DOCSLIB.ORG

Authentication Protocols in Pervasive Computing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Authentication Protocols in Pervasive Computing Authentication protocols in pervasive¡ computing Nguyen Hoang Long University College University of Oxford A thesis submitted for the degree of Doctor of Philosophy Hilary Term 2009 Abstract The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentially eliminate the need for passwords as in Blue- tooth, shared secrets or trusted parties, which are often too complex and expensive to use in portable devices. In this new technology, handheld devices exchange data (e.g. payment, heart rates or public keys) over some medium (e.g. WiFi) and then display a short and non-secret digest of the protocol's run that the devices' human owners manually compare to ensure they agree on the same data, i.e. human interactions are used to prevent fraud. In this thesis, we present several new protocols of this type which are designed to optimise the work required of humans to achieve a given level of security. We discover that the design of these protocols is influenced by several principles, including the ideas of commitment without knowledge and separation of security concerns, where random and cryptographic attacks should be tackled separately. Underpinning the technology is a new cryptographic function, termed a keyed digest func- tion, which produces a short number for humans to compare. This is similar to the notion of a universal hash function, but its output length is shorter (e.g. 16 bits). Hence, it should be faster to compute. We propose several digest constructions using Toeplitz matrices, in- teger multiplication and pseudorandom numbers. The application of digest functions leads us to develop more efficient alternatives to standard digital signatures. Our protocol security analysis leads to a new bound on the key length for an almost universal hash function, which can be derived by the pigeon-hole principle. The new bound turns out to be tighter than another similar bound derived from the combination of the Singleton bound in coding theory and an equivalence between error-correcting codes and almost universal hash functions. Acknowledgements I would like to thank my supervisor, Professor Bill Roscoe, who has made many large contributions to this work as well as given me much advice throughout my time at Oxford. This work is supported by studentships from the Oxford University Computing Laboratory. I would like to thank Professor Gavin Lowe (my D.Phil. advisor), Dr. Andrew Ker (my College advisor), Dr. Dusko Pavlovic (a long-term visiting academic at Oxford), Dr. An- drew Simpson (my D.Phil. internal examiner) and Professor Chris Mitchell (my external D.Phil. examiner from Royal Holloway, University of London) for making suggestions as how the structure of a thesis should be organised as well as correcting many technical and English mistakes in my D.Phil. transfer status report (Hilary 2007), D.Phil. status confirmation report (Michaelmas 2008) and the preliminary versions of this thesis (Hilary and Summer 2009). In addition, thanks also go to my colleagues from other universities for many fruitful conversations and new ideas as well as inviting me to give talks about my work at their in- stitutions, especially Professor Richard Brent (Australian National University) for helping me understand pseudo-random numbers, Professor Bart Preneel (Katholieke Universiteit Leuven) for telling me the relationship between bounds for almost XOR universal and almost strongly universal families of hash functions, Professor Chris Mitchell for suggest- ing me to serve as editor of an international standard, and Professor Nigel Smart (Bristol University) for information about cost model of hashing as well as Professor Kenny Pa- terson (Royal Holloway, University of London), Dr. Siraj Shaikh (Cranfield University), Professor Ross Anderson (Cambridge University), Professor Bruce Christianson (Hertford- shire University), Professor Serge Vaudenay, Professor Jean-Pierre Hubaux and Dr. Atefeh Mashatan (Ecole Polytechnique Federale de Lausanne), Professor Srdjan Capkunˇ (ETH Zurich), Dr. Sasa Radomirovic and Dr. Baptiste Alcalde (University of Luxembourg), Professor Jaap-Henk Hoepman (Radboud University Nijmegen), Professor Kaisa Nyberg (Helsinki University of Technology), Professor Adrian Perrig (Carnegie Mellon University), Dr. Dusko Pavlovic (Kestrel Institute), Professor John Mitchell (Stanford University), Dr. Diana Smetters (Xerox PARC), Professor Kefei Chen (Shanghai Jiao Tong University), Professor He Jifeng (East China Normal University), Professor Andrew Yao (Tsinghua University), and Professor Gene Tsudik (University of California, Irvine). I would like to dedicate my work to my parents who have made sacrifices throughout their lives so that I am able to come to Britain to pursue a higher education, and to complete my D.Phil. studies at the University of Oxford. Contents 1 Introduction 1 1.1 Motivation and Applications . .1 1.2 Overview . .3 2 Notation and basic definitions 8 2.1 Communication links . .9 2.2 Protocol citations . 