I've been looking around for an article describing these modes in layman's terms but have not yet found anything helpful. So, what are the positives and negatives of each mode? Thanks
GCM
CCM
CBC-MAC
CCM
-
this mode accepts a variable-length authentication tags from 32-bits to 128-bits so it actually allowing varying degrees of protection against unauthorized modifications the cons:
GCM
-
The encryption and authentication of GCM are secure against the chosen-plaintext attack, and GCM is also secure while using the AES block cipher. but:
For both GCM
and CCM
you have to use timestamps or replay attack can occur and of course you need an appropriate tag length.
for CBC-MAC
it depends because you use CBC
to create the MAC and CBC offers serial encryption and parallel decryption but a change of one bit in a block changes everything that comes after in the encryption but doesn't affect the decryption. A known problem with CBC-MAC
is using the same key for encryption and for authentication in this case if you use CBC mode so the last block would be the MAC.
just for the smile - Cryptography
*here is the place to mention that one of the sources I used is from a german university research.
**EDIT:**found the name of it: ruhr-universität-bochum.