38 research outputs found

    Generic Related-key Attacks for HMAC

    Get PDF
    In this article we describe new generic distinguishing and forgery attacks in the related-key scenario (using only a single related-key) for the HMAC construction. When HMAC uses a k-bit key, outputs an n-bit MAC, and is instantiated with an l-bit inner iterative hash function processing m-bit message blocks where m=k, our distinguishing-R attack requires about 2^{n/2} queries which improves over the currently best known generic attack complexity 2^{l/2} as soon as l>n. This means that contrary to the general belief, using wide-pipe hash functions as internal primitive will not increase the overall security of HMAC in the related-key model when the key size is equal to the message block size. We also present generic related-key distinguishing-H, internal state recovery and forgery attacks. Our method is new and elegant, and uses a simple cycle-size detection criterion. The issue in the HMAC construction (not present in the NMAC construction) comes from the non-independence of the two inner hash layers and we provide a simple patch in order to avoid this generic attack. Our work finally shows that the choice of the opad and ipad constants value in HMAC is important

    Generic Universal Forgery Attack on Iterative Hash-based MACs

    Get PDF
    In this article, we study the security of iterative hash-based MACs, such as HMAC or NMAC, with regards to universal forgery attacks. Leveraging recent advances in the analysis of functional graphs built from the iteration of HMAC or NMAC, we exhibit the very first generic universal forgery attack against hash-based MACs. In particular, our work implies that the universal forgery resistance of an n-bit output HMAC construction is not 2^n queries as long believed by the community. The techniques we introduce extend the previous functional graphs-based attacks that only took in account the cycle structure or the collision probability: we show that one can extract much more meaningful secret information by also analyzing the distance of a node from the cycle of its component in the functional graph

    Hash functions and their usage in user authentication

    Get PDF
    Práce se zabývá hashovacími funkcemi a jejich využitím při autentizaci. Obsahuje základní teorii o hashovacích funkcích a popis jejich základních konstrukčních prvků. Konkrétně se práce zaměřuje na hashovací funkce LMHash, MD4, MD5 a funkce z rodiny SHA, které porovnává z hlediska bezpečnosti. Práce obecně popisuje nejpoužívanější útoky na hashovací funkce, poukazuje na slabiny současné konstrukce a nabízí výhled do budoucnosti hashovacích funkcí. Dále práce nastiňuje problematiku autentizace a popisuje použití hashovacích funkcí v této oblasti. V praktické části je realizován obecný autentizační rámec v programovacím jazyce C#. Výsledkem realizace jsou klientská a serverová aplikace, na kterých byly úspěšně vyzkoušeny dvě vybrané autentizační metody. Při realizaci bylo dbáno na flexibilitu řešení a možné budoucí využití jiných metod autentizace.This thesis concerns with hash functions and their usage in authentication. It presents basics of hash functions theory and construction elements. In particular the thesis focuses on LMHash, MD4, MD5 and SHA family hash functions, which are compared from the security point of view. The thesis describes in general the most frequently used hash function attacks, points out the weaknesses of current construction and mentions the future perspective of hash functions. Furthermore the thesis outlines the area authentication and describes usage of hash functions in the area. Practical part of the thesis contains an implements of a general authentication framework implemented in programming language C#. The result is client and server applications, in which two selected authentication methods were successfully tested. The result implementation is flexible with respect to the possible future use of other authentication methods.

    Distinguishing Attacks on MAC/HMAC Based on A New Dedicated Compression Function Framework

    Get PDF
    A new distinguishing attack on HMAC and NMAC based on a dedicated compression function framework H, proposed in ChinaCrypt2008, is first presented in this paper, which distinguish the HMAC/NMAC-H from HMAC/NMAC with a random function. The attack needs 2^{17} chosen messages and 223 queries, with a success rate of 0.873. Furthermore, according to distinguishing attack on SPMAC-H, a key recovery attack on the SPMAC-H is present, which recover all 256-bit key with 2^{17)chosen messages, 2^{19} queries, and (t+1)x8 times decrypting algorithms

    DSA with SHA-1 for Space Telecommand Authentication: Analysis and Results

    Get PDF
    The issue of securing Telecommand data communications in civil and commercial space missions, by means of properly located security services and primitives, has been debated within the Security Working Group of the Consultative Committee for Space Data Systems since several months. In the context of Telecommand transmissions, that can be vital in determining a successful operational behavior of a space system, the interest is mainly focused on authentication, more than encryption. The object of this paper is to investigate, under the perspective of computational overhead, the possible applicability of a standard scheme, Digital Signature Algorithm with SHA- 1, to the authentication of Telecommand data structures, and to discuss the pros and cons related to its adoption in such a peculiar context, through numerical simulations and comparison with an alternative solution relying on the widely used MD5 hash algorithm

    Про нові потоковi алгоритми створення чутливих дайджестiв електронних документів

    No full text
    Для прийняття обґрунтованих планових рішень у суспільно-економічній сфері спеціалісти повинні користуватися перевіреними документами. До засобів перевірки документів належать криптографічно стабільні алгоритми компресії великого файлу в дайджест визначеного розміру, чутливий до будь-якої зміни символів на вході. Пропонуються нові швидкі алгоритми компресії, криптографічна стабільність яких пов’язується зі складними алгебраїчними проблемами, такими як дослідження систем алгебраїчних рівнянь великої степені та задача розкладу нелінійного відображення простору за твірними. Запропоновані алгоритми створення чутливих до змін дайджестів документів будуть використані для виявлення кібератак та аудиту усіх файлів системи після зареєстрованого втручання.Specialists must use well checked documents to elaborate well founded,decisions and plans in the socio-economic field. Check tools include cryptographically stable algorithms for compressing a large file into a digest of a specified size, sensitive to any change in the characters on the input. New fast compression algorithms are proposed, whose cryptographic stability is associated with complex algebraic problems, such as the study of systems of algebraic equations of large power and the problem of the expansion of nonlinear mapping of space by generators. The proposed algorithms for creation of change-sensitive digests will be used to detect cyberattacks and audit all system files after a registered intervention

    Issues with Existing Cryptographic Protection Methods for Routing Protocols

    Full text link

    D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

    Get PDF
    This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

    Cryptographic transfer of sensor data from the Amulet to a smartphone

    Get PDF
    The authenticity, confidentiality, and integrity of data streams from wearable healthcare devices are critical to patients, researchers, physicians, and others who depend on this data to measure the effectiveness of treatment plans and clinical trials. Many forms of mHealth data are highly sensitive; in the hands of unintended parties such data may reveal indicators of a patient\u27s disorder, disability, or identity. Furthermore, if a malicious party tampers with the data, it can affect the diagnosis or treatment of patients, or the results of a research study. Although existing network protocols leverage encryption for confidentiality and integrity, network-level encryption does not provide end-to-end security from the device, through the smartphone and database, to downstream data consumers. In this thesis we provide a new open protocol that provides end-to-end authentication, confidentiality, and integrity for healthcare data in such a pipeline. We present and evaluate a prototype implementation to demonstrate this protocol\u27s feasibility on low-power wearable devices, and present a case for the system\u27s ability to meet critical security properties under a specific adversary model and trust assumptions

    Copyright Notice

    Get PDF
    Cryptographic Algorithms for the TCP Authentication Option (TCP-AO) The TCP Authentication Option (TCP-AO) relies on security algorithms to provide authentication between two end-points. There are many such algorithms available, and two TCP-AO systems cannot interoperate unless they are using the same algorithms. This document specifies the algorithms and attributes that can be used in TCP-AO’s current manual keying mechanism and provides the interface for future message authentication codes (MACs). Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by th
    corecore