Showing papers on "Message authentication code published in 2003"
Book•
01 Jan 2003
TL;DR: In this article, the authors present a survey of the most popular methods for teaching creativity in the field of cryptography and apply them in the context of public-key cryptography and RSA.
Abstract: NOTATION PREFACE CHAPTER 0 READER'S GUIDE CHAPTER 1 OVERVIEW PART ONE SYMMETRIC CIPHERS CHAPTER 2 CLASSICAL ENCRYPTION TECHNIQUES CHAPTER 3 BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD CHAPTER 4 INTRODUCTION TO FINITE FIELDS CHAPTER 5 ADVANCED ENCRYPTION STANDARD CHAPTER 6 MORE ON SYMMETRIC CIPHERS CHAPTER 7 CONFIDENTIALITY USING SYMMETRIC ENCRYPTION PART TWO PUBLIC-KEY ENCRYPTION AND HASH FUNCTIONS CHAPTER 8 INTRODUCTION TO NUMBER THEORY CHAPTER 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA CHAPTER 10 KEY MANAGEMENT OTHER PUBLIC-KEY CRYPTOSYSTEMS CHAPTER 11 MESSAGE AUTHENTICATION AND HASH FUNCTIONS 1 CHAPTER 12 HASH AND MAC ALGORITHMS CHAPTER 13 DIGITAL SIGNATURES AND AUTHENTICATION PROTOCOLS PART THREE NETWORK SECURITY PRACTICE CHAPTER 14 AUTHENTICATION APPLICATIONS CHAPTER 15 ELECTRONIC MAIL SECURITY CHAPTER 16 IP SECURITY CHAPTER 17 WEB SECURITY PART FOUR SYSTEM SECURITY CHAPTER 18 INTRUDERS CHAPTER 19 MALICIOUS SOFTWARE CHAPTER 20 FIREWALLS APPENDICES APPENDIX A STANDARDS AND STANDARD-SETTING ORGANIZATIONS APPENDIX B PROJECTS FOR TEACHING CRYPTOGRAPHY AND NETWORK SECURITY ONLINE APPENDICES APPENDIX C SIMPLIFIED DES APPENDIX D THE MEANING OF mod APPENDIX E MORE ON SIMPLIFIED AES APPENDIX F KNAPSACK PUBLIC-KEY ALGORITHM APPENDIX G PROOF OF THE DIGITAL SIGNATURE ALGORITHM GLOSSARY REFERENCES INDEX LIST OF ACRONYMS
1,569 citations
11 May 2003
TL;DR: A formal definition for secure secret handshakes is proposed, and it is proved that the pairing-based schemes are secure under the Bilinear Diffie-Hellman assumption.
Abstract: Consider a CIA agent who wants to authenticate herself to a server but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents - not even to other CIA servers. We first show how pairing-based cryptography can be used to implement such secret handshakes. We then propose a formal definition for secure secret handshakes, and prove that our pairing-based schemes are secure under the Bilinear Diffie-Hellman assumption. Our protocols support role-based group membership authentication, traceability, indistinguishability to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secret-handshake scheme can be implemented as a TLS cipher suite. We report on the performance of our preliminary Java implementation.
328 citations
TL;DR: A different attack on Hwang-Li scheme is shown which is easier and simpler and an enhanced scheme for repairing the above attacks is presented.
Abstract: Hwang and Li (see IEEE Trans. Consumer Electron., vol.46, no.1, p.28-30, 2000) proposed a new remote authentication scheme using smart cards. Their scheme is based on the ElGamal's public key cryptosystem. However, Chan and Cheng (see IEEE Trans. Consumer Electron., vol.46, p.992-993, 2000) pointed out that the scheme is vulnerable to the masquerade attack. In this article, we show a different attack on Hwang-Li scheme which is easier and simpler. Furthermore, we present an enhanced scheme for repairing the above attacks.
280 citations
13 Apr 2003
TL;DR: This paper provides a comprehensive treatment of forwardsecurity, as a practical means to mitigate the damage caused by key-exposure, in the context of shared-key based cryptographic primitives, by identifying forwardsecure pseudorandom bit generators as the central primitive and showing how forward-secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes.
Abstract: This paper provides a comprehensive treatment of forwardsecurity in the context of shared-key based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure. We provide definitions of security, practical proven-secure constructions, and applications for the main primitives in this area. We identify forwardsecure pseudorandom bit generators as the central primitive, providing several constructions and then showing how forward-secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes for these problems coupled with forwardsecure pseudorandom bit generators. We then apply forward-secure message authentication schemes to the problem of maintaining secure access logs in the presence of break-ins.
