the purpose of the key is to provide security, the purpose of the tweak is to provide variability. – the use of different tweaks with the same plaintext and same key produces different outputs.
  • 24. UCS Lab Tweakable Block Ciphers – ENCRYPTION : C = H(T)⊕E(K, H(T)⊕P) – where H is a hash function. – For decryption, the same structure is used with the plaintext as input and decryption as the function instead of encryption. – DECRYPTION : H(T)⊕C=E(K, H(T)⊕P) D[K, H(T)⊕C]=H(T)⊕P H(T)⊕D(K, H(T)⊕C)=P – This overcomes the principal security weakness of ECB, which is that two encryptions of the same block yield the same ciphertext.
  • 26. UCS Lab STORAGE ENCRYPTION REQUIREMENTS (1) The ciphertext is freely available for an attacker a. In DataBase, other users can retrieve an encrypted record but are unable to read it without the key. b. An unauthorized user manages to gain access to encrypted records. c. Data disk or laptop is stolen, giving the adversary access to the encrypted data. (2) Data layout is not changed on the storage medium and in transit. (3) Data are accessed in fixed sized blocks independently from each other.
  • 27. UCS Lab (4) Encryption is performed in 16-byte blocks, independently from other blocks. (5) No other metadata used, except the location of the data blocks within the whole data set. (6) The same plaintext is encrypted to different ciphertexts at different locations, but always to the same ciphertext when written to the same location again. (7) A standard conformant device can be constructed for decryption of data encrypted by another standard conformant device.
  • 28. UCS Lab • CTR mode, an adversary with write access to the encrypted media can flip any bit of the plaintext by flipping the corresponding ciphertext bit. • CBC, An adversary with read/write access to the encrypted disk can copy a ciphertext sector from one position to another.
  • 29. UCS Lab OPERATION ON A SINGLE BLOCK (1) j sequential number of the 128-bit block inside the data unit. (2) i The value of the 128-bit tweak. Each data unit (sector) is assigned. • j functions assures that if the same plaintext block appears at two different positions within a data unit, it will encrypt to two different ciphertext blocks. • i functions assures that, if the same plaintext block appears at the same position in two different data units, it will encrypt to two different ciphertext blocks.
  • 30. UCS Lab • XTS-AES Operation on Single Block (a) ENCRYPTION (b) DECRYPTION
  • 31. UCS Lab • Encryption and decryption of a single block : • Encryption: C = CC ⊕ T = E(K1, PP) ⊕ T = E(K1, P ⊕ T) ⊕ T • Decryption: P = PP ⊕ T = D(K1, CC) ⊕ T = D(K1, C ⊕ T) ⊕ T • Substitute C: P=(P ⊕ T) ⊕ T = P XTS-AES block Operation T = E(K2, i) ⊕ αj PP = P ⊕ T CC = E(K1, PP) C = CC ⊕ T T = E(K2, i) ⊕ αj CC = C ⊕ T PP = D(K1, CC) P = PP ⊕ T
  • 32. UCS Lab OPERATION ON A SECTOR • Plaintext of a sector or data unit is organized into blocks of 128 bits. Blocks are P0, P1,….., Pm. • Encryption and decryption, each block is treated independently. • The last two blocks are encrypted/decrypted using a ciphertext-stealing technique instead of padding scheme. • Use to make ciphertext length same as plaintext length. • Requires more than one block of plaintext.
  • 35. UCS Lab XTS-AES Mode – Block Encryption: XTS-AES-blockEnc(K, Pj, i, j) – Block Decryption: XTS-AES-blockDec(K, Cj, i, j)
  • 36. UCS Lab • William Stallings/“Cryptography and Network Security(Sixth Edition)”/PEARSON/2014 • 조상진/알기쉬운 정보보안기사/산업기사 “Engineer Information security”/KISA /2015 • Wikipedia