this is about international data encryption algorithm. this is first ever ppt which includes its history, encryption , figure, decryption and application.. do share ur views after viewing it if u like..
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
this is about international data encryption algorithm. this is first ever ppt which includes its history, encryption , figure, decryption and application.. do share ur views after viewing it if u like..
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
This presentation is created for Applied Data Communication lecture of Computer Systems Engineering master programme at Tallinn University of Technology
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
Information And Data Security Block Cipher and the data encryption standard (DES) seminar
Mustansiriya University
Department of Education
Computer Science
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Substitution cipher and Its CryptanalysisSunil Meena
Substitution Cipher
classical cipher and monoalphabetic and polyalphabetic cipher and its cryptanalysis . Correctness and security and learning analysis
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Entrust Datacard
As both standalone and networked computing capabilities continue to grow in-line with Moore’s law, key sizes for the most widely used public-key cryptographic systems have to grow disproportionately fast. This trend makes a switch to elliptic-curve cryptography (ECC) more and more attractive.
Unfortunately, ECC has a reputation for being difficult to understand. And this reputation, deserved or not, deters many from exploring the principles on which it is based.
The basic principles, on the other hand, are easily understood by anyone who studied mathematics through high school. And a wider understanding of the basics will result in a wider circle of informed discussion. This white paper dispels the myth that knowledge of ECC is out of reach to all but the mathematical elite.
This presentation is created for Applied Data Communication lecture of Computer Systems Engineering master programme at Tallinn University of Technology
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
Information And Data Security Block Cipher and the data encryption standard (DES) seminar
Mustansiriya University
Department of Education
Computer Science
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Substitution cipher and Its CryptanalysisSunil Meena
Substitution Cipher
classical cipher and monoalphabetic and polyalphabetic cipher and its cryptanalysis . Correctness and security and learning analysis
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Entrust Datacard
As both standalone and networked computing capabilities continue to grow in-line with Moore’s law, key sizes for the most widely used public-key cryptographic systems have to grow disproportionately fast. This trend makes a switch to elliptic-curve cryptography (ECC) more and more attractive.
Unfortunately, ECC has a reputation for being difficult to understand. And this reputation, deserved or not, deters many from exploring the principles on which it is based.
The basic principles, on the other hand, are easily understood by anyone who studied mathematics through high school. And a wider understanding of the basics will result in a wider circle of informed discussion. This white paper dispels the myth that knowledge of ECC is out of reach to all but the mathematical elite.
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Substitution of single letters separately—simple substitution—can be demonstrated by writing out the alphabet in some order to represent the substitution. This is termed a substitution alphabet. The cipher alphabet may be shifted or reversed (creating the Caesar and Atbash ciphers, respectively)
E-MAIL, IP & WEB SECURITY
E-mail Security: Security Services for E-mail-attacks possible through E-mail – establishing keys privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview of IPSec – IP and IPv6-Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding). Web Security:
SECURITY PRACTICE & SYSTEM SECURITY
Authentication applications – Kerberos – X.509 Authentication services – Internet Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall designs – SET for E-Commerce Transactions. Intruder – Intrusion detection system – Virus and related threats – Countermeasures – Firewalls design principles – Trusted systems – Practical implementation of
cryptography and security.
HASH FUNCTIONS AND DIGITAL SIGNATURES
Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and authentication protocols – DSS – EI Gamal – Schnorr.
In cryptography, a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity. A block ...
CNIT 141: 5. More About Block Ciphers + Modular Arithmetic 2Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
THE UNIFIED OPERATION STRUCTURE FOR SYMMETRIC-KEY ALGORITHMcscpconf
In Cloud Computing, information exchange frequently via the Internet and on-demand. Modern
Internet protocols support several modes of operation to keep up with varied environments and
provide the variant choice, such as SSL and IPSec support multi-mode. The different mode has
the different characters. For example: CFB/OFB can be design operating without padding with
bit size keystream output, CBC/CFB can self synchronize to avoid channel noise, and CFB/OFB
needs encryption module only. The main emphasis is placed on the problem of case by case
operation mode usage. We describe a structure for the analysis of the block operation mode
combination. This unified operation structure, called UOS, combines existing in common and
popular block modes of operation. UOS does multi-mode of operation with most existing
popular symmetric block ciphers and do not only consist of encryption mode such as ECB, CBC,
CFB and OFB, that provides confidentiality but also message authentication mode such as
CBC-MAC in cryptography. It provides low-resource hardware implementation, which is
proper to ubiquitous computing devices such as a sensor mote or an RFID tag. Our contribution
provides a common solution for multi-mode and this is very suitable for ubiquitous computing with several resources and environments. The study indicates a better well-organized structure for symmetric block ciphers so as to improve their application scenarios.
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
Color me intrigued: A jaunt through color technology in videoVittorio Giovara
Here are my slides from Demuxed 2017.
This talk aims to shed light on colorspaces - what they are, how and why they work, why we should care about handling edge cases properly. Starting with historical design choices, venturing through current standards such as BT.709, and arriving at modern times with High Dynamic Range, the focus will be on practical applications on the web and in broadcast.
An overview on 10 bit video: UHDTV, HDR, and coding efficiencyVittorio Giovara
In the past few years, the industry has been trying to improve the end user experience to have a higher spatial (pixels), temporal
(framerate) and spectral (bitdepth) resolution. In this talk, we will
explore the high-bitdepth element of this improved user experience.
Technically, this is usually referred to as 10-bit video, since,
historically, the video user experience has been largely based on a
8-bit world. We will explain marketing terms like HDR, UHDTV, explore high bitdepth-support in commonly used video coding software, and showcase how these work together to improve your video coding efficiency and end user experience.
This presentation will involve a few techniques and tricks to reverse engineer multimedia applications, with focus on video decoding.
Reverse engineering is simpler than it looks like: while it's true that there are so many different kinds of audio and video files, there are lots of ways to read them, and make them work with existing software.
During this talk, we will discuss about the ethics, and the motivation behind reverse engineering, and why it is important. We will also analyze a few video technologies, as introduction, and explain the basic hacking techniques, with some practical cases from the real world.
You will be surprised how most techniques do not require any particular tool, except, perhaps, a brain.
These are the slides used for presenting "La differenziazione geografica della regolamentazione nei mercati d’accesso alla rete fissa" by Edoardo Bartoccetti, Davide Bozza, Michele Gennaro, Antonio Giordano, Vittorio Giovara and Francesco Puntillo.
By Alberto Trivero, one slideshow of his presentation at the SMAU 2007; it's about quantistic cryptography, theoretic physics applied to computer science. Nice work and welcome abroad!
Fuzzing Techniques for Software Vulnerability DiscoveryVittorio Giovara
Here's the set of slides for a conference held by Alberto Trivero. He describes the modern fuzzing methods used to find bugs and vulnerabilities in
software!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Block Cipher Modes of Operation And Cmac For Authentication
1. Block Cipher Modes of
Operation
Alberto Grand
Politecnico di Torino
Computer Systems Security – prof. Antonio Lioy
2. What are modes of operation?
Block ciphers only allow to encrypt entire blocks.
What if our message is longer/shorter than the
block size?
We use modes of operation!
Algorithms that exploit a block cipher to provide a service
(e.g. confidentiality, authentication)
5 NIST-recommended modes providing confidentiality:
ECB, CBC, CFB, OFB, CTR
CMAC may be considered a block cipher mode of operation
providing authentication.
2
3. Electronic Codebook (ECB)
Associates each possible plaintext block to a
ciphertext block, like a codebook.
Hello world! aY1:?§h24(r
Requires padding
Encryption/decryption of multiple blocks in parallel
A 1-bit error in a ciphertext block garbles the
corresponding decrypted block.
3
4. Deficiencies of ECB
Problems when the original message contains regular
data patterns, because always encrypted in the same
way.
Only suitable for 1-block-sized data (e.g. a key)
“The securest thing you can do with ECB is not use it!”
4
5. Cipher Block Chaining (CBC)
Allows the same plaintext blocks to be encrypted to
different ciphertext blocks.
Encrypted blocks are “chained” through XORing.
Requires an initialisation vector (IV)
Hello world q%1aX l’3z1$
IV
CIPHER-1 CIPHER-1
CIPHER CIPHER IV
q%1aX l’3z1$ Hello world
5
6. Features of CBC
No parallel encrypting , while parallel decrypting is
possible.
A 1-bit error affects two blocks:
the corresponding block is garbled
the corresponding bit is flipped in the next block
Problem with the IV: 1-bit error only flips 1 bit in
the 1st block, no garbled block. Hard to detect!
Solutions:
encipher the IV
don’t transmit the IV, but compute it from a known value
use authentication!
6
7. Propagating CBC (PCBC)
It’s a variation of CBC designed to propagate errors.
It also involves the previous plaintext block in the
XOR operation.
Is error propagation desirable? It depends!
NO if transmission errors
YES if intentional, malicious changes
Used in Kerberos v.4, but abandoned starting from
v.5 because inversion of two adjacent blocks does
not affect subsequent blocks.
7
8. Cipher Feedback (CFB)
Turns a block cipher into a stream cipher, message
size need not be multiple of block size.
Very similar to CBC (ciphering and XORing are
swapped).
IV IV
CIPHER CIPHER CIPHER CIPHER
Hello world q%1aX l’3z1$
q%1aX l’3z1$ Hello world
8
9. Features of CFB
No parallel encrypting of multiple blocks – although
some form of pipelining is possible.
Parallel decryption is possible
Only the forward function is used.
A 1-bit error :
flips corresponding bit in current segment
may garble the next ⌈b/s⌉ segments
This is highly noticeable, so CFB is less exposed
to the risk of deliberate bit changes.
9
10. OpenPGP with CFB
Widespread standard for exchanging encrypted e-
mail messages.
A variant of CFB is used for symmetric
cryptography:
a random block R is enciphered and used as an IV
the first 2 bytes of R are replicated in the 2nd block for
integrity checks
Leak of information! About 215 set-up attempts +
about 215 attempts per block enable an attacker to
discover the first 2 bytes of any block.
PGP stands for “Pretty Good Privacy”!
10
11. Output Feedback (OFB)
Turns a block cipher into a stream cipher.
It features the iteration of the forward cipher on an
IV.
IV IV
CIPHER CIPHER CIPHER CIPHER
Hello world q%1aX l’3z1$
q%1aX l’3z1$ Hello world
11
12. Features of OFB (i)
Neither encryption nor decryption can be performed
in parallel due to block chaining.
If IV available prior to ciphertext, keystream blocks
can be pre-computed.
IV needs to be a nonce, otherwise know-plaintext
attack is possible (under same key):
an attacker who knows the ith plaintext block can easily
reconstruct the ith keystream block
he can then understand the ith block of every message
12
13. Features of OFB (ii)
A 1-bit error in a ciphertext block only produces a
bit-specific error in the corresponding block:
good for error correcting codes, which work even when
applied before encryption
bad because it’s hardly noticeable!
A 1-bit error in the IV causes all blocks to be
garbled.
13
14. Counter (CTR)
Turns a block cipher into a stream cipher.
Keystreams blocks are generated by encrypting a
set of counter blocks.
CTR block #1 CTR block #2 CTR block #1 CTR block #2
CIPHER CIPHER CIPHER CIPHER
Hello world q%1aX l’3z1$
q%1aX l’3z1$ Hello world
14
15. Features of CTR (i)
Both encryption and decryption can be performed
fully in parallel on multiple blocks.
Provides true random access to ciphertext blocks.
If the initial counter block is available, keystream
blocks may be computed prior to receiving the
ciphertext .
It’s simple!
No inverse cipher function is required for decryption.
It is becoming increasingly used.
15
16. Features of CTR (ii)
Assurance is required that:
counters do not repeat within a single message
counters do not repeat across all messages under a given
key
Done through an incrementing function.
Usually, first b-m bits are a message nonce,
following m bits are incremented (message length <
2m blocks).
Alternatively, counters are concatenated (total
length of all messages < 2m blocks)
16
17. Padding: pros and cons
Increases amount of data to be sent with no
increase of transmitted information.
With regular data pattern, padding with random
values makes cryptanalysis more difficult.
When padding scheme in known, it may expose
exchange of messages to timing attacks.
OpenSSL prior to v.0.9.6c with CBC-MAC
MAC is located at the end, padding is needed
Message only evaluated if padding is correct
Attacker may systematically find out bits starting from
second-to-last block.
17
18. Ciphertext Stealing (CTS)
Sometimes padding is unacceptable
limited bandwidth
exchange of many messages that would require padding
We want to avoid extra data, but cipher blocks need
entire blocks!
Solution: use CTS!
by accomplishing some extra operations, enables to
produce as many output data as given in input
we pay in terms of complexity and execution time
we still cannot encyrpt very short messages (< 1 block).
Usually not worth it!
18
19. Related-mode attacks (i)
Attacks against a given block cipher mode of
operation:
we must know which mode is being used
we need an oracle of another mode, but with the same
underlying cipher
19
20. Related-mode attacks (ii)
Using ECB against CTR
MU intercepted Ci and C0
He chooses P’i = C0 + i
C’i = CIPHk(P’i)
Since Ci = CIPHk(C0 + i) ⊕ Pi he can compute Pi =
Ci ⊕ C’i.
Only one chosen plaintext query is required.
20
22. What is CMAC?
The 5 modes of operation provide confidentiality,
but we need authentication and integrity.
We must use a mode for authentication!
it implies integrity
A MAC algorithm provides stronger assurance of
data integrity than a checksum.
CMAC exploits the CBC mode of operation to chain
cipherblocks and obtain a value which depends on
all previous blocks.
22
23. Once upon time…
…there was an insecure mode for authentication
named CBC-MAC:
only provided security for messages whose length was a
multiple of the block size
attacker could change the whole message (except last
block) without notice when CBC was used for encryption
with the same key.
Black & Rogaway made it secure for arbitrary-length
messages using 2 extra keys (XCBC).
Iwata & Kurosawa derived the extra keys from the
shared secret (OMAC, OMAC1 = CMAC).
23
24. Subkey generation
2 subkeys K1, K2 are generated from the key
Can be computed once and stored (must be secret!)
Rb is a value related to the block size
Rb = 012010000111 when b = 128
Rb = 05911011 when b = 64
L ⃪ CIPHk (0b)
if MSB1(L) = 0 then K1 ⃪ L << 1
else K1 ⃪ (L << 1) ⊕ Rb
if MSB1(K1) = 0 then K2 ⃪ K1 << 1
else K2 ⃪ (K1 << 1) ⊕ Rb
Finite-field mathematics are involved!
24
25. CMAC generation
if Mlen = 0 then n ⃪ 1
else n ⃪ ⌈ len / b⌉
⌈M ⌉
if M*n complete then Mn ⃪ M*n ⊕ K1
else Mn ⃪ (M*n ‖10j) ⊕ K1
C0 ⃪ 0b
for i ⃪ 1 to n do
Ci ⃪ CIPHk (Ci-1 ⊕ Mi)
T ⃪ MSBTlen(Cn)
Formatting of the message does not need to
complete before starting CBC encryption.
25
26. CMAC verification
Receiver may decrypt data with the appropriate
algorithm.
He then applies CMAC generation process to the
data.
He compares the generated MAC with the one he
received:
if identical, message is authentic
if not, in-transit errors or attack!
26
27. Length of the MAC (i)
When verification fails, we are sure the message is
inauthentic.
But when it succeeds, we are not 100% sure it is
authentic!
MU may have simply guessed the right MAC for a message
His chances of succeeding are 1/2Tlen
Longer MACs provide higher assurance, but use
more bandwidth/storage space.
If attacker can make more than one attempt his
chances increase!
27
28. Length of the MAC (ii)
For most applications, 64 bits are enough.
NIST provides guidance. Two parameters:
MaxInvalids : maximum number of attempts before system
halts
Risk : highest acceptable probability that an inauthentic
message is mistakenly trusted.
Tlen ≥ log2 (MaxInvalids / Risk)
e.g. MaxInvalids = 1
Risk = 0.25
⇒ Tlen = 2 bits
28
29. Message span of the key (i)
It’s the total number of messages to which CMAC is
applied with the same key.
Affects security against attacks based on detecting
2 distinct messages that lead to the same MAC.
We call this event a collision.
This happens because possible messages are much more
than possible MACs.
It should not occur during the lifetime of a key.
Message span should be limited!
29
30. Message span of the key (ii)
Probability says that a collision is expected among a
set of 2b/2 messages.
For general purpose applications:
no more than 248 messages when b = 128
no more than 221 messages when b = 64
For higher level of security:
no more than 248 message blocks when b = 128 (222 GB)
no more than 221 message blocks when b = 64 (16 MB)
Sometimes message span is time-limited.
30
31. Protection vs. replay attacks
No protection against replay attacks is ensured by
CMAC:
Malicious user may intercept a message with its correct
MAC and send it at a later time.
It’s perfectly valid!
Such protection must be provided by protocol or
application that uses CMAC for authentication:
sequential number
timestamp
message nonce
etc.
31