lec61 - MAC & AE MAC Message Authentication Code keyed...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
MAC & AE
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
MAC Message Authentication Code ‘keyed hash function’ H k (x) k: secret key, x: message of any length, H k (x): Fxed length (say, 128 bits) deterministic Purpose: to ‘prove’ to someone who has the secret key k, that x is written by
Background image of page 2
How to use? A sends the message x and the MAC M H k (x) B receives x and M from A B computes H k (x) with received M B checks if M=H k (x)
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Attack scenario E may eavesdrop many communications (x, E then tries (possibly many times) to ‘forge’ (x’, M’) so that B accepts: M’=H k (x’) Question: what if E ‘replays’ old transmission (x, M)? Is this a successful forgery?
Background image of page 4
Capabilities of attackers Known-text attack Simple eavesdropping Chosen-text attack Attacker inFuences Alice’s messages Adaptive chosen-text attack Attacker adaptively inFuences Alice
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Types of forgery Universal forgery: attacker can forge a MAC for any message Selective forgery: attacker can forge a MAC for a message chosen before the attack Existential forgery: attacker can forge some message x but in general cannot choose x as he wishes
Background image of page 6
Security of MAC Should be secure against adaptively chosen- message existential forger Attacker may watch many pairs (x, H k (x)) May even try x of his choice May try many veriFcation attempts (x, M) Still shouldn’t be able to forge a new message at all
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Two easy attacks Exhaustive key search Given one pair (x, M), try different keys until M=H k (x) Lesson: key size should be large enough Pure guessing: try many different M with a Fxed message x Lesson: MAC length should be also large
Background image of page 8
Random function as MAC Suppose A and B share a random function
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 36

lec61 - MAC & AE MAC Message Authentication Code keyed...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online