Skip to main content
SpringerLink
Log in

\(\mathcal{E}\)-MACs: Towards More Secure and More Efficient Constructions of Secure Channels

  • Conference paper
Information Security and Cryptology - ICISC 2010 (ICISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6829))

Included in the following conference series:

Abstract

In cryptography, secure channels enable the confidential and authenticated message exchange between authorized users. A generic approach of constructing such channels is by combining an encryption primitive with an authentication primitive (MAC). In this work, we introduce the design of a new cryptographic primitive to be used in the construction of secure channels. Instead of using general purpose MACs, we propose the employment of special purpose MACs, named “\(\mathcal{E}\)-MACs”. The main motive behind this work is the observation that, since the message must be both encrypted and authenticated, there can be a redundancy in the computations performed by the two primitives. If this turned out to be the case, removing such redundancy will improve the efficiency of the overall construction. In addition, computations performed by the encryption algorithm can be further utilized to improve the security of the authentication algorithm. In this work, we show how \(\mathcal{E}\)-MACs can be designed to reduce the amount of computations required by standard MACs based on universal hash functions, and show how \(\mathcal{E}\)-MACs can be secured against key-recovery attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  2. Bellare, M., Guerin, R., Rogaway, P.: XOR MACs: New methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)

    Google Scholar 

  3. Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. Journal of Computer and System Sciences 61(3), 362–399 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  4. Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm. ACM Transactions on Information and System Security 7(2), 241 (2004)

    Article  MATH  Google Scholar 

  5. Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology 21(4), 469–491 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  6. Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Bernstein, D.: Floating-point arithmetic and message authentication. Unpublished manuscript (2004), http://cr.yp.to/hash127.html

  8. Bernstein, D.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216–233. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  10. Blum, L., Blum, M., Shub, M.: A Simple Unpredictable Pseudo-random Number Generator. SIAM Journal on Computing 15, 364 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  11. Bosselaers, A., Govaerts, R., Vandewalle, J.: Fast hashing on the Pentium. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 298–312. Springer, Heidelberg (1996)

    Google Scholar 

  12. Canetti, H., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–472. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Carter, J., Wegman, M.: Universal classes of hash functions. In: Proceedings of the Ninth Annual ACM Symposium on Theory of Computing STOC 1977, pp. 106–112. ACM, New York (1977)

    Chapter  Google Scholar 

  14. Doraswamy, N., Harkins, D.: IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall, Englewood Cliffs (2003)

    Google Scholar 

  15. Dworkin, M.: Recommendation for block cipher modes of operation: The CMAC mode for authentication (2005)

    Google Scholar 

  16. Dworkin, M.: NIST Special Publication SP800-38D defining GCM and GMAC (2007)

    Google Scholar 

  17. Etzel, M., Patel, S., Ramzan, Z.: Square hash: Fast message authentication via optimized universal hash functions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 234–251. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Kohno, T.: Helix: Fast encryption and authentication in a single cryptographic primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. FIPS 113. Computer Data Authentication. Federal Information Processing Standards Publication, 113 (1985)

    Google Scholar 

  20. FIPS 198. The Keyed-Hash Message Authentication Code (HMAC). Federal Information Processing Standards Publication, 198 (2002)

    Google Scholar 

  21. Freier, A., Karlton, P., Kocher, P.: The SSL Protocol Version 3.0 (1996)

    Google Scholar 

  22. Gligor, V., Donescu, P.: Integrity-Aware PCBC Encryption Schemes. In: Proceedings of Security Protocols: 7th International Workshop, Cambridge, Uk, April 19-21, 1999 (2000)

    Google Scholar 

  23. Gligor, V., Donescu, P.: Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 20–92. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  24. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  25. Gubner, J.: Probability and random processes for electrical and computer engineers. Cambridge University Press, Cambridge (2006)

