Showing papers on "Message authentication code published in 1999"

Spread spectrum image steganography

Abstract: We present a new method of digital steganography, entitled spread spectrum image steganography (SSIS). Steganography, which means "covered writing" in Greek, is the science of communicating in a hidden manner. Following a discussion of steganographic communication theory and review of existing techniques, the new method, SSIS, is introduced. This system hides and recovers a message of substantial length within digital imagery while maintaining the original image size and dynamic range. The hidden message can be recovered using appropriate keys without any knowledge of the original image. Image restoration, error-control coding, and techniques similar to spread spectrum are described, and the performance of the system is illustrated. A message embedded by this method can be in the form of text, imagery, or any other digital signal. Applications for such a data-hiding scheme include in-band captioning, covert communication, image tamperproofing, authentication, embedded control, and revision tracking.

UMAC: Fast and Secure Message Authentication

Abstract: We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMAC-SHA1), and about twice as fast as times previously reported for the universal hash-function family MMH. To achieve such speeds, UMAC uses a new universal hash-function family, NH, and a design which allows effective exploitation of SIMD parallelism. The "cryptographic" work of UMAC is done using standard primitives of the user's choice, such as a block cipher or cryptographic hash function; no new heuristic primitives are developed here. Instead, the security of UMAC is rigorously proven, in the sense of giving exact and quantitatively strong results which demonstrate an inability to forge UMAC-authenticated messages assuming an inability to break the underlying cryptographic primitive. Unlike conventional, inherently serial MACs, UMAC is parallelizable, and will have ever-faster implementation speeds as machines offer up increasing amounts of parallelism. We envision UMAC as a practical algorithm for next-generation message authentication.

UMAC : Fast and secure message authentication

Abstract: We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMAC-SHA1), and about twice as fast as times previously reported for the universal hash-function family MMH. To achieve such speeds, UMAC uses a new universal hash-function family, NH, and a design which allows effective exploitation of SIMD parallelism The cryptographic work of UMAC is done using standard primitives of the user's choice, such as a block cipher or cryptographic hash function; no new heuristic primitives are developed here. Instead, the security of UMAC is rigorously proven, in the sense of giving exact and quantitatively strong results which demonstrate an inability to forge UMAC-authenticated messages assuming an inability to break the underlying cryptographic primitive. Unlike conventional, inherently serial MACs, UMAC is parallelizable, and will have ever-faster implementation speeds as machines offer up increasing amounts of parallelism. We envision UMAC as a practical algorithm for next-generation message authentication.

Third-party e-mail authentication service provider using checksum and unknown pad characters with removal of quotation indents

Abstract: Electronic mail (email) is certified and authenticated by an authentication service. The authentication service is integrated with an email web site that allows users to set up email accounts. Outgoing email from the email web site is routed to the authentication service. A message identifier (ID) is generated and added to the message within markers. A random-number generator creates random pad characters that are added to the message before a checksum is generated. The checksum and the pad characters are stored in a table indexed by the message ID. The pad characters and the checksum are placed in secure storage and not available to users or others on the Internet. The email with the message ID in the markers but without the pad characters or checksum is sent to the recipients, along with instructions on how to authenticate the message. Others can authenticate a message by emailing it to the authentication service. The message ID is extracted from the markers and used to find the checksum and pad characters in the table. The pad characters are again added to the message and a new checksum generated. Authentication fails when the checksums do not match. An authentication-result message is added to the message before it is returned. Quotation indent characters are stripped from the message before authentication so that quoted messages can be authenticated even though they are altered by reply software during quotation. Headers such as addresses and dates can be copied to the message body so that they are also authenticated.

Priority and security coding system for electronic mail messages

Abstract: The priority and security encoding system for electronic mail messages functions to ascribe a message characterization code to the electronic mail message that enables the router as well as the destination message server to more efficiently process the electronic mail message, based upon the message characterization code. The message characterization code is assigned by the message originator, or the message server that serves the message originator, to identify the nature of the electronic mail message. The message characterization code can be defined to denote any one or more message related factors, such as: message content, identification of the message originator, identification of the message recipient, or other message processing factors. The message characterizing code is used by the message routers, network nodes, and destination message server to prioritize the processing of electronic mail messages and optionally provide subscriber defined alternate routing of certain classes of messages. This message characterizing code can also be used to automatically initiate various electronic message security measures to safeguard the most sensitive classes of messages, without the need for subscriber intervention.

