网络及内容安全-无线局域网安全-新.ppt

CCM Mode Description (1) Given an input (N, H, M), the CCM encryption operation proceeds as follows CBC-MAC computation: Form a CBC-MAC sequence B = (B0, B1 , ... , Br ) of blocks from (N, H, M) in a prescribed manner; we assume that the nonce N is uniquely determined by the first block B0 (N, H, M) ? B is prefix-free – two different inputs cannot result in two sequences B and B’ with B a prefix of B’ Example: B0 = flags || N || |M| (|M| = length of M) B = B0 || |H| || H || [padding] || M || [padding] Compute the kt-bit CBC-MAC tag T of B with IV 0: Y0 = EK (B0); Yi = EK (Yi–1 ? Bi); T = first kt bits in Yr CCM Description (2) CTR encryption Form CTR blocks Ai including A and i; i 3 0 Encrypt T with (the first kt bits of) S0 = EK (A0): D = T ? S0 Encrypt M in CTR mode with (the first |M| bits of) S1 = EK (A1), S2 = EK (A2), ...: C = M ? [S1 || S2 || S3 || ... ] Output the resulting ciphertext (C, D) CCM Properties CTR + CBC-MAC (CCM) is based on a block cipher such as the AES CCM provides authenticity and privacy A CBC-MAC of the plaintext is appended to the plaintext to form an encoded plaintext The encoded plaintext is encrypted in CTR mode If desired, CCM can leave any number of initial blocks of the plaintext unencrypted CCM has a security level as good as any of the NIST proposals, including OCB In particular, CCM is provably secure NIST 美国国家标准与技术研究院（National Institute of Standards and Technology，NIST）直属美国商务部，从事物理、生物和工程方面的基础和应用研究，以及测量技术和测试方法方面的研究，提供标准、标准参考数 据及有关服务，在国际上享有很高的声誉。 NIST有四位研究者因其物理学上的成就获得了诺贝尔奖：威廉·丹尼尔·菲利普斯（1997年），埃里克·康奈尔（2001年），约翰·霍尔（2005年）和大卫·维因兰德(2012年)，是美国政府实验室里获奖者最多的。 CCMP加密/解密 Other 802.11i Features Pre-authentication and roaming PEAP and legacy authentication support Pre-shared key without authentication Ad hoc networks Password-to-Key mapping Random number generation Ad hoc network 临时网络是一个没有有线基础设施或中央控制器支持的移动网络。在临时网络中，所有的节点都是由移动主机构成的。该类型的网络最初是应用于军事领域，为了在战场环境下分组无线网络数据的通信。 网络拓扑结构的动态性是临时网络的重要特点。临时网络通信的核心问题在网络通信效率和节点能量消耗之间的合理平衡。 由于