iApplianceWeb.com

EE Times Network
News Flash Appliance Insights Appliance Directory Standards in IA Webcasts


 

Hifn, MacFergus, RSA Encryption Mode goes to NIST

By Bernard Cole
iApplianceWeb
(08/31/02, 02:46:30 AM EDT)

Los Gatos, Ca. - Three major players in the network security and flow classification market - Hifn Inc., MacFergus BV and RSA Security Inc. --- have together designed a new authenticated encryption mode that they have submitted to the National Institute of Standards and Technology (NIST) as a standard mode for use with the Advanced Encryption Standard (AES).

The new authenticated encryption mode is called Counter with CBC (Cipher Block Chaining) MAC (Message Authentication Code), or simply CCM. CCM provides both authentication and encryption in a single key. The use of one key should lead to smaller implementations and require less protected memory.

NIST has received a number of other submissions of authenticatedencryption modes, available on the NIST Proposed Modes web page http://csrc.nist.gov/encryption/modes/proposedmodes/ ).

A big difference between CCM and the other submissions is the patent status. CCM is intended to be unencumbered by patents, and the authors of CCM have not, and will not, apply for patents on CCM, according to the authors and their sponsoring companies.

"The use of a mode that provides authentication and encryption can greatly simplify cryptographic key management," said Russ Housley, RSA's Senior Consulting Architect. "Cryptographic key management is one of the most difficult aspects of a security solution, so any simplification is a real contribution."

CCM was designed for use with packet-oriented security protocols, with provisions to authenticate the packet header and the payload, while encrypting only the payload. However, CCM can also be used for encrypting files, messages and other data. CCM uses a single cryptographic key to provide authentication and encryption.

Traditionally, two different cryptographic algorithms are used for authentication and encryption, each requiring its own key. For example, authentication might be provided by HMAC-MD5 and encryption by Triple-DES. Since completely different mechanisms are used, there is no synergy between them. CCM, designed with AES in mind, uses a block cipher to provide both authentication and encryption.

The new mode has a number of features that make it particularly attractive in the new small footprint iappliance and connected embedded devices markets. For one thing, CCM uses only the encryption operation of the underlying block cipher -- it does not use decryption operations. As a result, CCM implementations are smaller than many alternatives.

Also, unlike many other encryption specifications are generalized algorithms that have been applied to net-centric computing and communications applications, CCM was designed specifically for the packet environment. It can authenticate an arbitrary packet header, then authenticate and encrypt the packet payload.

CCM uses a single key for all cryptographic operations. As a result, CCM is attractive in small footprint designs because in most implementations only compute one key schedule. AES-CCM is also slightly faster than the straightforward application of AES-CBC-MAC for authentication and AES-CTR for encryption since only one AES key schedule is needed.

While CCM increases the packet size by adding an initialization vector and an integrity check value, this is about the same overhead associated with other authenticated encryption modes.

"The adoption of CCM delivers definite technical benefits in the application of 128-bit block ciphers such as AES," says Doug Whiting, Ph.D., chief scientist at Hifn and co-author of the new mode with Niels Ferguson, head of MacFergus BV, and Housley. "The decision of making CCM freely available in the public domain will greatly enhance its value to the security community; if adopted by NIST it can be deployed very quickly, without the constraints of patented products."

All of the submissions are available at the NIST Proposed Modes Web page. In addition, IEEE 802 is planning to use CCM to provide authentication, integrity and confidentiality of communications on wireless local area networks and personal area networks.




Copyright © 2004 Appliance-Lab
Terms and Conditions
Privacy Statement