On the security of iterated message authentication codes

Abstract: The security of iterated message authentication code (MAC) algorithms is considered, and in particular, those constructed from unkeyed hash functions. A new MAC forgery attack applicable to all deterministic iterated MAC algorithms is presented, which requires on the order of 2/sup n/2/ known text-MAC pairs for algorithms with n bits of internal memory, as compared to the best previous general attack which required exhaustive key search. A related key-recovery attack is also given which applies to a large class of MAC algorithms including a strengthened version of CBC-MAC found in ANSI X9.19 and ISO/IEC 9797, and envelope MAC techniques such as "keyed MD5". The security of several related existing MACs based directly on unkeyed hash functions, including the secret prefix and secret suffix methods, is also examined.

Encrypted Message Authentication by Firewalls

Abstract: Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.

The State of Cryptographic Hash Functions

Abstract: This paper describes the state of the art for cryptographic hash functions. Different definitions are compared, and the few theoretical results on hash functions are discussed. A brief overview is presented of the most important constructions, and some open problems are presented.

Software performance of universal hash functions

Abstract: This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood.

Constructing VIL-MACsfrom FIL-MACs: Message Authentication under Weakened Assumptions

Abstract: Practical MACs are typically designed by iterating applications of some fixed-input-length (FIL) primitive, namely one like a block cipher or compression function that only applies to data of a fixed length. Existing security analyses of these constructions either require a stronger security property from the FIL primitive (eg. pseudorandomness) than the unforgeability required of the final MAC, or, as in the case of HMAC, make assumptions about the iterated function itself. In this paper we consider the design of iterated MACs under the (minimal) assumption that the given FIL primitive is itself a MAC. We look at three popular transforms, namely CBC, Feistel and the Merkle-Damgard method, and ask for each whether it preserves unforgeability. We show that the answer is no in the first two cases and yes in the third. The last yields an alternative cryptographic hash function based MAC which is secure under weaker assumptions than existing ones, although at a slight increase in cost.

Bucket Hashing and Its Application to Fast Message Authentication

Abstract: We introduce a new technique for constructing a family of universal hash functions. At its center is a simple metaphor: to hash a string x , cast each of its words into a small number of buckets; xor the contents of each bucket; then collect up all the buckets' contents. Used in the context of Wegman--Carter authentication, this style of hash function provides a fast approach for software message authentication.

Secure communication mechanisms for GSM networks

Abstract: With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

Dynamic participation in a secure conference scheme for mobile communications

Abstract: We propose a scheme to implement secure digital mobile communications. The scheme can both enable multiple users to hold a secure teleconference and also resolve the problem of allowing a participant to join dynamically or to quit a teleconference already in progress. Essentially, teleconference is a synchronous collaboration session in which participants at remote locations cooperate through wireless communications. Two requirements for the system are: privacy and authentication. Privacy signifies that an eavesdropper cannot intercept conversations of a conference. Authentication ensures that the service is not obtained fraudulently in order to avoid usage charge usage. We present a conference key distribution scheme for digital mobile communications, according to which users can share a common secret key to hold a secure teleconference over a public channel. The participants need not alter their secret information when a participant joins late or quits the conference early.

Authenticated Byzantine Fault Tolerance Without Public-Key Cryptography

Abstract: We have developed a practical state-machine replication algorithm that tolerates Byzantine faults: it works correctly in asynchronous systems like the Internet and it incorporates severaloptimizationsthatimprovetheresponsetimeofprevious algorithms by more than an order of magnitude. This paper describes the most important of these optimizations. It explains how to modify the base algorithm to eliminate the major performance bottleneck in previous systems — public-key cryptography. The optimization replaces public-key signatures by vectors of message authentication codes during normal operation, and it overcomes a fundamental limitation on the power of message authentication codes relative to digital signatures — the inability to prove that a message is authentic to a third party. As a result, authentication is more than two orders of magnitude faster while providing the same level of security.

Message identification with confidentiality, integrity, and source authentication

Abstract: A method for transmitting and receiving a secure message. Transmission is by generating, using a device identifier (408), an application identifier (406) and an application value (412), of a message value (502), combining the message value (502) with one or more first secret values (400), said secret values (400) being known substantially only to the originating device and one or more intended recipient devices of the message, to establish a secret message value (506), applying the secret message value (506) and the message to an encoding process (602) to form a secure message block (604), and combining an address (616, 618) with a device identifier (408), the application identifier (406), the application value (412) and the secure message block (604), to form a secure message (606) for transmission which is decodable by the one or more of said intended recipient devices which thereby recover the message, the address, the device identifier, the application identifier and the application value.

