Encryption at ITCrypt
You were recently hired as a Cryptography Engineer at ITCrypt, a local start-up company who is specializing in building solutions to secure IoT devices. You are interested in securing the communication between two small, resource-constrained IoT devices. Your goal is to secure the communication between two parties who have already shared a private key, for example via a key-exchange protocol.
(i). What cryptographic primitive should you implement to secure the communication channel between the devices? What notion of security should this primitive achieve?
(ii). A former colleague had recommended using AES-CBC (i.e., CBC with AES as the underlying block cipher), and incrementing the IV by a constant value D at each invocation. The latter choice was made in order to save on random-number generation.
Thus, in this construction initially, a random IV is chosen; subsequently, at each new invocation, the IV is updated via IV-IV + D and then used in AES-CBC to encrypt data. Show that this is not a sound design by presenting a chosen-plaintext attack. (The encryption scheme keeps IV as an internal state so that it can increment it by D at each new invocation.)
(iii). After long discussions, the implementers at ITCrypt finally agreed to use fresh random IVs at each invocation. Does AES-CBC with fresh random IVs provide an adequate level of security? Briefly justify your answer.
(iv). Since the implementers at ITCrypt have developed their own in-house implementation of AES-CBC, they are reluctant to switch to another mode of operation. How can you transform AES-CBC (without modifying its internals) to a scheme that provides the levels of security required in practice, and as identified in part (i)?
(v). Had ITCrypt originally hired you for the Cryptography Engineer position, which off-the-shelf solution would you have recommended ITCrypt to use? Justify your answer
by discussing various parameters that need to be considered when choosing a cryptographic solution for this setting. (Consider security, efficiency and other aspects in comparison to modified AES-CBC in part (iv).)
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.