SlideShare una empresa de Scribd logo

Block Ciphers Modes of Operation

Roman Oliynykov
Roman Oliynykov

Slides on my lecture on block cipher modes of operation and their properties given at University of Bergen (Norway), on December, 2014

Internet
1 de 35
Descargar para leer sin conexión
Properties of new NIST block cipher modes of operation Roman Oliynykov Professor at Information Technologies Security Department Kharkov National University of Radioelectronics Head of Scientific Research Department JSC “Institute of Information Technologies” Ukraine Visiting professor at Samsung Advanced Technology Training Institute Korea ROliynykov@gmail.com December 2014
Outline  A few words about myself  Need of block cipher modes of operation and well- known standard modes  Newly developed and NIST adopted modes and their properties  Conclusions
About myself (I)  I’m from Ukraine (Eastern part of Europe), host country of Euro2012 football championship  I live in Kharkov (the second biggest city in the country, population is 1.5 million people), Eastern Ukraine (near Russia), former capital of the Soviet Ukraine (1918-1934) three Nobel prize winners worked at Kharkov University
About myself (II)  Professor at Information Technologies Security Department at Kharkov National University of Radioelectronics  courses on computer networks and operation system security, special mathematics for cryptographic applications  Head of Scientific Research Department at JSC “Institute of Information Technologies”  Scientific interests: symmetric cryptographic primitives synthesis and cryptanalysis  Visiting professor at Samsung Advanced Technology Training Institute  courses on computer networks and operation system security, software security, effective application and implementation of symmetric cryptography
Need for modes of operation  stream cipher:  encryption of arbitrary length message  no error propagation during decryption (adversary can selectively change plaintext bits by ciphertext modification)  no integrity check  same procedure for encryption and decryption  block cipher (ECB mode):  encryption of fixed block  error propagation during decryption (avalanche effect)  no integrity check  the same plaintext blocks have the same ciphertext (until key is changed)  different procedures for encryption and decryption
Main block cipher modes of operation: confidentiality only  Electronic Codebook Mode (ECB)  Cipher Block Chaining (CBC)  Cipher Feedback (CFB)  Output Feedback (OFB)  Counter (CTR) US National Institute of Standard Special Publications (NIST SP) 800-38 ISO/IEC 10116:2006 ANSI X9.52
Electronic Codebook Mode (ECB)
ECB advantages  any part of encrypted message could be easily decrypted (or re-encrypted after modification)  error multiplication properties:  if ciphertext is modified by attacker, modifications in plaintext would be random, unpredictable and inside one block only  errors in plaintext cannot be controlled by the attacker (without knowledge of the secret key) NB: error multiplication may seem as disadvantage on noisy physical channels with error correction codes before encryption NB: error correction codes should be applied after encryption – there should be no such huge redundancy of plaintext
ECB disadvantages: equal plaintext blocks lead to equal ciphertext blocks: ECB IS NOT RECOMMEDED TO SEPARATE USE NB: message length must be aligned to the cipher block size NB: encryption and decryption function must be implemented
Cipher Block Chaining (CBC) Unique and random (unpredictable) IV must be provided for each message
CBC advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message can be decrypted from any part (but decrypted only)  error multiplication properties (single bit + the next block)  disadvantages  message length must be aligned to the cipher block size  message blocks cannot be re-encrypted after modification (the rest of message must be re-encrypted)  decryption implementation is needed  if attacker can insert some parts into message and get ciphertext, part of user message can be compromised (cookie stealing attack over SSL connection when hacker can sniff traffic and install malicious plug-in to Firefox was demonstrated)  not recommended for the future (CTR is better variant)
Cipher Feedback (CFB) Unique IV must be provided for each message
CFB advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message length can be arbitrary  randomness of IV is not needed  error multiplication properties (single bit + several blocks)  decryption implementation (ECB) is not needed  disadvantages  message blocks cannot be decrypted from any part or re- encrypted after modification  encryption speed is significantly slower  not recommended for the future (CTR is better variant)
Output Feedback (OFB) Unique IV must be provided for each message
