Manipularea controlată a datelor din canalul de cifrat

Talk given by: Emil Simion

joint work of “Traian Lalescu” Center for Research and Training in Innovative Applied Mathematical
Engineering Techniques & Business Generator
Bucharest, ROMANIA
Email: emil.simion@upb.ro, office@businessgenerator.ro
Abstract:
Înlănțuirea blocurilor cifrate (CBC) este un mod de operare pentru un cifru bloc, în care
o secvență de biți sunt criptați ca o singură unitate sau bloc, cu o cheie de cifrare aplicată
întregului bloc. Înlățuirea blocurilor cifrate folosește ceea ce este cunoscut ca vector de
ințializare de o anumită lungime. Utilizând acest lucru cu o singură cheie de criptare, se pot
cifra și descifra cantități mari de text clar. Una dinte caracteristicile cheie ale CBC este
aceea că folosește un proces de înlănțuire care determină ca descifrarea unui bloc de text
cifrat să depindă doar de blocuruile de text cifrat curent si cel precedent.
Scopul prezentarii este de a prezenta în paralel cu descrierea teoretică și un mod de
utilizare a CBC, utilizând aplicatia Cryptool, pentru a evidenția caracteristicile acestuia în
anumite condiții date.
Dincolo de dezavantajul vitezei mai mici de operare datorat derulării secventiale a
procesului și al necesității unor metode suplimentare de autentificare, s-a concluzionat că
CBC este un mod de operare care asigură un nivel înalt de securitate și confidențialitate a
pachetelor de date.
Vom prezenta, o metoda de manipulare a datelor clare din canalul de cifrat (exemplu:
injectare de cod malitios), in conditiile cunoasterii de text clar.
 Agenda

1. What is CBC? Features

2. Scenario
3. Simulation with Cryptool 2
4. Conclusions
5. About BG&CiTi
 1. What is CBC? Features

• In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to
provide information security such as confidentiality or authenticity.

• The earliest modes of operation, ECB, CBC, OFB, and CFB, date back to 1981 and were
specified in FIPS 81, DES Modes of Operation.

• The block cipher modes ECB, CBC, OFB, CFB, CTR, and XTS provide confidentiality, but
they do not protect against accidental modification or malicious tampering. Modification or
tampering can be detected with a separate message authentication code such as CBC-MAC,
or a digital signature. Regarding error propagation properties, integrity protection had been
seen as an entirely separate cryptographic goal.
• In CBC mode, each block of plaintext is XORed with the previous cipher text block before
encrypted. This way, each cipher text block depends on all plaintext blocks processed up to
that point.

• To make each message unique, an initialization vector – IV is used at first encipherment. It is

an unique binary sequence, it must be non-repeating and random. The resultant block is the
first block of the ciphertext. The IV is used to ensure distinct ciphertext are produced even
when the same plaintext is encrypted multiple times independently with the same key.

• Block ciphers may be capable of operating on more than one block size, but during
transformation the block size is always fixed. Because messages come in a variety of
lengths, CBC requires that the final block be padded before encryption. There are several
padding schemes. The simplest is to add null bytes to the plaintext to bring its length up to a
multiple of the block size.

• XOR ed blocks between plaintext and previous ciphertext are encrypted with symmetric
keys. Due to this XOR process, the same block of plaintext will no longer result in identical
ciphertext being produced.
 Cipher block chaining (CBC)

Encryption rule:

Ci = Ek (Ci-1 ⊕ Mi),C0 = IV

• In CBC mode, the plaintext of a block is combined with the ciphertext of the previous
block through an XOR operation, and the result is encrypted. The result is the cipher
text of that block, and will also be used in the encryption of the following block.

• An initialization vector IV acts as the “previous ciphertext block” for the first plaintext
block. This IV can be made public, but ideally should not be reused for encryption of
different messages, to avoid having the same ciphertext prefix for two messages with
the same plaintext prefix.
 Cipher block chaining (CBC)

Decryption rule:

Dk(Ci) = Ci-1⊕Mi => Mi =Ci-1 ⊕ Dk(Ci)

• Decryption reverses the process. The first block of ciphertext is decrypted and then XORed with the
initialization vector; the result is the first plaintext block.

