Doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 1 LinkSec CipherSuites? David Johnston

Slides:



Advertisements
Similar presentations
2 © 2004, Cisco Systems, Inc. All rights reserved. Scalable, Efficient Cryptography for Multiple Security Services David A. McGrew Cisco Systems, Inc.
Advertisements

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”
Doc.: Handoff_WNG_Presentation r3 Submission July David Johnston, IntelSlide Handoff Presentation to WNG David Johnston.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Doc.: 802_Handoff_EC_Opening_Plenary_Report r2 Submission November David Johnston, IntelSlide Handoff ECSG EC Opening Plenary Report David.
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Cryptography and Network Security
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Doc.: IEEE /156ar0 Submission March 2002 RogawaySlide 1 Some Comments on OCB and CCM Phil Rogaway UC Davis and Chiang Mai Univ.
Lecture 23 Symmetric Encryption
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.
Doc.: 802_Handoff_Linksec_Presentation Submission May David Johnston, IntelSlide Handoff LinkSec Handoff Issues? David Johnston
WEP Protocol Weaknesses and Vulnerabilities
ISEP / Fakulta Elektrotecknika 1 Project Of Telecommunication Subject: Describe following “ MAC - Message Authentication Code " modes: Describe following.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
Doc.: 802_Handoff_Joint_Handoff_16e_Session Submission July David Johnston, IntelSlide Handoff ECSG Overview for Joint 16e/Handoff David Johnston.
Doc.: 802_Handoff_WMAN_Presentation Submission July David Johnston, IntelSlide Handoff A Technical Preview David Johnston
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Doc.: IEEE /1077r0 Submission September 2010 Dan Harkins, Aruba NetworksSlide 1 Galois/Counter Mode (GCM) Date: Authors:
1 April, 2002 doc:.: /207r1 Daniel V. Bailey, Ari Singer, NTRU 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Lecture 23 Symmetric Encryption
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Thoughts on KeySec John Viega
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Doc.: IEEE e Submission Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
Doc.: 802_Handoff_Work_Package_Discussion_r1 Submission September David Johnston, IntelSlide 1 IEEE 802 Handoff ECSG Work Package Discussion David.
Doc.: IEEE /218r2 Submission July, 2002 Rene Struik, Certicom Corp.Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks.
Should NIST Develop an Additional Version of GCM? July 26, 2007 Morris Dworkin, Mathematician Security Technology Group
2010 CCSDS Spring Meeting, 5 May 2010 Portsmouth, VA, USA Encrypted Authentication ISO/IEC I. Aguilar – ESA/ESTEC.
Doc.: IEEE /634r1 Submission November 2001 Ferguson, Housley, WhitingSlide 1 AES Mode Choices OCB vs. Counter Mode with CBC-MAC Niels Ferguson,
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Doc.: IEEE /0964r0 Submission September 2010 David Halasz, AclaraSlide 1 Smart Grid and Key Lengths Date: Authors:
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
Doc.: 802_Handoff_Linksec_Presentation Submission May David Johnston, IntelSlide Handoff LinkSec Handoff Issues? David Johnston
Message Authentication Code
Encryption and Network Security
Submission Title: [NTRU Security Tutorial]
AES Mode Choices OCB vs. Counter Mode with CBC-MAC
March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Call for Proposals] Date Submitted:
December 7, 2018 doc.: IEEE r0 July, 2003
January 16, 2019 doc.: IEEE r0 September, 2004
December 2015 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security considerations for 15.3e] Date.
February 24, 2019 doc.: IEEE r0 July, 2003
IEEE MEDIA INDEPENDENT HANDOVER DCN: sec
Block Ciphers (Crypto 2)
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
July 15, 2019 doc.: IEEE r0 May, 2002 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [AES.
Counter With Cipher Block Chaining-MAC
Encrypting Management Frames
Presentation transcript:

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 1 LinkSec CipherSuites? David Johnston

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 2 Cryptographic Suites The need to choose a set of cryptographic methods in LinkSec has been discussed Privacy, data origin integrity and replay detection are suitable things to address –Are there other things? Ciphersuite will be subject to negotiation What ciphersuites should be specified?

