Consider the following scenario: we are given a block cipher ENC which maps 128-

Question

Consider the following scenario: we are given a block cipher ENC which maps 128-bit plaintexts to 128-bit ciphertexts, using a 256-bit secret key. Suppose that for the block cipher ENC the decryption operation is known to be much slower than the encryption operation. In addition, we have a message authentication code MAC available that on input an arbitrary length bitstring and a 128-bit secret key outputs a message tag of length 256 bit. Two users A and B have already successfully established common secret keys KENC and KMAC for these two symmetric schemes.

a. User A would like to send longer plaintexts—each about 16 MByte in size—to user B. From the application context it is known these plaintexts are likely to contain long subsequences of consecutive bits with the same value. To ensure confidentiality when transmitting the data, user A plans to use the block cipher ENC. In which mode of operation (ECB, OFB, etc.) should this block cipher be used? Justify your answer.

b. In addition to having confidentiality, user A would like to ensure integrity by means of the message authentication code MAC. The recipient B should be able to detect if a plaintext has been modified during transmission. Explain how user A should transmit a plaintext so that both confidentiality and integrity are guaranteed. Explain also how B recovers the plaintext and verifies if it has been altered.

Explanation / Answer

A.)

When we start encrypting the first block, we initialization vector of length one bloc. We XOR the first message with it before encrypting.we prepended to the cipher text. Chaining is done by for the next block XORing the cipher text of the first block with the new message and then encrypting.

In ECB mode, each block of the plaintext is encrypted independently. Similarly each block of the ciphertext decrypted independently. so ECB modes of operation encrypt each blockindependently.

B)

In addition to having confidentiality, user A would like to ensure integrity by means of the message authentication code MAC. The recipient B should be able to detect if a plaintext has been modified during transmission.MAC based approach is used to generate the extent keys. Once generated thekey is used to decrypt the requested page.Therefore a MAC based approach is used to generate the extent keys. Once the key is generated, it is returned to the file manager along with the audit log record so he audit logs are used to keep track of extent accesses during the query execution. Since HSM needs to be used to access any encrypted data page, such logs will provide an accurate estimate of what could be leaked during an attack. Next, the file manager decrypts the page using the extent key and forwards the decrypted page to the buffer pool for processing. Note that the decryption of the data page is performed in the system memory, not in the HSM. If the attacker monitors the content of the memory during these operations, all records within the extent would be compromised since the extent key resides in the memory during the attack.user A can transmit a plaintext so that both confidentiality and integrity are guaranteed

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.