NET3106 – Network Security

Lecturer:
Houshyar Honar Pajooh
Room Number : AE-3-28 (University Building - East)
Email: houshyarh@sunway.edu.my

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 NET3106 – Network Security
WEEK (6)
Modes of operation for block Cipher and
stream cipher

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
Modes of
operation for
block Cipher
and stream
cipher
 • Modes of Operation for Block Cipher
• Stream Cipher
• RC4

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Need for Modes of Block Ciphers
• Block Ciphers deal with blocks of data
• In real life there are two important issues:
• plaintext much larger than a typical block length of 128 bits
• plaintext not a multiple of the block length
• These modes were first standardized in FIPS Publication 81 in 1980
• The obvious solution is the first mode, called the Electronic Code Book (ECB)

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Electronic Code Book Mode (ECB)

• When a block cipher is used in ECB mode, each block of plaintext is coded independently
• This makes it not very secure for long segments of plaintext, especially plaintext containing repetitive information.
• Used primarily for secure transmission of short pieces of information, such as an encryption key.

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 ECB Example

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 CBC (Cipher-Block Chaining) Mode

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Cipher
Feedback Mode
(CFB)

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Output Feedback Mode (OFB)

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Counter Mode (CTR)

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 • Many uses of random numbers in cryptography
• Generation of keys for the RSA public-key encryption (asymmetric
encryption)
• Generation of key stream for symmetric stream cipher
Random • Generation of symmetric key as temporary session key
• In key distribution scenarios (Kerberos to prevent from reply attack)
Numbers
• In all cases its critical that these values be
• Unpredictability (statistically random)
• Randomness (uniform distribution (same frequency of zeros and ones),
independent)

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 • Often use deterministic algorithmic techniques to create random numbers.
• Not truly random
Pseudorandom • But it can pass many tests of randomness
• Known as pseudorandom numbers
Number
Generators Created by Pseudorandom Number Generators (PRNGs).

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 • True random number generator (TRNG) : input is a random value
(system time).
• Pseudorandom number generator (PRNG) : input is a fixed value +
feedback
Pseudorandom • Pseudorandom function (PRF) : input is a fixed value + feedback +
specific value (e.g. user ID)
Number
Generators

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Stream Cipher

• Block cipher processes one block of elements at a time.

• Stream cipher processes the input elements (1 bit or one units larger than 1 byte)
continuously.

• RC4 is the most popular symmetric stream cipher.

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Block vs Stream Ciphers

• Blocks Ciphers process plaintext in large blocks.

• Stream Ciphers process plaintext in small blocks, even bits
• Block cipher are considered more secure than stream cipher
• Stream cipher are faster than block cipher

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Stream Cipher Structure

• The key is input to pseudorandom byte generator.

• The key is unpredictable.
• The output of pseudorandom byte generator is called keystream.
• Keystream will combine with plaintext stream using XOR.
• E.g. :
• En :11001100 plaintext 01101100 Keystream = 10100000 Ciphertext
• De : 10100000 Ciphertext 01101100 Keystream = 11001100 plaintext

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Stream Cipher Properties

• Some design considerations are:

• long period with no repetitions
• statistically random
• depends on large enough key, e.g. 128 bits

• Properly designed, can be as secure as a block cipher with same size key
• But usually simpler & faster
• Data communication channel and web : stream cipher
• File transferring, email and database : block cipher

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 RC4

• Its stream cipher

• Encrypt one bytes at a time
• Can use as a random number generator
• Very fast and simple
• Popular method, including WEP, WPA and SSL
• RC4 generates a pseudorandom stream of bits (a keystream) which, for encryption/decryption, is combined
with the plaintext using XOR
• Key size 1~256 bytes (8 to 2048 bits)
• Inputs: Key and Data
• Output: Unique keystream equal to the length of input data

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 • Contain Key Scheduling Algorithm (KSA) and Pseudorandom Generation Algorithm (PRGA) steps:

RC4 Structure

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Main functions in RC4

• Key scheduling algorithm (KSA):

◦ A variable length key, between 40 and 256 bits, is used to initialize the 256-byte state vector (S) (permutation)

• Pseudo Random Generation Algorithm (PRGA)

◦ To generate the keystream

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Steps in RC4

• The steps for RC4 encryption algorithm is as follows:

◦ Get the data to be encrypted and the selected key.
◦ Create two string arrays.
◦ Initiate one array with numbers from 0 to 255.
◦ Fill the other array with the selected key.
◦ Randomize the first array depending on the array of the key.
◦ Randomize the first array within itself to generate the final key stream.
◦ XOR the final key stream with the data to be encrypted to give cipher text.

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 RC4 Example

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
 Thank you Questions!!!

Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE