Abstract
This paper is concerned with the design of cryptographic APIs (Application Program Interfaces), and in particular with the part of such APIs concerned with computing Message Authentication Codes (MACs). In some cases it is necessary for the cryptographic API to offer the means to ‘part-compute’ a MAC, i.e. perform the MAC calculation for a portion of a data string. In such cases it is necessary for the API to input and output ‘chaining variables’. As we show in this paper, such chaining variables need very careful handling lest they increase the possibility of MAC key compromise. In particular, chaining variables should always be output in encrypted form; moreover the encryption should operate so that re-occurrence of the same chaining variable will not be evident from the ciphertext.
The views expressed in this paper are personal to the author and not necessarily those of Visa International
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
International Organization for Standardization Genève, Switzerland: ISO/IEC 9797-1, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher. (1999)
Preneel, B., van Oorschot, P.: On the security of iterated Message Authentication Codes. IEEE Transactions on Information Theory 45 (1999) 188–199
American Bankers Association Washington, DC: ANSI X9.9-1986 (revised), Financial institution message authentication (wholesale). (1986)
American Bankers AssociationWashington, DC: ANSI X9.19, Financial institution retail message authentication. (1986)
Electronic Frontier Foundation: Cracking DES: Secrets of encryption research, wiretap politics & chip design. O’Reilly (1998)
Preneel, B., van Oorschot, P.: A key recovery attack on the ANSI X9.19 retail MAC. Electronics Letters 32 (1996) 1568–1569
Knudsen, L., Preneel, B.: MacDES: MAC algorithm based on DES. Electronics Letters 34 (1998) 871–873
Wagner, D.: GSM cloning. http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html (1999)
Coppersmith, D., Mitchell, C.: Attacks on MacDES MAC algorithm. Electronics Letters 35 (1999) 1626–1627
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
IBM: (IBM PCI Cryptographic Coprocessor) http://www.3.ibm.com/security/cryptocards/html/overcca.shtml.
Baltimore: (KeyTools Overview) http://www.baltimore.com/keytools/.
Microsoft: (CryptoAPI Tools Reference) http://www.msdn.microsoft.com/library/psdk/crypto/cryptotools_0b11.htm.
RSA Laboratories: PKCS#11 Cryptographic Token Interface Standard. (1997) Version 2.01, http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brincat, K., Mitchell, C.J. (2001). Key Recovery Attacks on MACs Based on Properties of Cryptographic APIs. In: Honary, B. (eds) Cryptography and Coding. Cryptography and Coding 2001. Lecture Notes in Computer Science, vol 2260. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45325-3_7
Download citation
DOI: https://doi.org/10.1007/3-540-45325-3_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43026-1
Online ISBN: 978-3-540-45325-3
eBook Packages: Springer Book Archive