IST Austria Thesis

In this thesis we discuss the exact security of message authentications codes HMAC , NMAC , and PMAC . NMAC is a mode of operation which turns a fixed input-length keyed hash function f into a variable input-length function. A practical single-key variant of NMAC called HMAC is a very popular and widely deployed message authentication code (MAC). PMAC is a block-cipher based mode of operation, which also happens to be the most famous fully parallel MAC. NMAC was introduced by Bellare, Canetti and Krawczyk Crypto’96, who proved it to be a secure pseudorandom function (PRF), and thus also a MAC, under two assumptions. Unfortunately, for many instantiations of HMAC one of them has been found to be wrong. To restore the provable guarantees for NMAC , Bellare [Crypto’06] showed its security without this assumption. PMAC was introduced by Black and Rogaway at Eurocrypt 2002. If instantiated with a pseudorandom permutation over n -bit strings, PMAC constitutes a provably secure variable input-length PRF. For adversaries making q queries, each of length at most ` (in n -bit blocks), and of total length σ ≤ q` , the original paper proves an upper bound on the distinguishing advantage of O ( σ 2 / 2 n ), while the currently best bound is O ( qσ/ 2 n ). In this work we show that this bound is tight by giving an attack with advantage Ω( q 2 `/ 2 n ). In the PMAC construction one initially XORs a mask to every message block, where the mask for the i th block is computed as τ i := γ i · L , where L is a (secret) random value, and γ i is the i -th codeword of the Gray code. Our attack applies more generally to any sequence of γ i ’s which contains a large coset of a subgroup of GF (2 n ). As for NMAC , our first contribution is a simpler and uniform proof: If f is an ε -secure PRF (against q queries) and a δ - non-adaptively secure PRF (against q queries), then NMAC f is an ( ε + `qδ )-secure PRF against q queries of length at most ` blocks each. We also show that this ε + `qδ bound is basically tight by constructing an f for which an attack with advantage `qδ exists. Moreover, we analyze the PRF-security of a modification of NMAC called NI by An and Bellare that avoids the constant rekeying on multi-block messages in NMAC and allows for an information-theoretic analysis. We carry out such an analysis, obtaining a tight `q 2 / 2 c bound for this step, improving over the trivial bound of ` 2 q 2 / 2 c . Finally, we investigate, if the security of PMAC can be further improved by using τ i ’s that are k -wise independent, for k > 1 (the original has k = 1). We observe that the security of PMAC will not increase in general if k = 2, and then prove that the security increases to O ( q 2 / 2 n ), if the k = 4. Due to simple extension attacks, this is the best bound one can hope for, using any distribution on the masks. Whether k = 3 is already sufficient to get this level of security is left as an open problem. Keywords: Message authentication codes, Pseudorandom functions, HMAC, PMAC

A MAC Mode for Lightweight Block Ciphers

status: accepte

MAC Constructions: Security Bounds and Distinguishing Attacks

We provide a simple and improved security analysis of PMAC, a Parallelizable MAC (Message Authentication Code) defined over arbitrary messages. A similar kind of result was shown by Bellare, Pietrzak and Rogaway at Crypto 2005, where they have provided an improved bound for CBC (Cipher Block Chaining) MAC, which was introduced by Bellare, Killan and Rogaway at Crypto 1994. Our analysis idea is much more simpler to understand and is borrowed from the work by Nandi for proving Indistinguishability at Indocrypt 2005 and work by Bernstein. It shows that the advantage for any distinguishing attack for n-bit PMAC based on a random function is bounded by O(σq / 2^n), where σ is the total number of blocks in all q queries made by the attacker. In the original paper by Black and Rogaway at Eurocrypt 2002 where PMAC was introduced, the bound is O(σ^2 / 2^n). We also compute the collision probability of CBC MAC for suitably chosen messages. We show that the probability is Ω( lq^2 / N) where l is the number of message blocks, N is the size of the domain and q is the total number of queries. For random oracles the probability is O(q^2 / N). This improved collision probability will help us to have an efficient distinguishing attack and MAC-forgery attack. We also show that the collision probability for PMAC is Ω(q^2 / N) (strictly greater than the birthday bound). We have used a purely combinatorial approach to obtain this bound. Similar analysis can be made for other CBC MAC extensions like XCBC, TMAC and OMAC

