IIIT-Delhi Institutional Repository

New HMAC message patches : secret patch and CrOw patch

Show simple item record

dc.contributor.author Sharma, Nishant
dc.contributor.author Sanadhya, Somitra Kumar (Advisor)
dc.date.accessioned 2014-05-02T08:31:03Z
dc.date.available 2014-05-02T08:31:03Z
dc.date.issued 2014-05-02T08:31:03Z
dc.identifier.uri https://repository.iiitd.edu.in/jspui/handle/123456789/134
dc.description.abstract HMAC or keyed-hash message authentication code is a security implementation using cryptographic hash function (where hash function is iterative i.e. classical Merkle-Damgård construction [7] [12]) and a secret key. It was designed by Bellare, Canetti and Krawczyk in 1996 [3]. It was subsequently adopted by IETF working group as RFC 2104 [10] and made a standard for authentication in secure internet protocols. It is widely used in banking industry and secure web connections via its use in TLS and IPSEC. The security of HMAC was proven in [2] but this proof of security does not consider related key model. In Asiacrypt 2012, Peyrin et al. [13] showed related key attacks against HMAC design. Following this, they also proposed a patching scheme for standard HMAC and claimed that the proposed patch thwarts their attacks. However they didn't provide any security proof/explanation for the same. In this work, we show that the patch proposed by Peyrin et al. [13] will not disallow their attack for the HMAC construction for certain hash functions. We emphasize that our approach is valid for the general HMAC construction and not for the standardized version of HMAC, which uses a specific hash function, namely SHA-1. We show that the related key attacks of Peyrin et al. still work when HMAC is constructed from a "good" cryptographic hash function satisfying collision resistance, preimage resistance and second preimage resistance under certain circumstances. On similar lines, in Crypto 2012, Dodis et al. [8] showed differentiability attacks on HMAC based on weak keys (ambiguous and colliding). In order to thwart the two types of attacks, we propose two tweaks for thwarting the both attacks. One of them requires using wrapper patch, while the other uses a new padding scheme for HMAC. Our first modification requires our new patching schemes for HMAC which ensure the safety of HMAC scheme from the attacks discussed by Peyrin et al. [13]. Our second modification ensures that the HMAC will not have any colliding keys hence thwarting the attack of Dodis et al. [8]. Thus we show that the HMAC with one of our patches and new padding scheme is safe from cycle detection based related key attacks discussed by Peyrin et al. [13] and indifferentiability attacks using colliding pairs by Dodis et al. [8]. en_US
dc.language.iso en_US en_US
dc.subject HMAC en_US
dc.subject related key attack en_US
dc.subject Colliding key pairs en_US
dc.subject Indifferentiability en_US
dc.subject Distinguisher en_US
dc.subject Internal state recovery en_US
dc.title New HMAC message patches : secret patch and CrOw patch en_US
dc.type Thesis en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Repository

Advanced Search


My Account