An%20Interface%20and%20Algorithms%20for%20Authenticated%20Encryption%20(RFC%205116)

About This Presentation
Title:

An%20Interface%20and%20Algorithms%20for%20Authenticated%20Encryption%20(RFC%205116)

Description:

draft-black-ikev2-aead-modes. SRTP, SSH work underway. 802.1AE. AEAD Algorithms ... Hal Finney, Greg Rose, Russ Housley, Alfred Hines, John Wilkinson, Jack Lloyd, ... –

Number of Views:88
Avg rating:3.0/5.0
Slides: 17
Provided by: mcgrew1
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: An%20Interface%20and%20Algorithms%20for%20Authenticated%20Encryption%20(RFC%205116)


1
An Interface and Algorithms for Authenticated
Encryption (RFC 5116)
  • David McGrew
  • mcgrew_at_cisco.com

2
Authenticated Encryption with Associated Data
(AEAD)
  • Single algorithm provides confidentiality and
    authenticity/integrity protection
  • Useful abstraction for ideal encryption
  • Block cipher modes
  • GCM, CCM, SIV, and others
  • Dedicated algorithms
  • Phelix, SOBER-128

3
RFC 5116
  • Defines interface to AEAD algorithms
  • Defines four algorithms
  • AES GCM, AES CCM
  • Defines IANA registry for algorithms

4
Example Packet Protection
Needs Authentication
Header
Payload
Needs Confidentiality
5
Plaintext
Header
Payload
Plaintext
AEAD Encryption
Plaintext is encrypted and authenticated
6
Associated Data
Header
Payload
Associated Data
Plaintext
AEAD Encryption
Associated Data is only authenticated
7
Secret key
Header
Payload
Associated Data
Plaintext
AEAD Encryption
Key
8
Nonce
Header
Payload
Associated Data
Plaintext
AEAD Encryption
Key
Nonce
Each encryption operation MUST have a distinct
nonce
9
(Authenticated) Ciphertext
Header
Payload
Associated Data
Plaintext
AEAD Encryption
Key
Nonce
Ciphertext
10
Using AEAD
Header
Payload
Associated Data
Plaintext
AEAD Encryption
Key
Nonce
Ciphertext
Header
Protected Payload
Nonce
11
Example ESP
  • P RestOfPayloadData TFCpadding
    Padding PadLength NextHeader
  • N Salt IV
  • A SPI SequenceNumber
  • ESP SPI SequenceNumber IV C

12
AEAD Benefits
  • Interface hides algorithm details from
    application
  • Application designer relieved of crypto issues
  • Promotes algorithm agility
  • Admits crypto optimizations
  • Simplifies analysis and testing

13
RFC 5116 Uses
  • ESP
  • Backwards compatible with RFC 4106
  • TLS
  • ecc-new-mac, rsa-aes-gcm
  • IKE
  • draft-black-ikev2-aead-modes
  • SRTP, SSH work underway
  • 802.1AE

14
AEAD Algorithms
  • AES Galois/Counter Mode (GCM)
  • AES Counter CBC-MAC (CCM)
  • AEAD_AES_128_CCM_SHORT
  • AES Synthetic IV (SIV)
  • draft-harkins-tls-rsa-aes-siv-00
  • AES CBC, HMAC-SHA1
  • draft-mcgrew-aead-aes-cbc-hmac-sha-00

15
Issues Future Work
  • Nonces arent user friendly
  • Security and usability
  • No nonceless algorithms in registry yet

16
Acknowledgements
  • Thanks are due to Hal Finney, Greg Rose, Russ
    Housley, Alfred Hines, John Wilkinson, Jack
    Lloyd, Scott Fluhrer, David Wagner, Ken Raeburn,
    Wei Dai, Aaron Christensen, Phil Rogaway, and Dan
    Harkins
  • IRTF CFRG participants
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "An%20Interface%20and%20Algorithms%20for%20Authenticated%20Encryption%20(RFC%205116)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!