This preview shows page 1. Sign up to view the full content.
Unformatted text preview: t Mallory can pick out the eight ciphertext blocks that correspond to his own name and account number: blocks 5 through 12. A diabolical laugh is appropriate at this point, because Mallory is now ready. He intercepts random messages from Bank of Alice to Bank of Bob and replaces blocks 5 through 12 in the message with the bytes that correspond to his name and account number. Then he sends them on to Bank of Bob. He doesn’t have to know who the original depositor was; he doesn’t even have to know what the amount was (although, he could correlate the messages he doctored with the various deposits into his account and determine the encrypted blocks corresponding to some dollar amount). He simply changes the name and account numbers to his own and watches his account balance grow. (I suppose Mallory has to be careful not to modify a withdrawal message, but assume for the moment that each is a different length or something.) Figure 9.2 Encryption blocks for an example record. This will take longer than a day for the banks to catch. When they reconcile their transfers at the end of the day, everything will match. It probably won’t be until one of the legitimate depositors notices that his deposits are not being credited, or when someone flags unusual activity in Mallory’s account, that the banks will figure out the scam. Mallory isn’t stupid, and by then he will have closed his account, changed his name, and bought a villa in Argentina. Banks can minimize the problem by changing their keys frequently, but this only means that Mallory is going to have to work more quickly. Adding a MAC, however, will also solve the problem. Even so, this is a fundamental problem with ECB mode. Mallory can remove, repeat, or interchange blocks at will. The solution is a technique called chaining. 9.3 Cipher Block Chaining Mode
Chaining adds a feedback mechanism to a block cipher: The results of the encryption of previous blocks are fed back into the encryption of the current block. In other words, each block is used t...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10