On the Security of the CCM Encryption Mode and of a Slight Variant

Abstract : In this paper, we present an analysis of the CCM mode of operations and of a slight variant. CCM is a simple and efficient encryption scheme which combines a CBC-MAC authentication scheme with the counter mode of encryption. It is used in several standards. Despite some criticisms (mainly this mode is not online, and requires non-repeating nonces), it has nice features that make it worth to study. One important fact is that, while the privacy of CCM is provably garanteed up to the birthday paradox, the authenticity of CCM seems to be garanteed beyond that. There is a proof by Jonsson up to the birthday paradox bound, but going beyond it seems to be out of reach with current techniques. Nevertheless, by using pseudo-random functions and not permutations in the counter mode and an authentication key different from the privacy key, we prove security beyond the birthday paradox. We also wonder if the main criticisms against CCM can be avoided: what is the security of the CCM mode when the nonces can be repeated, (and) when the length of the associated data or message length is missing to make CCM on-line. We show generic attacks against authenticity in these cases. The complexity of these attacks is under the birthday paradox bound. It shows that the lengths of the associated data and the message, as well as the nonces that do not repeat are important elements of the security of CCM and cannot be avoided without significantly decreasing the security.
Type de document :
Communication dans un congrès
Steven M. Bellovin and Rosario Gennaro and Angelos D. Keromytis and Moti Yung. Applied Cryptography and Network Security : 6th International Conference, ACNS 2008, 2008, New York, United States. 5037, pp.411-428, 2008, Lecture Notes in Computer Science. 〈10.1007/978-3-540-68914-0_25〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00556684
Contributeur : Pierre-Alain Fouque <>
Soumis le : lundi 17 janvier 2011 - 15:37:33
Dernière modification le : mardi 3 juillet 2018 - 13:10:02
Document(s) archivé(s) le : lundi 18 avril 2011 - 03:01:09

Fichier

acns08.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Pierre-Alain Fouque, Gwenaëlle Martinet, Frédéric Valette, Sebastien Zimmer. On the Security of the CCM Encryption Mode and of a Slight Variant. Steven M. Bellovin and Rosario Gennaro and Angelos D. Keromytis and Moti Yung. Applied Cryptography and Network Security : 6th International Conference, ACNS 2008, 2008, New York, United States. 5037, pp.411-428, 2008, Lecture Notes in Computer Science. 〈10.1007/978-3-540-68914-0_25〉. 〈inria-00556684〉

Partager

Métriques

Consultations de la notice

257

Téléchargements de fichiers

210