Detection of Substitution attack on Block Cipher ECB mode
This is from Christoff Paar's book on Cryptography
Let’s assume a protocol for wire transfers between banks (Fig. 5.2). There are five fields which specify a transfer: the sending bank’s ID and account number, the receiving bank’s ID and account number, and the amount. We assume now (and this is a major simplification) that each of the fields has exactly the size of the block cipher width, e.g., 16 bytes in the case of AES. Furthermore, the encryption key between the two banks does not change too frequently. Due to the nature of the ECB, an attacker can exploit the deterministic nature of this mode of operation by simple substitution of the blocks. The attack details are as follows:
- The attacker, Oscar, opens one account at bank A and one at bank B.
- Oscar taps the encrypted line of the banking communication network.
- He sends $1.00 transfers from his account at bank A to his account at bank B repeatedly. He observes the ciphertexts going through the communication network. Even though he cannot decipher the random-looking ciphertext blocks, he can check for ciphertext blocks that repeat. After a while he can recognize the five blocks of his own transfer. He now stores blocks 1, 3 and 4 of these transfers. These are the encrypted versions of the ID numbers of both banks as well as the encrypted version of his account at bank B.
- Recall that the two banks do not change the key too frequently. This means that the same key is used for several other transfers between bank A and B. By comparing blocks 1 and 3 of all subsequent messages with the ones he has stored, Oscar recognizes all transfers that are made from some account at bank A to some account at bank B. He now simply replaces block 4 — which contains the receiving account number — with the block 4 that he stored before. This block contains Oscar’s account number in encrypted form. As a consequence, all transfers from some account of bank A to some account of bank B are redirected to go into Oscar’s B account! Note that bank B now has means of detecting that the block 4 has been replaced in some of the transfers it receives.
- Withdraw money from bank B quickly and fly to a country that has a relaxed attitude about the extradition of white-collar criminals.
I don't understand the part which I have bolded. How does bank B have a means of detecting that block 4 has been replaced?
