1 / 7

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00. Nagendra Modadugu Eric Rescorla. AES-CTR Overview. Works like a stream cipher, e.g. RC4 XOR keystream with plain text: CT[i] := PT[i]  AES(CTR(i)) Increment Counter Counter encrypted to generate keystream

tanisha-gilliam
Télécharger la présentation

TLS/DTLS AES-CTR draft-ietf-tls-ctr-00

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TLS/DTLS AES-CTRdraft-ietf-tls-ctr-00 Nagendra Modadugu Eric Rescorla

  2. AES-CTR Overview • Works like a stream cipher, e.g. RC4 • XOR keystream with plain text: CT[i] := PT[i]  AES(CTR(i)) • Increment Counter • Counter encrypted to generate keystream • Counter MUST never be re-used (with same key) • No harm if Counter is public • But MUST be initially unpredictable

  3. Motivation • Low bandwidth • Save between 17-32 bytes compared to CBC • Random access (for DTLS) • Parallelizable/pipelining • Implement both block/stream ciphers with AES

  4. Counter Design [1] IV • IV := {client_write_IV, server_write_IV} • SEQ := {seq_num}(64-bits) • BLOCK_CTR := 1 (16-bits) IV SEQ SEQ SEQ BLOCK_CTR 32 bits

  5. Counter Design [2] • IV’s generated by TLS/DTLS KDF • Refreshed upon session re-negotiation • Sequence number • Implicit for TLS • For DTLS, use (epoch || seq_num) • Block counter • 16-bits plenty for TLS/DTLS records

  6. Questions Received • Number of IV bits • 48-bits sufficient? • Editorial comments • Security considerations section

  7. Questions?

More Related