Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Algorithm Yellow Book v.07 - The CCSDS Collaborative Work

advertisement 
CCSDS
CRYPTOGRAPHIC
ALGORITHMS TEST
REPORT
DRAFT CCSDS RECORD
CCSDS 352.1-Y-1
Draft Yellow Book
November 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
FOREWORD
[Foreword text specific to this document goes here. The text below is boilerplate.]
Through the process of normal evolution, it is expected that expansion, deletion, or
modification of this document may occur. This document is therefore subject to CCSDS
document management and change control procedures, which are defined in the Procedures
Manual for the Consultative Committee for Space Data Systems. Current versions of CCSDS
documents are maintained at the CCSDS Web site:
http://www.ccsds.org/
Questions relating to the contents or status of this document should be addressed to the
CCSDS Secretariat at the address indicated on page i.
CCSDS 000.0-Y-0
Page i
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
At time of publication, the active Member and Observer Agencies of the CCSDS were:
Member Agencies
–
–
–
–
–
–
–
–
–
–
–
Agenzia Spaziale Italiana (ASI)/Italy.
British National Space Centre (BNSC)/United Kingdom.
Canadian Space Agency (CSA)/Canada.
Centre National d’Etudes Spatiales (CNES)/France.
China National Space Administration (CNSA)/People’s Republic of China.
Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)/Germany.
European Space Agency (ESA)/Europe.
Federal Space Agency (FSA)/Russian Federation.
Instituto Nacional de Pesquisas Espaciais (INPE)/Brazil.
Japan Aerospace Exploration Agency (JAXA)/Japan.
National Aeronautics and Space Administration (NASA)/USA.
Observer Agencies
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Austrian Space Agency (ASA)/Austria.
Belgian Federal Science Policy Office (BFSPO)/Belgium.
Central Research Institute of Machine Building (TsNIIMash)/Russian Federation.
Centro Tecnico Aeroespacial (CTA)/Brazil.
Chinese Academy of Sciences (CAS)/China.
Chinese Academy of Space Technology (CAST)/China.
Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia.
Danish National Space Center (DNSC)/Denmark.
European Organization for the Exploitation of Meteorological Satellites
(EUMETSAT)/Europe.
European Telecommunications Satellite Organization (EUTELSAT)/Europe.
Hellenic National Space Committee (HNSC)/Greece.
Indian Space Research Organization (ISRO)/India.
Institute of Space Research (IKI)/Russian Federation.
KFKI Research Institute for Particle & Nuclear Physics (KFKI)/Hungary.
Korea Aerospace Research Institute (KARI)/Korea.
MIKOMTEK: CSIR (CSIR)/Republic of South Africa.
Ministry of Communications (MOC)/Israel.
National Institute of Information and Communications Technology (NICT)/Japan.
National Oceanic and Atmospheric Administration (NOAA)/USA.
National Space Organization (NSPO)/Chinese Taipei.
Naval Center for Space Technology (NCST)/USA.
Space and Upper Atmosphere Research Commission (SUPARCO)/Pakistan.
Swedish Space Corporation (SSC)/Sweden.
United States Geological Survey (USGS)/USA.
