At Crypto ’07, Fouque, Leurent and Nguyen presented full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5, by extending the partial key-recovery attacks of Contini and Yin from Asiacrypt ’06. Such attacks are based on collision attacks on the underlying hash function, and the most expensive stage is the recovery of the socalled outer key. In this paper, we show that the outer key can be recov...

This paper will analyze the current landscape of One Time Password (OTP) and Challenge-Response algorithms. It will detail the technical and security differences between algorithms such as the OATH algorithms (HOTP, OCRA, HOTP time based), EMV CAP and the proprietary algorithms from ActivIdentity. The paper describes the most common use cases and applicability as important tools for identity as...

Objectives: To detect rank attacks during topology establishment and updated the RPL Destination Oriented Directed Acyclic Graph (DODAG) formation algorithm. The algorithm’s distributed module runs across all participating nodes, while centralized in sink. Methods: integrity authenticity of control messages transmitted among two nodes sink are verified using a lightweight Hashed Message Authent...

In this paper, we study the runtime performance of symmetric cryptographic algorithms on an embedded ARM Cortex-M4 platform. Symmetric can serve to protect integrity and optionally, if supported by algorithm, confidentiality data. A broad range well-established exists, where different typically have properties come with computational complexity. On deeply systems, overhead imposed operations ma...

We give an alternative security proof for NMAC and HMAC when deployed as a message authentication code, supplementing the previous result by Bellare (Crypto 2006). We show that (black-box) non-malleability and unpredictability of the compression function suffice in this case, yielding security under different assumptions. This also suggests that some sort of non-malleability is a desirable desi...

How to deal with large tightness gaps in security proofs is a vexing issue in cryptography. Even when analyzing protocols that are of practical importance, leading researchers often fail to treat this question with the seriousness that it deserves. We discuss nontightness in connection with complexity leveraging, HMAC, lattice-based cryptography, identity-based encryption, and hybrid encryption.

Vehicular ad hoc network (VANET) is an emerging type of network which facilitates vehicles on roads to communicate for driving safety. It requires a mechanism to help authenticate messages, identify valid vehicles, and remove malevolent vehicles which do not obey the rules. Most existing solutions either do not have an effective message verification scheme , or use the Public Key Infrastructure...