This preview shows page 1. Sign up to view the full content.
Unformatted text preview: however, fully protect against bit toggling. Like block ciphers in CFB mode, Mallory can toggle individual bits in the stream. If he knows the plaintext, he can make those bits decrypt to whatever he wants. Subsequent bits will decrypt correctly, so in certain applications Mallory can still do considerable damage. Insertion Attack
Synchronous stream ciphers are vulnerable to an insertion attack . Mallory has recorded a ciphertext stream, but does not know the plaintext or the keystream used to encrypt the plaintext. Original plaintext: Original keystream: Original ciphertext: p1 p2 p3 p4 ... k1 k2 k3 k4 ... c1 c2 c3 c4 ... Mallory inserts a single known bit, p’, into the plaintext after p1 and then manages to get the modified plaintext encrypted with the same keystream. He records the resultant new ciphertext: New plaintext: Original keystream: Updated ciphertext: p1 k1 c1 p’ k2 c’2 p2 k3 c’3 p3 k4 c’4 p4 k5 c’5 ... ... ... Assuming he knows the value of p’, he can determine the entire plaintext after that bit from the original ciphertext and new ciphertext: k2 = c’2 • p’, and then p2 = c2 • k2 k3 = c’3 • p2, and then p3 = c3 • k3 k4 = c’4 • p3, and then p4 = c4 • k4 Mallory doesn’t even have to know the exact position in which the bit was inserted; he can just compare the original and updated ciphertexts to see where they begin to differ. To protect against this attack, never use the same keystream to encrypt two different messages. 9.8 Output-Feedback Mode
Output-feedback (OFB) mode is a method of running a block cipher as a synchronous stream cipher. It is similar to CFB mode, except that n bits of the previous output block are moved into the right-most positions of the queue (see Figure 9.11). Decryption is the reverse of this process. This is called n-bit OFB. On both the encryption and the decryption sides, the block algorithm is used in its encryption mode. This is sometimes called internal feedback, because the feedback mechanism is independent of both the plaintext and the ciphertext streams . If n is the block size of the algorithm, then n-bit OFB looks like (see F...
View Full Document
- Fall '10