MRF24XA_15 Datasheet, PDF(106/258 Page) Microchip Technology – Low-Power, 2.4 GHz ISM-Band IEEE 802.15.4™ RF

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

MRF24XA_15 Datasheet, PDF (106/258 Pages) Microchip Technology – Low-Power, 2.4 GHz ISM-Band IEEE 802.15.4™ RF

◁

MRF24XA

4.7 Security Suites

MRF24XA provides extensive hardware support for

security suites defined in 802.15.4-2003/2006 stan-

dard. The security suites are based on the AES-128

block cipher transformation. Block ciphers are ciphers

that work on a plaintext block of a fixed length to pro-

duce a ciphertext block of the same length. Given a

particular Key (K), there is a 1-to-1 correspondence

between the Plaintext Block (P) and the Ciphertext

Block (C).

â¢ Encryption operation: Ci = EK(Pi)

Ciphertext block (i) is produced by Encrypting

Plaintext block (i) using key K.

â¢ Decryption operation: Pi = DK(Ci)

Plaintext block (i) is produced by Decrypting

Ciphertext block (i) using key K.

4.7.1

ELECTRONIC CODE BOOK MODE

(ECB)

The simple usage of the block cipher is known as ECB

mode. There are several issues in using a block cipher

in ECB mode to encrypt data. Each plaintext block is

encrypted to the same ciphertext block and it is possi-

ble to associate the ciphertext block with an event with-

out knowing that the plaintext block itself. To trigger the

event, user can resend the ciphertext block, a process

known as Replay Attack. In addition, most block cipher

algorithms in ECB mode do nothing to scramble repet-

itive data, making the plaintext block reversible from

the ciphertext block.

4.7.2 COUNTER MODE (CTR)

In CTR mode, each chipertext block is produced by

XOR'ing, the plaintext block with the encrypted version

of a counter input. The initial value of the counter

serves as the Initialization Vector (IV) for the message

block, and may be changed for each message block.

Although the term âcounterâ is used, this does not man-

date the use of a true counter. An easy-to-compute

function, which is practically non-repeating (at least for

a long time) may be used. CTR mode may be 100%

parallelized for both encryption and decryption.

802.15.4-2003 defines CTR mode as follows:

CTR0 = 0

Loop on each 16 byte block of plaintext

Ci = Pi xor EK({ENCFLAGS, SECNONCE, CTRi})

CTRi+1 = CTRi+1

End

Where, ENCFLAGS is defined by the standard (0x82),

SECNONCE is defined in the standards and CTRi is a 2

byte block counter. If the last block of the plaintext is not

16 byte, it is zero-padded and only the required number

of MSB bytes is used in the XOR operation. The host

can override ENCFLAGS field when the SECFLAGOVR

bit in MACCON1 register is enabled, and the new flags

through SECENCFLAG register is set. The host can

overwrite the SECNONCE register anytime through

SECNONCE1..13 registers.

802.15.4-2006 does not define CTR mode.

4.7.3

CIPHER BLOCK CHAINING MODE

(CBC)

In CBC mode, each plaintext block is XORâed with the

result of the previous block encryption operation before

being encrypted. In this way all plaintext blocks depend

on the previous block, making it difficult to remove, add

or change individual blocks without detection. In addi-

tion, the encryption for the first block is performed using

XOR of the plaintext block and an Initial Value (IV). This

initial value changes for each message, making it more

resistant to Replay Attacks.

MRF24XA does not support CBC mode.

4.7.4

CIPHER BLOCK CHAINING

MESSAGE AUTHENTICATION

CODE MODE (CBC-MAC)

A CBC-MAC protects the authenticity of a message,

and therefore implicitly its integrity. The algorithm takes

the variable length input message and a secret key,

and produces a MIC TAG (MIC and MAC terms are

often used interchangeably). Any change to the content

of the message results in a change of the MIC tag,

which guarantees the integrity of the message. As the

same message with a different secret key also pro-

duces a different MIC tag, a MAC mode also provides

protection of authenticity.

802.15.4-2003 defines CBC-MAC mode as follows:

P = {LENGTH, MACHDR, MACPAYLOAD}

O1 = EK(P1)

Loop on each 16 byte block of plaintext

Oi = EK(Pi xor Oi -1)

End

MICTAG is the leftmost M bit of Oend

Where LENGTH is the number of bytes to be authenti-

cated (MAC header and payload).

802.15.4-2006 does not define CBC-MAC mode.

DS70005023C-page 106

Preliminary

ï£ 2015 Microchip Technology Inc.

▷