**Authenticated Encryption in Theory and in Practice.** / Degabriele, Jean.

Research output: Thesis › Doctoral Thesis

Unpublished

**Authenticated Encryption in Theory and in Practice.** / Degabriele, Jean.

Research output: Thesis › Doctoral Thesis

Degabriele, J 2014, 'Authenticated Encryption in Theory and in Practice', Ph.D., Royal Holloway, University of London.

Degabriele J. Authenticated Encryption in Theory and in Practice. 2014. 182 p.

@phdthesis{6b38351ca8d047c1a0a0bc69c189f5c3,

title = "Authenticated Encryption in Theory and in Practice",

abstract = "Authenticated encryption refers to a class of cryptographic schemes that simultaneously provide message confidentiality and message authenticity. It is an essential component of almost every cryptographic protocol that is used in practice. In this thesis we aim to narrow the gap that exists between authenticated encryption as used in practice, and authenticated encryption as studied in the framework of theoretical cryptography. We examine how certain types of attacks are not captured by the current techniques, and show how this can be remedied by expanding existing security models to capture a wider array of attacks.We begin with a case study of IPsec: a widely deployed security protocol for protecting data across the Internet and other networks. Despite its popularity, IPsec's security has not received much formal treatment. As a security protocol it offers a relatively high degree of configurability, so as to accommodate multiple usage scenarios. We here present a new set of efficient attacks that fully break the confidentiality of half of the configurations that are permitted by the IPsecstandard.Next we turn our attention to the enhancement of security models. In particular we consider attacks that exploit distinguishable decryption failures and ciphertext fragmentation. A number of recent attacks against practical cryptosystems, including our attacks on IPsec, fall in one of these twocategories. We extend the current security models to capture such attacks, and formulate new security notions to capture vulnerabilities that arise in this new setting. We then go on to explore how these notions relate to each other, and construct authenticated encryption schemes that satisfy our security notions.",

keywords = "authenticated encryption, IPsec, distinguishable decryption failures, ciphertext fragmentation, symmetric cryptography, boundary hiding, denial of service, theory and practice, provable security, InterMAC, SSH, TLS",

author = "Jean Degabriele",

year = "2014",

language = "English",

school = "Royal Holloway, University of London",

}

TY - THES

T1 - Authenticated Encryption in Theory and in Practice

AU - Degabriele, Jean

PY - 2014

Y1 - 2014

N2 - Authenticated encryption refers to a class of cryptographic schemes that simultaneously provide message confidentiality and message authenticity. It is an essential component of almost every cryptographic protocol that is used in practice. In this thesis we aim to narrow the gap that exists between authenticated encryption as used in practice, and authenticated encryption as studied in the framework of theoretical cryptography. We examine how certain types of attacks are not captured by the current techniques, and show how this can be remedied by expanding existing security models to capture a wider array of attacks.We begin with a case study of IPsec: a widely deployed security protocol for protecting data across the Internet and other networks. Despite its popularity, IPsec's security has not received much formal treatment. As a security protocol it offers a relatively high degree of configurability, so as to accommodate multiple usage scenarios. We here present a new set of efficient attacks that fully break the confidentiality of half of the configurations that are permitted by the IPsecstandard.Next we turn our attention to the enhancement of security models. In particular we consider attacks that exploit distinguishable decryption failures and ciphertext fragmentation. A number of recent attacks against practical cryptosystems, including our attacks on IPsec, fall in one of these twocategories. We extend the current security models to capture such attacks, and formulate new security notions to capture vulnerabilities that arise in this new setting. We then go on to explore how these notions relate to each other, and construct authenticated encryption schemes that satisfy our security notions.

AB - Authenticated encryption refers to a class of cryptographic schemes that simultaneously provide message confidentiality and message authenticity. It is an essential component of almost every cryptographic protocol that is used in practice. In this thesis we aim to narrow the gap that exists between authenticated encryption as used in practice, and authenticated encryption as studied in the framework of theoretical cryptography. We examine how certain types of attacks are not captured by the current techniques, and show how this can be remedied by expanding existing security models to capture a wider array of attacks.We begin with a case study of IPsec: a widely deployed security protocol for protecting data across the Internet and other networks. Despite its popularity, IPsec's security has not received much formal treatment. As a security protocol it offers a relatively high degree of configurability, so as to accommodate multiple usage scenarios. We here present a new set of efficient attacks that fully break the confidentiality of half of the configurations that are permitted by the IPsecstandard.Next we turn our attention to the enhancement of security models. In particular we consider attacks that exploit distinguishable decryption failures and ciphertext fragmentation. A number of recent attacks against practical cryptosystems, including our attacks on IPsec, fall in one of these twocategories. We extend the current security models to capture such attacks, and formulate new security notions to capture vulnerabilities that arise in this new setting. We then go on to explore how these notions relate to each other, and construct authenticated encryption schemes that satisfy our security notions.

KW - authenticated encryption

KW - IPsec

KW - distinguishable decryption failures

KW - ciphertext fragmentation

KW - symmetric cryptography

KW - boundary hiding

KW - denial of service

KW - theory and practice

KW - provable security

KW - InterMAC

KW - SSH

KW - TLS

M3 - Doctoral Thesis

ER -