OFB advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message length can be arbitrary  randomness of IV is not needed  decryption implementation (ECB) is not needed  disadvantages  no error multiplication properties  message blocks cannot be decrypted from any part or re- encrypted after modification  key sequence period is expected to 2n/2, where n – block size in bits (but with some probability could be much shorter, so there is security threat)  not recommended for the future (CTR is better variant)
Counter (CTR) Unique IV must be provided for each message
CTR advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message length can be arbitrary  randomness of IV is not needed (IV is encrypted and used as start counter value), simple counter can be used (e.g., arithmetic addition)  message blocks can be decrypted from any part or re-encrypted after modification  decryption implementation (ECB) is not needed  disadvantages  no error multiplication properties  main recommended mode of operation for confidentiality
Additional block cipher modes of operation (NIST SP 800-38)  CMAC (Cipher-based Message Authentication Code)  Galois/Counter Mode (GCM) and GMAC (Galois MAC)  CCM (Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC- MAC))  XTS (Xor еncrypt xor Tweakable block Cipher)  Key Wrapping  FF (Format-Preserving Encryption)
CMAC (Cipher-based Message Authentication Code)
CMAC (Cipher-based Message Authentication Code)  integrity check (not encryption mode)  length extensions attack protected  no attack published (September 2013) effective more than to 2Tlen/2 encryptions, where Tlen – integrity check value (ICV) size in bits
Galois/Counter Mode (GCM) and GMAC (Galois MAC): encryption with GCTR NB: equal to CTR mode with specific given incremental function
Galois/Counter Mode (GCM) and GMAC (Galois MAC): MAC with GMAC
Galois/Counter Mode (GCM) and GMAC (Galois MAC): encryption and ICV generation
Galois/Counter Mode (GCM) and GMAC (Galois MAC): decryption and ICV verification
Galois/Counter Mode (GCM) and GMAC (Galois MAC)  used for confidentiality and integrity  there may be present optional not encrypted part of message (A): e.g., network packet headers  computation of integrity check value (ICV) is made over the ciphertext (not plaintext): effective for network traffic protection with denial-of-service (DoS) attack countermeasures  the fastest mode for confidentiality and integrity  special Intel and AMD processor assembler instruction (PCLMULQDQ) for this mode supports  length extensions attack protected  small amount of weak keys may exist for integrity check
CCM (Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC))  advanced mode of combining CMAC and CTR (with improvement)  there may be present optional not encrypted part of message (A): e.g., network packet headers  developed and well suitable for hardware implementation  implemented in IEEE 802.11 (WiFi) networks in hardware (communication chips)
XTS (Xor еncrypt xor Tweakable block Cipher): encryption
XTS (Xor еncrypt xor Tweakable block Cipher): decryption
XTS (Xor еncrypt xor Tweakable block Cipher)  mode intended to on-the-fly encryption of storage with block access (hard drives, etc.)  blocks have equal size  no room to save integrity check value  advantages (over ECB and CTR):  the same data in the different blocks will give different ciphertext  ciphertext modification will give random plaintext modification (no predictable data changing for attacker)  highly effective (almost like CTR, but gives additional basic and simple integrity service)  may be used with padding if data block length is not aligned to the cipher block size (but less effective here)  disadvantage:  decryption implementation is needed
Key Wrapping mode: encryption
Key Wrapping mode: decryption
Key Wrapping mode  intended to protect key data confidentiality  advantages  may be used with padding if data block length is not aligned to the cipher block size (but less effective here)  ciphertext modification will give random plaintext modification (no predictable data changing for attacker)  no IV required  disadvantages  much slower comparing to other modes  equal messages will have equal cryptograms (no IV in this mode)
FF (Format-Preserving Encryption) mode  intended to protect specific data (like credit card numbers) in existing IT systems with strong limitation to ciphertext length and presentation  advantage  preserves original message alphabet (any, may be decimal or else, not only binary, hexadecimal, etc.) and length of the message  disadvantage  much slower comparing to other modes
FF (Format-Preserving Encryption) mode
Conclusions  Block ciphers may provide excellent cryptographic properties, but for practical application they need modes of operation  Such modes of operation may be used both for confidentiality and integrity  There are many different modes of operation for specific purposes, including network traffic protection, hard drive encryption, etc.  Careful selection of mode is needed, otherwise even a strong block cipher (e.g., AES-256) protection might be broken in some circumstances

