Why using non-Random IVs in CBC mode will count as vulnerability ?


Cipher Block Chaining “CBC”

IBM invented the Cipher Block Chaining (CBC) mode of operation in 1976, In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.[1]

601px-CBC_encryption.svg

CBC_decryption

So if you encrypt 2 messages  starting with the same block with the same IV the resulting cipher will be the same so in this case will not be secure !

But why we can’t use a sequential  IV for example  ?? did you think about that ? the IV  will be different every time right? no  you guessed wrong let me demonstrate this issue for you

To demonstrate this let me give you an example about a questionnaire website so the application will have a lot of check boxes and this questionnaire will be sent to a third party organization and the data is already been encrypted so even though he is the admin of the website, he only has access to the cipher text.

In CBC, the IV is XORed (noted by “⊕” below) with the plain text, then run through the block cipher: C1 = Ek(IV ⊕ P1).

Since the Admin can access the cipher text and the IVs are predictable  he can choose questionnaire of his choice and apply the predicted IVs the admin’s  (IVadmin) and customer’s (IVcustomer),  he can choose the plain text for his own questionnaire  like this: Padmin = IVadmin ⊕ IVcustomer ⊕ “false”

The System encrypts this plain text like this:

Cadmin = Ek(IVadmin ⊕ Padmin) = Ek(IVadmin ⊕ (IVadmin ⊕ IVcustomer ⊕ “false”))

The IVadmin ⊕ IVadmin cancels out, which means that Cadmin = Ek(IVcustomer ⊕ “false”)

Now admin can compare Cadmin and Ccustomer. If they are different, he knows that the customer  must have entered “true” for that particular question.

But if the system used a Random IV every time this attack will be useless because the admin can’t predict the IV and can’t predict the answer

And you can see this point clearly in real example protocols like  WEP,  WEP  is vulnerable and now other protocols such as WPA2 is used.

I hope that this post was helpful for you.


Leave a Reply

Your email address will not be published. Required fields are marked *