DocumentCode :
145378
Title :
The Fragility of AES-GCM Authentication Algorithm
Author :
Gueron, Shay ; Krasnov, Vlad
Author_Institution :
Dept. of Math., Univ. of Haifa, Haifa, Israel
fYear :
2014
fDate :
7-9 April 2014
Firstpage :
333
Lastpage :
337
Abstract :
A new implementation of the GHASH function has been recently committed to a Git version of Open SSL, to speed up AES-GCM. We identified a bug in that implementation, and made sure it was quickly fixed before trickling into an official Open SSL trunk. Here, we use this (already fixed) bug as a real example that demonstrates the fragility of AES-GCM\´s authentication algorithm (GHASH). One might expect that incorrect MAC tag generation would only cause legitimate message-tag pairs to fail authentication (which is already a serious problem). However, since GHASH is a "polynomial evaluation" MAC, the bug can be exploited for actual message forgery.
Keywords :
cryptography; message authentication; AES-GCM authentication algorithm; GHASH function; Galois counter mode; MAC tag generation; Open SSL trunk; authenticated encryption scheme; message authentication code; message forgery; message-tag pairs; polynomial evaluation MAC; Authentication; Encryption; Forgery; Polynomials; Program processors; Vectors; AES-GCM; GHASH; OpenSSL; message forgery; polynomial evaluation MAC;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Technology: New Generations (ITNG), 2014 11th International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4799-3187-3
Type :
conf
DOI :
10.1109/ITNG.2014.31
Filename :
6822219
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=145378
بازگشت