In a series of blogs, attacks on AES- Advanced Encryption Standard, will be discussed. There are a number of steps involved to break a block cipher (AES being one of them):
- Recognizing the mode of block cipher being used.
- Finding the size of the block being used in the block cipher.
- Implementing a suitable attack according the mode of block cipher and the standard encryption used.
In this post, the first step in the attacking of block cipher will be discussed.
According to Shannon’s Theory of Communication, a cipher can be regarded as a perfectly secure cipher if the cipher text reveals no information about the plaintext being encrypted. So, the entire idea behind the attack lies in finding patterns in ciphertext that loosens up the framework on which the encryption standard is based.
There are different modes of encryption being used in a block cipher, but only on ECB (Electronic Code Book) and CBC (Cipher Block Chaining) will be focused as for now.
ECB mode of encryption:
This is the most insecure mode of encryption and one will realize it looking at this representation of ECB mode:
In this mode, same key is used to generate ciphertext block of the corresponding plaintext block. This exposes one vulnerability: since the key and the block cipher encryption algorithm remain the same across the entire process of encryption of plaintext, two plaintext blocks containing the same text, will have the same set of ciphertext blocks. So, in case two of the ciphertext blocks have the same value, the attacker can easily recognize that the plaintext contains a group of characters that are being repeated. This reveals some information about the plaintext and hence, according to Shannon, AES in ECB mode is not a perfectly secure cipher!
For example, let us assume the encryption used is AES and the block size is 16 bytes. Let the plaintext be “abcdefghijklmnopabcdefghijklmnop”. After padding there are three (Three, because the size of the original plaintext is exactly a multiple of block size, thus one more block of padded data has to be added due to reasons of security) blocks in the padded plaintext. What is peculiar about the plaintext is that two of the blocks contain the same data in them, i.e. “abcdefghijklmnop” is the content of two of the blocks! They then generate the same 16-byte ciphertext block!
So, to recognize whether a block cipher uses ECB or CBC mode of encryption, we just need to supply the input in the plaintext such that two plaintext blocks contain the same contents and then observe the corresponding ciphertext. If two of the ciphertext blocks have the same value, the encryption used is ECB otherwise another mode of encryption is used! (CBC in this case as only two modes are being discusses here)
CBC mode of encryption:
This mode of encryption has nullified the vulnerability that is present in the ECB mode of encryption. This mode of encryption is vulnerable to Padding Oracle Attacks and Bit Flipping Attacks which will be discussed in the next few blog posts. The encryption in the CBC mode looks like this:
Although the key used is same for every block, there is an additional step when compared to ECB and that is XORing of the padded plaintext block with a value and then encrypting it using a key. For the first block, the value is generated in a pseudo-random way for the first plaintext block, for the next block onwards, the value is the ciphertext block generated in the previous step.
So, using these essential characterstics peculiar to each mode, we are now able to decide if the cipher is encrypted using a particular mode (ECB or CBC). Following is the link to the python code for detecting this:
See you until next time!