Loading...
Please wait, while we are loading the content...
Similar Documents
New HMAC message patches : secret patch and CrOw patch
| Content Provider | Indraprastha Institute of Information Technology, Delhi |
|---|---|
| Author | Sharma, Nishant |
| Abstract | HMAC or keyed-hash message authentication code is a security implementation using cryptographic hash function (where hash function is iterative i.e. classical Merkle-Damgård construction [7] [12]) and a secret key. It was designed by Bellare, Canetti and Krawczyk in 1996 [3]. It was subsequently adopted by IETF working group as RFC 2104 [10] and made a standard for authentication in secure internet protocols. It is widely used in banking industry and secure web connections via its use in TLS and IPSEC. The security of HMAC was proven in [2] but this proof of security does not consider related key model. In Asiacrypt 2012, Peyrin et al. [13] showed related key attacks against HMAC design. Following this, they also proposed a patching scheme for standard HMAC and claimed that the proposed patch thwarts their attacks. However they didn't provide any security proof/explanation for the same. In this work, we show that the patch proposed by Peyrin et al. [13] will not disallow their attack for the HMAC construction for certain hash functions. We emphasize that our approach is valid for the general HMAC construction and not for the standardized version of HMAC, which uses a specific hash function, namely SHA-1. We show that the related key attacks of Peyrin et al. still work when HMAC is constructed from a "good" cryptographic hash function satisfying collision resistance, preimage resistance and second preimage resistance under certain circumstances. On similar lines, in Crypto 2012, Dodis et al. [8] showed differentiability attacks on HMAC based on weak keys (ambiguous and colliding). In order to thwart the two types of attacks, we propose two tweaks for thwarting the both attacks. One of them requires using wrapper patch, while the other uses a new padding scheme for HMAC. Our first modification requires our new patching schemes for HMAC which ensure the safety of HMAC scheme from the attacks discussed by Peyrin et al. [13]. Our second modification ensures that the HMAC will not have any colliding keys hence thwarting the attack of Dodis et al. [8]. Thus we show that the HMAC with one of our patches and new padding scheme is safe from cycle detection based related key attacks discussed by Peyrin et al. [13] and indifferentiability attacks using colliding pairs by Dodis et al. [8]. |
| File Format | |
| Language | English |
| Access Restriction | Open |
| Subject Keyword | HMAC Related Key Attack Colliding key pairs Indifferentiability Distinguisher Internal state recovery |
| Content Type | Text |
| Educational Degree | Master of Technology (M.Tech.) |
| Resource Type | Thesis |
| Subject | Data processing & computer science |
