Counter with CBC-MAC (CCM)

Whiting, Doug; Housley, Russell; Ferguson, Niels

doi:10.17487/rfc3610

Cited by 254 publications

(160 citation statements)

References 0 publications

Supporting

Mentioning

153

Contrasting

Unclassified

Order By: Relevance

“…Only when a validated and authenticated node association is completed will routing exchange be allowed to proceed using established session keys and an agreed encryption algorithm. The mandatory-to-implement CCM mode AES-128 method, described in [RFC3610], is believed to be secure against a brute-force attack by even the most well-equipped adversary.…”

Section: Countering Passive Wiretapping Attacksmentioning

confidence: 99%

A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)

Alexander¹,

Tsao²,

Daza³

et al. 2015

View full text Add to dashboard Cite

Section: Countering Passive Wiretapping Attacksmentioning

confidence: 99%

A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)

Alexander¹,

Tsao²,

Daza³

et al. 2015

View full text Add to dashboard Cite

“…AE schemes such as GCM [33] and CCM [47] reduce to CTR mode in the RUP setting. This is because the adversary does not need to forge a ciphertext in order to obtain information about the corresponding (unverified) plaintext.…”

Section: Security Under Release Of Unverified Plaintextmentioning

confidence: 99%

“…Online Scheme PA1 PA2 Remark random CTR, CBC [35] nonce OCB [39] GCM [33], SpongeWrap [16] CCM [47] not online [41] arbitrary COPA [3] privacy up to prefix McOE-G [23] ′′ APE [2] ′′, backwards decryption SIV [40], BTM [27], HBS [28] privacy up to repetition Encode-then-Encipher [12] ′′, VIL SPRP, padding…”

Section: Typementioning

confidence: 99%

How to Securely Release Unverified Plaintext in Authenticated Encryption

Andreeva

Bogdanov

Luykx

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable in practice, such as when devices have insufficient memory to store an entire plaintext, or when a decrypted plaintext needs early processing due to real-time requirements. We introduce the first formalization of the releasing unverified plaintext (RUP) setting. To achieve privacy, we propose using plaintext awareness (PA) along with IND-CPA. An authenticated encryption scheme is PA if it has a plaintext extractor, which tries to fool adversaries by mimicking the decryption oracle without the secret key. Releasing unverified plaintext then becomes harmless as it is infeasible to distinguish the decryption oracle from the plaintext extractor. We introduce two notions of plaintext awareness in the symmetric-key setting, PA1 and PA2, and show that they expose a new layer of security between IND-CPA and IND-CCA. To achieve integrity of ciphertexts, INT-CTXT in the RUP setting is required, which we refer to as INT-RUP. These new security notions are used to make a classification of symmetric-key schemes in the RUP setting. Furthermore, we re-analyze existing authenticated encryption schemes, and provide solutions to fix insecure schemes.

show abstract

“…The private key K priv user , corresponding to K pub user is secured using AES in counter with CBC-MAC (CCM) mode (see [16]) with a decryption key derived (see [11]) from the decryption PIN, known only to the user.…”

Section: Signature Creationmentioning

confidence: 99%

Qualified Mobile Server Signature

Orthacker

Centner

Kittl³

2010

Security and Privacy – Silver Linings in the Cloud

View full text Add to dashboard Cite

International audienceA legal basis for the use of electronic signatures exists since the introduction of qualified electronic signatures in EU Directive 1999/ 93/EC. Although considered as key enablers for e-Government and e-Commerce, qualified electronic signatures are still not widely used. Introducing amobile component addresses most of the shortcomings of existing qualified signature approaches but poses certain difficulties in the security reasoning. The proposed server based mobile signature approach authenticates the signatory over trusted channels and assists the protection of the signature-creation data with organizational measures. As with traditional qualified signature approaches, strong authentication of the signatory to the system is ensured by two factors. Knowledge of a PIN and possession of a valid subscriber identity module card is verified over two separate communication channels. The qualified mobil server signature fulfills the requirements on secure signature-creation devices defined by the EU directive and in particular its Austrian implementatio

show abstract

Counter with CBC-MAC (CCM)

Abstract: Counter with CBC-MAC (CCM) is a generic authenticated encryption block cipher mode. CCM is defined for use with 128-bit block ciphers, such as the Advanced Encryption Standard (AES).

Cited by 254 publications

References 0 publications

A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)

A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)

How to Securely Release Unverified Plaintext in Authenticated Encryption

Qualified Mobile Server Signature

Contact Info

Product

Resources

About