0

I understand that ECB does not hide data patterns well. But my understanding is that it cannot be broken to "know" the underlying message. If that was the case, why can't ECB be used with some obfuscation technique like say XORing with the address? I am talking about data stored in DRAM modules - and assume it is not an image data that gives away the information just by its pattern (as is explained in the Wiki page for block ciphers).

If let's say it is some software code and I obfuscate the AES output by XORing the AES output with the address - or some combination of the address, does it still make the data in the DRAM insecure?

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
Novice
  • 1
  • 2
  • Comments are not for extended discussion; this conversation has been moved to chat. – mikeazo Jan 23 '15 at 15:27
  • 4
    Why not do it properly? XTS mode is similar to your idea (it combines the address with the data), but actually secure. – CodesInChaos Apr 25 '15 at 10:37
  • I assume you are talking about encrypting data in memory. See how OCB works, it uses the XEX structure with ECB as the encrypt operation – Richie Frame Jun 16 '15 at 23:54
  • There are some misunderstandings in your question. DRAM is not very transient, the memory in normal DRAM module can be stored for multiple days if cooled well. Almost any data has a pattern, if just because most data has a lot of overhead. – Maarten Bodewes Jun 18 '15 at 16:46

1 Answers1

2

The concept of encrypting blocks independently but based on the address is sound. It's commonly used in disk encryption.

In the simplest case you could use a tweakable blockcipher in an ECB like mode using the block index as tweak.

But let's say you want to use an existing block cipher, like AES. In that case you want to turn that block cipher into a tweakable block cipher. There are standard modes for doing this, in particular XTS. But they're more complex than your suggestion, applying a non trivial transformation both before and after encrypting with the block cipher. These transformations are keyed and necessary to eliminate patterns in the plaintext.

Simply xor-ing the address into the plaintext, like you suggest is not secure. If an attacker observes two identical ciphertext blocks, they learn that the xor of the corresponding plaintext blocks is equal to the xor of the address. Since they know the xor of the addresses, they learn the xor of the plaintext. In practice this could occur if two consecutive blocks of plaintext differ only by a single bit.

Community
  • 1
CodesInChaos
  • 24,841
  • 2
  • 89
  • 128