Recommendation for applications using approved hash algorithms

Dang, Quynh H.

doi:10.6028/nist.sp.800-107r1

Cited by 58 publications

(37 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If parameters are selected without accounting for the tightness gap in the reduction, then the MAC scheme is shown to provide a level of security that is less than what one would desire in the multi-user setting. In particular, the attacks we describe are effective on HMAC as standardized in [33,26] and CMAC as standardized in [28,72]. In §3, we show that this deficiency in the security assurances provided by the non-tight proof appears in a network authentication protocol [20], and in §4 we obtain analogous results for aggregate MACs and aggregate designated verifier signatures.…”

Section: Bbs Generatormentioning

confidence: 48%

“…We next argue that Attack 1 is effective on HMAC as standardized in [33,26] and CMAC as standardized in [28,72].…”

Section: An Attack On Mac*mentioning

confidence: 99%

“…It is stated in [26] that the "security strength" of HMAC is the minimum of r and 2d, and the only requirement on tag lengths is that t ≥ 8. Hence, if one were to use HMAC with SHA-1 [32] (which has d=160) as the underlying hash function and select r=t=80, then the resulting MAC scheme would be compliant with SP 800-107 and be expected to achieve an 80-bit security level.…”

Section: An Attack On Mac*mentioning

confidence: 99%

“…HMAC is also standardized in FIPS 198-1 [33], with recommendations for parameter sizes given in SP 800-107 [26]. It is stated in [26] that the "security strength" of HMAC is the minimum of r and 2d, and the only requirement on tag lengths is that t ≥ 8.…”

Section: An Attack On Mac*mentioning

confidence: 99%

See 3 more Smart Citations

Another Look at Tightness

Chatterjee

Menezes

Sarkar

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar deficiencies in the security assurances provided by non-tight proofs when we analyze some protocols in the literature including ones for network authentication and aggregate MACs. Our observations call into question the practical value of non-tight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multi-user setting.

show abstract

Section: Bbs Generatormentioning

confidence: 48%

“…We next argue that Attack 1 is effective on HMAC as standardized in [33,26] and CMAC as standardized in [28,72].…”

Section: An Attack On Mac*mentioning

confidence: 99%

Section: An Attack On Mac*mentioning

confidence: 99%

Section: An Attack On Mac*mentioning

confidence: 99%

See 2 more Smart Citations

Another Look at Tightness

Chatterjee

Menezes

Sarkar

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…SHA-3 is based on a completely different mathematical structure as its predecessors SHA-2 and SHA-1. SHA-1 is known to be vulnerable against collision attacks and is therefore not recommended to be used in new designs [11]. Although these weaknesses do not affect the security of SHA-2 to the present date, emerging issues can be expected in the future since it shares the mathematical structure of SHA-1.…”

Section: Security Protocol Extension: Proposal and Performance Immentioning

confidence: 99%

Protecting PROFINET cyclic real-time traffic: A performance evaluation and verification platform

Müller¹,

Doran²

2018

2018 14th IEEE International Workshop on Factory Communication Systems (WFCS)

View full text Add to dashboard Cite

Abstract-PROFINET is a widely adopted, real-time capable Industrial Ethernet standard, that as other automation system technologies, is subject to an increasing level of vertical integration into company's existing IT infrastructure. This integration exposes automation systems to well-known cyber attacks, which leads to a growing need for suitable security solutions. The challenge in protecting PROFINET automation systems is ensuring the suitability of solutions for use with minimal PROFINET cycle times of 250 µs needed to fulfill high-speed motion control market expectations. We develop a prototype of a transparent security switch, designed to apply protection mechanisms on-the-fly. We use this platform to test an initial implementation of a protection system, present preliminary results and further work.

show abstract

A new security model to prevent denial‐of‐service attacks and violation of availability in wireless networks

Mina

Ghani

Subramaniam

2011

Int J Communication

View full text Add to dashboard Cite

Wireless networks are deployed in many critical areas, such as health care centers, hospitals, police departments, and airports. In these areas, communication through the networks plays a vital role, and real-time connectivity along with constant availability of the networks is highly important. However, one of the most serious threats against the networks availability is the denial-of-service attacks. In wireless networks, clear text form of control frames is a security flaw that can be exploited by the attackers to bring the wireless networks to a complete halt. To prevent the denial-of-service attacks against the wireless networks, we propose two distinct security models. The models are capable of preventing the attacks by detecting and discarding the forgery control frames belonging to the attackers. The models are implemented and evaluated under various experiments and trials. The results have proved that the proposed models significantly improve the security performance of the wireless networks. This gives advantage of safe communication that can substantially enhance the network availability while maintaining the quality of the network performance. Copyright

show abstract

Recommendation for applications using approved hash algorithms

Cited by 58 publications

References 4 publications

Another Look at Tightness

Another Look at Tightness

Protecting PROFINET cyclic real-time traffic: A performance evaluation and verification platform

A new security model to prevent denial‐of‐service attacks and violation of availability in wireless networks

Contact Info

Product

Resources

About