Modes that Combine Encryption and Authentication I need to have a research paper

Question

Modes that Combine Encryption and Authentication

I need to have a research paper about one of AES, OCB, CCM or GCM block cipher modes which are some of operation designed to achieve both message privacy and authentication, by merging the features of a MAC directly into the mode.

Structure and Content: The paper should include the following components, organized in a logical flow and written as cohesive paragraphs:

1. Find one mode of operation that is designed to achieve both message privacy and authentication. Give an overview of the mode with details including its authors, date of publication, and what problems it was designed to solve. Also, try to find and cite one or more application protocols or cryptographic libraries in which the chosen mode has been implemented.

2. Describe in detail how the mode works. Do not just paste formulas in your paper; rather, give a high-level, readable English description of the operations of the mode. One good approach here is to use our hypothetical communicators, Alice and Bob, going through the procedures of message construction, transmission, decryption, and validation for one complete authenticated message. Supplement the description with your own intuitions and analysis of how these operations work to ensure different aspects of secure communication. You don’t need to use a lot of math in this portion; rather, strive to present as clearly as possible an intuitive understanding of the protocol.

3. Compare and contrast the security and efficiency of your chosen mode with ECB for combining encryption and authentication, and with other modes. You can mention any known weaknesses of the scheme you find in the literature, with proper citations. Citations. All facts and claims presented should be backed up by citations to appropriate references. Wikipedia articles, news articles on technology websites, and blog postings are not appropriate sources to cite for this paper. You are welcome to use Wikipedia to find pointers to the original sources and to aid your own understanding; however, your paper must be based on the original published research. The paper should be formatted in either IEEE or APA reference styles.

Encyption and Authintication (computer science)

Explanation / Answer

The need for AE emerged from the observation that securely combining a confidentiality mode with an authentication mode could be error prone and difficult.[1][2] This was confirmed by a number of practical attacks introduced into production protocols and applications by incorrect implementation, or lack, of authentication (including SSL/TLS).[3]
Around the year 2000, a number of efforts evolved around the notion. In particular, strong interest in these modes was sparked by the publication of Charanjit Jutla's IACBC and IAPM modes[4] in 2000. Six different authenticated encryption modes (namely OCB 2.0, Key Wrap, CCM, EAX, Encrypt-then-MAC (EtM), and GCM) have been standardized in ISO/IEC 19772:2009.[5] More were developed in response to NIST solicitation.[6] Sponge functions can be used in duplex mode to provide authenticated encryption.[7]
A typical programming interface for AE mode implementation would provide the following functions:
Encryption
Input: plaintext, key, and optionally a header in plaintext that will not be encrypted, but will be covered by authenticity protection.
Output: ciphertext and authentication tag (Message Authentication Code).
Decryption
Input: ciphertext, key, authentication tag, and optionally a header.
Output: plaintext, or an error if the authentication tag does not match the supplied ciphertext or header.
The header part is intended to provide authenticity and integrity protection for networking or storage metadata for which confidentiality is unnecessary, but authenticity is desired.
In addition to protecting message integrity and confidentiality, authenticated encryption can provide plaintext awareness and security against chosen ciphertext attack. In these attacks, an adversary attempts to gain an advantage against a cryptosystem (e.g., information about the secret decryption key) by submitting carefully chosen ciphertexts to some "decryption oracle" and analyzing the decrypted results. Authenticated encryption schemes can recognize improperly-constructed ciphertexts and refuse to decrypt them. This in turn prevents the attacker from requesting the decryption of any ciphertext unless he generated it correctly using the encryption algorithm, which would imply that he already knows the plaintext. Implemented correctly, this removes the usefulness of the decryption oracle, by preventing an attacker from gaining useful information that he does not already possess.
Many specialized authenticated encryption modes have been developed for use with symmetric block ciphers. However, authenticated encryption can be generically constructed by combining an encryption scheme and a message authentication code (MAC), provided that:
The encryption scheme is semantically secure under a chosen plaintext attack.
The MAC function is unforgeable under a chosen message attack.
Bellare and Namprempre (2000) analyzed three compositions of these primitives, and demonstrated that encrypting a message and subsequently applying a MAC to the ciphertext implies security against an adaptive chosen ciphertext attack, provided that both functions meet the required properties. Katz and Yung investigated the notion under the name `unforgeable encryption' and proved it implies security against chosen ciphertext attacks.

Related Questions

Navigate

• Browse (All)
• Browse M
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.