CCSDS 000.0-Y-0
Page ii
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
DOCUMENT CONTROL
Document
Title and Issue
Date
Status
CCSDS
352.1-Y-1
CCSDS Cryptographic Algorithms
Test Report, Draft CCSDS Record,
Issue 1
November
2011
Current draft
CCSDS 000.0-Y-0
Page iii
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
CONTENTS
Section
Page
DOCUMENT CONTROL.................................................................................................... III
CONTENTS........................................................................................................................... IV
1 INTRODUCTION.......................................................................................................... 1-1
1.1 PURPOSE ............................................................................................................... 1-1
1.2 SCOPE .................................................................................................................... 1-1
1.3 APPLICABILITY ................................................................................................... 1-1
1.4 RATIONALE.......................................................................................................... 1-1
1.5 DOCUMENT STRUCTURE ................................................................................. 1-1
1.6 REFERENCES ....................................................................................................... 1-1
2 OVERVIEW ................................................................................................................... 2-1
3 ALGORITHM TESTING GOALS .............................................................................. 3-2
3.1 CONFIDENTIALITY ALGORITHMS ................................................................. 3-2
3.2 AUTHENTICATION ALGORITHMS .................................................................. 3-2
4 TEST PLAN DETAILS ................................................................................................. 4-4
4.1 CONFIDENTIALITY TEST CASE #1: AES COUNTER MODE TEST WITH
128-BIT KEY ......................................................................................................... 4-5
4.1.1 TEST DESCRIPTION ................................................................................ 4-6
4.1.2 EXPECTED RESULTS .............................................................................. 4-6
4.2 CONFIDENTIALITY TEST CASE #2: AES COUNTER MODE TEST WITH
192-BIT KEY ......................................................................................................... 4-7
4.2.1 TEST DESCRIPTION ................................................................................ 4-7
4.2.2 EXPECTED RESULTS .............................................................................. 4-7
4.3 CONFIDENTIALITY TEST CASE #3: AES COUNTER MODE TEST WITH
256-BIT KEY ......................................................................................................... 4-7
4.3.1 TEST DESCRIPTION ................................................................................ 4-7
4.3.2 EXPECTED RESULTS .............................................................................. 4-8
4.4 CONFIDENTIALITY TEST CASE #4: AES GCM TEST WITH 128-BIT KEY 4-8
4.4.1 TEST DESCRIPTION ................................................................................ 4-8
4.4.2 EXPECTED RESULTS .............................................................................. 4-8
4.5 CONFIDENTIALITY TEST CASE #5: AES GCM TEST WITH 192-BIT KEY 4-9
4.5.1 TEST DESCRIPTION ................................................................................ 4-9
4.5.2 EXPECTED RESULTS .............................................................................. 4-9
4.6 CONFIDENTIALITY TEST CASE #6: AES GCM TEST WITH 256-BIT KEY 4-9
4.6.1 TEST DESCRIPTION ................................................................................ 4-9
4.6.2 EXPECTED RESULTS ............................................................................ 4-10
4.7 CONFIDENTIALITY TEST CASE #7: AES ECB TEST WITH 128-BIT KEY . 4-5
4.7.1 TEST DESCRIPTION ................................................................................ 4-5
4.7.2 EXPECTED RESULTS .............................................................................. 4-5
4.8 CONFIDENTIALITY TEST CASE #8: AES ECB WITH 192-BIT KEY ............ 4-5
4.8.1 TEST DESCRIPTION ................................................................................ 4-5
4.8.2 EXPECTED RESULTS .............................................................................. 4-5
4.9 CONFIDENTIALITY TEST CASE #9: AES ECB WITH 256-BIT KEY ............ 4-5
CCSDS 000.0-Y-0
Page iv
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.9.1 TEST DESCRIPTION ................................................................................ 4-5
4.9.2 EXPECTED RESULTS .............................................................................. 4-6
4.10 AUTHENTICATION TEST CASE #1: HMAC AUTHENTICATION WITH SHA256
4-10
4.10.1 TEST DESCRIPTION .............................................................................. 4-10
4.10.2 EXPECTED RESULTS ............................................................................ 4-11
4.11 AUTHENTICATION TEST CASE #2: CMAC AUTHENTICATION WITH AES
USING A 128-BIT KEY ...................................................................................... 4-11
4.11.1 TEST DESCRIPTION .............................................................................. 4-11
4.11.2 EXPECTED RESULTS ............................................................................ 4-11
4.12 AUTHENTICATION TEST CASE #3: CMAC AUTHENTICATION WITH AES
USING A 192-BIT KEY ...................................................................................... 4-11
4.12.1 TEST DESCRIPTION .............................................................................. 4-11
4.12.2 EXPECTED RESULTS ............................................................................ 4-12
4.13 AUTHENTICATION TEST CASE #4: CMAC AUTHENTICATION WITH AES
USING A 256-BIT KEY ...................................................................................... 4-12
4.13.1 TEST DESCRIPTION .............................................................................. 4-12
4.13.2 EXPECTED RESULTS ............................................................................ 4-12
4.14 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE
AUTHENTICATION ........................................................................................... 4-12
4.14.1 TEST DESCRIPTION .............................................................................. 4-12
4.14.2 EXPECTED RESULTS ............................................................................ 4-13
5 TEST RESULTS .......................................................................................................... 5-14
5.1 CONFIDENTIALITY TEST RESULTS.............................................................. 5-14
5.2 AUTHENTICATION TEST RESULTS .............................................................. 5-14
Table
Page
Table 1- Confidentiality Algorithm Tests .............................................................................. 4-4
Table 2- Authentication/Integrity Algorithm Tests ............................................................... 4-4
CCSDS 000.0-Y-0
Page v
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
1
1.1
INTRODUCTION
PURPOSE
The purpose of this document is to describe the prototype testing to be conducted for the
CCSDS Cryptographic Algorithms specified in CCSDS 353.0-B-1 (reference [1]).