Recomendados

Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniquesuniversity of education,Lahore
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
Aes
AesAes
AesMuhammad Asif
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 

Recomendados

Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniquesuniversity of education,Lahore
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
Aes
AesAes
AesMuhammad Asif
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Unit 2
Unit 2Unit 2
Unit 2KRAMANJANEYULU1
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Hash Function
Hash Function Hash Function
Hash Function ssuserdfb2da
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYJyothishmathi Institute of Technology and Science Karimnagar
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operationMazin Alwaaly
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptssuseraaf866
 

Más contenido relacionado

La actualidad más candente

Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 

La actualidad más candente (20)

Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
DES
DESDES
DES
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Unit 2
Unit 2Unit 2
Unit 2
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Cryptography
CryptographyCryptography
Cryptography
 
IP Security
IP SecurityIP Security
IP Security
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Hash Function
Hash Function Hash Function
Hash Function
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
 
Hash Function
Hash FunctionHash Function
Hash Function
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 

Similar a Block Ciphers Modes of Operation

Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operationMazin Alwaaly
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptssuseraaf866
 
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHMTHE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHMcscpconf
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block Ciphers
A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block CiphersA Novel Structure with Dynamic Operation Mode for Symmetric-Key Block Ciphers
A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block CiphersIJNSA Journal
 
A NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERS
A NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERSA NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERS
A NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERSIJNSA Journal
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphersRoman Oliynykov
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
Advanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdvanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdri Jovin
 
Information System Security.pptx
Information System Security.pptxInformation System Security.pptx
Information System Security.pptxGIT
 
Comparative analysis on different DES model
Comparative analysis on different DES modelComparative analysis on different DES model
Comparative analysis on different DES modelSaeed Siddik
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and securitysangusajjan
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptxDEEPAK948083
 
REAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMING
REAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMINGREAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMING
REAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMINGijwmn
 
Computer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxComputer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxmagoigamtatiro1
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportsakhi rehman
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2Hamed Moghaddam
 

Similar a Block Ciphers Modes of Operation (20)

Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operation
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.ppt
 
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHMTHE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHM
 
Encryption
EncryptionEncryption
Encryption
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 
A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block Ciphers
A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block CiphersA Novel Structure with Dynamic Operation Mode for Symmetric-Key Block Ciphers
A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block Ciphers
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
A NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERS
A NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERSA NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERS
A NOVEL STRUCTURE WITH DYNAMIC OPERATION MODE FOR SYMMETRIC-KEY BLOCK CIPHERS
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphers
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
Day5
Day5Day5
Day5
 
Advanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of OperationsAdvanced Encryption System & Block Cipher Modes of Operations
Advanced Encryption System & Block Cipher Modes of Operations
 
Information System Security.pptx
Information System Security.pptxInformation System Security.pptx
Information System Security.pptx
 
Comparative analysis on different DES model
Comparative analysis on different DES modelComparative analysis on different DES model
Comparative analysis on different DES model
 
Unit V network management and security
Unit V network management and securityUnit V network management and security
Unit V network management and security
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
 
REAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMING
REAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMINGREAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMING
REAL-TIME MODE HOPPING OF BLOCK CIPHER ALGORITHMS FOR MOBILE STREAMING
 
Computer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxComputer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptx
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
 

Más de Roman Oliynykov

Cryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin frameworkCryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin frameworkRoman Oliynykov
 
Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...Roman Oliynykov
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishRoman Oliynykov
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementationRoman Oliynykov
 

Más de Roman Oliynykov (8)

Cryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin frameworkCryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin framework
 
Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in English
 
Software Security
Software SecuritySoftware Security
Software Security
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementation
 
Kupyna
KupynaKupyna
Kupyna
 
Kalyna
KalynaKalyna
Kalyna
 
Software security
Software securitySoftware security
Software security
 

Último

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 

Último (20)

