CISC 210 - Class Today

March 2005 1R. Smith - University of St Thomas - Minnesota

CISC 210 - Class TodayCISC 210 - Class Today

• ““Help wanted” for security projectHelp wanted” for security project• RecapRecap• Block CiphersBlock Ciphers• Block Cipher ModesBlock Cipher Modes• Group Problem Solve – Block CiphersGroup Problem Solve – Block Ciphers

• Reading Assignment:Reading Assignment:– Internet Cryptography Chapters 1 and 2Internet Cryptography Chapters 1 and 2– Chapter excerpt on Volume Encryption from “Authentication”Chapter excerpt on Volume Encryption from “Authentication”


““Help Wanted” for security projectHelp Wanted” for security project

• (The title probably sounds more impressive (The title probably sounds more impressive than the actual work)than the actual work)

– I need someone to help collect information about computer I need someone to help collect information about computer security product certifications over the past 3 yearssecurity product certifications over the past 3 years

– Part-time student position for a few weeksPart-time student position for a few weeks

• QualificationsQualifications– Can deal with MS AccessCan deal with MS Access– Can read a structured technical document and quickly extract Can read a structured technical document and quickly extract

data from itdata from it– Ability to puzzle out other languages (German, French, maybe Ability to puzzle out other languages (German, French, maybe

Korean or Japanese) preferred but not requiredKorean or Japanese) preferred but not required


RecapRecap

• Crypto Building BlocksCrypto Building Blocks– One-way hashOne-way hash– RandomnessRandomness– XOR for encryptionXOR for encryption– Keystream generation – pseudo-random number generationKeystream generation – pseudo-random number generation– NoncesNonces

• Block CiphersBlock Ciphers– Another building blockAnother building block


Cracking a Block CipherCracking a Block Cipher

• It’s a hard thing to doIt’s a hard thing to do

• Known plaintext attackKnown plaintext attack– You may need several plaintext/ciphertext pairs to attackYou may need several plaintext/ciphertext pairs to attack– Generally, you still must do trial-and-error key testingGenerally, you still must do trial-and-error key testing

• Block ciphers are intentionally designed to Block ciphers are intentionally designed to make this hard. make this hard. – The designers assume the attackers can get a bunch of The designers assume the attackers can get a bunch of

plaintext/ciphertext pairsplaintext/ciphertext pairs– Those pairs aren’t enough to leak the keyThose pairs aren’t enough to leak the key


Hacking CiphertextHacking Ciphertext

• Let’s try encrypting with a block cipherLet’s try encrypting with a block cipher

• Let’s edit the ciphertextLet’s edit the ciphertext

• Next, decrypt and see what happens.Next, decrypt and see what happens.


Cipher Block “Modes”Cipher Block “Modes”

• These use other crypto building blocks to solve These use other crypto building blocks to solve certain problems with block cipherscertain problems with block ciphers

• How do we handle partial blocks?How do we handle partial blocks?– Not all digital data will fit exactly into the blocksNot all digital data will fit exactly into the blocks– How do we do a ‘real’ stream cipher with a block cipher?How do we do a ‘real’ stream cipher with a block cipher?

• Also – There is a ‘patterning’ problemAlso – There is a ‘patterning’ problem– If you just use the block cipher directly, you may leak If you just use the block cipher directly, you may leak

information through patterns in the encrypted datainformation through patterns in the encrypted data


““Straight” Crypto – ECB ModeStraight” Crypto – ECB Mode

• Just apply the key to the plaintextJust apply the key to the plaintext• Block after block after blockBlock after block after block


Penguin using Straight CryptoPenguin using Straight Crypto

BEFORE:BEFORE: AFTER:AFTER:


What We WantWhat We Want

BEFORE:BEFORE: AFTER:AFTER:


What’s the problem?What’s the problem?

• The blocks themselves form patternsThe blocks themselves form patterns– We ‘leak’ information because of those patternsWe ‘leak’ information because of those patterns

• Also, it only works on whole blocksAlso, it only works on whole blocks– How do we encrypt partial blocks?How do we encrypt partial blocks?– I.E. how do we make a block cipher into a stream cipher?I.E. how do we make a block cipher into a stream cipher?


A Simple Idea: Key Autokey (OFB)A Simple Idea: Key Autokey (OFB)

• The key stream is independent of the data streamThe key stream is independent of the data stream• Sort of like a ‘stream cipher’ - can work bit by bitSort of like a ‘stream cipher’ - can work bit by bit• The “Initialization Vector” – it’s a nonceThe “Initialization Vector” – it’s a nonce


OFB DecryptionOFB Decryption

• Basically identical to the encryption operationBasically identical to the encryption operation• Start with the initialization vector (IV)Start with the initialization vector (IV)• Generates the exact same key streamGenerates the exact same key stream


Another view of OFBAnother view of OFB

• The block cipher provides the PRNGThe block cipher provides the PRNG– The actual keystream varies with the key and the IVThe actual keystream varies with the key and the IV

Block CipherBlock CipherAlgorithmAlgorithm

Initialization Initialization Vector (IV)Vector (IV) PlaintextPlaintext

CiphertextCiphertextKeyKey


A variant: Cipher Feedback (CFB)A variant: Cipher Feedback (CFB)

• Like OFB, but feeds forward the ciphertextLike OFB, but feeds forward the ciphertext– Keystream incorporates the ciphertextKeystream incorporates the ciphertext

• Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt


CFB DecryptionCFB Decryption



Yet Another: Counter Mode (CTR)Yet Another: Counter Mode (CTR)

• Like OFB, but uses a counter instead of chainingLike OFB, but uses a counter instead of chaining• ““Nonce” is a random data value; counter incrementsNonce” is a random data value; counter increments• Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt


CTR DecryptionCTR Decryption



A Popular Choice: CBCA Popular Choice: CBC

• Kind of Rube Goldberg-ishKind of Rube Goldberg-ish• Each block of plaintext is mixed with the previous Each block of plaintext is mixed with the previous

block of ciphertext before encryptionblock of ciphertext before encryption• Again, uses an IVAgain, uses an IV


CBC DecryptionCBC Decryption

• Start with the initialization vector (IV)Start with the initialization vector (IV)• XOR with decrypted ciphertext to yield plaintextXOR with decrypted ciphertext to yield plaintext• ““Error extension” - how do errors propagate?Error extension” - how do errors propagate?• Can we “mix and match” blocks?Can we “mix and match” blocks?


Quick Overview of ModesQuick Overview of Modes

• Seen HereSeen Here– Codebook – the non-modeCodebook – the non-mode– OFB – gives us a basic stream cipherOFB – gives us a basic stream cipher– CFB – Feeds back the ciphertext, not the keystreamCFB – Feeds back the ciphertext, not the keystream– CTR – reasonable choice for disk drive encryptionCTR – reasonable choice for disk drive encryption– CBC – complicated and popularCBC – complicated and popular

• OthersOthers– XEX – supercharged CTR mode, used in TrueCryptXEX – supercharged CTR mode, used in TrueCrypt


In Class group exerciseIn Class group exercise

• Four groups, 4 problemsFour groups, 4 problems– For each:For each:

• Is the output obviously messed up?Is the output obviously messed up?• Does the output ever get back to normal?Does the output ever get back to normal?• If so, how much output gets affected (#bits, #blocks)?If so, how much output gets affected (#bits, #blocks)?

1.1. Swap two blocks in CBCSwap two blocks in CBC

2.2. Ciphertext flips 1 bit in CBCCiphertext flips 1 bit in CBC

3.3. Swap two blocks in CTRSwap two blocks in CTR

4.4. Ciphertext flips 1 bit in CTRCiphertext flips 1 bit in CTR


Desktop Crypto ImplementationsDesktop Crypto Implementations

• File encryptionFile encryption– User controlled; sharing and separation on computerUser controlled; sharing and separation on computer

• Hard drive encryptionHard drive encryption– Done in hardware, no real user controlDone in hardware, no real user control

• Volume encryptionVolume encryption– Done in software; no real user controlDone in software; no real user control

• Policy implications!Policy implications!


Operating System StructureOperating System Structure

• Pieces of the OS, related to I/O systemPieces of the OS, related to I/O system– File systemFile system– Device driversDevice drivers

• Drivers are flexible partDrivers are flexible part

• File system and API give a standard ‘view’ of File system and API give a standard ‘view’ of hard drives to user programshard drives to user programs


Volume encryptionVolume encryption

• Device driver encrypts data written to the driveDevice driver encrypts data written to the drive• Can’t boot without a password/phrase/keyCan’t boot without a password/phrase/key• Users can steal from each otherUsers can steal from each other

– Trojan horse issueTrojan horse issue

• Everything is safe if volume is stolenEverything is safe if volume is stolen– (and key is unknown)(and key is unknown)


Hard drive encryptionHard drive encryption

• Fast crypto built into hard driveFast crypto built into hard drive• Users can steal from each otherUsers can steal from each other• Crypto is harder to disableCrypto is harder to disable• Problem: how do we handle the key?Problem: how do we handle the key?


Structure AlternativesStructure Alternatives

• Hard drive encryptionHard drive encryption– At hardware levelAt hardware level– Outside/beyond device driverOutside/beyond device driver

• Volume encryptionVolume encryption– At device driver levelAt device driver level– File system sees a normal driveFile system sees a normal drive


Software Crypto DilemmasSoftware Crypto Dilemmas

• How do we keep the crypto safe?How do we keep the crypto safe?– What can ‘they’ subvertWhat can ‘they’ subvert

• Subversion examplesSubversion examples– File encryptionFile encryption– Hard drive encryptionHard drive encryption

• Access control protectionsAccess control protections


Cipher block modesCipher block modes

The images all came from the Wikipedia entry on Block Cipher ModesThe images all came from the Wikipedia entry on Block Cipher Modes

The Penguin image was produced by [email protected] and The GIMP if someone The Penguin image was produced by [email protected] and The GIMP if someone asks.asks.

Creative Commons LicenseCreative Commons License

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit States License. To view a copy of this license, visit

http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.




Creative Commons LicenseCreative Commons License

This work is licensed under the Creative This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United Commons Attribution-Share Alike 3.0 United

States License. To view a copy of this license, States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-visit http://creativecommons.org/licenses/by-

sa/3.0/us/ or send a letter to Creative sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Commons, 171 Second Street, Suite 300, San

Francisco, California, 94105, USA.Francisco, California, 94105, USA.

Date post:	31-Dec-2015
Category:	Documents
Upload:	romaine-cesar
View:	20 times
Download:	1 times

CISC 210 - Class Today

Documents