How can you transform AES-CBC (without modifying its internals)

Encryption at ITCrypt

You were recently hired as a Cryptography Engineer at ITCrypt, a local start-up company who is specializing in building solutions to secure IoT devices. You are interested in securing the communication between two small, resource-constrained IoT devices. Your goal is to secure the communication between two parties who have already shared a private key, for example via a key-exchange protocol.

Questions

(i). What cryptographic primitive should you implement to secure the communication channel between the devices? What notion of security should this primitive achieve?

(ii). A former colleague had recommended using AES-CBC (i.e., CBC with AES as the underlying block cipher), and incrementing the IV by a constant value D at each invocation. The latter choice was made in order to save on random-number generation.

Thus, in this construction initially, a random IV is chosen; subsequently, at each new invocation, the IV is updated via IV-IV + D and then used in AES-CBC to encrypt data. Show that this is not a sound design by presenting a chosen-plaintext attack. (The encryption scheme keeps IV as an internal state so that it can increment it by D at each new invocation.)

(iii). After long discussions, the implementers at ITCrypt finally agreed to use fresh random IVs at each invocation. Does AES-CBC with fresh random IVs provide an adequate level of security? Briefly justify your answer.

(iv). Since the implementers at ITCrypt have developed their own in-house implementation of AES-CBC, they are reluctant to switch to another mode of operation. How can you transform AES-CBC (without modifying its internals) to a scheme that provides the levels of security required in practice, and as identified in part (i)?

(v). Had ITCrypt originally hired you for the Cryptography Engineer position, which off-the-shelf solution would you have recommended ITCrypt to use? Justify your answer

by discussing various parameters that need to be considered when choosing a cryptographic solution for this setting. (Consider security, efficiency and other aspects in comparison to modified AES-CBC in part (iv).)

My Master Papers
Calculate your paper price
Pages (550 words)
Approximate price: -
AllEscort