1.2
SCOPE
The scope of this document is the testing of the CCSDS cryptographic algorithms to provide
confidentiality, authentication, and integrity for spacecraft and ground systems.
1.3
APPLICABILITY
The CCSDS Cryptographic Algorithms will be used to provide data confidentiality,
command authentication, and data/command integrity. The algorithms may be Agencyimplemented for specific missions, may be government produced, may be open source, or
may be purchased as commercial-off-the-shelf products. In any case, the algorithms must be
shown to be in conformance with their respective specifications, must be proven to be bug
and malware free, and must be proven to be interoperable with other implementations of the
same algorithm.
1.4
RATIONALE
The CCSDS Procedures Manual states that for a Recommendation to become a Blue Book,
the standard must be tested in an operational manner. The following requirement for an
implementation exercise were excerpted from reference [2]:
“At least two independent and interoperable prototypes or implementations must have
been developed and demonstrated in an operationally relevant environment, either real
or simulated.”
This document outlines the Security Working Group’s approach to meeting this requirement.
1.5
DOCUMENT STRUCTURE
This document describes the testing that must be accomplished to allow the CCSDS
Cryptographic Algorithms to proceed forward as a Recommendation.
1.6
REFERENCES
The following documents are referenced in this document. At the time of publication, the
editions indicated were valid. All documents are subject to revision, and users of this
CCSDS 000.0-Y-0
Page 1-1
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
document are encouraged to investigate the possibility of applying the most recent editions of
the documents indicated below. The CCSDS Secretariat maintains a register of currently
valid CCSDS documents.
[1] CCSDS Cryptographic Algorithms.
Washington DC: CCSDS, <date>
CCSDS 353.0-B-1.
Blue Book.
Issue 1.
[2] Procedures Manual for the Consultative Committee for Space Data Systems, CCSDS
A00.0-Y-9. Yellow Book. Issue 9. Washington DC: CCSDS, November 2003.
[3] Advanced Encryption Standard (AES). Federal Information Processing Standards
Special
Publication
197.
Gaithersburg,
Maryland:
NIST,
2001.
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
[4] NIST, The Keyed Hash Message Authentication Code, Federal Information
Processing Standard 198-1 (FIPS-198-1), U.S. National Institute of Standards and
Technology
(NIST),
http://csrc.nist.gov/publications/fips/fips198-1/FIPS-1981_final.pdf, July 2008.
[5] NIST, Digital Signature Standard, Federal Information Processing Standard 186-3,
U.S.
National
Institute
of
Standards
and
Technology
(NIST),
http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, June 2009.
[6] Dworkin, M.
Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC. National Institute of Standards and
Technology Special Publication 800-38D. Gaithersburg, Maryland: NIST, November
2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
[7] Dworkin, M.; Recommendation for Block Cipher Modes of Operation: The CMAC
Mode for Authentication; NIST Special Publication 800-38B; National Institute of
Standards and Technology (NIST); http://csrc.nist.gov/publications/nistpubs/80038B/SP_800-38B.pdf; May 2005.
[8] Dworkin, M. Recommendation for Block Cipher Modes of Operation: Methods and
Techniques. National Institute of Standards and Technology Special Publication 80038A.
Gaithersburg,
Maryland:
NIST,
2001.
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf.
[9] Bassham, L.; The Advanced Encryption Standard Algorithm Validation Suite
(AESAVS); National Institute of Standards and Technology; Nov 2002;
http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf
[10]
Hall, T; The FIPS 186-3 Digital Signature Algorithm Validation System
(DSA2VS); National Institute of Standards and Technology; June 2011;
http://csrc.nist.gov/groups/STM/cavp/documents/dss2/dsa2vs.pdf
CCSDS 000.0-Y-0
Page 1-2
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
[11]
Keller, S; The RSA Validation System (RSAVS); National Institute of
Standards
and
Technology;
Nov
2004;
http://csrc.nist.gov/groups/STM/cavp/documents/dss/RSAVS.pdf
[12]
Keller, S; The 186-3 RSA Validation System (RSA2VS); National Institute of
Standards
and
Technology;
June
2011;
http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf
[13]
Bassham, L; The Secure Hash Algorithm Validation System (SHAVS);
National
Institute
of
Standards
and
Technology;
July
2004;
http://csrc.nist.gov/groups/STM/cavp/documents/shs/SHAVS.pdf
[14]
Keller, S; The CMAC Validation System (CMACVS); National Institute of
Standards
and
Technology;
Aug
2011;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/CMACVS.pdf
[15]
Hall, L; Keller, S; The Galois/Counter Mode (GCM) and GMAC Validation
System (GCMVS); National Institute of Standards and Technology; Feb 2009;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmvs.pdf
[16]
Bassham, L; The Keyed-Hash Message Authentication Code Validation
System (HMACVS); National Institute of Standards and Technology; Dec 2004;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/HMACVS.pdf
CCSDS 000.0-Y-0
Page 1-3
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
2
OVERVIEW
This CCSDS Cryptographic Algorithms test plan describes the manner in which algorithm
testing will be accomplished. It describes the manner in which the algorithms are to be
implemented, keyed, and data exchanged between the testing parties to determine if the
algorithms are performing as expected.
The CCSDS Procedures Manual requires that testing be performed in an “operational-like”
setting. However, in this case, we are testing “raw” algorithms and not flight systems. This
plan provides the details to test the cryptographic algorithms to ensure their correctness and
interoperation. We propose that an independent algorithm implementation is used to encrypt
data and another independent implementation is used to decrypt it. This would be performed
using all the recommended modes for encryption.
Likewise, for authentication one independent algorithm implementation is used to create a
message authentication code (MAC) with a different independent algorithm implementation
used to verify the MAC. Testing in this manner is performed for all of the specified
authentication algorithms: HMAC, CMAC, and RSA Digital Signature.
This testing could be performed in a single laboratory by one tester using multiple
implementations of each algorithm under test. However, optimally the testing should be
conducted at multiple sites via the internet potentially using something as simple as email to
send encrypted or MAC’d data between the testing parties which would then be fed into the
various independent algorithm implementations. For example, Test Agent A at site X could
encrypt data using AES/GCM using a pre-distributed key. Test Agent A would email the
ciphertext as an attachment to Test Agent B at site Y. Using the pre-distributed key and a
different implementation of AES/GCM than used by Test Agent A, Test Agent B would
attempt to decrypt the ciphertext. If the resulting plaintext (agreed to in advance by both
testing agents) is an exact match, the test passes.
In a more elaborate testing setup, the test sites could be interconnected and a simple network
application could be used to provide the test framework of encrypting/authentication data,
transmitting it, and on the receiving end, decrypting/authenticating the data.
CCSDS 000.0-Y-0
Page 2-1
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
3
ALGORITHM TESTING GOALS
All algorithm implementations must conform to their respective specifications.
AES must be shown to be conformant with FIPS Pub 197 (reference [3]) and tested in
accordance with reference [9] .
AES/GCM must be shown to be conformant with FIPS Pub 800-38D (reference [6] and
tested in accordance with reference [15].
HMAC must be shown to be conformant with FIPS Pub 198-1 (reference [4]) and tested in
accordance with reference [16].
CMAC must be shown to be conformant with FIPS Pub 800-38B (reference [7]) and tested in
accordance with reference [14].
RSA Digital Signature must be shown to be conformant with FIPS Pub 186-3 (reference [5])
and tested in accordance with references [10], [11], and [12].
For reference, test vectors for each of the respective algorithms may be obtained from the
National
Institute
of
Standards
and
Technology:
http://csrc.nist.gov/groups/STM/cavp/index.html.
3.1
CONFIDENTIALITY ALGORITHMS
The CCSDS confidentiality algorithms will be tested to confirm that independent
implementations can successfully interoperate in the cryptographic modes specified in
CCSDS 353.0-B-1 (reference [1]).
Testing will confirm that the implementations of the AES algorithm will support multiple
key sizes. Specifically they must support 128-bit, 192-bit, and 256-bit size keys. Testing
will be carried out using all three key sizes in electronic code book mode to confirm the
correct operation of the base AES algorithm.
Testing will also confirm that the implementations of AES operate correctly in counter mode.
Testing will be carried out using all three key sizes with AES in counter mode (reference
[8]).
To confirm that authenticated encryption operates correctly, AES will be tested using the
Galois/Counter Mode (GCM). Again, all three key sizes will be tested with AES in GCM
mode (reference [6]).
3.2
AUTHENTICATION ALGORITHMS
The CCSDS authentication algorithms will be tested to confirm that independent
implementations can successfully interoperate.
Three authentication algorithms are specified in CCSDS 353.0-B-1 (reference [1]).
CCSDS 000.0-Y-0
Page 3-2
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
For hash-based authentication, testing will confirm that the implementations of HMAC
utilize the SHA-256 hash algorithm and interoperate (reference [4]). Testing will be carried
out using a reference test key known to the testing parties. Testing will be carried out
without truncation of the resulting MAC.
For cryptographic-based authentication, testing will confirm that the implementations of
CMAC are interoperable (reference [7]).
For digital signature-based authentication, testing will confirm that the implementations
utilize the RSA Digital Signature Algorithm (DSA) (reference [5]) and that they are
interoperable.
CCSDS 000.0-Y-0
Page 3-3
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4
TEST PLAN DETAILS
Table 1 synopsizes the tests to be performed on the confidentiality algorithm and modes.
#
Confidentiality
Algorithm
Mode
Key Size
1
AES
ECB
128
2
AES
ECB
192
3
AES
ECB
256
4
AES
Counter
128
5
AES
Counter
192
6
AES
Counter
256
7
AES
GCM
128
8
AES
GCM
192
9
AES
GCM
256
Table 1- Confidentiality Algorithm Tests
Table 2 synopsizes the tests to be performed on the authentication/integrity algorithms.
#
Authentication/Integrity
Algorithm
Mode
Key Size
MAC
Length
1
HMAC w/SHA-256
w/o truncation
256
256
2
CMAC w/AES
N/A
128
128
3
CMAC w/AES
N/A
192
128
4
CMAC w/AES
N/A
256
128
5
Digital Signature
RSA
2048
-
Table 2- Authentication/Integrity Algorithm Tests
CCSDS 000.0-Y-0
Page 4-4
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.1
CONFIDENTIALITY TEST CASE #1: AES ECB TEST WITH 128-BIT KEY
4.1.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 128-bit
test key and 96-bit IV using AES ECB. The resultant cipher text will be sent to one or more
recipient testers either via a network connection, via email, or some other agreed-to method.
The recipient tester(s) will use the same 128-bit test key to decrypt the cipher text.
128-bit Plaintext input data: 00112233445566778899aabbccddeeff
128-Bit Key: 000102030405060708090a0b0c0d0e0f
4.1.2 EXPECTED RESULTS
If the resultant plain text matches, the AES ECB encryption/decryption test is successful.
4.2
CONFIDENTIALITY TEST CASE #2: AES ECB WITH 192-BIT KEY
4.2.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data using a 192-bit test key
and a 96-bit IV using AES ECB. The resultant cipher text will be sent to one or more
recipient testers either via a network connection, via email, or some other agreed-to method.
The recipient tester(s) will use the same 192-bit test key and 96-bit IV to decrypt the cipher
text.