10 2.3 Cryptographic primitives . 11 2.3.1 Commitment schemes and Commitment without knowledge . 12 2.3.2 Universal hash functions . 15 2.3.3 Short hash and digest functions . 15 2.3.4 Digital signatures . 16 2.4 Attack model . 17 2.5 Cost model . 19 2.5.1 Human effort . 19 2.5.2 Computation cost of cryptographic primitives . 20 3 Pairwise authentication protocols 24 3.1 Multiple empirical short authentication strings . 26 3.2 Indirect binding . 29 3.2.1 Indirect pairwise . 29 3.2.2 Hybrid protocol . 33 3.3 Direct binding pairwise protocols . 33 3.4 Efficiency of pairwise authentication protocols . 39 3.5 Conclusions . 41 4 Group protocols 42 4.1 Man-in-the-middle attack on a group protocol . 44 4.2 Asymmetrised group protocols . 45 4.2.1 HCBK protocol analysis . 47 4.2.2 Modified versions of HCBK . 51 4.3 Symmetrised group protocols . 52 4.3.1 SHCBK protocol analysis . 55 4.3.2 Modified version of the protocol SHCBK with proof of security . 57 4.3.3 Indirect binding group protocol . 57 4.4 De-symmetrised SHCBK protocol . 59 4.5 Hybrid of the HCBK and SHCBK protocols . 61 4.6 Efficiency of group protocols . 63 4.7 Conclusions . 64 iii 5 Non-interactive and one-way authentication protocols 65 5.1 Long authentication string protocols . 67 5.2 Short authentication string protocols . 70 5.3 Improved versions of the (V-)MANA I protocol . 73 5.3.1 Direct binding solution . 73 5.3.2 Indirect binding solution . 75 5.3.3 Solution in Diffie-Hellman style . 76 5.4 Security analysis of the Improved (V-)MANA I protocols . 76 5.4.1 Security analysis of the direct binding improved (V-)MANA I . 78 5.4.2 Security analysis of the indirect binding improved (V-)MANA I . 81 5.4.3 Security analysis of Improved V-MANA I in Diffie-Hellman style . 81 5.5 Efficiency of one-way authentication protocols . 83 5.6 Separation of security concerns . 84 5.7 Digital signature without hashing . 86 5.8 Flexi-MACs . 89 5.9 Conclusions . 90 6 Digest functions 92 6.1 Notation . 93 6.2 Background information . 95 6.3 Toeplitz matrix product construction of a digest function . 96 6.3.1 Efficiency of Toeplitz matrix based digest functions . 98 6.3.2 Hardware implementation of digest functions . 98 6.4 Comparing Toeplitz matrix and integer long multiplication . 100 6.5 Word multiplication based digest functions . 101 6.5.1 Efficiency of word multiplication based digest functions . 103 6.5.2 Security analysis and usability . 104 6.6 Statistical tests of word and Toeplitz matrix multiplications . 106 6.6.1 Analysis of statistical test results . 108 6.7 Conclusions and future research for short-output functions . 110 7 New bounds for almost universal hash functions 124 7.1 Notations and definitions of universal hash functions . 126 7.2 Bounds for almost universal hash functions . 127 7.2.1 New AU-bound . 128 7.2.2 Error-correcting codes and almost universal hash functions . 129 7.3 The significance of the threshold value of ......................... 131 7.3.1 Comparison between the new and other AU-bounds . 131 7.3.2 Comparison between the new AU-bound and known ASU-bounds . 132 7.3.3 Comparison between the new AU-bound and known AXU-bounds . 134 7.4 The optimality of polynomial hashing as an AU ...................... 135 7.5 Conclusions . 136 8 Conclusions and future research 138 8.1 Conclusions . 138 8.2 Short-term public key cryptography . 140 8.3 Future research . 141 8.3.1 Security proofs of the new family of authentication protocols . 141 8.3.2 Digest functions . 141 8.3.3 Applications of digest functions . 142 8.3.4 Unifying bounds of universal families of hash functions (UHF) . 142 8.3.5 Relaxation in human work . 143 iv Chapter 1 Introduction 1.1 Motivation and Applications Imagine that a group of people come together and agree that they want to transfer data between them securely, meaning that they want it to be secret and of authenticated origin. They all have some pieces of computing hardware (e.g. a mobile phone or a Personal Digital Assistant, PDA). Unfortunately none of them knows the unique name of any of the others' equipment, and in any case no Public Key Infrastructure (PKI) would encompasses them all. How can they achieve their goal in the context that their machines are connected by an insecure network (whether created by WiFi, the Internet, telephony, or a mixture of these)? In the absence of established cryptographic keys (whether shared secret keys or reliable copies of each other's public keys) this goal is very difficult to achieve. However, a little creative thinking can easily solve the problem: if each person tells the others (using human conversation) a public key for his or her machine, they can then use, for example, the Needham-Schroeder-Lowe protocol [63] (over the insecure network) to establish secure and authenticated communication.
