1 / 5

Encrypted Authentication ISO/IEC 19972

Encrypted Authentication ISO/IEC 19972. I. Aguilar – ESA/ESTEC. Summary. The ISO 19972 specifies six methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives:

upton-skinner
Download Presentation

Encrypted Authentication ISO/IEC 19972

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encrypted AuthenticationISO/IEC 19972 I. Aguilar – ESA/ESTEC 2010 CCSDS Spring Meeting, 5 May 2010 Portsmouth, VA, USA

  2. Summary • The ISO 19972 specifies six methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives: • data confidentiality, i.e., protection against unauthorized disclosure of data, • data integrity, i.e., protection that enables the recipient of data to verify that it has not been modified, • data origin authentication, i.e., protection that enables the recipient of data to verify the identity of the data originator. • All six methods specified are based on a block cipher algorithm, and require the originator and the recipient of the protected data to share a secret key for this block cipher. • Key management is outside the scope; key management techniques are defined in ISO/IEC 11770. • Four of the mechanisms, namely mechanisms 1, 3, 4 and 6, allow data to be authenticated which is not encrypted. • That is, these mechanisms allow a data string that is to be protected to be divided into two parts, D, the data string that is to be encrypted and integrity-protected, and A (the additional authenticated data) that is integrity-protected but not encrypted. In all cases, the string A may be empty. 2010 CCSDS Spring Meeting, 5 May 2010 Portsmouth, VA, USA

  3. Encrypted Authentication Mechanisms • Mechanism 1: OCB 2.0 • Submitted by T. Krovetz and P. Rogaway and subject to license. • Mechanism 2: Key Wrap • AES Key Wrap Specification NIST, November 2001; specific for key management application. • Mechanism 3: CCM • NIST SP800-38C • Mechanism 4: EAX • An improvement of Mechanism 3 by M. Bellare, P. Rogaway and D. Wagner. • Mechanism 5: Encrypt-then-MAC • Generic combination of encryption and authentication. • Mechanism 6: GCM • NIST SP800-38D (Galois Counter Mode) 2010 CCSDS Spring Meeting, 5 May 2010 Portsmouth, VA, USA

  4. Properties 2010 CCSDS Spring Meeting, 5 May 2010 Portsmouth, VA, USA

  5. Follow-on Recommendations: • Incorporate modes 4, 5 and 6. Rationale: • Mode 6 is already recommended as AES GCM. • Mode 5 provides the flexibility to combine two independent algorithms. • Mode 4 is an alternative algorithm that solves some problems found with mode 3 (CCM). • Study further mode 2 in order to consider whether it can be recommended for Key Management application. • Mode 1 requires license. 2010 CCSDS Spring Meeting, 5 May 2010 Portsmouth, VA, USA

More Related