128-bit Plaintext input data: 00112233445566778899aabbccddeeff
192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617
4.2.2 EXPECTED RESULTS
If the resultant plain text matches, the AES ECB encryption/decryption test is successful.
4.3
CONFIDENTIALITY TEST CASE #3: AES ECB WITH 256-BIT KEY
4.3.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit
test key and 96-bit IV using AES ECB. The resultant cipher text will be sent to one or more
CCSDS 000.0-Y-0
Page 4-5
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
recipient testers either via a network connection, via email, or some other agreed-to method.
The recipient tester(s) will use the same 256-bit test key to decrypt the cipher text.
128-bit Plaintext input data: 00112233445566778899aabbccddeeff
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
4.3.2 EXPECTED RESULTS
If the resultant plain text matches, the AES ECB encryption/decryption test is successful.
4.4
CONFIDENTIALITY TEST CASE #4: AES COUNTER MODE TEST WITH
128-BIT KEY
4.4.1 TEST DESCRIPTION
Two or more testers may participate.
One tester will encrypt plaintext data using a 128-bit test key and a 96-bit IV using AES in
Counter Mode. The resultant cipher text will be sent to one or more recipient testers either
via a network connection, via email, or some other agreed-to transfer method. The recipient
tester(s) will use the same 128-bit test key and 96-bit IV to decrypt the cipher text.
1024-bit Plaintext input data:
2b9179d21cb884581b0e4f462455167f1f7899717245d4aed3d8db5983daccccebfc
2130a20c284563bea5997cc0438c83d8fa7bb9e3588efed285a0fcc31456dc9a3122
b97bb22f7edc36973475925828c323565e417ec95190db63b21881016b5332f2e400
bb4724c86a8ee0247149370ee5412f743dc6bf7ca5bcc31afa0f
128-Bit Key: 000102030405060708090a0b0c0d0e0f
96-bit IV: 001122334455667788990102
4.4.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
CCSDS 000.0-Y-0
Page 4-6
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.5
CONFIDENTIALITY TEST CASE #5: AES COUNTER MODE TEST WITH
192-BIT KEY
4.5.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt platintext data using a 192-bit
test key and a 96-bit IV using AES in Counter Mode. The resultant cipher text will be sent
to one or more recipient testers either via a network connection, via email, or some other
agreed-to method. The recipient tester(s) will use the same 192-bit test key and 96-bit IV to
decrypt the cipher text.
1024-bit Plaintext input data:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719
aab7dc2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e
501440134e04e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c
299c325c8a7cc1de9174f544bc60828c1eebad49287caa4108a0
192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617
96-bit IV: 001122334455667788990102
4.5.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.6
CONFIDENTIALITY TEST CASE #6: AES COUNTER MODE TEST WITH
256-BIT KEY
4.6.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit
test key and 96-bit IV using AES in Counter Mode. The resultant cipher text will be sent to
one or more recipient testers either via a network connection, via email, or some other agreeto method. The recipient tester(s) will use the same 256-bit test key and 96-bit IV to decrypt
the cipher text.
1024-bit Plaintext input data:
bc7aa1b735a5f465cffeccd8dd4b0a33a571e9f006dc63b2a6f4df272a673bb2cc00
e603248ab6be5627eebc10934fe4d1dc5cd120a475936eefa2c7bddea9f36c6c794d
2c6bd2594094e56cac12d8f03e38f222a7ee4fc6c2adffe71c9c13003e301c31ff3a
0405dde89bb213044d41782c4bb4eb3c262595d1c0e00522047c
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
96-bit IV: 001122334455667788990102
CCSDS 000.0-Y-0
Page 4-7
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.6.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.7
CONFIDENTIALITY TEST CASE #7: AES GCM TEST WITH 128-BIT KEY
4.7.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt and authenticate plaintext data
using a 128-bit test key and 96-bit IV using AES GCM with a 96-bit authentication tag. The
Additional Authenticated Data (AAD) will be authenticated and not encrypted. The resultant
cipher text and authentication tag will be sent to one or more recipient testers either via a
network connection, via email, or some other agreed-to method. The recipient tester(s) will
use the same 128-bit test key to decrypt and authenticate the cipher text. The AAD will be
authenticated without decryption.
1024-bit Plaintext input data:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68
c040f2328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf4
1cce0d523016ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3d
a881481f46f21dda62e3e4c898bb9f819b22f816b7c4e2fb6729
1024-bit Additional Authenticated Data:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfe
a75e225e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b
8e63266ad1b42cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae3
7652a8f6016f92adb7695d40bde8c202ab9c2d70a96220b4b01b
128-Bit Key: 000102030405060708090a0b0c0d0e0f
96-bit IV: 001122334455667788990102
4.7.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
If the resultant authentication tag matches, the AES GCM authentication test is successful.
CCSDS 000.0-Y-0
Page 4-8
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.8
CONFIDENTIALITY TEST CASE #8: AES GCM TEST WITH 192-BIT KEY
4.8.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data using a 192-bit test key
and a 96-bit IV using AES in GCM with a 96-bit authentication tag. The Additional
Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 192-bit test key and
96-bit IV to decrypt and authenticate the cipher text. The AAD will be authenticated without
decryption.
1024-bit Plaintext input data:
d406138587fbcb498e8ec37f0f3d7f6b2faa02e6880424e74cdba67ae3468b6823d3
7fd917a7fede6b34a2f0fc47c520e4088766ba82a989f0d8051a3a80cc8b1e3e1e2b
1c6620b90e99b27e65951aeb3936263fc2f76c1c8effa742f53987f8a38c731a411f
a53b9f6c81340e0d7ce395c4190b364d9188dc5923f3126546c3
1024-bit Additional Authenticated Data:
756cf485b6a8e672d90d930a653c69fdbf260d3ea18cd3d0c02175d3966a88b70ab8
235d998b745a0eb6a5c92899f41e8c0b7aa4ec132c8cbb1bac97a45766a03923c9b9
3c2a055abd0127a83f81e6df603a375ca8cc1a2ee0a8b7fd226226b0b19bd2e81f73
c34dfafa4fcea08dd93dd4ab7e4b437408af91bff566068a5f34
192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617
96-bit IV: 001122334455667788990102
4.8.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
If the resultant authentication tag matches, the AES GCM authentication test is successful.
4.9
CONFIDENTIALITY TEST CASE #9: AES GCM TEST WITH 256-BIT KEY
4.9.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit
test key and 96-bit IV using AES GCM with a 96-bit authentication tag. The Additional
Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to
decrypt and authenticate the cipher text. The AAD will be authenticated without decryption.
CCSDS 000.0-Y-0
Page 4-9
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
1024-bit Plaintext input data:
bfc89d5049a5b4015c9eb64fdaf9fe9f4be7229e67c713a7b368f0550b3a5e12ba3a
4399c64f60b7157e1b289b154a494deadecff0d0686ab44fae2a34ae4cb120a7f002
68ab551f41c16a05f8999157be1103464127a8a9bccf736c32db045124178c90472e
664d8e67a2ade0efe9a3b048c453d2fb5292dd8d29e62d52c5b5
1024-bit Additional Authenticated Data:
335cc5c8fb5920b09e0263133eb481fd97f8d9f29db8689fb63034bc40959a176ccd
ca6725e1f94f822e4d871138fc39776fbe062f07bf80e5c8891c2e1007efeb77c158
ced8d6c002b04442ed35c40a2187a59c02339c05762942208e3be964736a431017f4
72dfd5fdaf8fb8c645cdb684f9632057b9eb755253b4b75e3688
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
96-bit IV: 001122334455667788990102
4.9.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
If the resultant authentication tag matches, the AES GCM authentication test is successful.
4.10 AUTHENTICATION TEST CASE #1: HMAC AUTHENTICATION WITH
SHA-256
4.10.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create a Message Authentication Code
(MAC) over a data set using a 256-bit test key using HMAC with SHA-256. The resultant
MAC will be sent to one or more recipient testers either via a network connection, via email,
or some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamp whose fleece was white as snow
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
CCSDS 000.0-Y-0
Page 4-10
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.10.2 EXPECTED RESULTS
If the MAC is verified, the HMAC/SHA-256 test is successful.
