SYS-CON MEDIA Authors: Roberto Medrano, Dmitriy Stepanov, Gilad Parann-Nissany, Srinivasan Sundara Rajan, Sean Houghton

News Feed Item

New Authenticated Encryption Algorithm Features Robust Resistance to Multiple Misuse

Nippon Telegraph and Telephone Corporation (TOKYO:9432) and Mitsubishi Electric Corporation (TOKYO:6503) announced today that in collaboration with the University of Fukui they have jointly developed an authenticated encryption algorithm offering robust resistance to multiple misuse. The algorithm has been entered in the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) project, based on which the algorithm is expected to be deployed for increasingly secure and reliable information technology.

The new algorithm’s major advantage is its resistance to multiple misuse in authenticated encryption operations that provide simultaneous confidentiality and integrity.

One problem of misuse is an attacker making a fake message if plaintexts are released before their integrity is verified. Once a conventional system outputs decrypted plaintext from tampered data without authentication, the attacker can show tampered data as being non-tampered. Whereas this occurs with many conventional systems, the new algorithm fixes the problem, thereby enabling relatively low-memory devices to handle large-volume data.

Another typical problem is the reuse of nonce. In the case of a common authentication algorithm called Advanced Encryption Standard with Galois Counter Mode (AES-GCM), a non-repeatable special parameter, or nonce, is required to achieve security. However, the algorithm is largely bleached if the nonce is reused, so the new algorithm fixes this problem to maintain security even after multiple reuse.

The new algorithm accepts messages longer than the 64-gigabyte limit of AES-GCM, and it works faster than AES-GCM on many platforms.

CAESAR Competition

CAESAR is a competition organized to thoroughly evaluate authenticated encryption algorithms by testing their resistance to multiple third-party cryptanalyzing attacks to prove their security, applicability and robustness. Algorithms that receive third-party cryptanalysis through CAESAR are expected to gain wide acceptance, which is why this new algorithm has been submitted to the competition. Candidate algorithms will be screened annually and the first results will be announced on January 15, 2015, with the final results to be announced on December 15, 2017.

Based on the results of the CAESAR competition, NTT and Mitsubishi Electric intend to research and develop services and products for machine-to-machine (M2M) applications incorporating their new algorithm, thereby contributing to increased security and reliability in information technology.

Background

Cryptography is widely used to establish secure and reliable information technology by encrypting data with symmetric-key cryptography. However, symmetric-key cryptography does not necessarily prove data integrity. To prove data integrity, an authentication algorithm Message Authentication Code is required to detect forgery. Conventional algorithms can achieve either confidentiality or integrity. Combining the two is possible, but presents many problems. For example, recent threats to SSL/TLS involving attacks with BEAST (2011), BREACH (2013) and Lucky Thirteen (2013) have highlighted misuse problems. Authenticated encryption offers concrete instantiations, but the method is not used widely because its benefits are not fully recognized. In addition, conventional algorithms have demonstrated certain problems with weak keys.

About Nippon Telegraph and Telephone Corporation

NTT (Nippon Telegraph and Telephone Corporation) is the world’s largest global IT and telecommunications services company and is ranked 32nd on Fortune’s Global 500 list. The company’s roots go back over 100 years to the introduction of the telegraph in Japan and focuses today on innovation in the cloud, mobility, network and communications. The company had operating revenues of over US$130 billion for the fiscal year ended March 31, 2013 and employs 227,150 people worldwide. The company’s subsidiaries include Regional Communications Businesses: NTT EAST, NTT WEST; Mobile Communications Businesses: NTT DOCOMO; Long-Distance and International Communication Businesses: NTT Communications and Dimension Data; and Data Communication Businesses: NTT DATA. For more information, visit http://www.ntt.co.jp/index_e.html

About Mitsubishi Electric Corporation

With over 90 years of experience in providing reliable, high-quality products, Mitsubishi Electric Corporation (TOKYO:6503) is a recognized world leader in the manufacture, marketing and sales of electrical and electronic equipment used in information processing and communications, space development and satellite communications, consumer electronics, industrial technology, energy, transportation and building equipment. Embracing the spirit of its corporate statement, Changes for the Better, and its environmental statement, Eco Changes, Mitsubishi Electric endeavors to be a global, leading green company, enriching society with technology. The company recorded consolidated group sales of 3,567.1 billion yen (US$ 37.9 billion*) in the fiscal year ended March 31, 2013. For more information visit http://www.MitsubishiElectric.com
*At an exchange rate of 94 yen to the US dollar, the rate given by the Tokyo Foreign Exchange Market on March 31, 2013

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today Isomorphic Software, the global leader in high-end, web-based business applications, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software ...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete...
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo – to be held June 9-11, 2015, at the Javits Center in New York City, NY – is now accepting Hackathon proposals. Hackathon sponsorship benefits include general brand exposure and increasing engagement with the developer ecosystem. At Cloud Expo 2014 Silicon Valley, IBM held the Bluemix Developer Playground on November 5 and ElasticBox held the DevOps Hackathon on November 6. Both events took place on the expo fl...
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will w...
The term culture has had a polarizing effect among DevOps supporters. Some propose that culture change is critical for success with DevOps, but are remiss to define culture. Some talk about a DevOps culture but then reference activities that could lead to culture change and there are those that talk about culture change as a set of behaviors that need to be adopted by those in IT. There is no question that businesses successful in adopting a DevOps mindset have seen departmental culture change, ...
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big D...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series dat...
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, a...
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrateg...
Fundamentally, SDN is still mostly about network plumbing. While plumbing may be useful to tinker with, what you can do with your plumbing is far more intriguing. A rigid interpretation of SDN confines it to Layers 2 and 3, and that's reasonable. But SDN opens opportunities for novel constructions in Layers 4 to 7 that solve real operational problems in data centers. "Data center," in fact, might become anachronistic - data is everywhere, constantly on the move, seemingly always overflowing. Net...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.