AES-CCM Attack

Revision as of 08:58, 2 November 2016 by Coflynn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Revision as of 08:58, 2 November 2016 by Coflynn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The following is an overview of the AES-CMM attack done by Eyal Ronen, detailed in his paper IoT Goes Nuclear: Creating a ZigBee Chain Reaction. If using this attack please do not cite this page, instead cite the original research. Note as of now (Nov/2016) the paper has not been submitted to any conference, so this is still very much new/draft research.

AES-CCM Overview

Background on Attack

Performing Attack

Building Example

Collecting Traces

Step #1: AES-CBC MAC Block #1

Step #2: AES-CBC MAC Block #2

Step #3: Recovery of AES-CTR Nonce

Step #4: Recovery of AES-CBC I.V.

Step #5: AES-CTR Pad

Last modified on 26 March 2017, at 13:45