Block Cipher key for Authentication Security

8 posts / 0 new
Last post
VitalyP
Block Cipher key for Authentication Security

Hello,

For GMac SecuritySuite and Authentication Security DLMSDirector doesn't allow to enter Block Cipher Key.
While CGM operations requires both Authentication Key and Block Cipher Key. Even if we use Authentication only Security

regards,
Vitaly

Kurumi
Kurumi's picture

Hi,

You need to select AuthenticationEncryption as Security. Block cipher key is disabled If you select only Authentication.

Block cipher key is not needed if you use only authentication level security. Block cipher key is used to encrypt the data and an authentication key is used to count authentication tag for the data.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

VitalyP

Hi,

No matter what kind of security is used (except None), to get the authentication tag you anyway need to perform GMAC authenticated encryption function, using Block Cipher Key as encryption key. Authentication key used in this function as part of AAD.
For Authentication security, cipher text of this function is not used. Only authentication tag is used. But the function have to be performed anyway.

regards,
Vitaly

Kurumi
Kurumi's picture

Hi Vitaly,

It's possible to do the following:
1. Encrypt the data.
2. Authenticate data.
3. Encrypt and authenticate the data.

The block cipher key is needed for 1 and 3.
The authentication key is needed for 2 and 3.

AAD is not used at all in #1.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

VitalyP

Hi, Mikko

You are right, that AAD not used for Encrpyt-only.
But, BlockCipherKey, used as Encryption key (EK) in any mode.
Hereafter is picture from DLMS green book

Image: 
Kurumi
Kurumi's picture

Hi,

Data is not ciphered In authentication only mode. For this reason, only the authentication key is needed.
This picture is not very good and there is too much information. Its main purpose it demonstrates how the security control byte is constructed.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

VitalyP

Hi,

Chiper (with EK) have to be used in Authentcation-only mode to get Authentication Tag (T is not equal to A)).

GXDLMSDirector throws "index was outside the bounds of the array" exception in GMAC authentication-only mode, if BlockCiperKey has never been set.

Kurumi
Kurumi's picture

Hi,

This is changed as it was. Get the latest version.
BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi