Counter with Cipher Block Chaining Message Authentication Code (CCM)

Before Starting the main agenda of this blog lets us try to understand about Authenticated encryption.

It is a term used to describe encryption system that simultaneously holds confidentiality as well as authenticity (or integrity).

There are some  common approaches through with above criteria can be fulfilled. 

A. Hashing followed by Encryption 

B. Authentication followed by Encryption

C. Encryption  followed by Authentication 

D. Independently Encryption and Authenticate

With Proper design, any of the above criteria can provide a high level of security. 

Now move towards our main agenda of this blog i.e. CCM 😆 don't worry it's (Counter with Cipher Blog Chaining Message Authentication Code).

CCM supports the security requirements of IEEE 802.11 wi-fi wireless local area network, but it can be used in any networking application requiring authenticated encryption. 

CCM is a variation of the encrypt and MAC approach to authenticated encryption. CCM are the AES (Advance Encryption Standards) algorithm, the CTR (Counter mode) mode of operation, and CMAC authentication algorithm. The Input to the CCM encryption process consists of three elements. 

1. Data that will be both authenticated and encrypted. This is the plaintext message P of data block. 

2. Associated Data A that will be authenticated but not encrypted. An example is a protocol header that must be transmitted in the clear for proper protocol operation but which needs to be authenticated.

3. A nonce 'N' that is assigned to the payload and the associated data. This is a unique value that is different for every instance during the lifetime of a protocol association and is intended to prudent replay attacks and certain other types of attacks. 


Fig. 1: Counter With Cipher Block Chaining Message Authentication Code (CCM)

SP 800-38C defines the authentication/encryption process as follows:

1. Apply the formatting function (N, A, P) to produce the blocks B0, B1, ……, Br.

2. Set Y0 = E(K, B0)

3. For i = 1 to r, do Yi  = E(K, (Bi xor Yi-1)).

4. Set T = MSBTlen(Yr).

5. Apply the counter generation function to generate the counter blocks Ctr0, Ctr1, …, Ctrm,  where , m = ceil(Plen/128).

6. For j = 0 to m, do Sj = E(K, Ctrj).

7. Set S = S1 || S2 || ….. || Sm.

8. Return C = (P xor MSBPlen(S)) || (T xor MSBTlen(S0)).

For decryption and verification, the recipient requires following inputs : the ciphertext C, the nonce N, the associated Data A, the key K, and the initial counter Ctr0. The steps are follows:

1. If Clen <= Tlen, then return INVALID.

2. Apply the counter generation function to generate the counter blocks Ctr0, Ctr1, …, Ctrm,  where , m = ceil(Clen/128).

3. For j = 0 to m, do Sj = E(K, Ctrj).

4. Set S = S1 || S2 || ….. || Sm.

5. Set P = MSBClen-Tlen(C) xor MSBClen-Tlen(S0).

6. Set T = LSBTlen(C) xor MSBTlen(S0).

7. Apply the formatting function (N, A, P) to produce the blocks B0, B1, ……, Br.

8. Set Y0 = E(K, B0).

9. For i = 1 to r, do Yi  = E(K, (Bi xor Yi-1)).

10. If T != MSBTlen(Yr), then return INVALID, else return P.

Note 1 : CCM is relatively complex algorithm. It requires two complete passes through the plaintext, oce to generate the MAC value, and once for encryption.

Encryption Key is used twice once to generate tag and once to encrypt the plaintext plus tag.


**********************************************************************************************************************

Comments

Post a Comment

Popular posts from this blog

Homomorphic Encryption: A Basic Idea

Image
Homomorphic encryption has the same aim as other encryption-decryption mechanisms: maintaining confidentiality, security, privacy, etc.  In this blog, we will see homomorphic encryption and its type.  Homomorphic Encryption (HE):  It is an encryption that computes operations over encrypted data without decrypting it (or without the need for a secret key).  Mathematically speaking in a client-server architecture: client has message 'm' and function f. The task of client is to compute f(m). Due to computational expensiveness (maybe one of the reason) client sends encryption of message (say Enc(m)) and 'f' to the server. Server will compute function over encrypted message, that is, f(Enc(m)), and return the result to the client, that is, Enc(f(m)). Client will decrypt it Dec(Enc(f(m)), that is, f(m). Hence, client achieves f(m).  Let's understand HE with our daily life (Tea making process): Figure 1. Here m is message, Enc is encryption, f is function, and Eval in...
Read more

Fast Base Conversion and Its Application

Image
Fast Base Conversion (FBC) is a technique used to convert a number from one modulus space to another. For example, if we have 14 m o d     77 14 \mod 77  and want to convert it to x m o d     390 x \mod 390 , FBC is widely used. Mathematically, it can be represented as follows: Here, the above equation represents an integer x x  in modulus q q , and FBC converts this integer into the modulus space t t . The modulus q q  is the product of small coprime moduli (i.e., q = q 1 q 2 … q k q = q_1 q_2 \dots q_k ​ ), and x x  is an integer such that x ∈ [ 0 , q ) x \in [0, q) . We also note that q q  and t t  are coprime numbers. Here, we remark that it is not necessary for the above equation to produce the exact result for x x . Instead of x m o d     t x \mod t , it will provide x ′ m o d     t x' \mod t . Thus, the output of the above equation is as follows: FBC ( x , q , t )  =  x  +  A q  mod  t , where A ∈ [ 0 , k − 1 ] A \in [0,...
Read more

Brakerski-Fan-Vercauteren (BFV) Homomorphic Encryption

Image
Homomorphic encryption means computation over encrypted data without secret key.  How this is possible  ?? 😴 In this blog, we will explore the types of Homomorphic Encryption and demonstrate how computations can be performed on encrypted data without the secret key. In 2009, Gentry proposed Fully Homomorphic Encryption. In 2012, Brakerski proposed a leveled homomorphic encryption scheme that works over integer arithmetic, which later became known as the BFV scheme. BFV is an encryption scheme. Thus, as an encryption scheme, it is expected to be secure. To date, under certain conditions, it is assumed that the scheme is safe, and its security is based on the Learning With Errors (LWE) assumption.. Learning-with-error (LWE): Given a pair of a, b and the task is to recover secret key (s), such that b = a.s  + e  Here e is error mostly picked from gaussian distribution, and a, s are selected from Rq (known as ring module R) The above problem is HARD. The proof is not si...
Read more