Skip to main content
SpringerLink
Log in

Analysis of AES-GCM Cipher Suites in TLS

  • Conference paper
  • First Online:
Intelligent Systems Technologies and Applications (ISTA 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 683))

Abstract

Encryption and decryption are the two most important complex methods for achieving security in any type of smart devices and systems/machines through transport layer security protocol (TLS). The symmetric key algorithms are the significant method for encrypting and decrypting the data/information using block cipher or stream cipher which is used for TLS protocol. The primary symmetric key block cipher algorithm used in TLS is Advanced Encryption standard (AES) and it provides security based on the key bits used in AES operation. The TLS protocol provides confidentiality(C), integrity (I) and Authenticity (A) in a single pass communication that is Authentication Encryption and Authentication Data (AEAD) between web browser and web server. It uses well known TLS cipher suite AES-GCM (Galois Counter mode) which is commonly used in TLS1.2. Suppose AES-NI hardware acceleration is not available in smart devices like tablets it causes performance issues in smart devices using TLS 1.2 protocol. If the smart device does not possess AES-NI, it can use software for running AES-GCM but it takes a lot of time for encryption/decryption of information, ergo causing the battery performance in smart devices. The newer symmetric Stream cipher CHACHA20-POLY1305 provides AEAD for securing the communication in smart devices thus reducing the battery cycles which is used for TLS 1.3. The paper discusses the pros and cons of AES-GCM authentication encryption used in TLS 1.2.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS1.3. In: Advances in Cryptology—CRYPTO 2016, pp. 247–276 (2016)

    Google Scholar 

  2. Meyer, C., Somorovsky, J., Weiss, E., Schwenk, J., Schinzel, S., Tews, E.: Revisiting SSL/TLS implementations: new bleichenbacher side channels and attacks. In: 23rd USENIX Security Symposium (USENIX 2014), pp. 733–748 (2014)

    Google Scholar 

  3. Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Advances in Cryptology—CRYPTO 2013, pp. 429–448 (2013)

    Google Scholar 

  4. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005). doi:10.1007/11426639_2

    Chapter  Google Scholar 

  5. Federal Information Processing Standards Publication 180-2. http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf

  6. Rogaway, P., Atluri, V.: Authenticated-encryption with associated-data. In: ACM Conference on Computer and Communications Security, pp. 98–107 (2002)

    Google Scholar 

  7. McGrew, D.A., Viega, J.: The Galois/counter mode of operation (GCM). Submission to NIST modes of operation process. http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes (2004)

  8. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. National Institute of Standards and Technology, NIST Special Publication 800-38C (2004)

    Google Scholar 

  9. Kohno, T., Viega, J., Whiting, D.: CWC: a high-performance conventional authenticated encryption mode. http://eprint.iacr.org/2003/106/

  10. FIPS Pub. 197. Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology, Federal Information Processing Standards (2001)

    Google Scholar 

  11. Bernstein, Daniel J.: Stronger Security Bounds for Wegman-Carter-Shoup Authenticators. In: Cramer, Ronald (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 164–180. Springer, Heidelberg (2005). doi:10.1007/11426639_10

    Chapter  Google Scholar 

  12. Saarinen, M.O.: Cycling attacks on GCM, GHASH and other polynomial MACs and hashes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 216–225. Springer, Berlin (2012)

    Google Scholar 

  13. McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode of operation (full version). Cryptology ePrint Archive, Report 2004/193 (2004). http://eprint.iacr.org/

  14. Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. Cryptology ePrint Archive, Report 2012/438 (2012). http://eprint.iacr.org/

  15. Saarinen, M.O.: SGCM: the Sophie Germain counter mode. Cryptology ePrint Archive, Report 2011/326 (2011). http://eprint.iacr.org/

  16. Gueron, S., Kounavis, M.E.: Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode (Rev. 2). Intel Software Network (2010). http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/

  17. Gueron, S., Krasnov, V.: [PATCH] efficient implementation of AES-GCM, using Intel’s AES-NI, PCLMULQDQ instruction, and the advanced vector extension (AVX). http://rt.openssl.org/Ticket/Display.html?id=2900. Accessed Oct 2012

  18. Procter, Gordon: A Security analysis of the composition of ChaCha20 and Poly1305. IACR Cryptol. ePrint Arch. 2014, 613 (2014)

    Google Scholar 

  19. A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol (2016). http://eprint.iacr.org/2016/081

  20. Yap, W., Yeo, S.L., Heng, S., Henricksen, M.: Security analysis of GCM for communication. Secur. Commun. Netw. 7(5), 854–864 (2014)

    Article  Google Scholar 

  21. Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and Authenticated Online Ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 424–443. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42033-7_22

    Chapter  Google Scholar 

  22. Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25937-4_25

    Chapter  Google Scholar 

  23. Ferguson, N.: Authentication weaknesses in GCM. NIST Comment (2005)

    Google Scholar 

  24. Bernstein, D.J.: Cache-timing attacks on AES. Technical report, 2005 Antoine Joux. Authentication failures in NIST version of GCM (2006). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/Joux_comments.pdf. Accessed 20 Feb 2016

  25. Hastad, J.: The security of the IAPM and IACBC modes. J. Cryptol. 20(2), 153–163 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  26. Akdemir, K. e.a.: Breakthrough AES performance with intel AES new instructions, Intel Whitepaper (2010). http://software.intel.com/file/27067

  27. Gopal, V. et al.: Optimized Galois-counter-mode implementation on intel architecture processors, Intel Whitepaper (2010). http://download.intel.com/design/ intarch/PAPERS/324194.pdf

  28. Hoban, A.: Using intel AES new instructions and PCLMULQDQ to significantly improve IPSec performance on Linux, Intel Whitepaper (2010), https://www.Intel.com/design/intarch/papers/324238.pdf

Download references

Author information

Authors and Affiliations

  1. Coimbatore Institute of Technology, Coimbatore, India

    B. Arunkumar & G. Kousalya

Authors
  1. B. Arunkumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. Kousalya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. Arunkumar .

Editor information

Editors and Affiliations

  1. School of CS/IT, Indian Institute of Information Technology, Trivandrum, Kerala, India

    Sabu M. Thampi

  2. Machine Intelligence Unit, Indian Statistical Institute, Kolkata, India

    Sushmita Mitra

  3. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, West Bengal, India

    Jayanta Mukhopadhyay

  4. Xiamen University, Xiamen, China

    Kuan-Ching Li

  5. Department of Electrical and Electronic, Nazarbayev University, Astana, Kazakhstan

    Alex Pappachen James

  6. Dipartimento di Ingegneria, Università degli Studi di Firenze, Firenze, Italy

    Stefano Berretti

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Arunkumar, B., Kousalya, G. (2018). Analysis of AES-GCM Cipher Suites in TLS. In: Thampi, S., Mitra, S., Mukhopadhyay, J., Li, KC., James, A., Berretti, S. (eds) Intelligent Systems Technologies and Applications. ISTA 2017. Advances in Intelligent Systems and Computing, vol 683. Springer, Cham. https://doi.org/10.1007/978-3-319-68385-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68385-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68384-3

  • Online ISBN: 978-3-319-68385-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation