A Simple and Generic Construction of Authenticated Encryption With Associated Data

We revisit the problem of constructing a protocol for performing authenticated encryption with associated data (AEAD). A technique is described which combines a collision resistant hash function with a protocol for authenticated encryption (AE). The technique is both simple and generic and does not require any additional key material beyond that of the AE protocol. Concrete instantiations are shown where a 256-bit hash function is combined with some known single-pass AE protocols employing either 128-bit or 256-bit block ciphers. This results in possible efficiency improvement in the processing of the header

Providing secure remote access to legacy applications

While the widespread adoption of Internet and Intranet technology has been one of the exciting developments of recent years, many hospitals are finding that their data and legacy applications do not naturally fit into the new methods of dissemination. Existing applications often rely on isolation or trusted networks for their access control or security, whereas untrusted wide area networks pay little attention to the authenticity, integrity or confidentiality of the data they transport. Many hospitals do not have the resources to develop new ''network-ready'' versions of existing centralised applications. In this paper, we examine the issues that must be considered when providing network access to an existing health care application, and we describe how we have implemented the proposed solution in one healthcare application namely the diabetic register at Hope Hospital. We describe the architecture that allows remote access to the legacy application, providing it with encrypted communications and strongly authenticated access control but without requiring any modifications to the underlying application. As well as comparing alternative ways of implementing such a system, we also consider issues relating to usability and manageability, such as password management

Combining message encryption and authentication

The first part of the paper explains the need for combining message encryption and authentication. We begin with the example to emphasize the fact that privacy‡ does not imply authenticity. Then we prove, one needs both privacy and authenticity, even if one's aim is just getting privacy. In the second part we present an overview of different methods for providing authenticated encryption (AE) i.e. generic compositions, single-pass modes and two-pass combined modes. We analyze what are the advantages and disadvantages of different AE constructions. In the third part of the paper we focus on nonce§ based authenticated encryption modes. Our motivation is the wish to know the methodology of designing authenticated encryption mode of operation. We take into consideration a few most important properties, e.g. parallelizability, memory requirements and pre-processing capability. We analyze possibilities of choice of underlying encryption and authentication components and their order in a message we also try to answer. What does single-key mode really mean? Finally we mention the importance of provable security theory in the security of authenticated encryption modes

Cryptographic Applications of the Duplex Construction

Assured security is the desirable feature of modern cryptography. Most of moderncryptography primitives have no provably secure constructions. Their safety is defined on the basis ofwell-known in the given time cryptanalytic attacks. The duplex construction equipped with one idealpermutation and appropriate security parameters is suitable for building provably secure cryptographicprimitives. The constructions can be used for unclassified information of different sensitivity levelsprotection. Some of them can secure classified information up to the TOP SECRET level. Theapplications based on the duplex construction can be used for key wrapping, authenticated encryptionand can work as a pseudo-random bit sequence generator. They are not covered by any knownintellectual property