Is ECB secure if I can guarantee that I never encrypt the same block twice?

Question

After reading about modes of operation for block ciphers, I've found that basically all discussions about ECB end with: "never use ECB". For example this security stachexchange answer. However my understanding is that ECB is only insecure if you may send the same block twice. So, is ECB safe to use if I can guarantee that I never send the same block twice?

For example, suppose I have a home automation system where I have a number of commands that can fit in less than 8 bytes. I then append a unique 8 byte message ID to this data to form a 16 byte block. I then encrypt this block using AES128. Thus I would never send the same message twice as I never expect to give more than 2^64 commands. Also, say I use a counter as the message ID, then I would also prevent replay attacks.

Answer 1

"Never use ECB mode" is generally solid advice. Not because ECB can never be used safely, but because almost any cryptosystem that is build using EBC is going to use it in a way that ensures it will be badly broken. Ancedotally, the most common reason I see people choosing ECB (when they do) they choose it because it doesn't require an IV or nonce, which makes it slightly simpler to implement.

That said, your understanding (and the answers to the other question linked in the comments) is correct. ECB mode can be used securely in your scenario, if you never repeat a key/block combination. You can safely encrypt the same one-block message twice (for instance, if you reset the counter and start over) but you must at that point switch to a new key. Under a static key, you are correct that you must never send the same message twice.

Additionally, heed CodesInChaos' comment. If at any point the encrypted message might be tampered with, you need a MAC to ensure its integrity.