Subtle interactions: security protocols and cipher modes of operation

Raphael C.W. Phan, Bok Min Goi

Research output: Chapter in Book/Report/Conference proceedingChapter (Book)Researchpeer-review

Abstract

In this chapter, we show how security protocols can be attacked by exploiting the underlying block cipher modes of operation. We first present a comprehensive treatment of the properties and weaknesses of standard modes of operation. We then show why all modes of operation should not be used with public-key ciphers in public-key security protocols. This includes the cipher block chaining (CBC) mode when there is no integrity protection of the initialisation vector (IV). In particular, we show that it is possible in such instances to replace a block at the beginning, middle, or end of a CBC-encrypted message. We further demonstrate that the security of single-block encryptions can be reduced to the security of the electronic codebook (ECB) mode, and show that in the absence of integrity, one could exploit this to aid in known- and chosen-IV attacks. Finally, we present chosen-IV slide attacks on counter (CTR) and output feedback (OFB) modes of operation. Our results show that protocol implementers should carefully select modes of operation, be aware of the pitfalls in each of these modes, and incorporate countermeasures in their protocols to overcome them. It is also important to realize that modes of operation only provide confidentiality, and that when used in the context of security protocols, these modes should be combined with authentication and integrity protection techniques.

Original languageEnglish
Title of host publicationWeb Services Security and E-Business
PublisherIGI Global
Pages239-261
Number of pages23
ISBN (Print)9781599041681
DOIs
Publication statusPublished - 2006
Externally publishedYes

Cite this