This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ems, banks agree on a standard message format for money transfer that looks like this: Bank One: Sending Bank Two: Receiving Depositor’s Name Depositor’s Account Amount of Deposit 1.5 blocks 1.5 blocks 6 blocks 2 blocks 1 block A block corresponds to an 8-byte encryption block. The messages are encrypted using some block algorithm in ECB mode. Figure 9.1 Ciphertext stealing in ECB mode. Mallory, who is listening on the communications line between two banks, Bank of Alice and Bank of Bob, can use this information to get rich. First, he sets up his computer to record all of the encrypted messages from Bank of Alice to Bank of Bob. Then, he transfers $100 from Bank of Alice to his account in Bank of Bob. Later, he does it again. Using his computer, he examines the recorded messages looking for a pair of identical messages. These messages are the ones authorizing the $100 transfers to his account. If he finds more than one pair of identical messages (which is most likely in real life), he does another money transfer and records those results. Eventually he can isolate the message that authorized his money transaction. Now he can insert that message into the communications link at will. Every time he sends the message to Bank of Bob, another $100 will be credited to his account. When the two banks reconcile their transfers (probably at the end of the day), they will notice the phantom transfer authorizations; but if Mallory is clever, he will have already withdrawn the money and headed for some banana republic without extradition laws. And he probably did his scam with dollar amounts far larger than $100, and with lots of different banks. At first glance, the banks could easily prevent this by adding a timestamp to their messages. Date/Time Stamp: Bank One: Sending Bank Two: Receiving Depositor’s Name Depositor’s Account Amount of Deposit 1 block 1.5 blocks 1.5 blocks 6 blocks 2 blocks 1 block Two identical messages would be easy to spot using this system. Still, using a technique called block replay, Mallory can still get rich. Figure 9.2 shows tha...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10