261 citations
22 Apr 2003
TL;DR: The resilience of INSENS's multipath performance against various forms of communication-based attacks by intruders is evaluated in simulation.
Abstract: This paper evaluates the performance of INSENS, an INtrusion-tolerant routing protocol for wireless SEnsor Networks. Security in sensor networks is important in battlefield monitoring and home security applications to prevent intruders from eavesdropping, from tampering with sensor data, and from launching denial-of-service (DOS) attacks against the entire network. The resilience of INSENS's multipath performance against various forms of communication-based attacks by intruders is evaluated in simulation. Within the context of INSENS, the paper evaluates implementations on the motes of the RC5 and AES encryption standards, an RC5-based scheme to generate message authentication codes (MACs), and an RC5-based generation of one-way sequence numbers.
225 citations
01 Jan 2003
TL;DR: WS-Security as mentioned in this paper describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication, which can be used to accommodate a wide variety of security models and encryption technologies.
Abstract: WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.
219 citations
08 Dec 2003
TL;DR: A secure version of ARP that provides protection against ARP poisoning and performance measurements show that PKI based strong authentication is feasible to secure even low level protocols, as long as the overhead for key validity verification is kept small.
Abstract: Tapping into the communication between two hosts on a LAN has become quite simple thanks to tools that can be downloaded from the Internet. Such tools use the address resolution protocol (ARP) poisoning technique, which relies on hosts caching reply messages even though the corresponding requests were never sent. Since no message authentication is provided, any host of the LAN can forge a message containing malicious information. We present a secure version of ARP that provides protection against ARP poisoning. Each host has a public/private key pair certified by a local trusted party on the LAN, which acts as a certification authority. Messages are digitally signed by the sender, thus preventing the injection of spurious and/or spoofed information. As a proof of concept, the proposed solution was implemented on a Linux box. Performance measurements show that PKI based strong authentication is feasible to secure even low level protocols, as long as the overhead for key validity verification is kept small.
190 citations
TL;DR: The chaotic cryptographic scheme is generalized so that it can perform both encryption and hashing to produce the cipher text as well as the hash value for a given message.
187 citations
22 Jun 2003
TL;DR: A method for deciding the insecurity of cryptographic protocols in presence of the standard Dolev-Yao intruder extended with so-called oracle rules, i.e., deduction rules that satisfy certain conditions is provided.
Abstract: We provide a method for deciding the insecurity of cryptographic protocols in presence of the standard Dolev-Yao intruder (with a finite number of sessions) extended with so-called oracle rules, i.e., deduction rules that satisfy certain conditions. As an instance of this general framework, we ascertain that protocol insecurity is in NP for an intruder that can exploit the properties of the XOR operator. This operator is frequently used in cryptographic protocols but cannot be handled in most protocol models. An immediate consequence of our proof is that checking whether a message can be derived by an intruder (using XOR) is in P. We also apply our framework to an intruder that exploits properties of certain encryption modes such as cipher block chaining (CBC).
173 citations
TL;DR: This work considers the special case where the legitimate partners already share a mutual string which might, however, be partially known to the adversary, and proposes two protocols, one based on universal hashing and onebased on extractors, allowing for privacy amplification secure against an adversary whose knowledge about the initial partially secret string is limited to one third of the length of this string.
Abstract: For pt. II see ibid., vol.49, no.4, p.832-38 (2003). Here, we consider the special case where the legitimate partners already share a mutual string which might, however, be partially known to the adversary. The problem of generating a secret key in this case has been well studied in the passive-adversary model - for instance, in the context of quantum key agreement - under the name of privacy amplification. We consider the same problem with respect to an active adversary and propose two protocols, one based on universal hashing and one based on extractors, allowing for privacy amplification secure against an adversary whose knowledge about the initial partially secret string is limited to one third of the length of this string. Our results are based on novel techniques for authentication secure even against adversaries knowing a substantial amount of the "secret" key.
163 citations
01 Nov 2003
TL;DR: E-mail-based identification and authentication is an emerging alternative to public-key infrastructure that overcomes many problems inherent with traditional authentication techniques, such as social security numbers, and provides functional security when used within a limited context.
Abstract: E-mail-based identification and authentication is an emerging alternative to public-key infrastructure. It overcomes many problems inherent with traditional authentication techniques, such as social security numbers, and. provides functional security when used within a limited context.
13 Apr 2003
TL;DR: Montgomery Prime Hashing is a scheme for message authentication based on universal hashing that achieves good, provable security and performance is comparable to that of other high-speed schemes such as MMH.
