Welcome to the InfoSci Platform
Subtle Interactions: Security Protocols and Cipher Modes of Operation

Subtle Interactions: Security Protocols and Cipher Modes of Operation

Raphael C.W. Phan, Bok-Min Goi
Copyright: © 2007 |Pages: 23
ISBN13: 9781599041681|ISBN10: 1599041685|ISBN13 Softcover: 9781599041698|EISBN13: 9781599041704
DOI: 10.4018/978-1-59904-168-1.ch014
Cite Chapter Cite Chapter

MLA

Phan, Raphael C.W., and Bok-Min Goi. "Subtle Interactions: Security Protocols and Cipher Modes of Operation." Web Services Security and E-Business, edited by G. Radhamani and G. S.V. Radha Krishna Rao, IGI Global, 2007, pp. 239-261. https://doi.org/10.4018/978-1-59904-168-1.ch014

APA

Phan, R. C. & Goi, B. (2007). Subtle Interactions: Security Protocols and Cipher Modes of Operation. In G. Radhamani & G. Rao (Eds.), Web Services Security and E-Business (pp. 239-261). IGI Global. https://doi.org/10.4018/978-1-59904-168-1.ch014

Chicago

Phan, Raphael C.W., and Bok-Min Goi. "Subtle Interactions: Security Protocols and Cipher Modes of Operation." In Web Services Security and E-Business, edited by G. Radhamani and G. S.V. Radha Krishna Rao, 239-261. Hershey, PA: IGI Global, 2007. https://doi.org/10.4018/978-1-59904-168-1.ch014

Export Reference

Mendeley
Favorite

Abstract

In this chapter, we show how security protocols can be attacked by exploiting the underlying block cipher modes of operation. We first present a comprehensive treatment of the properties and weaknesses of standard modes of operation. We then show why all modes of operation should not be used with public-key ciphers in public-key security protocols. This includes the cipher block chaining (CBC) mode when there is no integrity protection of the initialisation vector (IV). In particular, we show that it is possible in such instances to replace a block at the beginning, middle, or end of a CBC-encrypted message. We further demonstrate that the security of single-block encryptions can be reduced to the security of the electronic codebook (ECB) mode, and show that in the absence of integrity, one could exploit this to aid in known- and chosen- IV attacks. Finally, we present chosen-IV slide attacks on counter (CTR) and output feedback (OFB) modes of operation. Our results show that protocol implementers should carefully select modes of operation, be aware of the pitfalls in each of these modes, and incorporate countermeasures in their protocols to overcome them. It is also important to realize that modes of operation only provide confidentiality, and that when used in the context of security protocols, these modes should be combined with authentication and integrity protection techniques.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.