Load more

Recommended publications
  • Tivaware Peripheral Driver Library User's Guide
    TivaWare™ Peripheral Driver Library USER’S GUIDE SW-TM4C-DRL-UG-2.0 Copyright © 2006-2013 Texas Instruments Incorporated Copyright Copyright © 2006-2013 Texas Instruments Incorporated. All rights reserved. Tiva and TivaWare are trademarks of Texas Instruments Instruments. ARM and Thumb are registered trademarks and Cortex is a trademark of ARM Limited. Other names and brands may be claimed as the property of others. Please be aware that an important notice concerning availability, standard warranty, and use in critical applications of Texas Instruments semicon- ductor products and disclaimers thereto appears at the end of this document. Texas Instruments 108 Wild Basin, Suite 350 Austin, TX 78746 www.ti.com/tiva-c Revision Information This is version 2.0 of this document, last updated on August 29, 2013. 2 August 29, 2013 Table of Contents Table of Contents Copyright ..................................................... 2 Revision Information ............................................... 2 1 Introduction ................................................. 7 2 Programming Model ............................................ 11 2.1 Introduction .................................................. 11 2.2 Direct Register Access Model ....................................... 11 2.3 Software Driver Model ............................................ 12 2.4 Combining The Models ........................................... 13 3 Analog Comparator ............................................ 15 3.1 Introduction .................................................
    [Show full text]
  • S : a Flexible Coding for Tree Hashing
    S: a flexible coding for tree hashing Guido Bertoni1, Joan Daemen1, Michaël Peeters2, and Gilles Van Assche1 1 STMicroelectronics 2 NXP Semiconductors Abstract. We propose a flexible, fairly general, coding for tree hash modes. The coding does not define a tree hash mode, but instead specifies a way to format the message blocks and chaining values into inputs to the underlying function for any topology, including sequential hashing. The main benefit is to avoid input clashes between different tree growing strategies, even before the hashing modes are defined, and to make the SHA-3 standard tree-hashing ready. Keywords: hash function, tree hashing, indifferentiability, SHA-3 1 Introduction A hashing mode can be seen as a recipe for computing digests over messages by means of a number of calls to an underlying function. This underlying function may be a fixed-input- length compression function, a permutation or even a hash function in its own right. We use the term inner function and symbol f for the underlying function and the term outer hash function and symbol F for the function obtained by applying the hashing mode to the inner function. The hashing mode splits the message into substrings that are assembled into inputs for the inner function, possibly combined with one or more chaining values and so-called frame bits. Such an input to f is called a node [6]. The chaining values are the results of calls to f for other nodes. Hashing modes serve two main purposes. The first is to build a variable-input-length hash function from a fixed-input-length inner function and the second is to build a tree hash function.
