Skip to main content Accessibility help
×
Home

A tight bound for exhaustive key search attacks against Message Authentication Codes

  • Vinícius G.P. de SÁ (a1), Davidson R. Boccardo (a2), Luiz Fernando Rust (a2) and Raphael C.S. Machado (a1) (a2)

Abstract

A Message Authentication Code (MAC) is a function that takes a message and a key as parameters and outputs an authentication of the message. MAC are used to guarantee the legitimacy of messages exchanged through a network, since generating a correct authentication requires the knowledge of the key defined secretly by trusted parties. However, an attacker with access to a sufficiently large number of message/authentication pairs may use a brute force algorithm to infer the secret key: from a set containing initially all possible key candidates, subsequently remove those that yield an incorrect authentication, proceeding this way for each intercepted message/authentication pair until a single key remains. In this paper, we determine an exact formula for the expected number of message/authentication pairs that must be used before such form of attack is successful, along with an asymptotical bound that is both simple and tight. We conclude by illustrating a modern application where this bound comes in handy, namely the estimation of security levels in reflection-based verification of software integrity.

Copyright

References

Hide All
[1] M. Bellare and P. Rogaway, Random oracles are practical : a paradigm for designing efficient protocols. Proc. 1st ACM conference on Computer and communications security (1993) 62–73.
[2] A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography. CRC Press, USA (1996).
[3] B. Preneel, Hash functions and MAC algorithms based on block cyphers, in Cryptography and Coding, 6th IMA International Conference. Lect. Notes Comput. Sci. 1355 (1997) 270–282.
[4] A. Seshadri, A. Perrig, L. van Doorn and P. Khosla, Swatt : Software-based attestation for embedded devices, in 2004. IEEE Symposium on Security and Privacy. Los Alamitos, CA (2004) 272.
[5] Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L. and Khosla, P., Pioneer : verifying code integrity and enforcing untampered code execution on legacy systems. SIGOPS Oper. Syst. Rev. 39 (2005) 116.
[6] Seshadri, A., Luk, M., Perrig, A., van Doorn, L. and Khosla, P., Externally verifiable code execution. Commun. ACM 49 (2006) 4549.
[7] Spinellis, D., Reflection as a Mechanism for Software Integrity Verification. ACM Trans. Infor. Syst. Secur. 3 (2000) 5162.
[8] Stinson, D.R., Some Observations on the Theory of Cryptographic Hash Functions. Designs Codes Cryptogr. 38 (2006) 259277.
[9] Y. Yang, X. Wang, S. Zhu and G. Cao, Distributed software-based attestation for node compromise detection in sensor networks, in Proc. of the IEEE Symposium on Reliable Distributed Systems (2007) 219–228.

Keywords

A tight bound for exhaustive key search attacks against Message Authentication Codes

  • Vinícius G.P. de SÁ (a1), Davidson R. Boccardo (a2), Luiz Fernando Rust (a2) and Raphael C.S. Machado (a1) (a2)

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed