Cryptography Reference
In-Depth Information
computer can use a program to stealthily intercept and modify data packets.
The situation is totally different, for example, with cell phones in the Ger-
man D- and E-networks. Phone calls are radioed to the next base station in
encrypted form, and malicious swapping of data packets would be a technical
masterstroke.
The modes introduced above are vulnerable to active attackers at different
degrees. The ECB and OFB modes make it relatively easy to swap data blocks.
In the CBC and CFB modes, only the first and last blocks can basically be
swapped. Therefore, checksums appended to plaintexts should never be in the
last block.
Similarly to all stream ciphers, where the key stream (which is called ( S n )in
OFB) does not depend on plaintext, the OFB mode is prone to a dangerous
active attack, referred to as an insertion attack :
The attacker intercepts the ciphertext, but doesn't initially know any bit of the
key sequence and the plaintext. If he is successful in introducing a few bits or
bytes into the plaintext and in intercepting the ciphertext encrypted with the
same key sequence, then he can compute the key sequence and the plaintext
from the insertion point onwards! This is relatively easy.
The first encryption produces ciphertext blocks C i from plaintext blocks P i ,
XORed with keys S i :
P 1 P 2 ... P i P i + 1 P i + 2 ...
⊕⊕ ⊕⊕ ⊕
S 1 S 2 ... S i S i + 1 S i + 2 ...
== ===
C 1
C 2 ... C i C i + 1 C i + 2 ...
The attacker introduces a known block, P *, after P i . The cipher looks like this
now:
P 1
P 2 ... P i P*
P i + 1
P i + 2
...
⊕⊕
⊕⊕
S 1
S 2 ... S i S i + 1
S i + 2
S i + 3
...
== == ==
C 1
C 2 ... C i C' i + 1 C' i + 2 C' i + 3 ...
Search WWH ::




Custom Search