Truncation attacks on MACs
نویسنده
چکیده
A new type of attack on Message Authentication Codes (MACs) is introduced which takes advantage of possible weaknesses in interfaces to hardware security modules. In particular, if a module does not fix the degree of MAC truncation employed, then potentially serious attacks are possible.
منابع مشابه
A new key recovery attack on the ANSI retail MAC
A new type of attack is introduced which takes advantage of MAC truncation to simplify key recovery attacks based on MAC verifications. One example of the attack is described which, in certain circumstances, enables a more efficient attack than was previously known to be launched against the ANSI retail MAC. The existence of this attack means that truncation for this MAC scheme should be used w...
متن کاملCryptanalysis of Message Authentication Codes
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic ha...
متن کاملConstructing Rate-1 MACs from Related-Key Unpredictable Block Ciphers: PGV Model Revisited
Almost all current block-cipher-based MACs reduce their security to the pseudorandomness of their underlying block ciphers, except for a few of them to the unpredictability, a strictly weaker security notion than pseudorandomness. However, the latter MACs offer relatively low efficiency. In this paper, we investigate the feasibility of constructing rate-1 MACs from related-key unpredictable blo...
متن کاملNew Attacks against Standardized MACs
In this paper, we revisit the security of several message authentication code (MAC) algorithms based on block ciphers, when instantiated with 64-bit block ciphers such as DES. We essentially focus on algorithms that were proposed in the norm ISO/IEC 9797–1. We consider both forgery attacks and key recovery attacks. Our results improve upon the previously known attacks and show that all algorith...
متن کاملMultiple forgery attacks against Message Authentication Codes
Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs. This property was first noted in MACs based on universal hashing, such as the Galois/Counter Mode (GCM) of operation for block ciphers. However, we show that CBC-MAC and HMAC also have this property, and ...
متن کامل