• The next ciphertext blocks are decrypted and then XORed with the ciphertext of the previous block.

• Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent
plaintext blocks will be correct. So, a plaintext block can be recovered from two adjacent blocks of
ciphertext. As a consequence, decryption can be parallelized.
2. Scenario
A bank makes the periodical back-up for data base using AES 128/128 - CBC
operation mode.
We have an eavesdrop attacker on the communication channel, a former bank
technical employee, which already knows information like: data base structure,
personal data - IBAN, names, accounts values, the back-up protocol, but he doesn’t
know the cipher key.
The attacker’s plan is to replace the packages on the encrypted channel and to
substitute data with his own data.
Description of the intrusion process

Instead of
Mi (original data)
it will be
T (the attacker’s data)
Remarks

• A 1-bit error in a plaintext affects all following ciphertext blocks; decryption will
correct all except the invert bit.

• A 1-bit change in the ciphertext feed will affect two blocks:

 Complete corruption of the corresponding block of plaintext;
 Inverts the corresponding bit in the following block of plaintext, but the rest
remain intact.

• A 1-bit error in the initialization vector only invert 1 bit in the first block, no altered
block, and that is hard to detect.

• Using AES 256/256 instead of AES 128/128 does not change the success of the
attack if the attacker knows the lengths of the data packages.
3. Simulation with Cryptool 2

Cryptool 2 may be downloaded from https://www.cryptool.org/en/ct2/

In the following slides, it is presented step by step the process of intrusion in

the communication channel in order to modify records in database’s back-up.

The target is to replace the string Julius with Virus.

The steps are shown in the next slides.

4. Conclusions
CBC has been the most commonly used mode of operation.

Weak points:
• Slower, because encryption is sequential (It can not be parallelized).
• It doesn’t provide authenticity.

Strong points:
• It provides confidentiality.
• CBC is self – synchronizing: a transmission error in one block will result
in an error in one block and the following block, but will not affect
subsequent blocks.
In order to be successfully applied, CBC must be used in conjunction with
a method of authentication of the transmitted packages or plaintext. For
example:

SSH – Enc(M) || Auth (M)

SSL – Enc(M, Auth(M))

IPSEC – Enc(M) || Auth(Enc(M))

About BG
• BG is authorized by Romanian National Authority to perform security audit:
https://businessgenerator.ro/auditor-securitate-cibernetica/ ;
• Authorized courses by the Romanian National Authority:
• GDPR/DPO (
https://businessgenerator.ro/cursuri-acreditate/curs-responsabil-protectia-datelor-caracter-personal/
);
• Information Security Manager (
https://businessgenerator.ro/cursuri-acreditate/curs-manager-securitatea-informatiei/ );
• Specialized courses:
• Computer forensic;
• Malware analysis;
• NIS directive implementation;
• Multiple R&D areas: https://businessgenerator.ro/domenii-cercetare/
About CiTi
• “Traian Lalescu” Center for Research and Training in Innovative Applied
Mathematical Engineering Techniques (http://citi.upb.ro/), founded in 2019 is
organized within the Faculty of Applied Sciences of the University Politehnica of
Bucharest was established to develop and promote some innovative
engineering mathematical techniques with a large application in different areas.
• CiTi is open to students in the bachelor, master and doctoral programmes from
all type of faculties, with the aim of training and stimulating student research,
as well as scientific collaboration between all relevant institutions both in the
country and abroad, on the basis of bilateral agreements in national,
respectively in international programs / projects.
• Topics in R&D area: cryptology, cyber security, security evaluation …
References
• Practical malleability attack against CBC-Encrypted LUKS
partitions, https://www.jakoblell.com/blog/2013/12/22/practical-
malleability-attack-against-cbc-encrypted-luks-partitions/
Q&A