1 / 12

AES-CCM ECC Cipher Suites for TLS draft-mcgrew-tls-aes-ccm-ecc-00

AES-CCM ECC Cipher Suites for TLS draft-mcgrew-tls-aes-ccm-ecc-00. mcgrew@cisco.com dbailey@rsa. com mcampagna@certicom. com rdugal@certicom. com. Goals and Approach. Use TLS with minimal additions (no changes) Low-power wireless Compact implementations Avoid TLS extensions

aphrodite-griffin
Download Presentation

AES-CCM ECC Cipher Suites for TLS draft-mcgrew-tls-aes-ccm-ecc-00

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AES-CCM ECC Cipher Suites for TLSdraft-mcgrew-tls-aes-ccm-ecc-00 mcgrew@cisco.com dbailey@rsa.com mcampagna@certicom.com rdugal@certicom.com TLS AES CCM - IETF 78

  2. Goals and Approach • Use TLS with minimal additions (no changes) • Low-power wireless • Compact implementations • Avoid TLS extensions • Crypto re-use • Low bandwidth • Short IVs, 8-octet authentication • ECDSA • Low computational cost • ECDH, ECDSA TLS AES CCM - IETF 78

  3. New CipherSuites • TLS_ECDHE_ECDSA_WITH_AES_128_CCM • TLS_ECDHE_ECDSA_WITH_AES_256_CCM • TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 • TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 TLS AES CCM - IETF 78

  4. Interoperability Goals TLS AES CCM - IETF 78

  5. Interoperability Goals TLS_ECDHE_ECDSA_WITH_AES_128_CCM TLS_RSA_WITH_AES_128_CBC_SHA TLS AES CCM - IETF 78

  6. AES-CCM • Authenticated Encryption with Associated Data (AEAD) • Used in 802.15.4 • CCM* is compatible with CCM • New AEAD algorithms (RFC 5116) • AEAD_AES_128_CCM_8, AEAD_AES_256_CCM_8 TLS AES CCM - IETF 78

  7. ECC Key Establishment • RFC 4492 Subset • MUST implement P-256, P-384, and P-521 curves • Uncompressed point format MUST be supported • MUST NOT use elliptic_curves nor ec_point_formats extensions • mcgrew-fundamental-eccMAY be used as an implementation method • Smaller implementations • IPR: https://datatracker.ietf.org/ipr/1352/ TLS AES CCM - IETF 78

  8. RSA & PSK Key Establishment • Spec’d in draft-mcgrew-tls-aes-ccm-00 • Drafts will be coordinated going forward • RSA • Less suitable for constrained environments • Less IPR considerations • PSK • Suitable for very highly constrained devices TLS AES CCM - IETF 78

  9. Certificate Size • 802.1AR Secure Device Identity RSA Certificate Cryptographic data: 270 bytes Encoding overhead: 164 bytes OIDs: 75 bytes Character strings: 297 bytes Numbers and time: 28 bytes Total length: 831 bytes TLS AES CCM - IETF 78

  10. Certificate Size • 802.1AR Secure Device Identity RSA Certificate Cryptographic data: 270 bytes Encoding overhead: 164 bytes OIDs: 75 bytes Character strings: 297 bytes Numbers and time: 28 bytes Total length: 831 bytes • draft-pritikin-comp-x509-00 • DEFLATE compression with preset dictionary Compressible TLS AES CCM - IETF 78

  11. Open Questions • Use Comp-X509? MAY? • Allow compressed point format? • GCM? • TLS Profile? • Recommend/require options and behavior • Separate into multiple drafts? • Standards Track? TLS AES CCM - IETF 78

  12. Constrained Environment Example • EM250 SOC • 12 MHz 16-bit microcontroller • 5 KB RAM • 128 KB Flash • Ember TLS-PSK-AES-CCM • Using AES-CCM in silicon: ~ 6 KB • MATRIXSSL on Jennic 5184 • Unoptimized: ~38 KB TLS AES CCM - IETF 78

More Related