Skip to main content Accessibility help
×
Home
Hostname: page-component-7ccbd9845f-mpxzb Total loading time: 0.252 Render date: 2023-01-28T01:37:07.001Z Has data issue: true Feature Flags: { "useRatesEcommerce": false } hasContentIssue true

A tight bound for exhaustive key search attacks against Message Authentication Codes

Published online by Cambridge University Press:  06 November 2012

Vinícius G.P. de SÁ
Affiliation:
Depto. de Ciência da Computação, Univ. Federal do Rio de Janeiro, Brazil. vigusmao@dcc.ufrj.br
Davidson R. Boccardo
Affiliation:
Inmetro, National Institute of Metrology, Quality and Technology, Brazil; drboccardo@inmetro.gov.br; lfrust@inmetro.gov.br; rcmachado@inmetro.gov.br
Luiz Fernando Rust
Affiliation:
Inmetro, National Institute of Metrology, Quality and Technology, Brazil; drboccardo@inmetro.gov.br; lfrust@inmetro.gov.br; rcmachado@inmetro.gov.br
Raphael C.S. Machado
Affiliation:
Depto. de Ciência da Computação, Univ. Federal do Rio de Janeiro, Brazil. vigusmao@dcc.ufrj.br Inmetro, National Institute of Metrology, Quality and Technology, Brazil; drboccardo@inmetro.gov.br; lfrust@inmetro.gov.br; rcmachado@inmetro.gov.br
Get access

Abstract

A Message Authentication Code (MAC) is a function that takes a message and a key as parameters and outputs an authentication of the message. MAC are used to guarantee the legitimacy of messages exchanged through a network, since generating a correct authentication requires the knowledge of the key defined secretly by trusted parties. However, an attacker with access to a sufficiently large number of message/authentication pairs may use a brute force algorithm to infer the secret key: from a set containing initially all possible key candidates, subsequently remove those that yield an incorrect authentication, proceeding this way for each intercepted message/authentication pair until a single key remains. In this paper, we determine an exact formula for the expected number of message/authentication pairs that must be used before such form of attack is successful, along with an asymptotical bound that is both simple and tight. We conclude by illustrating a modern application where this bound comes in handy, namely the estimation of security levels in reflection-based verification of software integrity.

Type
Research Article
Copyright
© EDP Sciences 2012

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

M. Bellare and P. Rogaway, Random oracles are practical : a paradigm for designing efficient protocols. Proc. 1st ACM conference on Computer and communications security (1993) 62–73.
A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography. CRC Press, USA (1996).
B. Preneel, Hash functions and MAC algorithms based on block cyphers, in Cryptography and Coding, 6th IMA International Conference. Lect. Notes Comput. Sci. 1355 (1997) 270–282. CrossRef
A. Seshadri, A. Perrig, L. van Doorn and P. Khosla, Swatt : Software-based attestation for embedded devices, in 2004. IEEE Symposium on Security and Privacy. Los Alamitos, CA (2004) 272.
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L. and Khosla, P., Pioneer : verifying code integrity and enforcing untampered code execution on legacy systems. SIGOPS Oper. Syst. Rev. 39 (2005) 116. Google Scholar
Seshadri, A., Luk, M., Perrig, A., van Doorn, L. and Khosla, P., Externally verifiable code execution. Commun. ACM 49 (2006) 4549. Google Scholar
Spinellis, D., Reflection as a Mechanism for Software Integrity Verification. ACM Trans. Infor. Syst. Secur. 3 (2000) 5162. Google Scholar
Stinson, D.R., Some Observations on the Theory of Cryptographic Hash Functions. Designs Codes Cryptogr. 38 (2006) 259277. Google Scholar
Y. Yang, X. Wang, S. Zhu and G. Cao, Distributed software-based attestation for node compromise detection in sensor networks, in Proc. of the IEEE Symposium on Reliable Distributed Systems (2007) 219–228.

Save article to Kindle

To save this article to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

A tight bound for exhaustive key search attacks against Message Authentication Codes
Available formats
×

Save article to Dropbox

To save this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Dropbox account. Find out more about saving content to Dropbox.

A tight bound for exhaustive key search attacks against Message Authentication Codes
Available formats
×

Save article to Google Drive

To save this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Google Drive account. Find out more about saving content to Google Drive.

A tight bound for exhaustive key search attacks against Message Authentication Codes
Available formats
×
×

Reply to: Submit a response

Please enter your response.

Your details

Please enter a valid email address.

Conflicting interests

Do you have any conflicting interests? *