bachelor

Recommendations

Info

26 Attacks on Rejsekortet 3.2 Attacking the MAC Rejsekortet introduces a MAC algorithm on most sectors in order to ensure no one tampers with the contents of the card. The algorithm used is DES-MAC in CBC mode, which takes a 64-bit key, of which 8 bits are used for parity— consequently leaving the key complexity at 56 bits—and an input of any length. Using the key it “hashes” the input to a 64-bit MAC, which is then further stripped down to only consist of the first 16 bits of the 64-bit value. This new 16-bit value is used as a checksum for the given sector. p 1 p 2 p n k DES k DES k DES MAC Figure 3.1: The Rejsekort DES-MAC function. This figure is identical to Figure 1.4. An attacker can implement a hashtable mapping the entire keyspace to the keys’ corresponding MACs for some fixed plaintext. In the trivial case this is known as a code book. It will be costly in both CPU time and space, but if constructed an attacker can look up a key from the table in O(1) time. A code book for the DES-MAC on Rejsekortet would need to have 2 56 entries, each consisting of a 56-bit key and a 16-bit MAC: 2 56 · (56 + 16) bits = 576 petabytes It is concluded that a code book spanning over the entire DES keyspace is currently impossible to implement because of the sheer amount of space needed to keep the table.
3.2 Attacking the MAC 27 3.2.1 Time-memory trade-offs Time-memory trade-offs (TMTOs) are a class of precomputation attacks that can be applyed to all one-way functions, that is functions taking any input and producing an output that is computationally hard to source back to its preimage. For a one-way function H and the result of the function c, the preimage is the p that satisfies H(p) = c for some c. One-way functions are not designed to be reversible, and as such hash functions and MACs pose as good candidates for this kind of attack. This thesis will decribe two time-memory trade-offs, namely Hellman tables as described in the 1980 paper “A Cryptanalytic Time-Memory Trade-Off”[4] by Hellman, and the 2003 paper “Making A Faster Cryptanalytic Time-Memory Trade-Off”[9] by Oechslin. 3.2.1.1 Hellman tables In a 1980 paper by Martin Hellman[4], a new “time-memory trade-off” is proposed. The way it works is that it implements a reduction function R that maps hash values back into the plaintext space. This facilitates the generation of chains with alternating preimages and hash values. To further refine the method, the one-way function is combined with the reduction function into a new function f in order to get a mapping from the space of preimages to itself. For some one-way function H, f can be described as f(p) = R(H(p)). f is also known as the step function of the table. The trick is then to only save the first and last values in the chain, discarding all the intermediate steps. The table consists of some amount of chains m, all starting with some random preimage and ending with a value equivalent derived by performing the plaintext-to-plaintext function f over and over, always feeding it with the output from the last iteration, see Figure 3.2. d2654f → f 732efc → f 143679 → f 84e5dc → f f } {{ . . . → 0006f3 } d2654f→0006f3 Figure 3.2: A Hellman chain and how it is stored. elements are in storage. Only the first and last For practicality reasons attacks employ more than just one table; having one table cover a large keyspace will result in a very large file, which is time-consuming
Page 1 and 2: Cryptanalysis of Rejsekortet Jens C
Page 3: 3 Abstract. This bachelor thesis an
Page 7: Resumé Denne bachelorafhandling er
Page 10 and 11: vi Glossary Rejsekort(et) Danish fo
Page 12 and 13: viii
Page 14 and 15: x CONTENTS 4.3 Other improvements .
Page 16 and 17: 2 On Rejsekortet Disclaimer: This r
Page 18 and 19: 4 On Rejsekortet are even capable o
Page 20 and 21: 6 On Rejsekortet 1.2.3 Mifare Mifar
Page 22 and 23: 8 On Rejsekortet 1. Reader sends a
Page 24 and 25: 10 On Rejsekortet Time of transacti
Page 26 and 27: 12 On Rejsekortet Figure 1.3: The C
Page 28 and 29: 14 On Rejsekortet 1.3.2.1 CBC-MAC C
Page 30 and 31: 16 On Rejsekortet
Page 32 and 33: 18 Security analysis and threat mod
Page 38 and 39: 24 Attacks on Rejsekortet 3.1 Rollb
Page 42 and 43: 28 Attacks on Rejsekortet and cumbe
Page 44 and 45: 30 Attacks on Rejsekortet hash valu
Page 46 and 47: 32 Attacks on Rejsekortet 3.2.4 Int
Page 48 and 49: 34 Attacks on Rejsekortet 3.2.5 App
Page 50 and 51: 36 Attacks on Rejsekortet 3.2.6.2 T
Page 52 and 53: 38 Attacks on Rejsekortet Language
Page 54 and 55: 40 Attacks on Rejsekortet It is not
Page 56 and 57: 42 Attacks on Rejsekortet specifica
Page 58 and 59: 44 Attacks on Rejsekortet might pro
Page 60 and 61: 46 Attacks on Rejsekortet that the
Page 62 and 63: 48 Attacks on Rejsekortet
Page 64 and 65: 50 Improvements 4.1.1 New MAC algor
Page 66 and 67: 52 Improvements functions tend to b
Page 68 and 69: 54 Improvements
Page 70 and 71: 56 Conclusion of the pre-computatio
Page 72 and 73: 58 Related research Sector 04 - UNK
Page 74 and 75: 60 Mail correspondence enquire abou
Page 76 and 77: 62 Mail correspondence * Kodningspr
Page 78 and 79: 64 Mail correspondence Som ingeniø
Page 80: 66 BIBLIOGRAPHY [9] Philippe Oechsl

bachelor

Create successful ePaper yourself

Delete template?

Save as template?