Abstract
A key derivation function is a function that generate one or more cryptographic keys from a private string together with some public information. The generated cryptographic key(s) must be indistinguishable from random binary strings of the same length. To date, there are designed of key derivation function proposals using cryptographic primitives such as hash functions, block ciphers and stream ciphers. The security of key derivation functions are based on the assumption that the underlying cryptographic primitives are secure from attacks. Unfortunately, the current works do not investigate the consequences for key derivation functions if the cryptographic primitives that are used to build the key derivation functions are broken. In this paper, we are confirmed by results of having the cryptographic primitives that are used to build the key derivation functions are broken, it allows the adversaries to distinguish the cryptographic key from the random binary string of the same length.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)
Cao, Z.: How to Launch A Birthday Attack Against DES. IACR Cryptology ePrint Archive 2008, vol. 288 (2008)
Chen, L.: NIST SP 800-56C: recommendation for key derivation through extraction-then-expansion. Technical report, NIST (2011)
Wen, C.C., Dawson, E., González Nieto, J.M., Simpson, L.: A framework for security analysis of key derivation functions. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 199–216. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29101-2_14
Chuah, C.W., Dawson, E., Simpson, L.: Key derivation function: The SCKDF scheme. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 125–138. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39218-4_10
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28628-8_30
Harkins, D., Carrel, D.: RFC 2409: The Internet Key Exchange (IKE). Technical report, Internet Engineering Task Force (1998)
Heer, T., Jokela, P., Henderson, T.: Host identity protocol version 2 (HIPv2). Technical report, Internet Engineering Task Force (2015)
Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_18
Krawczyk, H.: Cryptographic extraction and key derivation: The HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_34
Krawczyk, H., Eronen, P.: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). Technical report, RFC 5869 (2010)
Ma, Z.Q., Gu, D.W.: Improved differential fault analysis of SOSEMANUK. In: 2012 Eighth International Conference on Computational Intelligence and Security (CIS), pp. 487–491. IEEE (2012)
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005). doi:10.1007/11535218_1
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005). doi:10.1007/11535218_2
Xie, T., Liu, F.B., Feng, D.G.: Fast Collision Attack on MD5. IACR Cryptology ePrint Archive 2013:D170 (2013)
Zhu, L., Wasserman, M., Mills, W.: PKINIT Algorithm Agility. Technical report, Internet Engineering Task Force (2015)
Acknowledgments
This research was supported by Fundamental Research Grant Scheme (FRGS) 1558, ORICC UTHM.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Chuah, C.W., Mat Deris, M., Dawson, E. (2017). On the Security Analysis of Weak Cryptographic Primitive Based Key Derivation Function. In: Kim, K., Joukov, N. (eds) Information Science and Applications 2017. ICISA 2017. Lecture Notes in Electrical Engineering, vol 424. Springer, Singapore. https://doi.org/10.1007/978-981-10-4154-9_27
Download citation
DOI: https://doi.org/10.1007/978-981-10-4154-9_27
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4153-2
Online ISBN: 978-981-10-4154-9
eBook Packages: EngineeringEngineering (R0)