Presentation is loading. Please wait.

Presentation is loading. Please wait.

Counter With Cipher Block Chaining-MAC

Published byYulia Atmadja Modified over 4 years ago

Similar presentations

Presentation on theme: "Counter With Cipher Block Chaining-MAC"— Presentation transcript:

1 Counter With Cipher Block Chaining-MAC
Network Security

2 Counter With Cipher Block Chaining-MAC
Objectives of the Topic After completing this topic, a student will be able to describe working of Counter with Cipher Block Chaining-MAC.

3 Counter With Cipher Block Chaining-MAC
Figures and material in this topic have been adapted from “Network Security Essentials : Applications and Standards”, 2014, by William Stallings.

4 Counter With Cipher Block Chaining-MAC
The Counter with Cipher Block Chaining-Message Authentication Code (CCM) mode of operation, was standardized by NIST specifically to support security requirements of IEEE WiFi wireless local area networks.

5 Counter With Cipher Block Chaining-MAC
It can be used in any networking application requiring authenticated encryption. It is defined in NIST SP C.

6 Counter With Cipher Block Chaining-MAC
CCM is a variation of the encrypt-and-MAC approach to authenticated encryption. It is referred to as an authenticated encryption mode.

7 Counter With Cipher Block Chaining-MAC
“Authenticated encryption” is a term used to describe encryption systems that protect confidentiality and authenticity of communications simultaneously .

8 Counter With Cipher Block Chaining-MAC
The key algorithmic ingredients of CCM are AES encryption algorithm, the Counter mode (CTR) of operation, and the CMAC authentication algorithm. A single key K is used for both encryption and MAC algorithms.

9 Counter With Cipher Block Chaining-MAC
Key algorithmic ingredients CMAC authentication algorithm CTR mode of operation AES encryption algorithm

10 Counter With Cipher Block Chaining-MAC
The input to the CCM encryption process consists of three elements. 1. Data that will be both authenticated and encrypted. This is the plaintext message P of data block.

11 Counter With Cipher Block Chaining-MAC
2. Associated data A that will be authenticated but not encrypted. An example is a protocol header that must be transmitted in the clear for proper protocol operation but which needs to be authenticated.

12 Counter With Cipher Block Chaining-MAC
3. A nonce N that is assigned to the payload and the associated data. This is a unique value that is different for every instance during lifetime of a protocol association and is intended to prevent replay attacks.

13 Counter With Cipher Block Chaining-MAC
Authentication For authentication, the input includes the nonce, the associated data, and the plaintext. This input is formatted as a sequence of blocks B0 through Br.

14 Counter With Cipher Block Chaining-MAC
The first block contains the nonce plus some formatting bits that indicate the lengths of the N, A, and P elements. This is followed by zero or more blocks that contain A, followed by zero of more blocks that contain P.

15 Counter With Cipher Block Chaining-MAC
The resulting sequence of blocks serves as input to the CMAC algorithm, which produces a MAC value with length Tlen, which is less than or equal to the block length.

16 Counter With Cipher Block Chaining-MAC
Authentication

17 Counter With Cipher Block Chaining-MAC
Encryption For encryption, a sequence of counters is generated that must be independent of the nonce. The authentication tag is encrypted in CTR mode using the single counter Ctr0 .

18 Counter With Cipher Block Chaining-MAC
The Tlen most significant bits of the output are XORed with the tag to produce an encrypted tag. The remaining counters are used for the CTR mode encryption of the plaintext.

19 Counter With Cipher Block Chaining-MAC
The encrypted plaintext is concatenated with the encrypted tag to form the ciphertext output.

20 Counter With Cipher Block Chaining-MAC
Encryption

Download ppt "Counter With Cipher Block Chaining-MAC"

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: 2012-10-30 Authors:

Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Cryptography and Network Security

Cryptography and Network Security
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.

Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.
S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.

S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Shambhu Upadhyaya 1 802.11 Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.

Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections 3.1-3.2 first (skipping 3.2.2)

1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections first (skipping 3.2.2)
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections 3.1-3.4) You may skip proofs, but are.

1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Cryptography and Network Security

Cryptography and Network Security
@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.

@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.
Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security.

Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security.
Block Cipher Modes Last Updated: Aug 25, 2015. ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.

Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
1 /24 May 2006 - 1 Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann 12.06.2007.

1 /24 May Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann

Similar presentations

Ads by Google