Tls dtls aes ctr draft ietf tls ctr 00
This presentation is the property of its rightful owner.
Sponsored Links
1 / 7

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00 PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00. Nagendra Modadugu Eric Rescorla. AES-CTR Overview. Works like a stream cipher, e.g. RC4 XOR keystream with plain text: CT[i] := PT[i]  AES(CTR(i)) Increment Counter Counter encrypted to generate keystream

Download Presentation

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Tls dtls aes ctr draft ietf tls ctr 00

TLS/DTLS AES-CTRdraft-ietf-tls-ctr-00

Nagendra Modadugu

Eric Rescorla


Aes ctr overview

AES-CTR Overview

  • Works like a stream cipher, e.g. RC4

    • XOR keystream with plain text:

      CT[i] := PT[i]  AES(CTR(i))

    • Increment Counter

  • Counter encrypted to generate keystream

    • Counter MUST never be re-used (with same key)

  • No harm if Counter is public

    • But MUST be initially unpredictable


Motivation

Motivation

  • Low bandwidth

    • Save between 17-32 bytes compared to CBC

  • Random access (for DTLS)

  • Parallelizable/pipelining

  • Implement both block/stream ciphers with AES


Counter design 1

Counter Design [1]

IV

  • IV := {client_write_IV, server_write_IV}

  • SEQ := {seq_num}(64-bits)

  • BLOCK_CTR := 1 (16-bits)

IV

SEQ

SEQ

SEQ

BLOCK_CTR

32 bits


Counter design 2

Counter Design [2]

  • IV’s generated by TLS/DTLS KDF

    • Refreshed upon session re-negotiation

  • Sequence number

    • Implicit for TLS

    • For DTLS, use (epoch || seq_num)

  • Block counter

    • 16-bits plenty for TLS/DTLS records


Questions received

Questions Received

  • Number of IV bits

    • 48-bits sufficient?

  • Editorial comments

  • Security considerations section


Questions

Questions?


  • Login