| Abstract: | 就資訊安全而言,訊息認證碼可以使用於驗證資?完整性與訊息?源的功能,廣泛應用於各種網際網?協定中,?如:IPSec、SSL/TLS、SSH、SMTP 等。本計劃擬針對訊息認證碼的安全性架構進?評估、分析,包括Cipher-based MAC、Block-cipher-based MAC 與基於弱安全假設的SS-NMAC 等密碼系統,分析並檢驗其系統架構與NIST 規範的符合?,證明其安全性假設之合?性,並探討其安全模型是否足以防止新的安全性需求;根據?同的系統架構分析,提出安全性分析與驗證方法。之後,根據基於雜湊函?的訊息認證碼安全性評估,將HMAC-MD5 攻擊擴展為恢?密鑰攻擊,用以改善 HMAC-SHA-1/SHA-2 等分析結果;並且,研究SHA-3 演算法應用於HMAC 安全性架構的可能性,並且將生日攻擊法、傳統分組密碼與雜湊函?分析方法整合,從中釐清底層密碼演算法的弱點與訊息認證碼的架構特性,歸納出中間鏈結值與最終輸出值之間的關係,將原有的演算法分割各別處?,改進現有安全性分析的結果。從安全假設與安全目標二者的關係分析發現的問題,釐清安全假設中?可預測、偽隨機與?可偽造等因素之間的關係,最終融合為可證明安全性的密碼??,提出可證明安全??的訊息認證碼。因此,在改變安全性的假設條件下,本計畫之研究目標,將可有助於有效?的安全訊息認證碼之設計。
In terms of information security, message authentication code could authenticate data integrity and message source that it is widely applied to various internet protocols, such as IPSec, SSL/TLS, SSH, and SMTP. This project aims to evaluate and analyze the security mechanism of message authentication code, including Cipher-based MAC, Block-cipher-based MAC, and Weak-security-based SS-NMAC. The coincidence between the system mechanism and NIST standards is analyzed and examined to prove the reasonableness of security assumptions as well as to discuss whether the security model could prevent from new security requirements. Based on the analyses of different system mechanisms, the security analysis and the verification are further proposed. Furthermore, according to the security evaluation of hash function-based message authentication code, HMAC-MD5 attack is expanded as key recovery attack so as to improve the analyses of HMAC-SHA-1/SHA-2. Besides, the possibility of applying SHA-3 algorithm to HMAC security mechanism is studied; birthday attack, traditional block cipher, and hash function analysis are integrated to clarify the weakness of bottom cryptographic algorithm and the characteristics of message authentication code mechanism, to generalize the relations between the middle link value and the final output value, to divide the origianl algorithm for different processing, and to improve the present security analysis outcomes. By analyzing the relationship between security assumption and sercurity objective to find problems, the relationship among unpredictable, pseudo-random, and uncounterfeitable factors in security assumption are clarified. Finally, with the integration of the provably secure cryptology theory, the provably secure message authentication code is proposed. Under the assumption of changing secruity, the research objective of this project therefore could contribute to the efficient design of secure message authentication code. |
