pwe3-3----Page:4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
AES/GCM advantages encryption is provided by “state-of-the-art” AES (128/256 bit keys) mode of operation uses a counter to thwart replay attacks Integrity Check Value verifies the payload integrity encryption, integrity, and source authentication by a single algorithm authentication can be performed without encrypting data not in packet payload (e.g. source identifiers) can be authenticated too Initialization Vector nonce can be any length (but should not repeat for given key) algorithm can be efficiently implemented in software computation can be parallelized for high speed hardware implementations unencumbered by IPR claims adopted by IEEE 802.1ae for MACsec and RFCs 4106 and 4543 for IPsec |