Paper 2019/989

Substitution Attacks against Message Authentication

Marcel Armour and Bertram Poettering

Abstract

This work introduces Algorithm Substitution Attacks (ASAs) on message authentication schemes. In light of revelations concerning mass surveillance, ASAs were initially introduced by Bellare, Paterson and Rogaway as a novel attack class against the confidentiality of encryption schemes. Such an attack replaces one or more of the regular scheme algorithms with a subverted version that aims to reveal information to an adversary (engaged in mass surveillance), while remaining undetected by users. While most prior work focused on subverting encryption systems, we study options to subvert symmetric message authentication protocols. In particular we provide powerful generic attacks that apply e.g. to HMAC or Carter-Wegman based schemes, inducing only a negligible implementation overhead. As subverted authentication can act as an enabler for subverted encryption (software updates can be manipulated to include replacements of encryption routines), we consider attacks of the new class highly impactful and dangerous.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2020
DOI
10.13154/tosc.v2019.i3.152-168
Keywords
Algorithm Substitution AttacksAuthenticationMass Surveillance
Contact author(s)
marcel armour 2017 @ rhul ac uk
History
2019-09-23: revised
2019-09-02: received
See all versions
Short URL
https://ia.cr/2019/989
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/989,
      author = {Marcel Armour and Bertram Poettering},
      title = {Substitution Attacks against Message Authentication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/989},
      year = {2019},
      doi = {10.13154/tosc.v2019.i3.152-168},
      url = {https://eprint.iacr.org/2019/989}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.