lec61-4

# lec61-4 - 2/25/10 MAC MAC &amp; AE Message Authentication...

This preview shows pages 1–4. Sign up to view the full content.

2/25/10 1 MAC & AE MAC Message Authentication Code ‘keyed hash function’ H k (x) k: secret key, x: message of any length, H k (x): Fxed length (say, 128 bits) deterministic Purpose: to ‘prove’ to someone who has the secret key k, that x is written by someone who also has the secret key k How to use? A & B share a secret key k A sends the message x and the MAC M H k (x) B receives x and M from A B computes H k (x) with received M B checks if M=H k (x) Attack scenario E may eavesdrop many communications (x, M) between A & B E then tries (possibly many times) to ‘forge’ (x’, M’) so that B accepts: M’=H k (x’) Question: what if E ‘replays’ old transmission (x, M)? Is this a successful forgery?

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
2/25/10 2 Capabilities of attackers Known-text attack Simple eavesdropping Chosen-text attack Attacker inFuences Alice’s messages Adaptive chosen-text attack Attacker adaptively inFuences Alice Types of forgery Universal forgery: attacker can forge a MAC for any message Selective forgery: attacker can forge a MAC for a message chosen before the attack Existential forgery: attacker can forge some message x but in general cannot choose x as he wishes Security of MAC Should be secure against adaptively chosen- message existential forger Attacker may watch many pairs (x, H k (x)) May even try x of his choice May try many veri±cation attempts (x, M) Still shouldn’t be able to forge a new message at all Two easy attacks Exhaustive key search Given one pair (x, M), try different keys until M=H k (x) Lesson: key size should be large enough Pure guessing: try many different M with a ±xed message x Lesson: MAC length should be also large Question: which one is more serious?
2/25/10 3

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

## This note was uploaded on 10/21/2011 for the course CSCI 5471 taught by Professor Staff during the Spring '08 term at Minnesota.

### Page1 / 9

lec61-4 - 2/25/10 MAC MAC &amp; AE Message Authentication...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online