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 

Block Ciphers Modes of Operation

  • 1. Properties of new NIST block cipher modes of operation Roman Oliynykov Professor at Information Technologies Security Department Kharkov National University of Radioelectronics Head of Scientific Research Department JSC “Institute of Information Technologies” Ukraine Visiting professor at Samsung Advanced Technology Training Institute Korea ROliynykov@gmail.com December 2014
  • 2. Outline  A few words about myself  Need of block cipher modes of operation and well- known standard modes  Newly developed and NIST adopted modes and their properties  Conclusions
  • 3. About myself (I)  I’m from Ukraine (Eastern part of Europe), host country of Euro2012 football championship  I live in Kharkov (the second biggest city in the country, population is 1.5 million people), Eastern Ukraine (near Russia), former capital of the Soviet Ukraine (1918-1934) three Nobel prize winners worked at Kharkov University
  • 4. About myself (II)  Professor at Information Technologies Security Department at Kharkov National University of Radioelectronics  courses on computer networks and operation system security, special mathematics for cryptographic applications  Head of Scientific Research Department at JSC “Institute of Information Technologies”  Scientific interests: symmetric cryptographic primitives synthesis and cryptanalysis  Visiting professor at Samsung Advanced Technology Training Institute  courses on computer networks and operation system security, software security, effective application and implementation of symmetric cryptography
  • 5. Need for modes of operation  stream cipher:  encryption of arbitrary length message  no error propagation during decryption (adversary can selectively change plaintext bits by ciphertext modification)  no integrity check  same procedure for encryption and decryption  block cipher (ECB mode):  encryption of fixed block  error propagation during decryption (avalanche effect)  no integrity check  the same plaintext blocks have the same ciphertext (until key is changed)  different procedures for encryption and decryption
  • 6. Main block cipher modes of operation: confidentiality only  Electronic Codebook Mode (ECB)  Cipher Block Chaining (CBC)  Cipher Feedback (CFB)  Output Feedback (OFB)  Counter (CTR) US National Institute of Standard Special Publications (NIST SP) 800-38 ISO/IEC 10116:2006 ANSI X9.52
  • 8. ECB advantages  any part of encrypted message could be easily decrypted (or re-encrypted after modification)  error multiplication properties:  if ciphertext is modified by attacker, modifications in plaintext would be random, unpredictable and inside one block only  errors in plaintext cannot be controlled by the attacker (without knowledge of the secret key) NB: error multiplication may seem as disadvantage on noisy physical channels with error correction codes before encryption NB: error correction codes should be applied after encryption – there should be no such huge redundancy of plaintext
  • 9. ECB disadvantages: equal plaintext blocks lead to equal ciphertext blocks: ECB IS NOT RECOMMEDED TO SEPARATE USE NB: message length must be aligned to the cipher block size NB: encryption and decryption function must be implemented
  • 10. Cipher Block Chaining (CBC) Unique and random (unpredictable) IV must be provided for each message
  • 11. CBC advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message can be decrypted from any part (but decrypted only)  error multiplication properties (single bit + the next block)  disadvantages  message length must be aligned to the cipher block size  message blocks cannot be re-encrypted after modification (the rest of message must be re-encrypted)  decryption implementation is needed  if attacker can insert some parts into message and get ciphertext, part of user message can be compromised (cookie stealing attack over SSL connection when hacker can sniff traffic and install malicious plug-in to Firefox was demonstrated)  not recommended for the future (CTR is better variant)
  • 12. Cipher Feedback (CFB) Unique IV must be provided for each message
  • 13. CFB advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message length can be arbitrary  randomness of IV is not needed  error multiplication properties (single bit + several blocks)  decryption implementation (ECB) is not needed  disadvantages  message blocks cannot be decrypted from any part or re- encrypted after modification  encryption speed is significantly slower  not recommended for the future (CTR is better variant)
  • 14. Output Feedback (OFB) Unique IV must be provided for each message
