Keying Hash Functions for Message Authentication
Mihir Bellare,Ran Canetti,Hugo Krawczyk +2 more
- pp 1-15
Reads0
Chats0
TLDR
Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.Abstract:
The use of cryptographic hash functions like MD5 or SHA-1 for message authentication has become a standard approach in many applications, particularly Internet security protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis.
We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. The performance of our schemes is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardwair can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.read more
Citations
More filters
Book
Handbook of Applied Cryptography
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
[서평]「Applied Cryptography」
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Proceedings ArticleDOI
Ariadne: a secure on-demand routing protocol for ad hoc networks
TL;DR: a secure on-demand routing protocol for ad hoc networks that can be used to connect ad-hoc networks to each other without disrupting existing networks.
Proceedings ArticleDOI
Packet leashes: a defense against wormhole attacks in wireless networks
TL;DR: A new, general mechanism, called packet leashes, is presented for detecting and thus defending against wormhole attacks, and a specific protocol is presented, called TIK, that implements leashes.
Journal ArticleDOI
Terra: a virtual machine-based platform for trusted computing
TL;DR: A flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware, is presented.
References
More filters
Proceedings Article
The MD5 Message-Digest Algorithm
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Security Architecture for the Internet Protocol
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Journal ArticleDOI
A digital signature scheme secure against adaptive chosen-message attacks
TL;DR: A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
Journal ArticleDOI
How to construct random functions
TL;DR: In this paper, a constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented, which is a deterministic polynomial-time algorithm that transforms pairs (g, r), where g is any one-way function and r is a random k-bit string, to computable functions.