    [Show full text]
  • Keccak, More Than Just SHA3SUM
    Keccak, More Than Just SHA3SUM Guido Bertoni1 Joan Daemen1 Michaël Peeters2 Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors FOSDEM 2013, Brussels, February 2-3, 2013 1 / 36 Outline 1 How it all began 2 Introducing Keccak 3 More than just SHA3SUM 4 Inside Keccak 5 Keccak and the community 2 / 36 How it all began Outline 1 How it all began 2 Introducing Keccak 3 More than just SHA3SUM 4 Inside Keccak 5 Keccak and the community 3 / 36 How it all began Let’s talk about hash functions... ??? These are “hashes” of some sort, but they ain’t hash functions... 4 / 36 How it all began Cryptographic hash functions ∗ h : f0, 1g ! f0, 1gn Input message Digest MD5: n = 128 (Ron Rivest, 1992) SHA-1: n = 160 (NSA, NIST, 1995) SHA-2: n 2 f224, 256, 384, 512g (NSA, NIST, 2001) 5 / 36 How it all began Why should you care? You probably use them several times a day: website authentication, digital signature, home banking, secure internet connections, software integrity, version control software, … 6 / 36 How it all began Breaking news in crypto 2004: SHA-0 broken (Joux et al.) 2004: MD5 broken (Wang et al.) 2005: practical attack on MD5 (Lenstra et al., and Klima) 2005: SHA-1 theoretically broken (Wang et al.) 2006: SHA-1 broken further (De Cannière and Rechberger) 2007: NIST calls for SHA-3 Who answered NIST’s call? 7 / 36 How it all began Keccak Team to the rescue! 8 / 36 How it all began The battlefield EDON-R BMW Sgàil LANE Grøstl ZK-Crypt Keccak Maraca NKS2D Hamsi MeshHash MD6 Waterfall StreamHash ECOH EnRUPT Twister Abacus MCSSHA3 WaMM Ponic
    [Show full text]
  • NEWS of LONG AGO. Crop Control Solving the Problem. Oot of Contol
    ttife bAVIE AfccoRb lS TfeE 6LDEST PAPER IN DAVIE CDUNtV AND CIRCULATES IN 30 CF THE 48 STATES. THE PAPER THAT THE PEOPLEftftAD. “HERE SHALL THE PRESS. THE PEOPLE’S RIGHTS MAINTAIN: UNAWED BY INFLUENCE AND UNBRIBED BY GAIN.*’ VOLUMN X L. MOCKSVILLE, NORTH CAROLINA, WEDNESDAY. FEBRUARY 1 . 1939 ; *- ' NUMBER 2 8 NEWS OF LONG AGO. Crop Control No Women In Tbe Legis­ Some Little Stingers W hat’s the Answer? 44 Years Ago. Far bo it from us to tell the far­ By EDWARD FINCH From The'Yeliow Jacket. From The Yellow Jacket. Vhal V at Happening In Davie lature. mers of the tobacco and cotton belt WANTED: To know where Folks boiled coffee and;settled it The North Carolina General As­ Before The New Deal Used Up how big an acreage they shall plant President Roosevelt has laid bis with an egg. sembly is without a woman mem but it sfems that the Lord placed unbalanced budget. 'Ladies rqjfle .on'side-saddles. The Alphabet, Drowned The ber for the first time in 10 years the land here to raise the bountiful The Republican Elephant boosts Little Johnnie worse brasstoeb and the third t :me during the. '10 Hogs and Plowed Up The crons and it is not up to mere man business, upward; the New Deal boots and daddy wore brogans. regular sessions since woman suff­ Cotton and Corn. to say what he shall plant, how Jackass tears it down Leeches operated more frequently rage went into effect 18 years ago much he shall plant, and the kind Did yon ever stop to realize that than the surgeon's knife.
    [Show full text]
  • Classification of the SHA-3 Candidates
    Classification of the SHA-3 Candidates Ewan Fleischmann1, Christian Forler1;2, and Michael Gorski1 1 Bauhaus-University Weimar fEwan.Fleischmann, [email protected] 2 Sirrix AG security technologies [email protected] Version 0.90 April 19, 2009 Abstract. In this note we give an overview on the current state of the SHA-3 candidates. First, we classify all publicly known candidates and, second, we outline and summarize the performance data as given in the candidates documentation for 64-bit and 32-bit implementations. We define performance classes and classify the hash algorithms. Note, that this article will be updated as soon as new can- didates arrive or new cryptanalytic results get published. Comments to the authors of this article are welcome. Keywords: hash function, SHA-3, classification. 1 Introduction The design of secure and practical hash functions is of great interest since most practical hash functions, like MD5 [82], SHA-0 [78] or SHA-1 [76] have been broken. Due to the SHA- 3 competition [75], many new proposals for hash function primitives have been submitted to become the new SHA-3 algorithm. This article is organized as follows: In Section 2 we define criteria that we will use to classify the SHA-3 candidate algorithms. In Section 3 we give an overview of the software performance claimed by the algorithm's authors. 2 Classification of the SHA-3 Candidates We have defined in the following some attributes including characteristics that are used in our classification. Tables 1-2 show all SHA-3. The attribute characteristics \X" means that the SHA-3 candidate has the attribute and\-" that the SHA-3 candidate does not have it.