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 3 Basic Primitives Null, RC4, DES, 3DES, AES, HMAC-SHA1 etc Impacts: –HW Implementations –Crypto strength –Exportability –Interoperability AES is crypto du jour NULL is probably necessary RC4-40 has been used for exportability before but is not a good choice for engineering reasons –it has a heavily serial algorithm

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 4 Privacy FIPS standards specifies crypto modes using DES, 3DES and AES-128 –Not a bad place to take guidance –Simpler FIPS related approvability for devices –DES deprecated for new equipment –Unencumbered, parallelizable modes available (E.G. CTR) Good for speed

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 5 Integrity Auth mode based on block crypto function is a nice approach for implementers. FIPS is less useful here –Authentication modes still a matter of debate in NIST –OMAC is looking like the most likely candidate for FIPS approval Not parallelizable Other parallelizable options are encumbered –E.G. PMAC Could use an auth specific algorithm –HMAC-SHA1 Works Requires independent hardware

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 6 Combo Modes? There are combined confidentiality modes that use a single block cipher –CCM Not parallelizable Non encumbered Used in i –OCB Parallelizable –Addresses the needs of really high speed equipment Encumbered –Must be optional if it is specified at all Bigger –Needs AES decrypt => more gates These are the engineers choices –One cipher block implementation –AES a known quantity

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 7 Frame Format Requirements Crypto has an impact on the frame format –Insertion of IVs –Appending MACs What should this stuff be bound to? –It seems a ciphersuite would be appropriate Might some of this be parametizable? –IV length? Key Length? MIC length? –This would then inform a frame formatter how to behave, redefine MTU etc. Alternative is to only permit defined ciphersuites –My preferred option, parameters sound like too much complexity

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 8 The need for ciphersuites Privacy and Integrity methods interact Different mixes impact the frame format differently A Ciphersuites list gives a list of permitted combinations or instances of combo modes –Frame format effects tied to the ciphersuite entry –Easier to negotiate cipher suites than combinations of privacy and integrity algorithms

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 9 E.G. Null Auth only – HMAC-SHA256 –I don’t like this Non secure (40 bit) mode –Why bother? NULL is insecure, an illusion of security is worse than none at all. AES-128 in CCM mode –Keylength = 128 bit –Frame expansion = ?? –Great for wireless devices AES-128 in OCB mode –Keylength = 128 –Frame expansion = ?? –Great for very high speed devices –But is encumbered – Pay your $$

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 10 A Suggested Ciphersuite Ciphersuite IDTypeM/ODefined in 0NULLMandatoryx.y.z 100AES-128 in CCM Mode Optionalx.y.z Reserved 200AES-128 in OCB Mode Optionalx.y.z Reserved Groupings to allow new ciphersuites to be defined in a cipher type group. E.G 101 = AES-256 in CCM should it become necessary : Insecure modes : Default modes : High speed modes where necessary 802 groups (E.G. EPON) could mandate a cipher type. Linksec leaves the options open an gives informative guidance on appropriate use.

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 11 There are other ciphersuites That was the data confidentiality ciphersuite Also will need others –Port authentication ciphersuite –Key exchange ciphersuite These are the domain of another PAR

doc.: Linksec CipherSuites Submission August David Johnston, IntelSlide 12 Backup info – AES Modes Speed Fast AES block => 11 clocks per AES –For CCM mode => 2 AES per 128 bits –1Mhz => (128*(10^6))/2*11 bps => 5.8 Mbps –50MHz easy in 1.3u AES-CCM good for 250Mbps serial data OCB allows parallelization and has fewer AES invocations –1MHz => Mbps –Multi gigabit devices can be addressed –Less feed forward => Pipelining easier => 200Mhz+ straightforward

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.