RSA-AES-SIV TLS Ciphersuites Dan Harkins. RSA-AES-SIV Ciphersuites What is being proposed? –New ciphersuites for TLS using SIV mode of authenticated encryption.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Advertisements

ECE454/CS594 Computer and Network Security
Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1`` ```` ```` ```` ```` ```` ```` ```` ```` ```` `` AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University.
Authenticated Encryption with Replay prOtection (AERO)
Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
Cryptography The science of writing in secret code.
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
#1 EAX A two-pass authenticated encryption mode Mihir BellarePhillip RogawayDavid Wagner U.C. San Diego U.C. Davis and U.C. Berkeley Chiang Mai University.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Hybrid Cipher encryption Plain Text Key Cipher Text Key Plain Text IV Hybrid Cipher decryption Hybrid Cipher Note: IV used in encryption is not used in.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Dan Boneh Odds and ends Format preserving encryption Online Cryptography Course Dan Boneh.
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
Dan Boneh Using block ciphers Modes of operation: many time key (CTR) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 23/10/2015 | pag. 2.
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
BLOCK CIPHER SYSTEMS OPERATION MODES OF DATA ENCRYPTION STANDARD (DES)
Dan Boneh Using block ciphers Modes of operation: many time key (CBC) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
AES-CCM Cipher Suites Daniel Bailey Matthew Campagna David McGrew
1 AERO Algorithm Overview October 2013 San Antonio, Texas USA Howard Weiss NASA/JPL/PARSONS* Identity crisis: Formerly SPARTA Formerly Cobham Formerly.
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Doc.: IEEE /0056r0 Submission January 2010 Dan Harkins, Aruba NetworksSlide 1 Security Review of WAI Date: Authors:
Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
1 NIST Key State Models SP Part 1SP (Draft)
Lecture 5 Block Diagrams Modes of Operation of Block Ciphers.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
Should NIST Develop an Additional Version of GCM? July 26, 2007 Morris Dworkin, Mathematician Security Technology Group
Online Cryptography Course Dan Boneh
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Dan Boneh Authenticated Encryption CBC paddings attacks Online Cryptography Course Dan Boneh.
Doc.: IEEE /634r1 Submission November 2001 Ferguson, Housley, WhitingSlide 1 AES Mode Choices OCB vs. Counter Mode with CBC-MAC Niels Ferguson,
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
1 HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption Tetsu Iwata (Nagoya University, Japan) Kan Yasuda (NTT Corporation, Japan)
Dan Boneh Authenticated Encryption Constructions from ciphers and MACs Online Cryptography Course Dan Boneh.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
1 Introduction to Cryptography Chapter-4. Definitions  Cryptography = the science (art) of encryption  Cryptanalysis = the science (art) of breaking.
Modes of Operation block ciphers encrypt fixed size blocks – eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts.
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016.
Modes of Operation.
Enhanced Security Date: Authors: May 2009 May 2009
Computer and Network Security
Enhanced Security Features for
Enhanced Security Features for
Cryptography Lecture 12.
AES Mode Choices OCB vs. Counter Mode with CBC-MAC
Block cipher and modes of encryptions
Block vs Stream Ciphers
Cryptography Lecture 12.
Cryptography Lecture 11.
A Better Way to Protect APE Messages
Counter With Cipher Block Chaining-MAC
Counter Mode, Output Feedback Mode
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Presentation transcript:

RSA-AES-SIV TLS Ciphersuites Dan Harkins

RSA-AES-SIV Ciphersuites What is being proposed? –New ciphersuites for TLS using SIV mode of authenticated encryption. –RSA key exchange and Diffie-Hellman key exchange both with RSA authentication and SIV using two different key sizes  Four new ciphersuites. –Draft modeled closely on draft-ietf-tls-rsa-aes-gcm but minus some of the verbage on nonce management.

RSA-AES-SIV Ciphersuites Why is it being proposed? –Unlike other authenticated encryption modes SIV is resistant to nonce misuse. –Uniquely suited when nonce management is outside the cryptographic engine– e.g. when applications receive TLS services via an API to a library. –For control-plane (versus data plane) applications where a two-pass mode is not onerous and where resistance to unintentional programming errors, misconfiguration, and intentional misuse are needed, e.g. CAPWAP’s control channel.

What is SIV? An Authenticated Encryption with Associated Data (AEAD) cipher mode. Uses AES in CTR mode and CMAC mode. PRF construction takes a vector of associated data (plus plaintext), a component in that vector is the nonce. If a nonce is reused authenticity is retained and confidentiality is affected only to the extent that an adversary knows the same nonce was used with the same plaintext and key twice. Provable security!

SIV Encrypt SIV Decrypt AD1ADn S2V-CMAC P CTR … IVC AD1ADn S2V-CMAC P CTR … IVC IV’ FAIL != Associated Data Plaintext Ciphertext From “Deterministic Authenticated Encryption” by Phil Rogaway and Thomas Shrimpton

Free Code! % cd openssl-x-y-z % tar xzvf siv_for_openssl.tgz crypto/aes/Makefile crypto/aes/aes_siv.c crypto/aes/siv.h % make clean; make

References “Deterministic Authenticated Encryption, A Provable-Security Treatment of the Key- Wrap Problem”– Phil Rogaway and Thomas Shrimpton, from Advances in Cryptology EUROCRYPT ’06. draft-harkins-tls-rsa-siv-00.txt draft-dharkins-siv-aes-01.txt draft-ietf-tls-rsa-aes-gcm-00.txt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.