Question

1. Which block cipher mode to use? For each of the following scenarios, determine which of the four block cipher modes discussed in class would be most appropriate. Justify your answer.

   1. Encryption of the social security number field within every record of a database.

   2. Encryption of a Word document (.doc) that will be sent as an email attachment.

   3. Sector-by-sector encryption of an external hard drive.

   4. Real-time encryption of a non-packetized bit stream (e.g. raw digital video).

   5. Suppose a communication system encrypts data using AES-128 and has the ability to update keys over the network; that is, when a node on the network needs to update its key, a network controller can send the node a new key encrypted with the current key. What block cipher mode would me most appropriate when encrypting the new key to send to the node?

Answer 1

Lets understand first what is Block Cipher :-

Encryption algorithms are divided into two categories based on input type, as block cipher and stream cipher. Block cipher is an encryption algorithm which takes fixed size of input say b bits and produces a ciphertext of b bits again. If input is larger than b bits it can be divided further.

For different applications and uses, there are several modes of operations for a block cipher.

a) Encryption of the social security number field within every record of a database:-

ECB(Electronic Code Book) mode is a most straightforward way of processing a series of sequentially listed message blocks.The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are encrypted twice under the same key, the output ciphertext blocks will be the same.

1)The user takes the first block of plaintext and encrypts it with the key to produce the first block of ciphertext.

2)He then takes the second block of plaintext and follows the same process with same key and so on.

b) Encryption of a Word document (.doc) that will be sent as an email attachment:-

OCB is by far the best mode, as it allows encryption and authentication in a single pass. Sending information via e-mail attachment is quick and easy but is open to the risk that someone other than the intended recipient can intercept it. This can be a serious problem if the information contained within the attachment is sensitive or confidential.

Microsoft Word allows you to apply a password to an individual file so that it can only be opened once the reader has entered the correct password.

c) Sector-by-sector encryption of an external hard drive:-

XTS should be used if you are encrypting external hard drive.Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people.It uses Disk encryption software or hardware to encrypt every bit of data. It is used to prevent unauthorized access to data storage.

In disk level encryption, whole disk is encrypted including all files, folders, operating system and in order to boot, an authentication mechanism is required. It is implemented fully on the fly i-e before written on the disk,data is encrypted and only decrypted before use.

d) Real-time encryption of a non-packetized bit stream (e.g. raw digital video):-

ECB block cipher mode is used for VIDEO ENCRYPTION.This makes secure video encryption feasible for real-time applications without any extra dedicated hardware.