Cryptography and Network

Security
Chapter 6
 Multiple Encryption & DES
• clear a replacement for DES was needed
– theoretical attacks that can break it
– demonstrated exhaustive key search attacks
• AES is a new cipher alternative
• prior to this alternative was to use multiple
encryption with DES implementations
• Triple-DES is the chosen form

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Double-DES?
• could use 2 DES encrypts on each block
– C = EK2(EK1(P))
• issue of reduction to single stage
• and have “meet-in-the-middle” attack
– works whenever use a cipher twice
– since X = EK1(P) = DK2(C)
– attack by encrypting P with all keys and store
– then decrypt C with keys and match X value
– can show takes O(256) steps
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Triple-DES with Two-Keys
• hence must use 3 encryptions
– would seem to need 3 distinct keys
• but can use 2 keys with E-D-E sequence
– C = EK1(DK2(EK1(P)))
– nb encrypt & decrypt equivalent in security
– if K1=K2 then can work with single DES
• standardized in ANSI X9.17 & ISO8732
• no current known practical attacks
– several proposed impractical attacks might
become basis of future attacks
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Triple-DES with Three-Keys
• although are no practical attacks on two-key
Triple-DES have some indications
• can use Triple-DES with Three-Keys to avoid
even these
– C = EK3(DK2(EK1(P)))
• has been adopted by some Internet
applications, eg PGP, S/MIME

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Modes of Operation
• When multiple blocks of plaintext are encrypted
using the same key, a number of security issues
arise.
• Mode of operation is a technique for
– enhancing the effect of a cryptographic algorithm
– For applying a block cipher to a sequence of data
blocks or a data stream.
• These modes are intended for use with any
symmetric block cipher, including triple DES and
AES.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Modes of Operation
To apply a block cipher in a variety of applications, five modes of operation
have been defined.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Electronic Codebook Book (ECB)
• ECB is a gigantic codebook in which there is an
entry for every possible b-bit plaintext pattern
showing its corresponding ciphertext.
• In ECB for a given key, there is a unique
ciphertext for every b-bit block of plaintext.
• In electronic codebook (ECB) mode, a
plaintext is handled one block at a time and
each block of plaintext is encrypted using the
same key.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Electronic
Codebook
Book (ECB)

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Advantages of ECB

• The most significant characteristic of ECB is that if the

same b-bit block of plaintext appears more than once in
the message, it always produces the same ciphertext.
• The ECB method is ideal for a short amount of data,
such as an encryption key.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Limitations of ECB

• For lengthy messages, the ECB mode may not be secure,

• If the message always starts out with certain predefined fields,
then the cryptanalyst may have a number of known plaintext–
ciphertext pairs to work with.
• If the message has repetitive elements with a period of repetition
in multiples of bits, then cryptanalyst can go for substitution or
rearrangement blocks.
• The security deficiencies of ECB, is that same plaintext block, if
repeated, produces same ciphertext blocks

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Cipher Block Chaining (CBC)
• In cipher block chaining (CBC) mode same
plaintext block, if repeated, produces different
ciphertext blocks.
• The input to the encryption algorithm is the XOR
of the current plaintext block and the preceding
ciphertext block; the same key is used for each
block.
• Resulting in chaining together the processing of
the sequence of plaintext blocks.
• For decryption, the result of decryption algorithm
is XORed with the preceding ciphertext block to
produce the plaintext block.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Cipher Block Chaining (CBC)

• The IV (Initialization Vector) which is a data block

that has the same size as the cipher block.
• On encryption, an initialization vector (IV) is XORed
with the first block of plaintext to get the first block
of ciphertext.
• On decryption, the IV is XORed with the output of
the decryption algorithm to recover the first block of
plaintext.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Cipher
Block
Chaining
(CBC)

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Advantages and Limitations of CBC

➢a ciphertext block depends on all blocks before

it
➢any change to a block affects all following
ciphertext blocks
➢need Initialization Vector (IV)
⚫ which must be known to sender & receiver
⚫ if sent in clear, attacker can change bits of first block, and
change IV to compensate
⚫ hence IV must either be a fixed value
⚫ Or must be sent encrypted in ECB mode before rest of
message
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Stream Modes of Operation
• A stream cipher eliminates the need to pad a message to
be an integral number of blocks. It also can operate in
real time.
• One desirable property of a stream cipher is that the
ciphertext should be of the same length as the plaintext.
• The units of plaintext are chained together, so that the
ciphertext of any plaintext unit is a function of all the
preceding plaintext.
• The plaintext is divided into segments of bits.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Stream Modes of Operation
• Block modes encrypt entire block of data.
• Stream modes are required to operate on
smaller units
– Eg:real time data
• A block cipher can be converted into a stream
cipher,using one of the three modes
– cipher feedback (CFB) mode
– output feedback (OFB) mode
– counter (CTR) mode
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Cipher FeedBack (CFB) Encryption
• The input to the encryption function is a b-bit shift
register that is initially set to some initialization vector
(IV).
• The leftmost (most significant) s bits of the output of
the encryption function are XORed with the first
segment of plaintext P1 to produce the first unit of
ciphertext C1 , which is then transmitted.
• The contents of the shift register are shifted left by s
bits. The first unit of ciphertext C1 is placed in the
rightmost (least significant) bits of the shift register,
which is given as an input to the encryption function.
This process continues until all plaintext units have
been encrypted.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Cipher FeedBack (CFB) Decryption
• The same scheme is used,except that the received
ciphertext unit is XORed with the output of the
encryption function to produce the plaintext unit.
• The encryption function is used, not the decryption
function.

• We can define CFB mode as follows.