4.11 AUTHENTICATION TEST CASE #2: CMAC AUTHENTICATION WITH AES
USING A 128-BIT KEY
4.11.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create a Message Authentication Code
(MAC) over a data set using a 128-bit test key using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 128-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamb whose fleece was white as snow
128-bit Key: 2b7e151628aed2a6abf7158809cf4f3c
4.11.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/128 test is successful.
4.12 AUTHENTICATION TEST CASE #3: CMAC AUTHENTICATION WITH AES
USING A 192-BIT KEY
4.12.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create a Message Authentication Code
(MAC) over a data set using a 192-bit test key using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 192-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamb whose fleece was white as snow
192-bit Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
CCSDS 000.0-Y-0
Page 4-11
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.12.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/192 test is successful.
4.13 AUTHENTICATION TEST CASE #4: CMAC AUTHENTICATION WITH AES
USING A 256-BIT KEY
4.13.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set using a 256-bit test key using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamb whose fleece was white as snow
256-bit Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
4.13.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/256 test is successful.
4.14 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE
AUTHENTICATION
4.14.1 TEST DESCRIPTION
Two or more testers may participate. All testers involved must first obtain or generate a
public/private key pair of 2048 bits. The public keys of all involved testers must be shared
either directly, via a public key server, pre-cached, or by some other means determined by
the testers.
One tester will use the RSA Digital Signature Algorithm to digitally sign a test data set
(using the tester’s private key. The resultant digitally signed data will be sent to one or more
recipient testers either via a network connection, via email, or some other agreed-to method.
The recipient tester(s) will use the signer’s public key to verify the authenticity of the data.
Test Data: Mary had a little lamb whose fleece was white as snow
Test Key: 2048-bit generated RSA public/private key pairs
CCSDS 000.0-Y-0
Page 4-12
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.14.2 EXPECTED RESULTS
If the digital signature is verified, the Digital Signature Authentication test is successful.
CCSDS 000.0-Y-0
Page 4-13
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
5
TEST RESULTS
5.1
CONFIDENTIALITY TEST RESULTS
CONFIDENTIALITY
TEST #
CONFIDENTIALITY
ALGORITHM
ALGORITHM
MODE
KEY SIZE
1
AES
Counter
128
2
AES
Counter
192
3
AES
Counter
256
4
AES
GCM
128
5
AES
GCM
192
6
AES
GCM
256
7
AES
ECB
128
8
AES
ECB
192
9
AES
ECB
256
5.2
TEST RESULT
AUTHENTICATION TEST RESULTS
AUTH
TEST #
AUTHENTICATION
ALGORITHM
ALGORITHM
MODE
KEY
SIZE
MAC
LENGTH
1
HMAC w/SHA-256
No truncation
256
256
2
CMAC w/AES
N/A
128
128
3
CMAC w/AES
N/A
192
128
4
CMAC w/AES
N/A
256
128
5
DIGITAL
SIGNATURE
RSA
2048
-
CCSDS 000.0-Y-0
Page 5-14
TEST RESULT
May 2011
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
ANNEX A
[ANNEX TITLE]
[Annexes contain ancillary information. See CCSDS A20.0-Y-2, CCSDS Publications
Manual (Yellow Book, Issue 2, June 2005) for discussion of the kinds of material contained
in annexes.]
CCSDS 000.0-Y-0
Page A-1
May 2011
Related documents
Claire Addison - Foundation Scotland
Claire Addison - Foundation Scotland
Tutorial 4
Tutorial 4
Clinical Trial Protocol Outline
Clinical Trial Protocol Outline
CCSDS 130.0-G-2.1_change_request_GJK_July23_2014
CCSDS 130.0-G-2.1_change_request_GJK_July23_2014
BITTT and CCSDS in China
BITTT and CCSDS in China
Meeting 53 Slides
Meeting 53 Slides
Chris Shelton - Storage Arrays
Chris Shelton - Storage Arrays
VPN_Request - ANS Group Plc
VPN_Request - ANS Group Plc
AES Encryption
AES Encryption
Download
advertisement