Information Technology Reference
In-Depth Information
Step 4:
Let P
i
+1
=
P
i
3
}
Step 5:
Output P
k
+1
as the Message Digest
3.3
Robustness of CAA for Digital Message
Robustness ofthe proposed scheme is analyzed against probable attacks.
Attack 1:
Brute Force Attack
Birthday attack, Collision attack belong to this category ofattacks. An authen-
tication scheme can be made robust against such attacks by increasing message
digest/key length. The CAA scheme can easily employ Variable Length key of
any size since it employs simple, regular, modular, cascadable structure ofCA.
So, CAA can be e
(
ciently designed against such attacks.
Attack 2:
The Extension Attack or the Padding Attack
This type ofattack is not possible for the proposed scheme as it employs a keyed
hash function where the key is not a part of the original message.
A detailed description ofrobustness ofCAA against Attack 1 and 2 is re-
ported in [7].
Attack 3:
Next the robustness ofCAA is tested in respect ofthe strength ofthe
SACA
based hash function employed for the scheme. The attacks are employing
much more subtlety than mere brute force attack.
Cryptanalytic attacks attempt to guess whether the function is such that
two messages or keys, close to each other in terms ofbit distance, produce the
outputs which are also close to each other. Ifit is so, then the code can be broken
in much lesser time than exhaustive search. The following two results show that
our scheme is protected against such attack.
Result 3(a):
Let M be an arbitrary message while
M
is another message
derived out ofM by flipping a randomly chosen bit ofM. The corresponding
message digests are
C
K
(
M
) and
C
K
(
M
). From Table 2 this is clear that the
difference (performing XOR between
C
K
(
M
) and
C
K
(
M
)) has on the average
the same number ofzeros and ones.
Table 2 shows that there are equal number ofzeros and ones in the output
difference which indicates that flipping one bit ofa randomly chosen message
results in a completely different message digest.
Result 3(b):
Let M be an arbitrary message and K be a secret key while
K
is another secret key derived out ofK by flipping a randomly chosen bit ofK.
The corresponding message digests are
C
K
(
M
) and
C
K
(
M
). Ifthe difference
between
C
K
(
M
) and
C
K
(
M
) has almost same number ofzeros and ones, then
it can be concluded that flipping a bit ofKey results in a completely different
message digest(Table 2).
In both the attacks, the result becomes better as the value of
p
increases.
Attack 4:
Next CAA is analyzed from the viewpoint of another very important
attack called differential attack [10]. The attack analyzes the plaintext pairs along
with their corresponding message digest pairs to identify the correlations that
would enable identification ofthe secret key.