C1= P1 XOR MSBs[E(K, IV)]
P1= C1 XOR MSBs[E(K, IV)]

Dr. Benita Jaison, MCA Dept., St. Francis College.

 s-bit
Cipher
FeedBack
(CFB-s)

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Advantages and Limitations of CFB
➢appropriate when data arrives in bits/bytes
➢most common stream mode
➢note that the block cipher algorithm (DES,AES)
is used in encryption mode at both ends
➢errors propagate for several blocks after the
any error

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Output Feedback Mode
• Output Feedback (OFB) mode is a block cipher mode of
operation that converts a block cipher into a stream cipher by
feeding the encryption output back into itself.
• Unlike ECB or CBC, it ensures that identical plaintext blocks
will not produce the same ciphertext blocks (as long as the IV
is unique).

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Output Feedback Mode
• OFB uses an Initialization Vector (IV) to generate a
keystream that is XORed with the plaintext to
produce ciphertext.
• Instead of encrypting the plaintext directly, the IV is
encrypted first with a key and its output is used as a
keystream which is XORed with the plaintext to
produce ciphertext.
• This keystream is independent of the plaintext,
making it resistant to pattern analysis.
• The output of each encryption step feeds into the
next encryption step (hence, "Output Feedback").
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Advantages of OFB
• Converts Block Cipher into a Stream Cipher: Ideal for encrypting
continuous or streaming data.
• No Padding Required: Unlike CBC, OFB can handle messages of any length
without padding.
• Error Propagation is Low: A single-bit error in transmission affects only that
bit in decryption.
• Resistant to Pattern Analysis: Unlike ECB, repeated plaintext blocks do not
result in repeated ciphertext blocks.
• Disadvantages of OFB:
– IV Must Be Unique – If the same IV is reused with the same key, attackers can derive the
plaintext by XORing ciphertexts.
– Susceptible to Bit-Flipping Attacks – Since OFB generates a keystream independent of the
plaintext, an attacker can flip bits in ciphertext to modify decrypted plaintext.
– Not Parallelizable – Unlike CTR mode, OFB is inherently sequential because each output
block depends on the previous one.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Counter Mode
• Counter (CTR) mode is a block cipher mode of operation that turns a block cipher
into a stream cipher by using a counter (nonce + incrementing value) as the input
for encryption.
• It is highly efficient because encryption and decryption can be done in parallel and
does not require padding for partial blocks.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Counter Mode
1. A unique nonce (random number) and an incrementing
counter are combined to create a counter block.
2. This counter block is encrypted using the block cipher
algorithm (e.g., AES).
3. The encrypted counter block is then XORed with the plaintext
to produce ciphertext.
4. During decryption, the same encrypted counter block is XORed
with the ciphertext to recover the original plaintext.
5. CTR mode ensures each block is uniquely encrypted even if
the same plaintext appears multiple times.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Advantages and Limitations of Counter Mode

• Parallelizable: Since each block encryption is independent,

CTR mode allows parallel processing, unlike CBC.
• No Padding Required: Works efficiently with any message
length, avoiding padding issues seen in ECB and CBC.
• Fast Random Access: Since each block is independently
encrypted, decryption can start at any block without needing
to process previous blocks.
• Resistant to Pattern Analysis: Unlike ECB mode, the same
plaintext block will not always encrypt to the same ciphertext.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Encryption Devices

• Encryption is the most powerful approach to

counter threats to network security.
• In encryption we need to decide :
– What to encrypt
– Where the encryption gear should be placed.
• Two alternatives to place encryption devices:
– Link encryption
– End-to-end encryption

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Link Encryption
• Encrypt entire data and traffic headers (data + containing
the address)
• Link Encryption is performed at the physical or data link layers of the
OSI network model.
• Adv: Link encryption can prevent attempts at traffic analysis,
• Disadv:The link routing information itself is encrypted and must be
decrypted each time it enters a switch in PSN .The switch read the
address in the packet header to route the packet.
• A lot of encryption devices are required.
• It is costly due to the need to have specialized routing equipment
along the path.
– Satellite TV is an example of a medium that uses link encryption.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Link Encryption
• Advantages
– All traffic over all communications links is secured.
– The message must be decrypted each time it enters a switch
(such as a frame relay switch) because the switch must read
the address (logical connection number) in the packet header
in order to route the frame. Thus, the message is suseptable
to attack at each switch. If working with a public network, the
user has no control over the security of the switch or nodes.
– Many keys must be provided for more effectiveness.
• Limitations:
• All the potential links in a path from source to destination must use link
encryption.
• Each pair of nodes that share a link should share a unique key, with a
different key used on each link.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 End-to-End Encryption Devices
• Encrypts only data and not the address.Encryption is done
in application layer.
• Network devices need not decrypt to get the destination
address.

• End-to-end encryption, only encrypts the data being transmitted.

• Encryption process is carried out at the two end systems.The source
terminal encrypts the data and is transmitted across the network to
the destination terminal which decrypts to get back the data.
• The destination and source shares the key.
• With end-to end encryption the user data is secured, but the traffic
pattern is not secured.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 End-to-end Encryption
• Advantages
– The user data are secure.
– The traffic pattern is not secured, because packet headers are transmitted
in the clear.
– On the other hand, end-to-end encryption does provide a degree of
authentication.
• If two end systems share an encryption key, then a recipient is assured that any
message that it receives comes from the alleged sender, because only that
sender shares the relevant key. Such authentication is not inherent in a link
encryption scheme.

• To achieve greater security, both link and end-to-end

encryption are needed.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Encryption Devices
In practice both forms are employed.
• The host encrypt the data portion of a packet using
end to end encryption key (only data) and the entire
packet (data + header) is encrypted using the link
encryption key.
• As packet traverse the network each switch decrypts
the packet using the link encryption key to read the
address and encrypt the entire packet again for the
next link.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Dr. Benita Jaison, MCA Dept., St. Francis College.