An Interface and Algorithms for Authenticated Encryption RFC

  • Slides: 16
Download presentation
An Interface and Algorithms for Authenticated Encryption (RFC 5116) David Mc. Grew mcgrew@cisco. com

An Interface and Algorithms for Authenticated Encryption (RFC 5116) David Mc. Grew mcgrew@cisco. com

Authenticated Encryption with Associated Data (AEAD) • Single algorithm provides confidentiality and authenticity/integrity protection

Authenticated Encryption with Associated Data (AEAD) • Single algorithm provides confidentiality and authenticity/integrity protection • Useful abstraction for ‘ideal’ encryption • Block cipher modes – GCM, CCM, SIV, and others • Dedicated algorithms – Phelix, SOBER-128

RFC 5116 • Defines interface to AEAD algorithms • Defines four algorithms – AES

RFC 5116 • Defines interface to AEAD algorithms • Defines four algorithms – AES GCM, AES CCM • Defines IANA registry for algorithms

Example: Packet Protection Needs Authentication Header Payload Needs Confidentiality

Example: Packet Protection Needs Authentication Header Payload Needs Confidentiality

Plaintext Header Payload Plaintext AEAD Encryption Plaintext is encrypted and authenticated

Plaintext Header Payload Plaintext AEAD Encryption Plaintext is encrypted and authenticated

Associated Data Header Payload Associated Data Plaintext AEAD Encryption Associated Data is only authenticated

Associated Data Header Payload Associated Data Plaintext AEAD Encryption Associated Data is only authenticated

Secret key Key Header Payload Associated Data Plaintext AEAD Encryption

Secret key Key Header Payload Associated Data Plaintext AEAD Encryption

Nonce Key Nonce Header Payload Associated Data Plaintext AEAD Encryption Each encryption operation MUST

Nonce Key Nonce Header Payload Associated Data Plaintext AEAD Encryption Each encryption operation MUST have a distinct nonce

(Authenticated) Ciphertext Key Nonce Header Payload Associated Data Plaintext AEAD Encryption Ciphertext

(Authenticated) Ciphertext Key Nonce Header Payload Associated Data Plaintext AEAD Encryption Ciphertext

Using AEAD Header Payload Associated Data Plaintext Key AEAD Encryption Nonce Ciphertext Header Nonce

Using AEAD Header Payload Associated Data Plaintext Key AEAD Encryption Nonce Ciphertext Header Nonce Protected Payload

Example: ESP P = Rest. Of. Payload. Data || TFCpadding || || Pad. Length

Example: ESP P = Rest. Of. Payload. Data || TFCpadding || || Pad. Length || Next. Header N = Salt || IV A = SPI || Sequence. Number ESP = SPI || Sequence. Number || IV || C Padding

AEAD Benefits • Interface hides algorithm details from application • Application designer relieved of

AEAD Benefits • Interface hides algorithm details from application • Application designer relieved of crypto issues • Promotes algorithm agility • Admits crypto optimizations • Simplifies analysis and testing

RFC 5116 Uses • ESP – Backwards compatible with RFC 4106 • TLS –

RFC 5116 Uses • ESP – Backwards compatible with RFC 4106 • TLS – ecc-new-mac, rsa-aes-gcm • IKE – draft-black-ikev 2 -aead-modes • SRTP, SSH work underway • 802. 1 AE

AEAD Algorithms • AES Galois/Counter Mode (GCM) • AES Counter & CBC-MAC (CCM) –

AEAD Algorithms • AES Galois/Counter Mode (GCM) • AES Counter & CBC-MAC (CCM) – AEAD_AES_128_CCM_SHORT • AES Synthetic IV (SIV) – draft-harkins-tls-rsa-aes-siv-00 • AES CBC, HMAC-SHA 1 – draft-mcgrew-aead-aes-cbc-hmac-sha-00

Issues & Future Work • Nonces aren’t user friendly – Security and usability •

Issues & Future Work • Nonces aren’t user friendly – Security and usability • No nonceless algorithms in registry yet

Acknowledgements • Thanks are due to: Hal Finney, Greg Rose, Russ Housley, Alfred Hines,

Acknowledgements • Thanks are due to: Hal Finney, Greg Rose, Russ Housley, Alfred Hines, John Wilkinson, Jack Lloyd, Scott Fluhrer, David Wagner, Ken Raeburn, Wei Dai, Aaron Christensen, Phil Rogaway, and Dan Harkins • IRTF CFRG participants

RFC RFC 2600 Internet Official Protocol Standards RFCRFC RFC 2600 Internet Official Protocol Standards RFC
INTERFACE DESIGN INTERFACE DESIGN INTERFACE INTERFACE DESIGN INTERFACEINTERFACE DESIGN INTERFACE DESIGN INTERFACE INTERFACE DESIGN INTERFACE
Summary of Encryption What is encryption In encryptionSummary of Encryption What is encryption In encryption
Encryption What is Encryption Types of Encryption 1Encryption What is Encryption Types of Encryption 1
Asymmetric encryption Asymmetric encryption Asymmetric encryption often calledAsymmetric encryption Asymmetric encryption Asymmetric encryption often called
Authenticated Encryption and Cryptographic Network Protocols David BrumleyAuthenticated Encryption and Cryptographic Network Protocols David Brumley
Authenticated Encryption and Cryptographic Network Protocols David BrumleyAuthenticated Encryption and Cryptographic Network Protocols David Brumley
Publicly verifiable authenticated encryption Author Changshe Ma andPublicly verifiable authenticated encryption Author Changshe Ma and
Publicly verifiable authenticated encryption Author Changshe Ma andPublicly verifiable authenticated encryption Author Changshe Ma and
RFC Series Editor Status Report IETF 95 RFCRFC Series Editor Status Report IETF 95 RFC
HTTP over SSL RFC 2818 RFC 2817 IntroductionHTTP over SSL RFC 2818 RFC 2817 Introduction
RFC Editor Tutorial How to Write an RFCRFC Editor Tutorial How to Write an RFC
ASN 1 PKI RFC 2459 3280 RFC 2251ASN 1 PKI RFC 2459 3280 RFC 2251
BOOTP Bootstrap Protocol RFC 951 RFC 1497 DHCPBOOTP Bootstrap Protocol RFC 951 RFC 1497 DHCP
The RFC Editor How to Write an RFCThe RFC Editor How to Write an RFC