Backdoored Hash Functions: Immunizing HMAC and HKDF

Fischlin, Marc; Janson, Christian; Mazaheri, Sogol

doi:10.1109/csf.2018.00015

Cited by 18 publications

(20 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For an attacker, it would be unfeasible to generate table mappings without knowing the secret key, as this would require generating hashes for every possible combination of values that a system transmits using every possible secret key. Additionally, according to Reference [6], a hash function needs to meet specific security objectives such as preimage resistance, second preimage resistance, and collision resistance. Preimage resistance refers to the one-wayness of a function, where it would be unfeasible to find a string of data that generates a specific digest of a given function.…”

Section: Value-to-hmac Mappingmentioning

confidence: 99%

Vulnerabilities and Limitations of MQTT Protocol Used between IoT Devices

2019

View full text Add to dashboard Cite

With the proliferation of smart devices capable of communicating over a network using different protocols, each year more and more successful attacks are recorded against these, underlining the necessity of developing and implementing mechanisms to protect against such attacks. This paper will review some existing solutions used to secure a communication channel, such as Transport Layer Security or symmetric encryption, as well as provide a novel approach to achieving confidentiality and integrity of messages. The method, called Value-to-Keyed-Hash Message Authentication Code (Value-to-HMAC) mapping, uses signatures to send messages, instead of encryption, by implementing a Keyed-Hash Message Authentication Code generation algorithm. Although robust solutions exist that can be used to secure the communication between devices, this paper considers that not every Internet of Things (IoT) device or network design is able to afford the overhead and drop in performance, or even support such protocols. Therefore, the Value-to-HMAC method was designed to maximize performance while ensuring the messages are only readable by the intended node. The experimental procedure demonstrates how the method will achieve better performance than a symmetric-key encryption algorithm, while ensuring the confidentiality and integrity of information through the use of one mechanism.

show abstract

Section: Value-to-hmac Mappingmentioning

confidence: 99%

Vulnerabilities and Limitations of MQTT Protocol Used between IoT Devices

2019

View full text Add to dashboard Cite

show abstract

“…• The issue of backdooring MACs is studied in [FJM18], where the authors discuss the ability of backdooring hash functions. Then, using these backdoored hash functions, they construct a backdoored HMAC construction (among others).…”

Section: Kleptographymentioning

confidence: 99%

“…Some techniques for preventing the exploitation of backdoors in some specific constructions have been proposed e.g. for HMAC and HKDF [FJM18]. Unswervingness is more general as it can be applied to any primitive.…”

Section: Unswervingness: a Better Rigidity For Symmetric Primitives 5mentioning

confidence: 99%

Adapting Rigidity to Symmetric Cryptography

Dunkelman

Perrin

2019

Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop

View full text Add to dashboard Cite

While designers of cryptographic algorithms are rarely considered as potential adversaries, past examples, such as the standardization of the Dual EC PRNG highlights that the story might be more complicated.To prevent the existence of backdoors, the concept of rigidity was introduced in the specific context of curve generation. The idea is to first state a strict scope statement for the properties that the curve needs to have and then pick e.g. the one with the smallest parameters. The aim is to ensure that the designers did not have the degrees of freedom that allows the addition of a trapdoor. In this paper, we apply this approach to symmetric algorithms. The task is challenging because the corresponding primitives are more complex: they consist of several subcomponents of different types, and the properties required by these sub-components to achieve the desired security level are not as clearly defined. Furthermore, security often comes in this case from the interplay between these components rather than from their individual properties. In this paper, we argue that it is nevertheless necessary to demand that symmetric algorithms have a similar but, due to their different nature, more complex property which we call "unswervingness". We motivate this need via a study of the literature on symmetric "kleptography" and via the study of some real-world standards. We then suggest some guidelines that could be used to leverage the unswervingness of a symmetric algorithm to standardize a highly trusted and equally safe variant of it.

show abstract

“…The file name is generated by encrypting a file's actual identifier with the data owner's secret key. The hash values are generated using an efficient hash function [16]. As a result, cloud can only see the encrypted file name and the hash values of searchable attributes.…”

Section: Building Secure Search Indexmentioning

confidence: 99%

“…The hash string is generated by the data consumer using a backdoor. The backdoor is a secret information that is used during the hash generation [16]. It allows the data consumer to generate the same hash string for the search keywords that was generated by the data owner during search index construction.…”

Section: Introductionmentioning

confidence: 99%

A Novel Privacy Preserving Search Technique for Stego Data in Untrusted Cloud

Rahman

Khalil

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

We propose the first privacy preserving search technique for stego health data in untrusted cloud in this paper. The Cloud computing is a popular technology to the healthcare providers for outsourcing health data due to flexibility and cost effectiveness. However, outsourcing health data to the cloud introduces serious privacy issues to the patient. For example, dishonest personnel of the cloud provider may disclose patient sensitive information to business organizations for some financial benefits. Using steganography, patient sensitive information is hidden within health data for privacy preservation. As a result, stego health data is generated. To the best of our knowledge, no method exists for searching a particular stego data without disclosing any information to the cloud. We propose a framework for privacy preserving search over stego health data. We systematically describe each component of the proposed framework. We conduct several experiments to evaluate the performance of the framework.

show abstract

Backdoored Hash Functions: Immunizing HMAC and HKDF

Cited by 18 publications

References 26 publications

Vulnerabilities and Limitations of MQTT Protocol Used between IoT Devices

Vulnerabilities and Limitations of MQTT Protocol Used between IoT Devices

Adapting Rigidity to Symmetric Cryptography

A Novel Privacy Preserving Search Technique for Stego Data in Untrusted Cloud

Contact Info

Product

Resources

About