Seeing the Penguin in AES-ECB

栏目: IT技术 · 发布时间: 4年前

Seeing the Penguin in AES-ECB

Anthony Biondo
Filed under:SecurityProgramming

To get it out of the way: don’t roll your own crypto, and don’t use ECB mode if you somehow find yourself in the unenviable position of having to roll your own crypto. ECB mode reveals information about your plaintext, and as small as information this may be in a realistic scenario, unless you really really know what you are doing, there are better options. The example below illustrates some interesting properties of AES in ECB mode, but shouldn’t be taken to minimize the risk of using a mode like ECB.

Encrypting a Penguin

The reason AES (and other algorithms) in ECB (Electronic Codebook) mode leak information is simple: they encrypt blocks of data, and if they encounter the same block of data twice, they will produce the same encrypted result twice. This leaks information, showing you when two identical and aligned (usually 128-bit or 256-bit) blocks of data are the same, and opening up some avenues of attack (including active attacks, like replay attacks).

On wikipedia and elsewhere, a diagram is often shown to illustrate this point. In this diagram, we take an image of a penguin and encrypt it using AES with 128 bit blocks in ECB mode, revealing that the penguin is still very visible underneath:

But here, we used a perfect image of a penguin - an uncompressed image, with a background of perfect white, with clearly defined areas of higher and lower noise. We can see some interesting properties about the penguin in the ciphertext - the white background is pure white, and appears as identical repeating blocks when encrypted with ECB; the belly is a bit noisy, and appears much noisier as the diffusion of AES amplifies the noise significantly; and the detail of the face is gone completely.

Keep in mind that a regular photograph may exhibit some of these characteristics as well, and have some discernable patterns, possibly as a result of image compressing reducing the entropy in some areas of an image, but the real world tends to be noisy, and a real image will tend to be much noisier than our perfect image of a penguin.

Diffusion of Input Data

AES is a fairly secure algorithm designed to exhibit the property of diffusion . In an ideal encryption algorithm exhibiting diffusion, flipping any one bit in the input should have a 50% chance of impacting each bit in the output. That is, changing a single bit in the input completely scrambles the output.

The issue with AES in ECB mode is that this diffusion occurs with respect to each block individually. In ECB, flipping a bit that in one block has no chance of flipping any bits in another block, whereas with modes like CBC , flipping a bit can effectively scramble the output of all later blocks.

But, for us, the property of diffusion also means that adding a tiny bit of uniform noise to the entire image will completely scramble the output, even in ECB mode.

Hiding a Penguin in the Noise

Here, I’ve applied a simple algorithm that flips the least significant bit of 15% of the bytes that make up the image of a penguin. This is similar to a common steganographic technique, except I’m only adding a little bit of noise to the image. You can see the whole code here , although here is the relevant chunk:

imarray = np.uint8([ i^1 if random.random()>0.85 else i for i in imarray ])

With that change, the original image is left looking virtually identical to the naked eye, but the small amount of uniform noise has seemingly completely scrambled the resulting encrypted image:

And with that, you can see the property of diffusion, and slightly better understand the nuance of the risks of using AES-ECB. ECB still reveals information about the ciphertext of your image, and small amounts of information can still break cryptosystems, so please don’t take this as a reason to use ECB .

Hiding Some of a Penguin

Keep in mind that adding the noise uniformly to 15% of the bytes means that most blocks will end up getting a bit flipped, and so we effectively spread the noise out to affect every block, scrambling the penguin.

Here, we can see what happens if we add slightly less noise, flipping the least significant bit in about 3% of the bytes. As shown below, the penguin is more scrambled than without the noise, as the uniform noise is amplified in the blocks where it is present, but the noise doesn’t affect every block and the penguin is still somewhat visible underneath:

Finally, even if your input data is noisy, even if you intentionally make it noisy, ECB is usually not a good idea, particularly when we have better modes available for most, if not all, applications.

Security is hard, and small changes and nuance can make a big difference.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

智慧社会

智慧社会

阿莱克斯·彭特兰 (Alex Pentland) / 汪小帆、汪容 / 浙江人民出版社 / 2015-4 / CNY 56.90

●如果要在大数据领域推举出一个代表性的科学家,阿莱克斯·彭特兰是一个无法令人忽略的名字。经过数年极具开创性的研究,社会物理学这个全新科学领域的根基已足够深厚。社会物理学是关于想法流的科学,正是在想法流的帮助下,我们才得以提高集体智能,促进智慧社会的形成。 ● 通过研究数以百万计的人在智能手机、GPS设备、互联网等地方留下的“数字面包屑”,大数据的应用已成为一股无法被忽视的力量。在大数据的应用......一起来看看 《智慧社会》 这本书的介绍吧!

Markdown 在线编辑器
Markdown 在线编辑器

Markdown 在线编辑器

正则表达式在线测试
正则表达式在线测试

正则表达式在线测试

HSV CMYK 转换工具
HSV CMYK 转换工具

HSV CMYK互换工具