    Book  MATH  Google Scholar 

  26. Halevi, S., Krawczyk, H.: MMH: Software message authentication in the Gbit/second rates. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 172–189. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  27. Handschuh, H., Preneel, B.: Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 144–161. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  28. Hastad, J., Impagliazzo, R., Levin, L., Luby, M.: A Pseudorandom Generator from Any One-Way Function. SIAM Journal on Computing 28(4), 1364–1396 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  29. ISO/IEC 9797-1. Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher (1999)

    Google Scholar 

  30. ISO/IEC 9797-2. Information technology – Security techniques – Message Authentication Codes (MACs) – Part 2: Mechanisms using a dedicated hash-function (2002)

    Google Scholar 

  31. Iwata, T., Kurosawa, K.: omac: One-key cbc mac. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  32. Jutla, C.: Encryption modes with almost free message integrity. Journal of Cryptology 21(4), 547–578 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  33. Kaps, J., Yuksel, K., Sunar, B.: Energy scalable universal hashing. IEEE Transactions on Computers 54(12), 1484–1495 (2005)

    Article  Google Scholar 

  34. Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). Technical report, RFC 1510, (September 1993)

    Google Scholar 

  35. Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  36. Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)

    Google Scholar 

  37. Krawczyk, H.: New hash functions for message authentication. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 301–310. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  38. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  39. Mansour, Y., Nisan, N., Tiwari, P.: The computational complexity of universal hashing. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing–STOC 1990, pp. 235–243. ACM, New York (1990)

    Google Scholar 

  40. McGrew, D., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  41. Meyer, C., Matyas, S.: Cryptography: A New Dimension in Computer Data Security. John Wiley & Sons, Chichester (1982)

    MATH  Google Scholar 

  42. Preneel, B., Van Oorschot, P.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)

    Google Scholar 

  43. Preneel, B., Van Oorschot, P.: On the security of iterated message authentication codes. IEEE Transactions on Information theory 45(1), 188–199 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  44. Rogaway, P.: Bucket hashing and its application to fast message authentication. Journal of Cryptology 12(2), 91–115 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  45. Rogaway, P., Bellare, M., Black, J.: OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. ACM Transactions on Information and System Security 6(3), 365–403 (2003)

    Article  Google Scholar 

  46. Rogaway, P., Black, J.: PMAC: Proposal to NIST for a parallelizable message authentication code (2001)

    Google Scholar 

  47. Stinson, D.: Universal hashing and authentication codes. Designs, Codes and Cryptography 4(3), 369–380 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  48. van Tilborg, H.: Encyclopedia of cryptography and security. Springer, Heidelberg (2005)

    Book  MATH  Google Scholar 

  49. Wegman, M., Carter, J.: New classes and applications of hash functions. In: 20th Annual Symposium on Foundations of Computer Science–FOCS 1979, pp. 175–182. IEEE, Los Alamitos (1979)

    Google Scholar 

  50. Wegman, M., Carter, L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22(3), 265–279 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  51. Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Transport Layer Protocol. Technical report, RFC 4253 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Network Security Lab (NSL), University of Washington-Seattle, USA

    Basel Alomair & Radha Poovendran

Authors
  1. Basel Alomair
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Radha Poovendran
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of IT Convergence Application Engineering, Pukyong National University, 599-1 Daeyeon 3-Dong Namgu, 608-737, Busan, Republic of Korea

    Kyung-Hyune Rhee

  2. Department of Computer Science and Information Technology, INHA University, 253 Yonghyun-dong, Nam-gu, 402-751, Incheon, Republic of Korea

    DaeHun Nyang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alomair, B., Poovendran, R. (2011). \(\mathcal{E}\)-MACs: Towards More Secure and More Efficient Constructions of Secure Channels. In: Rhee, KH., Nyang, D. (eds) Information Security and Cryptology - ICISC 2010. ICISC 2010. Lecture Notes in Computer Science, vol 6829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24209-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24209-0_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24208-3

  • Online ISBN: 978-3-642-24209-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation