Please give as much information as possible for each answer. Thank You.

At least in theory, the design of a block cipher is generally made more secure by:

• increasing the number of rounds used in a block cipher; or

• using a block cipher with a larger block size.

(a) For each of these techniques, explain why it might be more secure.

(b) For each of these techniques, what are the associated practical disadvantages?

(c) For each of these techniques, explain which of the three significant problems with ECB mode identified in Section 4.6.1 might be reduced.(See image)

(d) Explain why it is inadvisable to apply either of these techniques to a published (standardised) block cipher such as AES.

student submitted image, transcription available below

 

Transcribed Image Text:

Ciphertext manipulations. If a block cipher is used in ECB mode, then some ciphertext manipulations are undetectable. By this we mean an attacker could alter the ciphertext in such a way that the receiver might still get a meaningful plaintext after they decrypt the manipulated ciphertext. For example, an attacker could: replay (part of) an old ciphertext; delete certain blocks of ciphertext; rearrange the blocks of ciphertext in a different order; and repeat certain ciphertext blocks. Of course, to conduct most of these attacks without being detected, the attacker will have to rely on the resulting manipulated plaintext being meaningful, but there are many situations where this is a distinct possibility. For example, as depicted in Figure 4.8, an attacker with access to the contents of a database containing encrypted data fields P and P could swap the two corresponding encrypted entries C and C. While the attacker may not know precisely what the result of this change will be, the attacker might have some idea of the likely implications. For example, if the entries are encrypted examination marks for students whose names were stored in plaintext on the database, the attacker may have prior knowledge of the students' abilities and thus deduce that swapping the encrypted marks of good student A and bad student B will result in an increased grade for bad student B. Statistical attacks. In Section 2.1, we saw that letter frequency analysis could easily be conducted against a monoalphabetic cipher. In some sense we can consider a block cipher being used in ECB mode to be a 'mono-block-ic' cipher, since the same plaintext block is always encrypted into the same ciphertext block. While undoubtedly much more difficult to perform than letter frequency analysis, it is still possible for ciphertext block statistics to be used to analyse a block cipher used in ECB mode. This will be particularly effective if the block cipher is regularly used to encrypt a small set of plaintexts. Again, the example of a partially encrypted examination database provides a good example, where there may only be 100 possible plaintexts in the examination mark database field, and hence only 100 different ciphertexts ever computed. Dictionary attacks. In Section 4.3.1, we observed that relatively long block sizes are desirable to protect against dictionary attacks, where an attacker compiles a dictionary of known plaintext/ciphertext pairs which have been generated using a specific key. This is particularly dangerous in applications where certain fixed plaintexts are sent regularly. An extreme example of this is the situation we described in Section 3.2.3, where a fixed plaintext was sent at the start of every day. While choosing a large block size makes this a more complex task (see Section 4.3.1), a dictionary attack of this sort is always theoretically possible if a block cipher is used in ECB mode. Ciphertext manipulations. If a block cipher is used in ECB mode, then some ciphertext manipulations are undetectable. By this we mean an attacker could alter the ciphertext in such a way that the receiver might still get a meaningful plaintext after they decrypt the manipulated ciphertext. For example, an attacker could: replay (part of) an old ciphertext; delete certain blocks of ciphertext; rearrange the blocks of ciphertext in a different order; and repeat certain ciphertext blocks. Of course, to conduct most of these attacks without being detected, the attacker will have to rely on the resulting manipulated plaintext being meaningful, but there are many situations where this is a distinct possibility. For example, as depicted in Figure 4.8, an attacker with access to the contents of a database containing encrypted data fields P and P could swap the two corresponding encrypted entries C and C. While the attacker may not know precisely what the result of this change will be, the attacker might have some idea of the likely implications. For example, if the entries are encrypted examination marks for students whose names were stored in plaintext on the database, the attacker may have prior knowledge of the students' abilities and thus deduce that swapping the encrypted marks of good student A and bad student B will result in an increased grade for bad student B. Statistical attacks. In Section 2.1, we saw that letter frequency analysis could easily be conducted against a monoalphabetic cipher. In some sense we can consider a block cipher being used in ECB mode to be a 'mono-block-ic' cipher, since the same plaintext block is always encrypted into the same ciphertext block. While undoubtedly much more difficult to perform than letter frequency analysis, it is still possible for ciphertext block statistics to be used to analyse a block cipher used in ECB mode. This will be particularly effective if the block cipher is regularly used to encrypt a small set of plaintexts. Again, the example of a partially encrypted examination database provides a good example, where there may only be 100 possible plaintexts in the examination mark database field, and hence only 100 different ciphertexts ever computed. Dictionary attacks. In Section 4.3.1, we observed that relatively long block sizes are desirable to protect against dictionary attacks, where an attacker compiles a dictionary of known plaintext/ciphertext pairs which have been generated using a specific key. This is particularly dangerous in applications where certain fixed plaintexts are sent regularly. An extreme example of this is the situation we described in Section 3.2.3, where a fixed plaintext was sent at the start of every day. While choosing a large block size makes this a more complex task (see Section 4.3.1), a dictionary attack of this sort is always theoretically possible if a block cipher is used in ECB mode.