Modes of operation is process of converting blocks of plaintext into blocks of ciphertext. The only problem with Block Ciphers that they encrypt small block. While, modes of operation encrypt bigger blocks (long plaintext). There are various ways to implement Block Ciphers to a long plaintext such as, Electronic Codebook (ECB) Mode, Cipher Block Chaining (CBC) Mode, Cipher Feedback (CFB) Mode, Output Feedback (OFB) Mode and Counter (CTR) Mode; and these operations are called modes of operation.
- Electronic Codebook (ECB) Mode: Is a block cipher operation, where the plaintext input block is mapped statically to the ciphertext output block. The figure below shows the ECB operation.
- Since every block is encrypted independently, if one block gets corrupted due to unreliable channels, then only one block is aﬀected while all other blocks can still be decrypted.
- Can be done in parallel.
- Identical plaintext blocks are encrypted into identical ciphertext blocks. Thus, it does not hide data patterns well.
- No protection against deletion or insertion of blocks.
Note: This operation is not recommended for use in cryptographic protocols. Also, it is susceptible to replay attacks, since each block gets decrypted in exactly the same way. For example, let’s pretend that Bob (is the server) and Alice (is the user). Bob requests password from Alice as proof of identity, which Alice provides in an encrypted form. Oscar (evil/hacker) is eavesdropping and keeps the encrypted password. Oscar sends Alice’s encrypted password to Bob.
In order to inhibit or avoid the reply attack, it is recommended to run the encryption with Cipher Block Chaining (CBC) Mode.
- Each plaintext block is XOR-ed with the previous ciphertext block before encryption, so that identical plaintext blocks occurring in the same message show up as diﬀerent ciphertext blocks.
- At the receiving side, each block coming out of the decryption algorithm must ﬁrst by XOR-ed with the previously received ciphertext block in order to recover the plaintext.
A single bit error occurring over the transmission channel will result in the corruption of one whole plaintext block plus a single bit error in the immediately following plaintext block. Therefore, the error propagation is restricted to two plaintext blocks. The figure below shows the CBC operation.
A single bit error occurring over the transmission channel will result in the corruption of one whole plaintext block plus a single bit error in the immediately following plaintext block. Therefore, the error propagation is restricted to two plaintext blocks.
Any CBC encrypted message must be initialised with an Initialisation Vector (IV) that is openly transmitted over the insecure channel at the beginning of the session. In order to avoid replay attacks an (IV) value should be used only once and never be used again. This can be achieved either by assigning a monotonically increasing counter or a random value to the (IV). Remember: A one bit change in a plaintext or (IV) aﬀects all followed ciphertext blocks.
Note: CBC operation is one of the most common modes of operation.