Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

On Modes of Operations of a Block Cipher for Authentication and Authenticated Encryption.

Abstract: This work deals with the various requirements of encryption and authentication in cryptographic applications. The approach is to construct suitable modes of operations of a block cipher to achieve the relevant goals. A variety of schemes suitable for specific applications are presented. While none of the schemes are built completely from scratch, there is a common unifying framework which connects them. All the schemes described have been implemented and the implementation details are publicly available. Performance figures are presented when the block cipher is the AES and the Intel AES-NI instructions are used. These figures suggest that the constructions presented here compare well with previous works such as the famous OCB mode of operation. In terms of features, the constructions provide several new offerings which are not present in earlier works. This work significantly widens the range of choices of an actual designer of cryptographic system.

Forgery and Subkey Recovery on CAESAR Candidate iFeed

Abstract: iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the nonce-reuse setting. Recently, Chakraborti et al.i¾?published forgeries on iFeed in the RUP and nonce-reuse settings. The latter attacks, however, do not invalidate the iFeed designers' security claims. In this work, we consider the security of iFeed in the nonce-respecting setting, and show that a valid forgery can be constructed after only one encryption query. Even more, the forgery leaks both subkeys $$E_K0^{128}$$EK0128 and $$E_K PMN \Vert 1$$EKPMNi¾?1, where K is the secret key and $$ PMN $$PMN the nonce used for the authenticated encryption. Furthermore, we show how at the price of just one additional forgery one can learn $$E_KP^*$$EKPi¾? for any freely chosen plaintext $$P^*$$Pi¾?. These design weaknesses allow one to decrypt earlier iFeed encryptions under the respective nonces, breaking the forward secrecy of iFeed, and leading to a total security compromise of the iFeed design.

LaaCan: A Lightweight Authentication Architecture for Vehicle Controller Area Network

Abstract: Vehicle manufacturers are installing a large number of Electronic Control Units (ECU) inside vehicles. ECUs communicate among themselves via a Controller Area Network (CAN) to ensure better user experience and safety. CAN is considered as a de facto standard for efficient communication of an embedded control system network. However, it does not have sufficient built-in security features. The major challenges of securing CAN are that the hardware of the ECUs have limited computational power and the size of a CAN message is small. In this paper, a lightweight security solution, LaaCan is designed to secure CAN communication by adopting the Authenticated Encryption with Associated Data (AEAD) approach. The architecture ensures confidentiality, integrity, and authenticity of data transmission. The experimental results show that the delay of LaaCan can be reduced depending on hardware configurations. We consider it lightweight since it adds a low overhead regardless of performing encryption and authentication. We evaluate LaaCan using four metrics: communication overhead, network traffic load, cost of deployment, and compatibility with CAN specification. The evaluation results show that the proposed architecture keeps the network traffic unchanged, has low deployment cost, and is highly compatible with the specification of the protocol.

An Ultra-Fast Authenticated Encryption Scheme with Associated Data Using AES-OTR

Abstract: Applications relying on the Ethernet IEEE 802.3ba and IEEE802.3b standards require secure data encryption and authentication at extremely high speeds (at least 100 Gbit/s). The Galois/Counter Mode (GCM) is currently considered the de facto standard for hardware high-speed authenticated encryption, although other algorithms have been proposed in the literature such as the Offset Codebook Mode (OCB). The challenge in terms of providing security for high-speed applications is to achieve implementations that explore the parallelism of these algorithms; however, this translates into area cost. In this work, we propose an alternative to GCM and OCB. We show that a combination of the Offset Two-Round authenticated-encryption scheme with the AES block cipher (known as AES-OTR) is exceptionally well suited for exploiting fine-grained parallelism, and can therefore be used to achieve ultra-high-speed data encryption rates. The experiments reported in this paper show that our pipeline-parallel implementation of AES-OTR outperforms the GCM and OCB schemes in terms of throughput per area while using almost half of the logic resources. Our implementation used a Stratix 4 FPGA device as well as several devices from the Virtex family. Implementations of AES-OTR on Stratix 4 used 11kALMs and achieved a throughput of 143.65 Gbit/s. On the Virtex Ultrascale, our design used 31,859 LUTs with a throughput of 204.92 Gbit/s.