tls dtls aes ctr draft ietf tls ctr 00
Download
Skip this Video
Download Presentation
TLS/DTLS AES-CTR draft-ietf-tls-ctr-00

Loading in 2 Seconds...

play fullscreen
1 / 7

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00 - PowerPoint PPT Presentation


  • 117 Views
  • Uploaded on

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00. Nagendra Modadugu Eric Rescorla. AES-CTR Overview. Works like a stream cipher, e.g. RC4 XOR keystream with plain text: CT[i] := PT[i]  AES(CTR(i)) Increment Counter Counter encrypted to generate keystream

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' TLS/DTLS AES-CTR draft-ietf-tls-ctr-00' - tanisha-gilliam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
tls dtls aes ctr draft ietf tls ctr 00

TLS/DTLS AES-CTRdraft-ietf-tls-ctr-00

Nagendra Modadugu

Eric Rescorla

aes ctr overview
AES-CTR Overview
  • Works like a stream cipher, e.g. RC4
    • XOR keystream with plain text:

CT[i] := PT[i]  AES(CTR(i))

    • Increment Counter
  • Counter encrypted to generate keystream
    • Counter MUST never be re-used (with same key)
  • No harm if Counter is public
    • But MUST be initially unpredictable
motivation
Motivation
  • Low bandwidth
    • Save between 17-32 bytes compared to CBC
  • Random access (for DTLS)
  • Parallelizable/pipelining
  • Implement both block/stream ciphers with AES
counter design 1
Counter Design [1]

IV

  • IV := {client_write_IV, server_write_IV}
  • SEQ := {seq_num}(64-bits)
  • BLOCK_CTR := 1 (16-bits)

IV

SEQ

SEQ

SEQ

BLOCK_CTR

32 bits

counter design 2
Counter Design [2]
  • IV’s generated by TLS/DTLS KDF
    • Refreshed upon session re-negotiation
  • Sequence number
    • Implicit for TLS
    • For DTLS, use (epoch || seq_num)
  • Block counter
    • 16-bits plenty for TLS/DTLS records
questions received
Questions Received
  • Number of IV bits
    • 48-bits sufficient?
  • Editorial comments
  • Security considerations section
ad