5 Block ciphers

 

This chapter covers

  • Stream vs. block ciphers in the context of confusion and diffusion
  • Using different modes of block cipher operation
  • Understanding how padding introduces vulnerabilities in cryptographic implementations
  • Understanding and implementing a padding oracle attack
  • Understanding and implementing the BEAST (Browser Exploit Against SSL/TLS) exploit

We discussed stream ciphers in detail in the previous chapter. We saw that stream ciphers generate a keystream, which is then XORed with the plaintext to obtain the ciphertext. Therefore, each byte of the plaintext corresponds to a single ciphertext byte. In other words, changing a single byte in the plaintext and re-encrypting with the same key will modify precisely 1 byte in the ciphertext.

Stream ciphers provide confusion, where the relationship between each byte of plaintext and ciphertext is scrambled so that an attacker cannot look at the result and figure out the original input.

Confusion hides the relationship between a plaintext byte and its corresponding index in the ciphertext. Diffusion, on the other hand, distributes the effect of each byte of plaintext over numerous ciphertext bytes. (See figure 5.1.) Stream ciphers encrypt 1 bit or byte at a time and focus more on confusion, whereas block ciphers operate on blocks of plaintext (usually several bytes) to provide both diffusion and confusion (figure 5.2).

5.1 Important block ciphers

5.2 Padding: Making data fit blocks neatly

5.3 Modes of operation for block ciphers

5.4 Padding oracles and how to attack them

5.4.1 Implementing a padding oracle server

5.4.2 Exploiting a padding oracle

5.5 Browser Exploit Against SSL/TLS: The BEAST attack

5.5.1 Simulating a vulnerable browser for BEAST

5.5.2 Exploiting the BEAST vulnerability

Summary