    [Show full text]
  • Vysoké Učení Technické V Brně Hashovací Funkce A
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Digital library of Brno University of Technology VYSOKÉ U ČENÍ TECHNICKÉ V BRN Ě BRNO UNIVERSITY OF TECHNOLOGY FAKULTA ELEKTROTECHNIKY A KOMUNIKA ČNÍCH TECHNOLOGIÍ ÚSTAV TELEKOMUNIKACÍ FACULTY OF ELECTRICAL ENGINEERING AND COMMUNICATION DEPARTMENT OF TELECOMMUNICATIONS HASHOVACÍ FUNKCE A JEJICH VYUŽITÍ PŘI AUTENTIZACI HASH FUNCTION AND THEIR USAGE IN USER AUTHENTICATION DIPLOMOVÁ PRÁCE MASTER´S THESIS AUTOR PRÁCE Bc. IGOR PILLER AUTHOR VEDOUCÍ PRÁCE Ing. JAN HAJNÝ SUPERVISOR BRNO 2009 Abstrakt Práce se zabývá hashovacími funkcemi a jejich využitím p ři autentizaci. Obsahuje základní teorii o hashovacích funkcích a popis jejich základních konstruk čních prvk ů. Konkrétn ě se práce zam ěř uje na hashovací funkce LMHash, MD4, MD5 a funkce z rodiny SHA, které porovnává z hlediska bezpe čnosti. Práce obecn ě popisuje nejpoužívan ější útoky na hashovací funkce, poukazuje na slabiny sou časné konstrukce a nabízí výhled do budoucnosti hashovacích funkcí. Dále práce nasti ňuje problematiku autentizace a popisuje použití hashovacích funkcí v této oblasti. V praktické části je realizován obecný autentiza ční rámec v programovacím jazyce C#. Výsledkem realizace jsou klientská a serverová aplikace, na kterých byly úsp ěšn ě vyzkoušeny dv ě vybrané autentiza ční metody. P ři realizaci bylo dbáno na flexibilitu řešení a možné budoucí využití jiných metod autentizace. Klí čová slova: hash, hashovací funkce, autentizace, LMHash, MD4, MD5, SHA Abstract This thesis concerns with hash functions and their usage in authentication. It presents basics of hash functions theory and construction elements. In particular the thesis focuses on LMHash, MD4, MD5 and SHA family hash functions, which are compared from the security point of view.
    [Show full text]
  • Intelligent Transportation Systems (Its)
    U.S. Department of Transportation Federal Highway Administration INTELLIGENT TRANSPORTATION SYSTEMS (ITS) Information Security Analysis November 1997 Intelligent Transportation Systems Joint Program Office Notice This document is disseminated under the sponsorship of the Department of Transportation in the interest of information exchange. The United States Government assumes no liability for its contents or use thereof. Technical Report Documentation Page 1. Report No. 2. Government Accession No. FHWA-JPO-98-009 4. Title and Subtitle November, 1997 Intelligent Transportation Systems (ITS) Information Security Analysis 6. Performing Organization Code 8. Performing Organization Report No. 7. Author(s) Keith Biesecker, Elizabeth Foreman, Kevin Jones, Barbara Staples 9. Performing Organization Name and Address 10. Work Unit No. (TRAIS) Mitretek Systems 7525 Colshire Drive 11. Contract or Grant No. McLean, VA DTFH61- -95-C-00040 13. Type of Report and Period Covered 12. Sponsoring Agency Name and Address Department of Transportation FHWA Intelligent Transportation Systems Joint Program Office 400 Seventh Street, S.W. - Room 3422 14. Sponsoring Agency Code Washington, DC. 20590 HVH-1 15. Supplementary Notes William S. Jones 16. Abstract The Intelligent Transportation Systems (ITS) program is the application of information technologies (computing, sensing, and communications) to surface transportation. Because of a reliance on these technologies, ITS will become increasingly dependent on information security. By understanding how to achieve and maintain secure systems, the ITS community can develop comprehensive information security practices and appropriate security policies for ITS programs. Subsequently, they can put these into practice. This document presents the results from an information security analysis that was based on the National ITS Architecture.
