Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 1 LinkSec CipherSuites? David Johnston

Published byAmberly McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 1 LinkSec CipherSuites? David Johnston"— Presentation transcript:

1 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 1 LinkSec CipherSuites? David Johnston david.johnston@ieee.org dj.johnston@intel.com

2 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 2 Cryptographic Suites The need to choose a set of cryptographic methods in LinkSec has been discussed Privacy, data origin integrity and replay detection are suitable things to address –Are there other things? Ciphersuite will be subject to negotiation What ciphersuites should be specified?

3 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 3 Basic Primitives Null, RC4, DES, 3DES, AES, HMAC-SHA1 etc Impacts: –HW Implementations –Crypto strength –Exportability –Interoperability AES is crypto du jour NULL is probably necessary RC4-40 has been used for exportability before but is not a good choice for engineering reasons –it has a heavily serial algorithm

4 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 4 Privacy FIPS standards specifies crypto modes using DES, 3DES and AES-128 –Not a bad place to take guidance –Simpler FIPS related approvability for devices –DES deprecated for new equipment –Unencumbered, parallelizable modes available (E.G. CTR) Good for speed

5 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 5 Integrity Auth mode based on block crypto function is a nice approach for implementers. FIPS is less useful here –Authentication modes still a matter of debate in NIST –OMAC is looking like the most likely candidate for FIPS approval Not parallelizable Other parallelizable options are encumbered –E.G. PMAC Could use an auth specific algorithm –HMAC-SHA1 Works Requires independent hardware

6 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 6 Combo Modes? There are combined confidentiality modes that use a single block cipher –CCM Not parallelizable Non encumbered Used in 802.11i –OCB Parallelizable –Addresses the needs of really high speed equipment Encumbered –Must be optional if it is specified at all Bigger –Needs AES decrypt => more gates These are the engineers choices –One cipher block implementation –AES a known quantity

7 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 7 Frame Format Requirements Crypto has an impact on the frame format –Insertion of IVs –Appending MACs What should this stuff be bound to? –It seems a ciphersuite would be appropriate Might some of this be parametizable? –IV length? Key Length? MIC length? –This would then inform a frame formatter how to behave, redefine MTU etc. Alternative is to only permit defined ciphersuites –My preferred option, parameters sound like too much complexity

8 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 8 The need for ciphersuites Privacy and Integrity methods interact Different mixes impact the frame format differently A Ciphersuites list gives a list of permitted combinations or instances of combo modes –Frame format effects tied to the ciphersuite entry –Easier to negotiate cipher suites than combinations of privacy and integrity algorithms

9 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 9 E.G. Null Auth only – HMAC-SHA256 –I don’t like this Non secure (40 bit) mode –Why bother? NULL is insecure, an illusion of security is worse than none at all. AES-128 in CCM mode –Keylength = 128 bit –Frame expansion = ?? –Great for wireless devices AES-128 in OCB mode –Keylength = 128 –Frame expansion = ?? –Great for very high speed devices –But is encumbered – Pay your $$

10 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 10 A Suggested Ciphersuite Ciphersuite IDTypeM/ODefined in 0NULLMandatoryx.y.z 100AES-128 in CCM Mode Optionalx.y.z 101-199Reserved 200AES-128 in OCB Mode Optionalx.y.z 201-65535Reserved Groupings to allow new ciphersuites to be defined in a cipher type group. E.G 101 = AES-256 in CCM should it become necessary 0-100 : Insecure modes 100-199 : Default modes 200-299 : High speed modes where necessary 802 groups (E.G. EPON) could mandate a cipher type. Linksec leaves the options open an gives informative guidance on appropriate use.

11 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 11 There are other ciphersuites That was the data confidentiality ciphersuite Also will need others –Port authentication ciphersuite –Key exchange ciphersuite These are the domain of another PAR

12 doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 12 Backup info – AES Modes Speed Fast AES block => 11 clocks per AES –For CCM mode => 2 AES per 128 bits –1Mhz => (128*(10^6))/2*11 bps => 5.8 Mbps –50MHz easy in 1.3u AES-CCM good for 250Mbps serial data OCB allows parallelization and has fewer AES invocations –1MHz => 11.64 Mbps –Multi gigabit devices can be addressed –Less feed forward => Pipelining easier => 200Mhz+ straightforward

Download ppt "Doc.: Linksec CipherSuites Submission August. 2003 David Johnston, IntelSlide 1 LinkSec CipherSuites? David Johnston"

Similar presentations

2 © 2004, Cisco Systems, Inc. All rights reserved. Scalable, Efficient Cryptography for Multiple Security Services David A. McGrew Cisco Systems, Inc.

2 © 2004, Cisco Systems, Inc. All rights reserved. Scalable, Efficient Cryptography for Multiple Security Services David A. McGrew Cisco Systems, Inc.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Doc.: 00-03-0022-00-0000 Handoff_WNG_Presentation r3 Submission July. 2003 David Johnston, IntelSlide 1 802 Handoff Presentation to WNG David Johnston.

Doc.: Handoff_WNG_Presentation r3 Submission July David Johnston, IntelSlide Handoff Presentation to WNG David Johnston.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Doc.: 802_Handoff_EC_Opening_Plenary_Report r2 Submission November. 2003 David Johnston, IntelSlide 1 802 Handoff ECSG EC Opening Plenary Report David.

Doc.: 802_Handoff_EC_Opening_Plenary_Report r2 Submission November David Johnston, IntelSlide Handoff ECSG EC Opening Plenary Report David.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Doc.: IEEE 802.11-09/770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: 2009-07 Authors: Russ Housley (Vigil Security), et.

Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Cryptography and Network Security

Cryptography and Network Security
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Doc.: IEEE 802.11-02/156ar0 Submission March 2002 RogawaySlide 1 Some Comments on OCB and CCM Phil Rogaway UC Davis and Chiang Mai Univ.

Doc.: IEEE /156ar0 Submission March 2002 RogawaySlide 1 Some Comments on OCB and CCM Phil Rogaway UC Davis and Chiang Mai Univ.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google