Abstract: Montgomery Prime Hashing (MPH) is a scheme for message authentication based on universal hashing.I n MPH, roughly speaking, the hash value is computed as the Montgomery residue of the message with respect to a secret modulus.The modulus value is structured in a way that allows fast, compact implementations in both hardware and software.The set of allowed modulus values is large, and as a result, MPH achieves good, provable security.
MPH performance is comparable to that of other high-speed schemes such as MMH. An advantage of MPH is that the secret key (i.e., the modulus) is small, typically 128-256 bits, while in MMH the secret key is typically much larger.I n applications where MMH key length is problematic, MPH may be an attractive alternative.
TL;DR: A new scheme is presented which also overcomes a different type of attack on this scheme and previously generated passwords are secure even if the secret key of the system is leaked or is stolen.
Abstract: In 2000, Hwang and Li proposed a new remote user authentication scheme using smart cards. Chan and Chang showed that the masquerade attack is successful on this scheme. Recently Shen, Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects. In this paper we present a new scheme which also overcomes these attacks. In this scheme previously generated passwords are secure even if the secret key of the system is leaked or is stolen.
01 Mar 2003
TL;DR: The USA National Institute of Standards and Technology selected the Advanced Encryption Standard, a new standard symmetric key encryption algorithm, from 15 qualifying algorithms.
Abstract: The USA National Institute of Standards and Technology selected the Advanced Encryption Standard, a new standard symmetric key encryption algorithm, from 15 qualifying algorithms. NIST has also made efforts to update and extend their standard cryptographic modes of operation.
24 Nov 2003
TL;DR: The radon transform and principal component analysis are used to extract characteristics robust against geometrical transformation (rotation and scaling) and image processing attacks (compression, filtering, blurring).
Abstract: Watermarking is largely used for copyright protection and fast search of images in databases. Another method for securely identifying images is to use hash functions. Digital signature standard, used in cryptosystem to dispute authentication documents, is based on hash functions. A digital signature is a bit stream dependent on key and content of document. For each document, the digital signature algorithm provides a unique output bit stream. In order to be efficient in images, the digital signature should be different if and only if the image content, and not the input bit stream, is different. Our new method is a one-way function for images. Using the radon transform and principal component analysis, we extract characteristics robust against geometrical transformation (rotation and scaling) and image processing attacks (compression, filtering, blurring).
TL;DR: The idea behind the proposed technique is to introduce a simple mechanism which is called "self-encryption" and it is suggested that this mechanism can be easily adopted as the authentication function for the secure teleconference service.
Abstract: A simple authentication technique for use in the global mobility network (GLOMONET) is proposed. This technique is based on the concept of distributed security management, i.e., the original security manager administrates the original authentication key (long-term secret key) acquired when a user makes a contract with his home network, while a temporary security manager is generated for a roaming user in the visited network that provides roaming services. The temporary security manager will take the place of the original security manager when the roaming user stays in the service area of the visited network. In the proposed authentication protocol for the regular communication phase, the procedures of the original security manager and the temporary security manager are the same except for introducing different parameters. Furthermore, the proposed technique not only reduces the number of transmissions during the authentication phase, but it also can decrease the complexity of mobile equipment. The idea behind the proposed technique is to introduce a simple mechanism which is called "self-encryption". We also suggest that this mechanism can be easily adopted as the authentication function for the secure teleconference service.
TL;DR: An analytic model to investigate the impact of K on the network signaling traffic and an automatic K-selection mechanism that dynamically selects the size of the AV array to reduce the network signaled cost are proposed.
Abstract: In the Universal Mobile Telecommunication System (UMTS), authentication functions are utilized to identify and authenticate a mobile station (MS) and validate the service request type to ensure that the user is authorized to use the particular network services. The authenticating parties are the authentication center (AuC) in the home network and the MS. In the UMTS, the serving general packet radio service support node (SGSN) accesses the AuC to obtain the authentication data, and delegates the AuC to perform mutual authentication with the MS. Since the cost for accessing AuC is expensive, the SGSN may obtain an array of authentication vectors (AVs) at a time so that the number of accesses can be reduced. On the other hand, if the size K of the AV array is large, the AV array transmission from the AuC to the SGSN may be expensive. Thus, it is desirable to select an appropriate K value to minimize the authentication network signaling cost. We propose an analytic model to investigate the impact of K on the network signaling traffic, which is validated by simulation experiments. Then, we propose an automatic K-selection mechanism that dynamically selects the size of the AV array to reduce the network signaling cost. Our study indicates that the automatic K-selection mechanism effectively identifies appropriate size of the authentication vector array.
