RSA-AES-SIV TLS Ciphersuites - PowerPoint PPT Presentation

About This Presentation
Title:

RSA-AES-SIV TLS Ciphersuites

Description:

New ciphersuites for TLS using SIV mode of authenticated encryption. ... plane) applications where a two-pass mode is not onerous and where resistance to ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 8
Provided by: ietf
Learn more at: https://www.ietf.org
Category:
Tags: aes | rsa | siv | tls | adn | ciphersuites | onerous

less

Transcript and Presenter's Notes

Title: RSA-AES-SIV TLS Ciphersuites


1
RSA-AES-SIV TLS Ciphersuites
  • Dan Harkins

2
RSA-AES-SIV Ciphersuites
  • What is being proposed?
  • New ciphersuites for TLS using SIV mode of
    authenticated encryption.
  • RSA key exchange and Diffie-Hellman key exchange
    both with RSA authentication and SIV using two
    different key sizes ? Four new ciphersuites.
  • Draft modeled closely on
    draft-ietf-tls-rsa-aes-gcm but minus some of
    the verbage on nonce management.

3
RSA-AES-SIV Ciphersuites
  • Why is it being proposed?
  • Unlike other authenticated encryption modes SIV
    is resistant to nonce misuse.
  • Uniquely suited when nonce management is outside
    the cryptographic engine e.g. when applications
    receive TLS services via an API to a library.
  • For control-plane (versus data plane)
    applications where a two-pass mode is not onerous
    and where resistance to unintentional programming
    errors, misconfiguration, and intentional misuse
    are needed, e.g. CAPWAPs control channel.

4
What is SIV?
  • An Authenticated Encryption with Associated Data
    (AEAD) cipher mode.
  • Uses AES in CTR mode and CMAC mode.
  • PRF construction takes a vector of associated
    data (plus plaintext), a component in that vector
    is the nonce.
  • If a nonce is reused authenticity is retained and
    confidentiality is affected only to the extent
    that an adversary knows the same nonce was used
    with the same plaintext and key twice.
  • Provable security!

5
SIV Encrypt SIV Decrypt


AD1
ADn
P
AD1
ADn
P
S2V-CMAC
CTR
S2V-CMAC
CTR
IV
C
IV
C
IV
!
FAIL
Associated Data
Plaintext
Ciphertext
From Deterministic Authenticated Encryption
by Phil Rogaway and Thomas Shrimpton
6
Free Code!
  • http//www.lounge.org/siv_for_openssl.tgz
  • cd openssl-x-y-z
  • tar xzvf siv_for_openssl.tgz
  • crypto/aes/Makefile
  • crypto/aes/aes_siv.c
  • crypto/aes/siv.h
  • make clean make

7
References
  • Deterministic Authenticated Encryption, A
    Provable-Security Treatment of the Key-Wrap
    Problem Phil Rogaway and Thomas Shrimpton, from
    Advances in Cryptology EUROCRYPT 06.
  • draft-harkins-tls-rsa-siv-00.txt
  • draft-dharkins-siv-aes-01.txt
  • draft-ietf-tls-rsa-aes-gcm-00.txt
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "RSA-AES-SIV TLS Ciphersuites" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!