Towards Making Luby-Rackoff Ciphers Optimal and Practical

Abstract: We provide new constructions for Luby-Rackoff block ciphers which are efficient in terms of computations and key material used. Next, we show that we can make some security guarantees for Luby-Rackoff block ciphers under much weaker and more practical assumptions about the underlying function; namely, that the underlying function is a secure Message Authentication Code. Finally, we provide a SHA-1 based example block cipher called Sha-zam.

Message authentication code using image histograms

Abstract: According to the principles of the invention, there is provided a system for generating a message authentication code for a conventional digital video stream. The system operates on the rows and columns of block data for a video stream, and more specifically on histograms of DC coefficients from each row and column, to produce a compact code that is nonetheless descriptive of the underlying images in the video stream. The message authentication code can be reproduced from the images of a received video stream, and if desired, compared with a digital watermark embedded in the video stream in order to confirm the accuracy of the video content or identify the source of the video stream.

Secure remote access to an Internet Web server

Abstract: We address the problem of secure remote access to a site's internal Web server from outside the firewall The goal is to give authorized users access to sensitive information, while protecting the information from others We implemented our solution using a one-time password scheme for client authentication and secure socket layer (SSL) for confidentiality Our main design considerations were security, performance, ease of use, availability, and scale We were further constrained by the desire to leave our firewall and local infrastructure unchanged

A new authentication protocol for roaming users in GSM networks

Abstract: Communicating while we are moving has been a desire for a long time. With mobile communication systems, mobile users can make and receive calls while they are moving independent of time, location and network access. One of the most attractive features that came with the Global System for Mobile communication (GSM) is roaming. Wireless systems are more vulnerable to fraudulent access and eavesdropping. As a remedy for that, GSM gives more importance to the user's privacy and authentication process. Although the process gives a reasonable security level, it overloads the network with significant signaling traffic and increases the call set-up time. The signaling load and the authentication delay are of particular importance and have become the subject of widespread research interest. In this paper, we study and analyze the GSM authentication protocols for roaming users, and propose a new scheme with less signaling traffic and better call set-up time.

Integrity-Aware PCBC Encryption Schemes

Abstract: Traditional encryption schemes, such as Cipher Block Chaining (CBC), are unable to detect integrity violations caused by adaptive chosen-message (i.e., chosen-plaintext and ciphertext) attacks when used with typical non-cryptographic Manipulation Detection Code (MDC) functions, such as bitwise exclusive-or, modular addition, CRC-32, and quadratic checksums. In this paper, we define secure Plaintext-Ciphertext Block Chaining (PCBC) schemes that detect such violations at a low performance cost, thereby preserving both message secrecy and integrity against chosen-message attacks. We present the salient properties of these schemes, their security, and preliminary performance measurements.

Broadcast authentication in group communication

Abstract: Traditional point-to-point message authentication systems have been extensively studied in the literature In this paper we consider authentication for group communication The basic primitive is a multireceiver authentication system with dynamic sender (DMRA-code) In a DMRA-code any member of a group can broadcast an authenticated message such that all other group members can individually verify its authenticity In this paper first we give a new and flexible 'synthesis' construction for DMRA-codes by combining an authentication code (A-code) and a key distribution pattern Next we extend DMRA-codes to tDMRA-codes in which t senders are allowed We give two constructions for tDMRA-codes, one algebraic and one by 'synthesis' of an A-code and a perfect hash family To demonstrate the usefulness of DMRA systems, we modify a secure dynamic conference key distribution system to construct a key-efficient secure dynamic conference system that provides secrecy and authenticity for communication among conferencees The system is key-efficient because the key requirement is essentially the same as the original conference key distribution system and so authentication is effectively obtained without any extra cost We show universality of 'synthesis' constructions for unconditional and computational security model that suggests direct application of our results to real-life multi-casting scenarios in computer networks We discuss possible extensions to this work

Fast checking of individual certificate revocation on small systems

Abstract: High-security network transactions require the checking of the revocation status of public key certificates. On mobile systems this may lead to excessive delays and unacceptable performance. This paper examines small system requirements and options, with a view to improving performance. It is shown that the use of keyed hash functions (message authentication codes) with a pre-registration option reduces network latency and allows stateless servers.

