jeudi 29 janvier 2015

Using AES in CTR for TCP/IP based network connections - need to encrypt the IVs?



For AES based encryption on TCP/IP connections, I am guessing I have to do the following:




  1. Have the 2 parties share a common key, assuming I am doing AES-128 then a sequence of 16 bytes. Ideally the bits are securely random.




  2. Since we are running AES in CTR mode and the secret key is fixed, we must choose a securely random IV for each stream instance. Since a TCP/IP connection is actually full-duplex I assume I need 2 IVs per connection, one for each direction. I also need to transmit each IV to the other end in order for the corresponding stream to be decrypted.




Edit note: the scheme described above is prone to replay attacks. Maybe a better scheme is to send the decipher IVs to the other party and force the other party to encrypt a constant, and if we can decipher to get the constant back then the other end is authenticated. Also the scheme does not provide message integrity.


My question is, for the IVs, should I be encrypting the IVs with my secret key before sending them over? I was told IVs don't have to be kept secret. Is there any security benefits if I do encrypt them before sending across?


ps. you may wonder why I am not using SSL/TLS. Our application does support SSL/TLS, but we also want to support alternate symmetric encryption mode where connection overhead can be minimized, as clients constantly disconnect and reconnect.





Aucun commentaire:

Enregistrer un commentaire