Dynamic neighbour aware power-controlled MAC for multi-hop ad hoc networks

In Ad Hoc networks, resources in terms of bandwidth and battery life are limited; so using a fixed high transmission power limits the durability of a battery life and causes unnecessary high interference while communicating with closer nodes leading to lower overall network throughput. Thus, this paper proposes a new cross layer MAC called Dynamic Neighbour Aware Power-controlled MAC (Dynamic NA -PMAC) for multi-hop Ad Hoc networks that adjust the transmission power by estimating the communication distance based on the overheard signal strength. By dynamically controlling the transmission power based on the receivable signal strength, the probability of concurrent transmission, durability of battery life and bandwidth utilization increases. Moreover, in presence of multiple overlapping signals with different strengths, an optimal transmission power is estimated dynamically to maintain fairness and avoid hidden node issues at the same time. In a given area, since power is controlled, the chances of overlapping the sensing ranges of sources and next hop relay nodes or destination node decreases, so it enhances the probability of concurrent transmission and hence an increased overall throughput. In addition, this paper uses a variable backoff algorithm based on the number of active neighbours, which saves energy and increases throughput when the density of active neighbours is less. The designed mechanism is tested with various random network scenarios using different traffic including CBR, Exponential and TCP in both scenarios (stationary and mobile with high speed) for single as well as multi-hop. Moreover, the proposed model is benchmarked against two variants of power-controlled mechanisms namely Min NA-PMAC and MaxRC-MinDA NA-PMAC to prove that using a fixed minimum transmission power may lead to unfair channel access and using different transmission power for RTS/CTS and Data/ACK leads to lower probability of concurrent transmission respectively

Wave propagation in graphite/epoxy laminates due to impact

The low velocity impact response of graphite-epoxy laminates is investigated theoretically and experimentally. A nine-node isoparametric finite element in conjunction with an empirical contact law was used for the theoretical investigation. Flat laminates subjected to pendulum impact were used for the experimental investigation. Theoretical results are in good agreement with strain gage experimental data. The collective results of the investigation indicate that the theoretical procedure describes the impact response of the laminate up to about 150 in/sec. impact velocity

Extended performance solar electric propulsion thrust system study. Volume 4: Thruster technology evaluation

Several thrust system design concepts were evaluated and compared using the specifications of the most advanced 30 cm engineering model thruster as the technology base. Emphasis was placed on relatively high power missions (60 to 100 kW) such as a Halley's comet rendezvous. The extensions in thruster performance required for the Halley's comet mission were defined and alternative thrust system concepts were designed in sufficient detail for comparing mass, efficiency, reliability, structure, and thermal characteristics. Confirmation testing and analysis of thruster and power processing components were performed, and the feasibility of satisfying extended performance requirements was verified. A baseline design was selected from the alternatives considered, and the design analysis and documentation were refined. The baseline thrust system design features modular construction, conventional power processing, and a concentrator solar array concept and is designed to interface with the Space Shuttle

Evaluation of Modified Asphalt Mixtures

The primary objective of this study was to conduct a comparative analysis on various modified asphalt mixture systems in order to determine their suitability for conditions that are commonly encountered in Kentucky. Several modified asphalt mixture systems were selected for laboratory and field testing (one-mile long field test section on KY 80, Pulaski County). These systems included the following asphalt mixtures: Control, Vestoplast, Polypropylene Fiber, Gilsonite, PMAC #1, Polyester Fiber, and PMAC #2. Laboratory testing included: Marshall stability and flow, mixture air voids and density, indirect tensile strength, moisture damage susceptibility, freeze-thaw damage susceptibility, resilient modulus, and repeated load permanent deformation. Statistically based comparative analyses were conducted in order to determine any significant relative differences in the performance potential of different modified systems. All statistical analyses were conducted at 90% level of significance (i.e., alpha error rate = 10%)

R-PMAC: A Robust Preamble Based MAC Mechanism Applied in Industrial Internet of Things

This paper proposes a novel media access control (MAC) mechanism, called the robust preamble-based MAC mechanism (R-PMAC), which can be applied to power line communication (PLC) networks in the context of the Industrial Internet of Things (IIoT). Compared with other MAC mechanisms such as P-MAC and the MAC layer of IEEE1901.1, R-PMAC has higher networking speed. Besides, it supports whitelist authentication and functions properly in the presence of data frame loss. Firstly, we outline three basic mechanisms of R-PMAC, containing precise time difference calculation, preambles generation and short ID allocation. Secondly, we elaborate its networking process of single layer and multiple layers. Thirdly, we illustrate its robust mechanisms, including collision handling and data retransmission. Moreover, a low-cost hardware platform is established to measure the time of connecting hundreds of PLC nodes for the R-PMAC, P-MAC, and IEEE1901.1 mechanisms in a real power line environment. The experiment results show that R-PMAC outperforms the other mechanisms by achieving a 50% reduction in networking time. These findings indicate that the R-PMAC mechanism holds great potential for quickly and effectively building a PLC network in actual industrial scenarios.Comment: This paper has been accepted by IEEE Internet of Things Journa

Evaluation of EC-Funded Mine Action in Africa: Volume 2-Country Reports

The Evaluation of EC support for mine action in Africa is the first of six regional mine action evaluations that the Geneva International Centre for Humanitarian Demining (GICHD) will conduct or commission for the European Commission (EC). These regional evaluations follow from a Global Assessment of EC support for mine action completed in 2005. Given the broad scope of a regional evaluation, no attempt was made to assess the performance of individual projects; rather, the focus was on EC mine action strategy and programming issues at the country and regional levels. In addition to a document review, the evaluation team sent questionnaires to the EC Delegations in those sub-Saharan African countries to which the EC has provided funding for mine action since 2002, and it conducted country missions to Angola, North and South Sudan, and Somalia (Somaliland and Puntland). Findings from these missions are reported in a separate volume