Counter Mode Security: Analysis and Recommendations
نویسنده
چکیده
In this document we describe Counter Mode (CM) and its security properties, reviewing relevant cryptographic attacks and system security aspects. This mode is well understood and can be implemented securely. However, we show that attacks using precomputation can be used to lower the security level of AES-128 CM below the recommended strength for ciphers if the initial counter value is predictable. For this reason, AES-128 CM counter values should contain a 64-bit unpredictable field. We describe how this can be easily done, and make other implementation recommendations.
منابع مشابه
Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security
We present a new encryption mode for block ciphers. The mode is efficient and is secure against chosen-plaintext attack (CPA) already if the underlying symmetric cipher is secure against known-plaintext attack (KPA). We prove that known (and widely used) encryption modes as CBC mode and counter mode do not have this property. In particular, we prove that CBC mode using a KPA secure cipher is KP...
متن کاملCritical analysis of counter mode with cipher block chain message authentication mode protocol - CCMP
CCM/CCMP is a two-cycle authenticate and encrypt (AE) mode. One cycle is used to perform confidentiality computations, and the second cycle is used to compute authenticity and integrity. CCM/CCMP is also a generic composition. CCM/CCMP is actually made up of two separate modes, CBC-MAC and AES counter mode amalgamated together. Although CCM/CCMP is an AE mode, it is not an authenticated encrypt...
متن کاملEvaluating Galois Counter Mode in Link Layer Security Architecture for Wireless Sensor Networks
Due to the severe resource constraints in the Wireless Sensor Networks (WSNs), the security protocols therein, should be designed to optimize the performance maximally. On the other hand a block cipher and the mode of operation in which it operates, play a vital role in determining the overall efficiency of a security protocol. In addition, when an application demands confidentiality and messag...
متن کاملResource Saving AES-CCMP Design with Hybrid Counter Mode Block Chaining - MAC
IEEE 802.11i security standard is emerging as an essential security requirement to support the growth of a wide range of wireless data services and applications. However, with the advent of more battery powered wireless devices, efficient and robust cryptographic designs are needed that do not impose high computational overhead and avoid mismatch with limited battery resources and low processin...
متن کاملThe Security of the Extended Codebook (XCB) Mode of Operation
The XCB mode of operation was outlined in 2004 as a contribution to the IEEE Security in Storage effort, but no security analysis was provided. In this paper, we provide a proof of security for XCB, and show that it is a secure tweakable (super) pseudorandom permutation. Our analysis makes several new contributions: it uses an algebraic property of XCB’s internal universal hash function to simp...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002