CCM mode

from Wikipedia, the free encyclopedia

The CCM mode ( Counter with CBC-MAC ) is an operating mode for block ciphers developed by Russ Housley, Doug Whiting and Niels Ferguson . CCM turns a block cipher into an Authenticated Encryption method that is supposed to guarantee both confidentiality and integrity . RFC 3610 specifies CCM only for block ciphers with a block length of 128 bits, such as AES .

With CCM, an initialization vector (IV) must not be used twice with the same key. This is because CCM is derived from Counter Mode , and the latter is a stream cipher .

Authenticated Encryption

The CCM mode combines the counter mode for encryption with the CBC-MAC mode for securing integrity. This is possible because the same key can be used for both modes as long as the initialization vector of the CBC-MAC does not collide with the counter values. There is a security proof for CCM , which is based on the assumption that the underlying block cipher is secure. The proof of security also applies to a generalization of CCM to any block lengths and pseudo-random functions instead of block ciphers (since only encryption is used by the block cipher in Counter Mode and CBC-MAC).

A variant of CCM is CCM *, which offers encryption-only and integrity-only assurance as additional options. CCM * is used in the ZigBee standard. DECT has been offering encryption based on CCM since 2013.

performance

CCM requires two block cipher operations for each block of data that is encrypted and authenticated and one block cipher operation for each block of data that is only authenticated.

Patents

The trigger for the development of CCM was the proposal to include the OCB mode in the IEEE 802.11i standard. A patent was pending for the OCB mode , which would have complicated the implementation of the standard due to licensing problems. For this reason, CCM was developed as an alternative, patent-free, authenticated encryption algorithm.

Although OCB mode is more efficient than CCM mode, due to patent problems, CCM has been made a mandatory part of the IEEE 802.11i standard. The OCB mode was initially included as an optional component and then removed entirely.

Norms and standards

  • RFC 3610 : Counter with CBC-MAC (CCM)
  • RFC 4309 : Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
  • RFC 6655 : AES-CCM Cipher Suites for Transport Layer Security (TLS)

literature

Web links

Individual evidence

  1. Russ Housley: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP). December 2005, accessed on April 13, 2014 (English): “AES CCM employs counter mode for encryption. As with any stream cipher, reuse of the same IV value with the same key is catastrophic. "
  2. ^ Jakob Jonsson: On the Security of CTR + CBC-MAC . ( nist.gov [PDF]).
  3. ETSI EN 300 175-4 : Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 4: Data Link Control (DLC) layer