Method and device for generating approximate message authentication codes

Abstract: An approximate message authentication code (AMAC) which, like conventional message authentication codes, provides absolute authentication of the origin of the message, yet provides an approximate integrity check for the content of the message. The approximate integrity check will be computed probabilistically and will likely be the same for messages having only a small percentage of different bits. A distance measure on the AMACs, such as a Hamming distance measure, may be used to determine whether the number of bit differences between the messages is likely to be within an acceptable amount. The AMAC is a probabilistic checksum based on a shared key. The AMAC uses the message and a shared key as inputs. Optionally, an initial value may also be used as an input. In one version of the invention, the data in the message M are permuted and arranged (physically or logically) into a table having |A| bits in each column and T 2 rows, where T is may be an odd integer. The permuted data are masked, for example, to generate an unbiased, independent, identically distributed set of bits (1s and 0s). Taking T rows at a time, the majority bit value for each column is determined and that majority value is used to generate a new row. This procedure is repeated on the T new rows of majority bits. The resulting |A| bits is the AMAC.

Integrity and Performance in Network Attached Storage

Abstract: Computer security is of growing importance in the increasingly networked computing environment. This work examines the issue of high-performance network security, specifically integrity, by focusing on integrating security into network storage system. Emphasizing the cost-constrained environment of storage, we examine how current software-based cryptography cannot support storage's Gigabit/sec transfer rates. To solve this problem, we introduce a novel message authentication code, based on stored message digests. This allows storage to deliver high-performance, a factor of five improvement in our prototype's integrity protected bandwidth, without hardware acceleration for common read operations. For receivers, where precomputation cannot be done, we outline an inline message authentication code that minimizes buffering requirements.

On Probable Security for Conventional Cryptography

Abstract: Many previous results on the provable security of conventional cryptography have been published so far. We provide here handy tools based on Decorrelation Theory for dealing with them and we show how to make their proof easier. As an illustration we survey a few of these results and we (im)prove some by our technique.

Authentication via localized names

Abstract: We address the problem of message authentication using the /spl pi/-calculus, which has been given an operational semantics that provides each sequential process of a system with its own local space of names. We exploit here that semantics and its localized names to guarantee by construction that a message has been generated by a given entity. Therefore, our proposal can be seen as a reference for the analysis of "real" protocols. As an example, we study the way authentication is ensured by encrypting messages in the spi-calculus.

Embedded Security for Network-Attached Storage,

Abstract: : As storage interconnects evolve from single host small scale systems, such as traditional SCSI, to the multi-host Internet based systems of Network attached Secure Disks (NASD), protecting the integrity of data transfers between client and storage becomes essential. However, it is also computationally expensive and can impose significant performance penalties on storage systems. This paper explores several techniques that can protect the communications integrity of storage requests and data transfers, imposing very little performance penalty and significantly reducing the amount of required cryptography. Central to this work is an alternative cryptographic approach, called Hash and MAC, that reduces the cost of protecting the integrity of read traffic in storage devices that are unable to generate a message authentication code at full data transfers rates. Hash and MAC does this by precomputing security information, using and reusing the precomputed information on subsequent read requests. We also present a refined Hash and MAC approach that uses incremental hash functions to improve the performance of small read and write operations as well as non-block aligned operations.

Pitfalls in public key watermarking

Abstract: The cryptographic concept of digital signatures is well suited to image watermarking for authentication and integrity verification. However, the peculiar nature of watermarks demands special care in the application of digital signatures for this purpose. We cryptanalyze a recently proposed watermarking scheme and show how it can be strengthened to thwart our attacks, exploring the use of hashing function contexts and signature algorithms based on elliptic curve cryptography.

Digital Signature with Message Recovery and Authenticated Encryption (Signcryption)-A Comparison

Abstract: Mitchell and Yeun [8] showed that Chen’s scheme [2] is not a digital signature scheme with message recovery, whereas it should be called an authenticated encryption scheme. Also note that similar remarks have been made in [10] regarding schemes recently proposed by Zheng. Thus we will show that there are major differences between a digital signature scheme with message recovery and authenticated encryption scheme by proposing a digital signature with message recovery scheme and signcryption scheme as an example for comparison. The security of the schemes is based on intractability of solving the Diffie Hellman problem as well as finding a collision on one-way hash-function.