25 May 2003
TL;DR: A VLSI architecture for the SHA-2 family is proposed, which can substitute efficiently the previous SHA-1 standard implementations, in every integrity security scheme, with higher offered security level, and better performance.
Abstract: Couple to the communications wired and unwired networks growth, is the increasing demand for strong secure data transmission. New cryptographic standards are developed, and new encryption algorithms are designed, in order to satisfy the special needs for security. SHA-2 is the newest powerful standard in the hash functions families. In this paper, a VLSI architecture for the SHA-2 family is proposed. For every hash function SHA-2 (256, 384, and 512) of this standard, a hardware implementation is presented. All the implementations are examined and compared in the supported security level and in the performance by using hardware terms. This work can substitute efficiently the previous SHA-1 standard implementations, in every integrity security scheme, with higher offered security level, and better performance. In addition, the proposed implementations could be applied alternatively in the integrations of digital signature algorithms, keyed-hash message authentication codes and in random numbers generators architectures.
Journal Article•
TL;DR: The conclusion is that CCM provides a level of privacy and authenticity that is in line with other proposed modes such as OCB.
Abstract: We analyze the security of the CTR + CBC-MAC (CCM) encryption mode. This mode, proposed by Doug Whiting, Russ Housley, and Niels Ferguson, combines the CTR (counter) encryption mode with CBC-MAC message authentication and is based on a block cipher such as AES. We present concrete lower bounds for the security of CCM in terms of the security of the underlying block cipher. The conclusion is that CCM provides a level of privacy and authenticity that is in line with other proposed modes such as OCB.
13 Apr 2003
TL;DR: A comprehensive treatment of forward-security in the context of shared-key based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure, identifies forward-secure pseudorandom bit generators as the central primitive and shows how forward- secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes.
Abstract: This paper provides a comprehensive treatment of forward-security in the context of shared-key based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure. We provide definitions of security, practical proven-secure constructions, and applications for the main primitives in this area. We identify forward-secure pseudorandom bit generators as the central primitive, providing several constructions and then showing how forward-secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes for these problems coupled with forward-secure pseudorandom bit generators. We then apply forward-secure message authentication schemes to the problem of maintaining secure access logs in the presence of break-ins.
01 Jan 2003
TL;DR: In this article, a comprehensive treatment of forward security in the context of shared-key based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure, is provided.
Abstract: This paper provides a comprehensive treatment of forward-security in the context of shared-key based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure. We provide definitions of security, practical proven-secure constructions, and applications for the main primitives in this area. We identify forward-secure pseudorandom bit generators as the central primitive, providing several constructions and then showing how forward-secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes for these problems coupled with forward-secure pseudorandom bit generators. We then apply forward-secure message authentication schemes to the problem of maintaining secure access logs in the presence of break-ins.
01 Sep 2003
TL;DR: This memo specifies the use of AES in CBC mode with a set of extensions to overcome this limitation and names a new algorithm is named AES-XCBC-MAC-96.
Abstract: A Message Authentication Code (MAC) is a key-dependent one way hash function. One popular way to construct a MAC algorithm is to use a block cipher in conjunction with the Cipher-Block-Chaining (CBC) mode of operation. The classic CBC-MAC algorithm, while secure for messages of a pre-selected fixed length, has been shown to be insecure across messages of varying lengths such as the type found in typical IP datagrams. This memo specifies the use of AES in CBC mode with a set of extensions to overcome this limitation. This new algorithm is named AES-XCBC-MAC-96.
TL;DR: A new approach to binary image authentication in multimedia communication with distortion reduction and security enhancement is proposed and special codes are embedded into the blocks of given images and verified to accomplish the authentication purpose.
Abstract: A new approach to binary image authentication in multimedia communication with distortion reduction and security enhancement is proposed. Special codes are embedded into the blocks of given images and verified to accomplish the authentication purpose. Enhancement of security in detecting tampered images is achieved by randomly generating the codes and embedding them into randomly selected locations in the image blocks. The reduction of image distortion coming from pixel value replacement in code embedding is carried out by allowing multiple locations for embedding the codes. Security analysis and experimental results are also included to show the effectiveness of the proposed approach.
06 Jul 2003
TL;DR: A novel content-based image authentication framework which embeds the authentication information into the host image using a lossless data hiding approach and can tolerate JPEG compression to a certain extent while rejecting common tampering to the image.
