Filters








4,659 Hits in 4.7 sec

Multiple forgery attacks against Message Authentication Codes [article]

David A. McGrew, Scott R. Fluhrer
2005 IACR Cryptology ePrint Archive  
Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs.  ...  We present multiple-forgery attacks against these algorithms, then analyze the security against these attacks by using the expected number of forgeries.  ...  For our purposes, A and C together constitute the message M . A multiple forgery attack against GCM works as follows.  ... 
dblp:journals/iacr/McGrewF05 fatcat:xvidstet5fgv7fy4dqxo4ubwsm

On Weak Keys and Forgery Attacks Against Polynomial-Based MAC Schemes [chapter]

Gordon Procter, Carlos Cid
2014 Lecture Notes in Computer Science  
Universal hash functions are commonly used primitives for fast and secure message authentication in the form of Message Authentication Codes (MACs) or Authenticated Encryption with Associated Data (AEAD  ...  As a result we are able to describe a general forgery attack, of which Saarinen's cycling attack from FSE 2012 is a special case.  ...  Joux's Forbidden Attack Joux's 'forbidden attack' against GCM [23] requires two messages, M and M , that are authenticated with the same (key, IV) pair.  ... 
doi:10.1007/978-3-662-43933-3_15 fatcat:gblsffjzjrfw7hnbxc3wuinwnm

On Weak Keys and Forgery Attacks Against Polynomial-Based MAC Schemes

Gordon Procter, Carlos Cid
2014 Journal of Cryptology  
Universal hash functions are commonly used primitives for fast and secure message authentication in the form of Message Authentication Codes (MACs) or Authenticated Encryption with Associated Data (AEAD  ...  As a result we are able to describe a general forgery attack, of which Saarinen's cycling attack from FSE 2012 is a special case.  ...  Joux's Forbidden Attack Joux's 'forbidden attack' against GCM [23] requires two messages, M and M , that are authenticated with the same (key, IV) pair.  ... 
doi:10.1007/s00145-014-9178-9 fatcat:jlq6pnq4ubfljdudifdbk3bqfi

Authentication Key Recovery on Galois/Counter Mode (GCM) [chapter]

John Mattsson, Magnus Westerlund
2016 Lecture Notes in Computer Science  
We also provide a complexity estimation of Ferguson's authentication key recovery method on short tags, and suggest several novel improvements to Fergusons's attacks that significantly reduce the security  ...  We show that feedback of successful or unsuccessful forgery attempts is almost always possible, contradicting the NIST assumptions for short tags.  ...  Galois Message Authentication Code (GMAC) is an authentication-only variant of GCM. It can be seen as a special case of GCM where the ciphertext C is the empty string.  ... 
doi:10.1007/978-3-319-31517-1_7 fatcat:gvxchwv5mvg2vjhh7xhdv7xj54

Stronger Security Bounds for Wegman-Carter-Shoup Authenticators [chapter]

Daniel J. Bernstein
2005 Lecture Notes in Computer Science  
Shoup proved that various message-authentication codes of the form (n, m) → h(m) + f (n) are secure against all attacks that see at most 1/ authenticated messages.  ...  Shoup's result implies that if AES is secure then various state-of-the-art message-authentication codes of the form (n, m) → h(m) + AES k (n) are secure up to 1/ authenticated messages.  ...  Then h(m) + f (n) is secure against all attacks that see at most √ #G authenticated messages.  ... 
doi:10.1007/11426639_10 fatcat:pd2u3i2zknalzj5ry4uy65qiii

Low cost multicast authentication via validity voting in time-triggered embedded control networks

Chris Szilagyi, Philip Koopman
2010 Proceedings of the 5th Workshop on Embedded Systems Security - WESS '10  
Our previous work provides multicast authentication for time-triggered applications on embedded networks by validating truncated message authentication codes across multiple packets.  ...  This can permit using fewer authentication bits per receiver. We derive an upper bound on the probability of successful forgery and experimentally verify it using simulated attacks.  ...  Our previous work amortizes authentication bandwidth costs over multiple timetriggered packets, using truncated Message Authentication Codes (MACs).  ... 
doi:10.1145/1873548.1873558 dblp:conf/cases/SzilagyiK10 fatcat:5a7m3xvmwvcjzajrfjddrq752u

Cryptanalysis of message authentication codes [chapter]

B. Preneel
1998 Lecture Notes in Computer Science  
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery attacks on MACs.  ...  The MACs described include CBC-MAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA.  ...  Therefore many applications still use conventional Message Authentication Code (MAC) algorithms to provide data integrity and data origin authentication.  ... 
doi:10.1007/bfb0030408 fatcat:eqqgqfxzfvcdzgk5xuuz5mlzge

Implementing TLS with Verified Cryptographic Security

K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P. Strub
2013 2013 IEEE Symposium on Security and Privacy  
Existential Forgery Attacks (INT-CMA) Let private k = KEYGEN() let private log = ref [] let mac t = log := t::!  ...  Code : integrity Sample functionality: Message Authentication Codes module MAC type text = bytes type key = bytes type mac = bytes val KEYGEN: unit -> key val MAC : key -> text -> mac  ... 
doi:10.1109/sp.2013.37 dblp:conf/sp/BhargavanFKPS13 fatcat:svicm2cgg5htjdf2tfzc3ogcya

Security of Analysis Liu's Signature Scheme

Shaoka Zhao, Chenglian Liu
2012 Energy Procedia  
In 2007, Liu proposed an improvement of Shieh et al. multi-signature scheme in mobile code system. There exist forgery attacks of multiplicative algebra method in his scheme.  ...  In this paper, we pointed out who do a forge attack successfully.  ...  It is therefore that the Liu's scheme cannot against forgery attack. 1] [2] [3] [4] [5] [6]. In Shieh et al. scheme . Our Attack  ... 
doi:10.1016/j.egypro.2012.02.150 fatcat:4yv2oc6rczc2fhefpcuz2wflne

Cycling Attacks on GCM, GHASH and Other Polynomial MACs and Hashes [chapter]

Markku-Juhani Olavi Saarinen
2012 Lecture Notes in Computer Science  
We present message forgery attacks that are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups.  ...  Our attacks can be used not only to bypass message authentication with garbage but also to target specific plaintext bits if a polynomial MAC is used in conjunction with a stream cipher.  ...  Targeted Multiple Bit Forgeries Our attacks enable elaborate message forgeries against authenticated encryption hybrids such as GCM due to the fact that the CTR encryption mode behaves like a stream cipher  ... 
doi:10.1007/978-3-642-34047-5_13 fatcat:xy2gsu5xkbgr7p2cpfppt7kuzu

Almost Universal Forgery Attacks on the COPA and Marble Authenticated Encryption Algorithms

Jiqiang Lu
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
In this paper, we cryptanalyse the basic cases of COPA, AES-COPA and Marble, that process messages of a multiple of the block size long; we present collision-based almost universal forgery attacks on the  ...  Designers should pay attention to these attacks when designing authenticated encryption algorithms with similar structures in the future, and should be careful when claiming the security of an advanced  ...  It combines the functionalities of a symmetric cipher and a message authentication code (MAC), and achieves data confidentiality and integrity/authenticity at one pass.  ... 
doi:10.1145/3052973.3052981 dblp:conf/ccs/Lu17 fatcat:ohmgow6klnecbppcoeqsr3awdi

"Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk
2019 Zenodo  
In this work we show practical forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five attack classes: (1) We analyze edge cases in S/MIME's container  ...  Digital signatures are supposed to guarantee authenticity and integrity of messages.  ...  At that time, message authenticity was not a major concern, so the early SMTP and email [1, 2] standards did not address confidentiality or the authenticity of messages.  ... 
doi:10.5281/zenodo.3610262 fatcat:dnaaczxb3vcslbtjcsrycvxbba

Flexible multicast authentication for time-triggered embedded control network applications

Christopher Szilagyi, Philip Koopman
2009 2009 IEEE/IFIP International Conference on Dependable Systems & Networks  
Our approach provides multicast authentication for timetriggered applications by validating truncated message authentication codes (MACs) across multiple packets.  ...  Protocols used in these networks omit support for authenticating messages to prevent masquerade and replay attacks.  ...  We have experimentally confirmed the probability of successful forgery attacks against our approach using a software simulation written in C.  ... 
doi:10.1109/dsn.2009.5270342 dblp:conf/dsn/SzilagyiK09 fatcat:4m76kc7hfrc63ki6cmmgbbkkou

Message Authentication Scheme Based on Chaotic Quantum Cryptosystem

Hang ZHANG, Tian-yu CAI, Tian-bo WU
2017 DEStech Transactions on Computer Science and Engineering  
And the security and reliability is analyzed which shows that this scheme could guarantee the message security validly against different kinds of attack.  ...  To solve that, the concept of message authentication is proposed which has been widely used and proved efficient.  ...  The scheme is also proved secure against normal attack in authentication field.  ... 
doi:10.12783/dtcse/wcne2016/5090 fatcat:gxfsmn6x65b5toeaaxaep4iapi

Forgery attacks on ++AE authenticated encryption mode

Hassan Qahur Al Mahri, Leonie Simpson, Harry Bartlett, Ed Dawson, Kenneth Koon-Ho Wong
2016 Proceedings of the Australasian Computer Science Week Multiconference on - ACSW '16  
We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages.  ...  Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher.  ...  Defining the in this way provides some protection against forgery attacks in which the message length is changed, such as only deleting or inserting blocks.  ... 
doi:10.1145/2843043.2843355 dblp:conf/acsc/MahriSBDW16 fatcat:whcwauqkqbcufbui2eznxxso6q
« Previous Showing results 1 — 15 out of 4,659 results