Authenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. These attributes are provided under a single, easy to use programming interface.
The need for AE emerged from the observation that securely combining separate confidentiality and authentication block cipher operation modes could be error prone and difficult. This was confirmed by a number of practical attacks introduced into production protocols and applications by incorrect implementation, or lack of authentication (including SSL/TLS).
Around the year 2000, a number of efforts evolved around the notion. In particular, strong interest in these modes was sparked by the publication of Charanjit Jutla's IACBC and IAPM modes in 2000. Six different authenticated encryption modes (namely OCB2.0, Key Wrap, CCM, EAX, Encrypt-then-MAC (EtM), and GCM) have been standardized in ISO/IEC 19772:2009. More were developed in response to NIST solicitation. Sponge functions can be used in duplex mode to provide authenticated encryption.
A typical programming interface for AEmode implementation would provide the following functions:
The header part is intended to provide authenticity and integrity protection for networking or storage metadata for which confidentiality is unnecessary, but authenticity is desired.
In addition to protecting message integrity and confidentiality, authenticated encryption can provide security against chosen ciphertext attack. In these attacks, an adversary attempts to gain an advantage against a cryptosystem (e.g., information about the secret decryption key) by submitting carefully chosen ciphertexts to some "decryption oracle" and analyzing the decrypted results. Authenticated encryption schemes can recognize improperly-constructed ciphertexts and refuse to decrypt them. This in turn prevents the attacker from requesting the decryption of any ciphertext unless he generated it correctly using the encryption algorithm, which would imply that he already knows the plaintext. Implemented correctly, this removes the usefulness of the decryption oracle, by preventing an attacker from gaining useful information that he does not already possess.
Many specialized authenticated encryption modes have been developed for use with symmetric block ciphers. However, authenticated encryption can be generically constructed by combining an encryption scheme and a message authentication code (MAC), provided that:
Bellare and Namprempre (2000) analyzed three compositions of these primitives, and demonstrated that encrypting a message and subsequently applying a MAC to the ciphertext (the Encrypt-then-MAC approach) implies security against an adaptive chosen ciphertext attack, provided that both functions meet the required properties. Katz and Yung investigated the notion under the name "unforgeable encryption" and proved it implies security against chosen ciphertext attacks.
In 2013, a competition was announced to encourage design of authenticated encryption modes.
AEAD is a variant of AE where the data to be encrypted needs both authentication and integrity as opposed to just integrity. AEAD binds associated data (AD) to the ciphertext and to the context where it's supposed to appear, so that attempts to "cut-and-paste" a valid ciphertext into a different context are detected and rejected.
It is required, for example, by network packets. The header needs integrity, but must be visible; payload, instead, needs integrity and also confidentiality. Both need authenticity.
The plaintext is first encrypted, then a MAC is produced based on the resulting ciphertext. The ciphertext and its MAC are sent together. Used in, e.g., IPsec. The standard method according to ISO/IEC 19772:2009. This is the only method which can reach the highest definition of security in AE, but this can only be achieved when the MAC used is "strongly unforgeable". In November 2014, TLS and DTLS extension for EtM has been published as RFC 7366. Various EtM ciphersuites exist for SSHv2 as well (e.g. firstname.lastname@example.org).
A MAC is produced based on the plaintext, and the plaintext is encrypted without the MAC. The plaintext's MAC and the ciphertext are sent together. Used in, e.g., SSH. Even though the E&M approach has not been proved to be strongly unforgeable in itself, it is possible to apply some minor modifications to SSH to make it strongly unforgeable despite the approach.
A MAC is produced based on the plaintext, then the plaintext and MAC are together encrypted to produce a ciphertext based on both. The ciphertext (containing an encrypted MAC) is sent. Used in, e.g., SSL/TLS. Even though the MtE approach has not been proven to be strongly unforgeable in itself, the SSL/TLS implementation has been proven to be strongly unforgeable by Krawczyk who showed that SSL/TLS was in fact secure because of the encoding used alongside the MtE mechanism.[dubious discuss] Despite the theoretical security, deeper analysis of SSL/TLS modeled the protection as MAC-then-pad-then-encrypt, i.e. the plaintext is first padded to the block size of the encryption function. Padding errors often result in the detectable errors on the recipient's side, which in turn lead to padding oracle attacks, such as Lucky Thirteen.
