Unformatted text preview: however, fully protect against bit toggling. Like block ciphers in CFB mode, Mallory can toggle individual bits in the stream. If he knows the plaintext, he can make those bits decrypt to whatever he wants. Subsequent bits will decrypt correctly, so in certain applications Mallory can still do considerable damage. Insertion Attack
Synchronous stream ciphers are vulnerable to an insertion attack [93]. Mallory has recorded a ciphertext stream, but does not know the plaintext or the keystream used to encrypt the plaintext. Original plaintext: Original keystream: Original ciphertext: p1 p2 p3 p4 ... k1 k2 k3 k4 ... c1 c2 c3 c4 ... Mallory inserts a single known bit, p’, into the plaintext after p1 and then manages to get the modified plaintext encrypted with the same keystream. He records the resultant new ciphertext: New plaintext: Original keystream: Updated ciphertext: p1 k1 c1 p’ k2 c’2 p2 k3 c’3 p3 k4 c’4 p4 k5 c’5 ... ... ... Assuming he knows the value of p’, he can determine the entire plaintext after that bit from the original ciphertext and new ciphertext: k2 = c’2 • p’, and then p2 = c2 • k2 k3 = c’3 • p2, and then p3 = c3 • k3 k4 = c’4 • p3, and then p4 = c4 • k4 Mallory doesn’t even have to know the exact position in which the bit was inserted; he can just compare the original and updated ciphertexts to see where they begin to differ. To protect against this attack, never use the same keystream to encrypt two different messages. 9.8 OutputFeedback Mode
Outputfeedback (OFB) mode is a method of running a block cipher as a synchronous stream cipher. It is similar to CFB mode, except that n bits of the previous output block are moved into the rightmost positions of the queue (see Figure 9.11). Decryption is the reverse of this process. This is called nbit OFB. On both the encryption and the decryption sides, the block algorithm is used in its encryption mode. This is sometimes called internal feedback, because the feedback mechanism is independent of both the plaintext and the ciphertext streams [291]. If n is the block size of the algorithm, then nbit OFB looks like (see F...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details