Building the Big Message Authentication Code

1
Building the Big Message Authentication Code

• Dale R. Thompson, Ph.D., P.E.
• Brad Maxwell
• July 20, 2004

2
Long-term Message Authentication
Mean time to find collision with a custom 14
million machine

• Financial
• Bank transactions
• Credit card
• House purchase
• Legal documents
• Patents
• Contracts
• Evidence
• Digital photographs
• Digital video

3
Background Definitions

• Hash or message digest
• A function that maps an arbitrary string to a
  smaller fixed length string
• MAC
• A one way function or message digest that is
  seeded with a shared secret value between two
  parties. Authenticity can only be verified
  between the two parties.
• Collision
• When two different strings map to the same hash
  or MAC

4
BigMAC Ideas

• Composite hash
• Consists of 2 or more hashes concatenated
  together
• If you break one hash, you get caught by another
• Use hashes to cover each others weaknesses
• The BigMAC implementation uses
• Uncompressed data stream
• Compression data stream
• Blocks
• Process data stream in blocks with a hash
  function and then process the hashes of the
  blocks with a second hash function
• Primary of primary, primary of secondary

5
BigMAC structure
6
Distributions of Collisions on the BigMAC
7
BigMAC Tests

• Adler32 does not perform well compared to CRC
• Researched Universal Hashing
• Uses a family of CRC functions
• Picks 2 functions and uses them to create a
  composite hash
• Tested BigMAC using two CRC functions
• With different initial vector and same polynomial
• With same initial vector and different polynomial

8
Distributions of collisions replacing Adler with
CRC
9
Distribution of Collision Results

• Compression reduces the data set, thus the CRC
  functions perform slightly worse on compressed
• Blocking is a hash of hashes, which is a hash of
  a more uniform distribution of data.

10
Applied CRC Attack Previously Published

• Replaced one byte and changed 4 additional bytes
  to maintain same CRC.
• See http//csce.uark.edu/drt/pubs.htm for
  details.
• Same polynomial with different initial vectors
• Created collision for both CRC functions.
• Since the CRCs are cyclic, changing the initial
  vector just changes the starting point of the
  cycle.
• Reversing CRC attack does not require the initial
  vector to be known, only the polynomial.
• Different polynomials with same initial vectors
• Created collision for only one CRC function, but
  not the other.

11
Conclusions

• The BigMAC
• Designed to thwart common attacks over an extend
  period of time
• Composed of multiple hashes concatenated together
• Size can easily be increased without redesigning
  the algorithm
• CRC
• Must add k zeros to prevent simple forgery
• If multiple CRC functions are used, they should
  have different generating polynomials.

12
Contact Information

• Dale R. Thompson, Ph.D., P.E.
• 311 Engineering Hall
• Fayetteville, Arkansas 72701
• E-mail d.r.thompson_at_ieee.org
• WWW http//csce.uark.edu/drt
• J. Brad Maxwell
• 1515 Red Tip Dr. 8
• Fayetteville, Arkansas 72704
• Email jbmaxwe_at_yahoo.com