Abstract: In this paper, we present a novel content-based image authentication framework which embeds the authentication information into the host image using a lossless data hiding approach. In this framework the features of a target image are first extracted and signed using the digital signature algorithm (DSA). The authentication information is generated from the signature and the features are then inserted into the target image using a lossless data hiding algorithm. In this way, the unperturbed version of the original image can be obtained after the embedded data are extracted. An important advantage of our approach is that it can tolerate JPEG compression to a certain extent while rejecting common tampering to the image. The experimental results show that our framework works well with JPEG quality factors greater than or equal to 80 which are acceptable for most authentication applications.
Patent•
27 Mar 2003TL;DR: In this paper, an architecture for authenticating packets is presented that includes: an input 322 operable to receive a packet, the packet comprising at least one of a transport, session and presentation header portion and a transport agent 312 operability to compute a first message authentication code based on at least some of the contents of the packet and compare the first message Authentication code with a second message authentication codes in the at least 1 transport header portion to authenticate the packet.
Abstract: An architecture for authenticating packets is provided that includes: an input 322 operable to receive a packet, the packet comprising at least one of a transport, session and presentation header portion and a transport agent 312 operable to compute a first message authentication code based on at least some of the contents of the packet and compare the first message authentication code with a second message authentication code in the at least one of a transport, session, and presentation header portion to authenticate the packet.
17 Jun 2003
TL;DR: A new conditional access system architecture that uses XML digital signature and encryption to securely distribute audio, video, image, and data on the Web and supports payment transactions in a secure environment is proposed.
Abstract: A new conditional access system architecture is proposed. It uses XML digital signature and encryption to securely distribute audio, video, image, and data on the Web. It also supports payment transactions in a secure environment.
24 Nov 2003
TL;DR: It is proved that the dither sequence can be used to guarantee information-theoretic security and applications of the proposed secure image hashing scheme include video watermarking, image authentication, and image database management.
Abstract: We propose an image hashing algorithm that is based on distributed compression principles. The algorithm assumes the availability of a robust feature vector extracted from the image. Then a suitable dither sequence is added to this feature vector, and the resulting dithered feature vector is compressed using distributed compression principles. We prove that the dither sequence can be used to guarantee information-theoretic security. Applications of our proposed secure image hashing scheme include video watermarking, image authentication, and image database management.
02 Apr 2003
TL;DR: This topic has interested me for a number of years, and hopefully I have now got a handle on it and can offer some guarantees of access in spite of flooding attacks in distributed denial of service instances.
Abstract: I'd like to be able to offer some guarantees of access in spite of flooding attacks in distributed denial of service instances This is a topic that has interested me for a number of years, and hopefully I have now got a handle on it
In large open networks, in which all clients are legitimately authorised access to a particular service – regardless of their speed, or their location, or any other attributes – we'd obviously like to have client registration and authentication become unnecessary for service access Of course, authentication might be necessary to control access to certain objects within the particular service, but that has nothing to do with whether or not the client can actually address or access the service
27 Oct 2003
TL;DR: This work proposes a quite simple solution for inserting a secure authentication watermarking in dispersed-dot halftone images and can be used with both secret-key or public-key ciphers.
Abstract: Authentication watermarking is a hidden data inserted into an image, in order to detect any alterations. It seems to be almost impossible to design a really secure authentication watermarking without making use of the solid cryptography theory and techniques. In a cryptography-based authentication watermarking, a message authentication code (or digital signature) of the whole image is computed and the resulting code is inserted into the image itself. However, inserting the code alters the image and consequently its authentication code, invalidating the watermark. To avoid this problem, for gray-scale or color image, usually the least significant bits (LSBs) are cleared, the authentication code of the LSB-cleared image is computed and then the code is inserted into LSBs. Surely, one cannot perform the same procedure for binary images. We propose a quite simple solution for inserting a secure authentication watermarking in dispersed-dot halftone images. This technique can also be applied to any kind of binary images (including clustered-dot halftones), though the visual quality is not as good as when applied to dispersed-dot halftones. The proposed technique can be used with both secret-key or public-key ciphers.
Patent•
15 Oct 2003TL;DR: In this article, a system for communicating over electrical wiring in a house or other building is presented, where components are grouped and each group is assigned a group identifier code, and each message includes message data, and a message authentication code (MAC) that is calculated for each message.
Abstract: A system for communicating over electrical wiring in a house or other building is presented. Components are grouped and each group is assigned a group identifier code. Components communicates only with components of the same group, using the group identifier code. Each message includes the group identifier code, message data, and a message authentication code (MAC) that is calculated for each message. A receiving component disregards any message whose group identifier code is not the same as that of the receiving component. MACs are calculated using a shared key value and a one-way hash function. The shared key value, in turn, is taken from an ordered sequence of key values that is defined for each component group based on a counter value. To change to a new key value, one component of the group simply starts using the new key value. When a receiving component receives a message that does not.