Continue reading here:
Authenticated encryption - Wikipedia
- Encryption back on the congressional agenda - Politico - December 9th, 2019
- Police radios blocked from the public in southeast Denver metro area - The Denver Post - December 9th, 2019
- Encryption Software Market Innovations, And Top Companies - Forecast To 2029| Microsoft, Sophos Ltd., Check Point Software Technologies Ltd. -... - December 9th, 2019
- Did You Hear That? Securing Communications in 2019 | Insight for the Connected Enterprise - No Jitter - December 9th, 2019
- 'Government broke their promise': Labor seeks to amend encryption legislation - Sydney Morning Herald - December 9th, 2019
- Global Hardware-based Full Disk Encryption Market 2019 Innovation and Technological Developments, Industry Analysis & Outlook 2023 - Weekly News... - December 9th, 2019
- Privacy vs public safety - the pros and cons of encryption - World Economic Forum - December 8th, 2019
- 80% of all Android apps encrypt traffic by default - We Live Security - December 8th, 2019
- Keybase moves to stop onslaught of spammers on encrypted message platform - Ars Technica - December 8th, 2019
- Labor says it will fix encryption laws it voted for last year - ZDNet - December 8th, 2019
- Nick Clegg to be summoned to Parliament to give evidence on Facebook encryption - Sunriseread - December 8th, 2019
- This startup just solves the data privacy problem by making it possible to search encrypted data in the cloud - TechStartups.com - December 8th, 2019
- Encryption Software Market to Discern Magnified Growth During 2017-2027 - Weekly Spy - December 8th, 2019
- Millions of Private Text Messages Have Been Exposed: Here's How to Encrypt Messages on iPhone and Android - Tech Times - December 8th, 2019
- Biometric Data Encryption Device Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2018 to 2028 -... - December 8th, 2019
- Certbot Leaves Beta with the Release of 1.0 - EFF - December 8th, 2019
- Terrific News for Android OS Users 80% Android apps encrypting traffic by default - Digital Information World - December 8th, 2019
- Hawk Security Limited Began Selling a Hardware-Protected External SSD Drive with Aes 256 XTS Military Grade Encryption - AiThority - December 8th, 2019
- Data security is falling behind as over half of FIs experience data breaches - IBS Intelligence - December 8th, 2019
- Email Encryption Market 2019, Trend, CAGR Status, Growth, Analysis and Forecast to 2025 - VaporBlash - December 8th, 2019
- Encryption Software Market 2019 Size, CAGR Status, Key Players, Growth Analysis and Forecast to 2026 - The Market Publicist - December 2nd, 2019
- Global Encryption Software Market Industry Analysis and Forecast (2018-2026) - Daily Research Stack - December 2nd, 2019
- Fortinet took 18 months to strip software of flawed crypto cipher and keys - The Daily Swig - December 1st, 2019
- Mobile Encryption Market Competitive Research And Precise Outlook 2019 To 2025 - The Market Publicist - December 1st, 2019
- NordPass: Get rid of password stress. Forever. - EE Journal - December 1st, 2019
- Apple patents anti-snooping technology that would stop police from tracking locations and messages - Stock Daily Dish - December 1st, 2019
- Encryption Software Market Research Report by Geographical Analysis and Forecast 2017-2027 - Kentucky Reports - November 28th, 2019
- Encryption Key Management Software Market : Industry Research, Growth Trends And Opportunities For The Forecast Period 2019-2029 - News Description - November 28th, 2019
- iStorage cloudAshur is named: Security Innovation of the Year at the UK IT Industry Awards 2019 - ResponseSource - November 28th, 2019
- Database Encryption Market Analysis Report by Product Type, Industry Application and Future Technology 2025 (International Business Machines... - November 28th, 2019
- The IT Guide to Enforcing Full Disk Encryption Windows Edition - Security Boulevard - November 28th, 2019
- Why The FBI's Former Top Lawyer Now Embraces Encryption - Law360 - November 28th, 2019
- Big Boom in Cloud Encryption Market over 2019-2026 with CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation and more - Market Expert - November 28th, 2019
- Encrypted Flash Drives Market Size, Growth, Global Industry Analysis, Share, Segments and Forecast 2019-2024 - Space Market Research - November 28th, 2019
- Encryption Software Market 2019 Global Industry Status, Segment by Region, Type and Future Forecast To 2026 - Financial News - November 28th, 2019
- FBI worried about criminals having unfettered access to encryption technology - KTVI Fox 2 St. Louis - November 23rd, 2019
- What Is End-to-End Encryption? Another Bulls-Eye on Big Tech - The New York Times - November 23rd, 2019
- Think of the children: FBI sought Interpol statement against end-to-end crypto - Ars Technica - November 23rd, 2019
- Security Expert Comments On NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - ISBuzz News - November 23rd, 2019
- Global Hardware-based Full Disk Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report... - November 23rd, 2019
- Moniker makes a statement with The Encryption EP - The Untz - November 23rd, 2019
- Global Mobile Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report 2019-2024 - BeetleVersion - November 23rd, 2019
- NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - BleepingComputer - November 23rd, 2019
- Encryption Key Management Software Market Research Report: Market Analysis on the Future Growth Prospects and Market Trends Adopted by the... - November 23rd, 2019
- Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible -... - November 23rd, 2019
- Import EFS File Encryption Certificate and Key (PFX file) in Windows 10 - TWCN Tech News - November 23rd, 2019
- What Is Homomorphic Encryption? And Why Is It So Transformative? - Forbes - November 19th, 2019
- FBI Recruits Interpol to Condemn End-to-End Encryption - WebProNews - November 19th, 2019
- Is encryption to blame for WhatsApp snooping? - Livemint - November 19th, 2019
- BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field - Security Boulevard - November 19th, 2019
- Astonishing Growth in Global encryption software market size was valued at USD 2.98 billion in 2018. It is projected to post a CAGR of 16.8% from 2019... - November 19th, 2019
- Encryption Software Market Overview, Latest Analysis and Future Forecast 2019 2025 - Markets Gazette 24 - November 19th, 2019
- With end-to-end encryption, we wouldn't be able to listen in even if we wanted to, says Facebook's Stan Chudnovsky - Mumbrella Asia - November 19th, 2019
- Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review - November 19th, 2019
- Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 - Galus Australis - November 19th, 2019
- Hardware Encryption Market Growth Forecast Analysis by Top Manufacturers, Regions, Product Types and Application (2019 - 2026) - News Obtain - November 19th, 2019
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- How to Set Up BitLocker Encryption on Windows - October 2nd, 2019
- Encryption: What It Is, and How It Works for You | Tom's Guide - October 2nd, 2019
- Security Encryption Systems | HowStuffWorks - October 2nd, 2019
- What is The Difference Between Hashing and Encrypting - October 2nd, 2019
- How Encryption Works | HowStuffWorks - September 5th, 2019
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019