What is an Authenticated Block Cipher Mode?

An authenticated cipher block mode is defined as one that provides both data confidentiality and authentication. But there really are three concepts that are important – confidentiality, authentication, and data integrity.

Imagine we are building a missile control system. We want to send the target coordinates from the control trailer to the launch vehicle over a wireless link. (This is just a hypothetical scenario to demonstrate a point. Don’t try this at home.)

We want to encrypt the coordinates using AES so that the enemy cannot eavesdrop and know the coordinates. If we use the correct key and the encryption and decryption are both perfect, the launch vehicle will get the correct coordinates.

However, consider what happens if the launch vehicle has the wrong key, or something else goes wrong with the decryption. The launch vehicle will fail to decrypt the data, but launch vehicle has no indication that the decryption operation failed. The output of a failed decryption is random garbage. So the launch vehicle will take the random coordinates and fire the rocket.

Authentication solves this problem by appending a Message Authentication Code (MAC). Authenticated modes use the same key for encryption and authentication. If the MAC checks out, we know that the decryption was successful. 

Counter Mode with CBC-MAC (CCM) uses the counter mode for encryption and the Cipher Block Chaining (CBC) mode to generate the Message Authentication code. The CBC mode chains the output of the last block operation and exclusive ORs in with the plain test input.

The CBC-MAC mode uses zero for the initial vector and only uses the final ciphertext as the message authentication code.

The cipher block chaining mode differs from the counter mode in that the output for each encryption operation depends on all the previous data. This is just what we need to generate a Message Authentication Code. After feeding in all of the blocks, the final output from the CBC mode is the MAC.

If the authentication passes, this tells us a lot about the data. We know that it has been successful encrypted and decrypted. It ensures both parties are using the same key. It also ensures that both parties know what they are doing. Both parties agree on the IV and the nonce and all the details of the encryption process.

Authenticated encryption provides authentication, data integrity, and data confidentiality. Because the sender knows the correct secret key we know the message is authentic. By transmitting only the encrypted data we provide data confidentiality. A third party eavesdropping on the transmission cannot decipher the data without the secret key.

The MAC also provides a measure of data integrity. Because a single bit transition error will cause the authentication to fail. This indicates that the message has been has been transmitted and received perfectly without any errors.

Because CBC-MAC uses the 16-byte block cipher, the MAC will be 16-bytes. This is OK if the message is many blocks long. If the message is only one byte long, there will be 15-bytes of padding and a 16-byte MAC. This means we always have to transmit 32 bytes of encrypted data for 16 or fewer bytes of plaintext.

CBC-MAC is used for authentication for many wireless networks – ZigBee, Bluetooth Smart, Thread.

Authentication requires a shared secret key. However, sometimes we just want a unique fingerprint of the data that does not require a shared secret. The next blog will discuss the Secure Hash Algorithm, and don’t forget to check out the previous blog in this series.