  • 15. OFB advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message length can be arbitrary  randomness of IV is not needed  decryption implementation (ECB) is not needed  disadvantages  no error multiplication properties  message blocks cannot be decrypted from any part or re- encrypted after modification  key sequence period is expected to 2n/2, where n – block size in bits (but with some probability could be much shorter, so there is security threat)  not recommended for the future (CTR is better variant)
  • 16. Counter (CTR) Unique IV must be provided for each message
  • 17. CTR advantages and disadvantages  advantages  equal messages using the same keys will be encrypted to different cryptograms (ciphertexts)  message length can be arbitrary  randomness of IV is not needed (IV is encrypted and used as start counter value), simple counter can be used (e.g., arithmetic addition)  message blocks can be decrypted from any part or re-encrypted after modification  decryption implementation (ECB) is not needed  disadvantages  no error multiplication properties  main recommended mode of operation for confidentiality
  • 18. Additional block cipher modes of operation (NIST SP 800-38)  CMAC (Cipher-based Message Authentication Code)  Galois/Counter Mode (GCM) and GMAC (Galois MAC)  CCM (Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC- MAC))  XTS (Xor еncrypt xor Tweakable block Cipher)  Key Wrapping  FF (Format-Preserving Encryption)
  • 20. CMAC (Cipher-based Message Authentication Code)  integrity check (not encryption mode)  length extensions attack protected  no attack published (September 2013) effective more than to 2Tlen/2 encryptions, where Tlen – integrity check value (ICV) size in bits
  • 21. Galois/Counter Mode (GCM) and GMAC (Galois MAC): encryption with GCTR NB: equal to CTR mode with specific given incremental function
  • 22. Galois/Counter Mode (GCM) and GMAC (Galois MAC): MAC with GMAC
  • 23. Galois/Counter Mode (GCM) and GMAC (Galois MAC): encryption and ICV generation
  • 24. Galois/Counter Mode (GCM) and GMAC (Galois MAC): decryption and ICV verification
  • 25. Galois/Counter Mode (GCM) and GMAC (Galois MAC)  used for confidentiality and integrity  there may be present optional not encrypted part of message (A): e.g., network packet headers  computation of integrity check value (ICV) is made over the ciphertext (not plaintext): effective for network traffic protection with denial-of-service (DoS) attack countermeasures  the fastest mode for confidentiality and integrity  special Intel and AMD processor assembler instruction (PCLMULQDQ) for this mode supports  length extensions attack protected  small amount of weak keys may exist for integrity check
  • 26. CCM (Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC))  advanced mode of combining CMAC and CTR (with improvement)  there may be present optional not encrypted part of message (A): e.g., network packet headers  developed and well suitable for hardware implementation  implemented in IEEE 802.11 (WiFi) networks in hardware (communication chips)
  • 27. XTS (Xor еncrypt xor Tweakable block Cipher): encryption
  • 28. XTS (Xor еncrypt xor Tweakable block Cipher): decryption
  • 29. XTS (Xor еncrypt xor Tweakable block Cipher)  mode intended to on-the-fly encryption of storage with block access (hard drives, etc.)  blocks have equal size  no room to save integrity check value  advantages (over ECB and CTR):  the same data in the different blocks will give different ciphertext  ciphertext modification will give random plaintext modification (no predictable data changing for attacker)  highly effective (almost like CTR, but gives additional basic and simple integrity service)  may be used with padding if data block length is not aligned to the cipher block size (but less effective here)  disadvantage:  decryption implementation is needed
  • 32. Key Wrapping mode  intended to protect key data confidentiality  advantages  may be used with padding if data block length is not aligned to the cipher block size (but less effective here)  ciphertext modification will give random plaintext modification (no predictable data changing for attacker)  no IV required  disadvantages  much slower comparing to other modes  equal messages will have equal cryptograms (no IV in this mode)
  • 33. FF (Format-Preserving Encryption) mode  intended to protect specific data (like credit card numbers) in existing IT systems with strong limitation to ciphertext length and presentation  advantage  preserves original message alphabet (any, may be decimal or else, not only binary, hexadecimal, etc.) and length of the message  disadvantage  much slower comparing to other modes
  • 35. Conclusions  Block ciphers may provide excellent cryptographic properties, but for practical application they need modes of operation  Such modes of operation may be used both for confidentiality and integrity  There are many different modes of operation for specific purposes, including network traffic protection, hard drive encryption, etc.  Careful selection of mode is needed, otherwise even a strong block cipher (e.g., AES-256) protection might be broken in some circumstances