    [Show full text]
  • Department of Homeland Security ��������������������������
    Department of Homeland Security �������������������������� Management Advisory Report: A Guide for Assessing Cybersecurity within the Office of Inspector General Community This report was prepared on behalf of Council of the Inspectors General on Integrity and Efficiency. OIG-14-43 February 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Washington, DC 20528 I www.oig.dhs.gov February 24, 2014 MEMORANDUM FOR: Council ofthe Inspectors General on Integrity and n~ONc- FROM: 4arlton I. Mann Chief Operating Officer SUBJECT: Management Advisory Report: A Guide for Assessing Cybersecurity Within the Office of Inspector General Community The Council ofthe Inspectors General on Integrity and Efficiency {CIGIE) tasked the Cybersecurity Working Group with undertaking a review in which it would examine the role of the Inspector General community in current Federal cybersecurity initiatives. CIGIE proposed that the Cybersecurity Working Group work under the auspices of the Information Technology (IT) Committee. As a member of the IT Committee, the Department of Homeland Security (DHS) Office of Inspector General (OIG) was asked to lead and coordinate the Cybersecurity Working Group's efforts in identifying the Inspector Generals' cybersecurity oversight role. I am pleased to provide CIGIE with a high-level audit guide that can be used as a baseline for cyber and IT security-related reviews conducted by the Inspector General community. The guide is based on the subject matter expertise of DHS OIG IT audit managers and specialists, legal research, and a review of applicable websites and audit programs developed within the OIG community. The intent ofthis guide is to provide a foundation for conducting cybersecurity and IT system security-related audits.
    [Show full text]
  • A Study on RAM Requirements of Various SHA-3 Candidates on Low-Cost 8-Bit Cpus
    A Study on RAM Requirements of Various SHA-3 Candidates on Low-cost 8-bit CPUs Kota Ideguchi1, Toru Owada1, Hirotaka Yoshida12 1 Systems Development Laboratory, Hitachi, Ltd., 292 Yoshida-cho, Totsuka-ku, Yokohama-shi, Kanagawa-ken, 244-0817 Japan [email protected] 2 Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B–3001 Heverlee, Belgium Abstract. In this paper, we compare the implementation costs of vari- ous SHA-3 candidates on low-cost 8-bit CPUs by estimating RAM/ROM requirements of them. As a first step toward this kind of research, in our comparison, we make reasonable estimations of RAM/ROM require- ments of them which can be done without implementation. 1 Introduction A cryptographic hash algorithm is an algorithm that takes input strings of ar- bitrary length and maps them to short output strings of fixed length. In November 2007, the US National Institute of Standards and Technology (NIST) opened a public competition to develop a new hash algorithm. The competition is NIST’s response to recent advances in the cryptanalysis of hash algorithms. The new hash algorithm will be referred to as SHA-3. In November 2008, the first round of the competition started. NIST received 64 submissions for the competition. After NIST internal reviews of them, 51 were selected for meeting the minimum submission requirements, and accepted as the First Round Candidates. In the first round technical evaluation, NIST performs various tests such as an efficiency analysis on the NIST reference platform (a common PC) and NIST also invites the public to compare results on additional platforms (e.g., 8-bit processors, Digital Signal Processors, dedicated CMOS etc.).
    [Show full text]
  • Team-Fly® the SSCP® Prep Guide Mastering the Seven Key Areas of System Security
    Y L F M A E T Team-Fly® The SSCP® Prep Guide Mastering the Seven Key Areas of System Security Debra S. Isaac Michael J. Isaac Ronald D. Krutz, Consulting Editor The SSCP® Prep Guide Mastering the Seven Key Areas of System Security Debra S. Isaac Michael J. Isaac Ronald D. Krutz, Consulting Editor Publisher: Robert Ipsen Executive Editor: Carol Long Assistant Developmental Editor: Scott Amerman Editorial Manager: Kathryn A. Malm Managing Editor: Angela Smith Text Composition: John Wiley Composition Services This book is printed on acid-free paper. ∞ Copyright © 2003 by Wiley Publishing, Inc., Indianapolis, Indiana. All rights reserved. Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rose- wood Drive, Danvers, MA 01923, (978) 646-8700, fax (978) 646-8700. Requests to the Pub- lisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose.
    [Show full text]
  • Design Rational
    The SANDstorm Hash Mark Torgerson and Richard Schroeppel Tim Draelos, Nathan Dautenhahn, Sean Malone, Andrea Walker, Michael Collins, Hilarie Orman* Cryptography and Information Systems Surety Department Sandia National Laboratories P.O. Box 5800 Albuquerque, New Mexico 87185-0785 *Purple Streak, Inc. 500 S. Maple Dr. Woodland Hills, UT 84653 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under Contract DE-AC04-94AL85000. Page 1 of 39 Table of Contents 1. Introduction..................................................................................................................... 3 Design Overview ............................................................................................................ 4 Notation and Conventions............................................................................................... 4 2. The SANDstorm Padding and Message Length ............................................................. 6 3. The SANDstorm Mode................................................................................................... 6 SANDstorm Mode Description....................................................................................... 7 SANDstorm Mode Performance..................................................................................... 9 Choice of Superblock Size............................................................................................ 10 4.
    [Show full text]