Silicon Labs Silicon Labs Community
silabs.com
Language
  • 简体中文
  • 日本語
  • MCUs
    • 8-bit MCU
    • 32-bit MCU
  • Wireless
    • Bluetooth
    • Proprietary
    • Wi-Fi
    • Zigbee & Thread
    • Z-Wave
  • More Products
    • Interface
    • Isolation
    • Power
    • Sensors
    • Timing
  • Development Tools
    • Simplicity Studio
    • Third Party Tools
    • Thunderboard
  • Expert's Corner
    • Announcements
    • Blog
    • General Interest
    • Projects
  1. Community - Silicon Labs
  2. Blog

IoT Security Part 4: Authentication and Cipher Block Chaining

04/98/2016 | 08:29 PM
kberringer
Employee

Level 4


What is an Authenticated Block Cipher Mode?

An authenticated cipher block mode is defined as one that provides both data confidentiality and authentication. But there really are three concepts that are important – confidentiality, authentication, and data integrity.

 

Imagine we are building a missile control system. We want to send the target coordinates from the control trailer to the launch vehicle over a wireless link. (This is just a hypothetical scenario to demonstrate a point. Don’t try this at home.)

 

We want to encrypt the coordinates using AES so that the enemy cannot eavesdrop and know the coordinates. If we use the correct key and the encryption and decryption are both perfect, the launch vehicle will get the correct coordinates.

 

However, consider what happens if the launch vehicle has the wrong key, or something else goes wrong with the decryption. The launch vehicle will fail to decrypt the data, but launch vehicle has no indication that the decryption operation failed. The output of a failed decryption is random garbage. So the launch vehicle will take the random coordinates and fire the rocket.

 

Authentication solves this problem by appending a Message Authentication Code (MAC). Authenticated modes use the same key for encryption and authentication. If the MAC checks out, we know that the decryption was successful. 

 

Counter Mode with CBC-MAC (CCM) uses the counter mode for encryption and the Cipher Block Chaining (CBC) mode to generate the Message Authentication code. The CBC mode chains the output of the last block operation and exclusive ORs in with the plain test input.

 

CBC Mode.png

 

The CBC-MAC mode uses zero for the initial vector and only uses the final ciphertext as the message authentication code.

 

CBC MAC.png

 

The cipher block chaining mode differs from the counter mode in that the output for each encryption operation depends on all the previous data. This is just what we need to generate a Message Authentication Code. After feeding in all of the blocks, the final output from the CBC mode is the MAC.

If the authentication passes, this tells us a lot about the data. We know that it has been successful encrypted and decrypted. It ensures both parties are using the same key. It also ensures that both parties know what they are doing. Both parties agree on the IV and the nonce and all the details of the encryption process.

 

Authenticated encryption provides authentication, data integrity, and data confidentiality. Because the sender knows the correct secret key we know the message is authentic. By transmitting only the encrypted data we provide data confidentiality. A third party eavesdropping on the transmission cannot decipher the data without the secret key.

 

The MAC also provides a measure of data integrity. Because a single bit transition error will cause the authentication to fail. This indicates that the message has been has been transmitted and received perfectly without any errors.

 

Because CBC-MAC uses the 16-byte block cipher, the MAC will be 16-bytes. This is OK if the message is many blocks long. If the message is only one byte long, there will be 15-bytes of padding and a 16-byte MAC. This means we always have to transmit 32 bytes of encrypted data for 16 or fewer bytes of plaintext.

 

CBC-MAC is used for authentication for many wireless networks – ZigBee, Bluetooth Smart, Thread.

Authentication requires a shared secret key. However, sometimes we just want a unique fingerprint of the data that does not require a shared secret. The next blog will discuss the Secure Hash Algorithm, and don’t forget to check out the previous blog in this series.

 

  • Blog Posts
  • Internet of Things

Tags

  • Wireless
  • High Performance Jitter Attenuators
  • EFR32MG21 Series 2 SoCs
  • Blue Gecko Series 2
  • Zigbee SDK
  • ZigBee and Thread
  • Internet Infrastructure
  • Sensors
  • Blue Gecko Bluetooth Low Energy SoCs
  • Z-Wave
  • Micrium OS
  • Blog Posts
  • Low Jitter Clock Generators
  • Bluetooth Classic
  • Makers
  • Flex SDK
  • Tips and Tricks
  • Smart Homes
  • IoT Heroes
  • Reviews
  • RAIL
  • Simplicity Studio
  • Mighty Gecko SoCs
  • Timing
  • Blue Gecko Bluetooth Low Energy Modules
  • Clocks
  • Ultra Low Jitter Clock Generators
  • General Purpose Clock Generators
  • Industry 4.0
  • Giant Gecko
  • 32-bit MCUs
  • blue-gecko-xpress-modules
  • Bluetooth Low Energy
  • 32-bit MCU SDK
  • Gecko
  • Microcontrollers
  • News and Events
  • Industrial Automation
  • Wi-Fi
  • Bluetooth SDK
  • Community Spotlight
  • Biometric Sensors
  • General Purpose Jitter Attenuators
  • Giant Gecko S1
  • Flex Gecko
  • Internet of Things
  • 8-bit MCUs
  • Isolation
  • Powered Devices

Top Authors

  • Avatar image Mark Mulrooney
  • Avatar image Siliconlabs
  • Avatar image Nari Shin
  • Avatar image lynchtron
  • Avatar image deirdrewalsh
  • Avatar image Lance Looper
  • Avatar image lethawicker

Archives

  • 2014 December
  • 2015 January
  • 2015 February
  • 2015 March
  • 2015 April
  • 2015 May
  • 2015 June
  • 2015 July
  • 2015 August
  • 2015 September
  • 2015 October
  • 2015 November
  • 2015 December
  • 2016 January
  • 2016 February
  • 2016 March
  • 2016 April
  • 2016 May
  • 2016 June
  • 2016 July
  • 2016 August
  • 2016 September
  • 2016 October
  • 2016 November
  • 2016 December
  • 2017 January
  • 2017 February
  • 2017 March
  • 2017 April
  • 2017 May
  • 2017 June
  • 2017 July
  • 2017 August
  • 2017 September
  • 2017 October
  • 2017 November
  • 2017 December
  • 2018 January
  • 2018 February
  • 2018 March
  • 2018 April
  • 2018 May
  • 2018 June
  • 2018 July
  • 2018 August
  • 2018 September
  • 2018 October
  • 2018 November
  • 2018 December
  • 2019 January
  • 2019 February
  • 2019 March
  • 2019 April
  • 2019 May
  • 2019 June
  • 2019 July
  • 2019 August
  • 2019 September
  • 2019 October
  • 2019 November
Silicon Labs
  • About Us
  • In the News
  • Email Newsletter
  • Cookies
  • Contact Us
  • Community
  • Site Feedback
  • Investor Relations
  • Blog
  • Privacy and Terms
  • Corporate Citizenship
Copyright © Silicon Laboratories. All rights reserved.
粤ICP备15107361号-1