On the security margin of MAC striping

Thomas Eisenbarth; Aaron  Meyerowitz; Rainer  Steinwandt

doi:10.1016/j.ipl.2015.05.009

On the security margin of MAC striping

Thomas Eisenbarth, Aaron Meyerowitz, Rainer Steinwandt

Institute of IT-Security

Florida Atlantic University

1 Citation (Scopus)

Abstract

MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.

Original language	English
Journal	Information Processing Letters
Volume	115
Issue number	11
Pages (from-to)	899-902
Number of pages	4
ISSN	0020-0190
DOIs	https://doi.org/10.1016/j.ipl.2015.05.009
Publication status	Published - 11.2015

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure
SDG 11 Sustainable Cities and Communities
SDG 12 Responsible Consumption and Production

Access to Document

10.1016/j.ipl.2015.05.009

https://dl.acm.org/citation.cfm?id=2824242.2824481

Cite this

@article{2ae16bafcf014d3da0d731d8a518070b,

title = "On the security margin of MAC striping",

abstract = "MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.",

author = "Thomas Eisenbarth and Aaron Meyerowitz and Rainer Steinwandt",

year = "2015",

month = nov,

doi = "10.1016/j.ipl.2015.05.009",

language = "English",

volume = "115",

pages = "899--902",

journal = "Information Processing Letters",

issn = "0020-0190",

publisher = "Elsevier B.V.",

number = "11",

}

TY - JOUR

T1 - On the security margin of MAC striping

AU - Eisenbarth, Thomas

AU - Meyerowitz, Aaron

AU - Steinwandt, Rainer

PY - 2015/11

Y1 - 2015/11

N2 - MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.

AB - MAC striping intermixes a payload with its authentication tag, placing the bits used for message authentication in positions derived from a secret key. The use of MAC striping has been suggested to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as , when utilizing MAC striping with ℓ-bit payloads and m-bit tags. We show that this estimate is too optimistic. For and any payload, we achieve a selective forgery with probability , and usually many orders of magnitude more than that.

U2 - 10.1016/j.ipl.2015.05.009

DO - 10.1016/j.ipl.2015.05.009

M3 - Journal articles

SN - 0020-0190

VL - 115

SP - 899

EP - 902

JO - Information Processing Letters

JF - Information Processing Letters

IS - 11

ER -

On the security margin of MAC striping

Abstract

UN SDGs

Access to Document

Fingerprint

Cite this