The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)

Iwata, Tetsu; Poovendran, Radha; Lee, Jicheol

doi:10.17487/rfc4615

Cited by 11 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…COAP_PSK is a 16-byte length key which is computed using AES-CMAC-PRF-128 [ 77 ] as Key Derivation Function (KDF), which, in turn, uses AES-CMAC-128 [ 78 ]. Both primitives use AES-128 [ 79 ] as building block since it is widely used in constrained devices.…”

Section: The Bootstrapping Service: Coap-eapmentioning

confidence: 99%

See 1 more Smart Citation

Lightweight CoAP-Based Bootstrapping Service for the Internet of Things

García-Carrillo

Marin-Lopez

2016

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) is becoming increasingly important in several fields of industrial applications and personal applications, such as medical e-health, smart cities, etc. The research into protocols and security aspects related to this area is continuously advancing in making these networks more reliable and secure, taking into account these aspects by design. Bootstrapping is a procedure by which a user obtains key material and configuration information, among other parameters, to operate as an authenticated party in a security domain. Until now solutions have focused on re-using security protocols that were not developed for IoT constraints. For this reason, in this work we propose a design and implementation of a lightweight bootstrapping service for IoT networks that leverages one of the application protocols used in IoT : Constrained Application Protocol (CoAP). Additionally, in order to provide flexibility, scalability, support for large scale deployment, accountability and identity federation, our design uses technologies such as the Extensible Authentication Protocol (EAP) and Authentication Authorization and Accounting (AAA). We have named this service CoAP-EAP. First, we review the state of the art in the field of bootstrapping and specifically for IoT. Second, we detail the bootstrapping service: the architecture with entities and interfaces and the flow operation. Third, we obtain performance measurements of CoAP-EAP (bootstrapping time, memory footprint, message processing time, message length and energy consumption) and compare them with PANATIKI. The most significant and constrained representative of the bootstrapping solutions related with CoAP-EAP. As we will show, our solution provides significant improvements, mainly due to an important reduction of the message length.

show abstract

Section: The Bootstrapping Service: Coap-eapmentioning

confidence: 99%

“…The AES-CMAC-PRF-128 is defined in [ 77 ]. This function uses AES-CMAC-128 as a building block; The MSK is exported by the EAP method; “IETF_COAP_PSK” is the ASCII code representation of the non-NULL terminated string (excluding the double quotes around it).…”

Section: The Bootstrapping Service: Coap-eapmentioning

confidence: 99%

Lightweight CoAP-Based Bootstrapping Service for the Internet of Things

García-Carrillo

Marin-Lopez

2016

Sensors

View full text Add to dashboard Cite

show abstract

“…We implemented each DSSE scheme discussed in Section 3 in C++ using the Crypto++ [25] open source library. We used AES to generate block ciphers and constructed a pseudorandom function [26]. The hash function was implemented using HMAC SHA256 and CMAC AES128.…”

Section: Experiments and Resultsmentioning

confidence: 99%

Benchmarking Dynamic Searchable Symmetric Encryption Scheme for Cloud-Internet of Things Applications

Yu³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Recently, the rapid development of Internet of things (IoT) has resulted in the generation of a considerable amount of data, which should be stored. Therefore, it is necessary to develop methods that can easily capture, save, and modify these data. The data generated using IoT contain private information; therefore sufficient security features should be incorporated to ensure that potential attackers cannot access the data. Researchers from various fields are attempting to achieve data security. One of the major challenges is that IoT is a paradigm of how each device in the Internet infrastructure is interconnected to a globally dynamic network. When searching in dynamic cloud-stored data, sensitive data can be easily leaked. IoT data storage and retrieval from untrusted cloud servers should be secure. Searchable symmetric encryption (SSE) is a vital technology in the field of cloud storage. SSE allows users to use keywords to search for data in an untrusted cloud server but the keywords and the data content are concealed from the server. However, an SSE database is seldom used by cloud operators because the data stored on the cloud server is often modified. The server cannot update the data without decryption because the data are encrypted by the user. Therefore, dynamic SSE (DSSE) has been developed in recent years to support the aforementioned requirements. Instead of decrypting the data stored by customers, DSSE adds or deletes encrypted data on the server. A number of DSSE systems based on linked list structures or blind storage (a new primitive) have been proposed. From the perspective of functionality, extensibility, and efficiency, these DSSE systems each have their own advantages and drawbacks. The most crucial aspect of a system that is used in the cloud industry is the trade-off between performance and security. Therefore, we compared the efficiency and security of multiple DSSE systems and identified their shortcomings to develop an improved system.

show abstract

“…However, for the convenience of the administrators, a specification may not want to require the entry of a PSK be of exactly 16 bytes. Instead, a specification may call for a key prep routine that could handle a variable-length PSK, one that might be less or more than 16 bytes (see [RFC4615], Section 3, as an example). That key prep routine would derive a key of exactly the required length, thus, be suitable as a seed to the PRF.…”

Section: Use Strong Keysmentioning

confidence: 99%

Keying and Authentication for Routing Protocols (KARP) Design Guidelines

Bhatia¹,

Lebovitz²

2012

View full text Add to dashboard Cite

The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)

Cited by 11 publications

References 3 publications

Lightweight CoAP-Based Bootstrapping Service for the Internet of Things

Lightweight CoAP-Based Bootstrapping Service for the Internet of Things

Benchmarking Dynamic Searchable Symmetric Encryption Scheme for Cloud-Internet of Things Applications

Keying and Authentication for Routing Protocols (KARP) Design Guidelines

Contact Info

Product

Resources

About