lec61-4 - 2/25/10 MAC MAC & AE Message Authentication...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
2/25/10 1 MAC & AE MAC Message Authentication Code ‘keyed hash function’ H k (x) k: secret key, x: message of any length, H k (x): Fxed length (say, 128 bits) deterministic Purpose: to ‘prove’ to someone who has the secret key k, that x is written by someone who also has the secret key k How to use? A & B share a secret key k A sends the message x and the MAC M H k (x) B receives x and M from A B computes H k (x) with received M B checks if M=H k (x) Attack scenario E may eavesdrop many communications (x, M) between A & B E then tries (possibly many times) to ‘forge’ (x’, M’) so that B accepts: M’=H k (x’) Question: what if E ‘replays’ old transmission (x, M)? Is this a successful forgery?
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2/25/10 2 Capabilities of attackers Known-text attack Simple eavesdropping Chosen-text attack Attacker inFuences Alice’s messages Adaptive chosen-text attack Attacker adaptively inFuences Alice Types of forgery Universal forgery: attacker can forge a MAC for any message Selective forgery: attacker can forge a MAC for a message chosen before the attack Existential forgery: attacker can forge some message x but in general cannot choose x as he wishes Security of MAC Should be secure against adaptively chosen- message existential forger Attacker may watch many pairs (x, H k (x)) May even try x of his choice May try many veri±cation attempts (x, M) Still shouldn’t be able to forge a new message at all Two easy attacks Exhaustive key search Given one pair (x, M), try different keys until M=H k (x) Lesson: key size should be large enough Pure guessing: try many different M with a ±xed message x Lesson: MAC length should be also large Question: which one is more serious?
Background image of page 2
2/25/10 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/21/2011 for the course CSCI 5471 taught by Professor Staff during the Spring '08 term at Minnesota.

Page1 / 9

lec61-4 - 2/25/10 MAC MAC & AE Message Authentication...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online