Abstract
In cryptography, secure channels enable the confidential and authenticated message exchange between authorized users. A generic approach of constructing such channels is by combining an encryption primitive with an authentication primitive (MAC). In this work, we introduce the design of a new cryptographic primitive to be used in the construction of secure channels. Instead of using general purpose MACs, we propose the employment of special purpose MACs, named “\(\mathcal{E}\)-MACs”. The main motive behind this work is the observation that, since the message must be both encrypted and authenticated, there can be a redundancy in the computations performed by the two primitives. If this turned out to be the case, removing such redundancy will improve the efficiency of the overall construction. In addition, computations performed by the encryption algorithm can be further utilized to improve the security of the authentication algorithm. In this work, we show how \(\mathcal{E}\)-MACs can be designed to reduce the amount of computations required by standard MACs based on universal hash functions, and show how \(\mathcal{E}\)-MACs can be secured against key-recovery attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Guerin, R., Rogaway, P.: XOR MACs: New methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)
Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. Journal of Computer and System Sciences 61(3), 362–399 (2000)
Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm. ACM Transactions on Information and System Security 7(2), 241 (2004)
Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology 21(4), 469–491 (2008)
Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
Bernstein, D.: Floating-point arithmetic and message authentication. Unpublished manuscript (2004), http://cr.yp.to/hash127.html
Bernstein, D.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005)
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999)
Blum, L., Blum, M., Shub, M.: A Simple Unpredictable Pseudo-random Number Generator. SIAM Journal on Computing 15, 364 (1986)
Bosselaers, A., Govaerts, R., Vandewalle, J.: Fast hashing on the Pentium. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 298–312. Springer, Heidelberg (1996)
Canetti, H., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–472. Springer, Heidelberg (2001)
Carter, J., Wegman, M.: Universal classes of hash functions. In: Proceedings of the Ninth Annual ACM Symposium on Theory of Computing STOC 1977, pp. 106–112. ACM, New York (1977)
Doraswamy, N., Harkins, D.: IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall, Englewood Cliffs (2003)
Dworkin, M.: Recommendation for block cipher modes of operation: The CMAC mode for authentication (2005)
Dworkin, M.: NIST Special Publication SP800-38D defining GCM and GMAC (2007)
Etzel, M., Patel, S., Ramzan, Z.: Square hash: Fast message authentication via optimized universal hash functions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 234–251. Springer, Heidelberg (1999)
Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Kohno, T.: Helix: Fast encryption and authentication in a single cryptographic primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)
FIPS 113. Computer Data Authentication. Federal Information Processing Standards Publication, 113 (1985)
FIPS 198. The Keyed-Hash Message Authentication Code (HMAC). Federal Information Processing Standards Publication, 198 (2002)
Freier, A., Karlton, P., Kocher, P.: The SSL Protocol Version 3.0 (1996)
Gligor, V., Donescu, P.: Integrity-Aware PCBC Encryption Schemes. In: Proceedings of Security Protocols: 7th International Workshop, Cambridge, Uk, April 19-21, 1999 (2000)
Gligor, V., Donescu, P.: Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 20–92. Springer, Heidelberg (2002)
Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)
Gubner, J.: Probability and random processes for electrical and computer engineers. Cambridge University Press, Cambridge (2006)
Halevi, S., Krawczyk, H.: MMH: Software message authentication in the Gbit/second rates. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 172–189. Springer, Heidelberg (1997)
Handschuh, H., Preneel, B.: Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 144–161. Springer, Heidelberg (2008)
Hastad, J., Impagliazzo, R., Levin, L., Luby, M.: A Pseudorandom Generator from Any One-Way Function. SIAM Journal on Computing 28(4), 1364–1396 (1999)
ISO/IEC 9797-1. Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher (1999)
ISO/IEC 9797-2. Information technology – Security techniques – Message Authentication Codes (MACs) – Part 2: Mechanisms using a dedicated hash-function (2002)
Iwata, T., Kurosawa, K.: omac: One-key cbc mac. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Jutla, C.: Encryption modes with almost free message integrity. Journal of Cryptology 21(4), 547–578 (2008)
Kaps, J., Yuksel, K., Sunar, B.: Energy scalable universal hashing. IEEE Transactions on Computers 54(12), 1484–1495 (2005)
Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). Technical report, RFC 1510, (September 1993)
Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)
Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)
Krawczyk, H.: New hash functions for message authentication. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 301–310. Springer, Heidelberg (1995)
Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)
Mansour, Y., Nisan, N., Tiwari, P.: The computational complexity of universal hashing. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing–STOC 1990, pp. 235–243. ACM, New York (1990)
McGrew, D., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)
Meyer, C., Matyas, S.: Cryptography: A New Dimension in Computer Data Security. John Wiley & Sons, Chichester (1982)
Preneel, B., Van Oorschot, P.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)
Preneel, B., Van Oorschot, P.: On the security of iterated message authentication codes. IEEE Transactions on Information theory 45(1), 188–199 (1999)
Rogaway, P.: Bucket hashing and its application to fast message authentication. Journal of Cryptology 12(2), 91–115 (1999)
Rogaway, P., Bellare, M., Black, J.: OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. ACM Transactions on Information and System Security 6(3), 365–403 (2003)
Rogaway, P., Black, J.: PMAC: Proposal to NIST for a parallelizable message authentication code (2001)
Stinson, D.: Universal hashing and authentication codes. Designs, Codes and Cryptography 4(3), 369–380 (1994)
van Tilborg, H.: Encyclopedia of cryptography and security. Springer, Heidelberg (2005)
Wegman, M., Carter, J.: New classes and applications of hash functions. In: 20th Annual Symposium on Foundations of Computer Science–FOCS 1979, pp. 175–182. IEEE, Los Alamitos (1979)
Wegman, M., Carter, L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22(3), 265–279 (1981)
Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Transport Layer Protocol. Technical report, RFC 4253 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alomair, B., Poovendran, R. (2011). \(\mathcal{E}\)-MACs: Towards More Secure and More Efficient Constructions of Secure Channels. In: Rhee, KH., Nyang, D. (eds) Information Security and Cryptology - ICISC 2010. ICISC 2010. Lecture Notes in Computer Science, vol 6829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24209-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-24209-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24208-3
Online ISBN: 978-3-642-24209-0
eBook Packages: Computer ScienceComputer Science (R0)