Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA-AES-SIV TLS Ciphersuites Dan Harkins. RSA-AES-SIV Ciphersuites What is being proposed? –New ciphersuites for TLS using SIV mode of authenticated encryption.

Published byMary Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: "RSA-AES-SIV TLS Ciphersuites Dan Harkins. RSA-AES-SIV Ciphersuites What is being proposed? –New ciphersuites for TLS using SIV mode of authenticated encryption."— Presentation transcript:

1 RSA-AES-SIV TLS Ciphersuites Dan Harkins

2 RSA-AES-SIV Ciphersuites What is being proposed? –New ciphersuites for TLS using SIV mode of authenticated encryption. –RSA key exchange and Diffie-Hellman key exchange both with RSA authentication and SIV using two different key sizes  Four new ciphersuites. –Draft modeled closely on draft-ietf-tls-rsa-aes-gcm but minus some of the verbage on nonce management.

3 RSA-AES-SIV Ciphersuites Why is it being proposed? –Unlike other authenticated encryption modes SIV is resistant to nonce misuse. –Uniquely suited when nonce management is outside the cryptographic engine– e.g. when applications receive TLS services via an API to a library. –For control-plane (versus data plane) applications where a two-pass mode is not onerous and where resistance to unintentional programming errors, misconfiguration, and intentional misuse are needed, e.g. CAPWAP’s control channel.

4 What is SIV? An Authenticated Encryption with Associated Data (AEAD) cipher mode. Uses AES in CTR mode and CMAC mode. PRF construction takes a vector of associated data (plus plaintext), a component in that vector is the nonce. If a nonce is reused authenticity is retained and confidentiality is affected only to the extent that an adversary knows the same nonce was used with the same plaintext and key twice. Provable security!

5 SIV Encrypt SIV Decrypt AD1ADn S2V-CMAC P CTR … IVC AD1ADn S2V-CMAC P CTR … IVC IV’ FAIL != Associated Data Plaintext Ciphertext From “Deterministic Authenticated Encryption” by Phil Rogaway and Thomas Shrimpton

6 Free Code! http://www.lounge.org/siv_for_openssl.tgz % cd openssl-x-y-z % tar xzvf siv_for_openssl.tgz crypto/aes/Makefile crypto/aes/aes_siv.c crypto/aes/siv.h % make clean; make

7 References “Deterministic Authenticated Encryption, A Provable-Security Treatment of the Key- Wrap Problem”– Phil Rogaway and Thomas Shrimpton, from Advances in Cryptology EUROCRYPT ’06. draft-harkins-tls-rsa-siv-00.txt draft-dharkins-siv-aes-01.txt draft-ietf-tls-rsa-aes-gcm-00.txt

Download ppt "RSA-AES-SIV TLS Ciphersuites Dan Harkins. RSA-AES-SIV Ciphersuites What is being proposed? –New ciphersuites for TLS using SIV mode of authenticated encryption."

Similar presentations

Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted email, new key for every message.

Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1`` ```` ```` ```` ```` ```` ```` ```` ```` ```` `` AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University.

1`` ```` ```` ```` ```` ```` ```` ```` ```` ```` `` AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University.
Authenticated Encryption with Replay prOtection (AERO)

Authenticated Encryption with Replay prOtection (AERO)
Doc.: IEEE 802.11-09/770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: 2009-07 Authors: Russ Housley (Vigil Security), et.

Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
Cryptography The science of writing in secret code.

Cryptography The science of writing in secret code.
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: 2012-10-30 Authors:

Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
#1 EAX A two-pass authenticated encryption mode Mihir BellarePhillip RogawayDavid Wagner U.C. San Diego U.C. Davis and U.C. Berkeley Chiang Mai University.

#1 EAX A two-pass authenticated encryption mode Mihir BellarePhillip RogawayDavid Wagner U.C. San Diego U.C. Davis and U.C. Berkeley Chiang Mai University.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Hybrid Cipher encryption Plain Text Key Cipher Text Key Plain Text IV Hybrid Cipher decryption Hybrid Cipher Note: IV used in encryption is not used in.

Hybrid Cipher encryption Plain Text Key Cipher Text Key Plain Text IV Hybrid Cipher decryption Hybrid Cipher Note: IV used in encryption is not used in.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.

Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.

Similar presentations

Ads by Google