Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.5.27

A Key Recovery Attack on HMAC using Fault Injection Attack  

Jeong, Ki-Tae (Center for Information Security Technologies, Korea University)
Lee, Yu-Seop (Center for Information Security Technologies, Korea University)
Sung, Jae-Chul (Department of Mathematics, University of Seoul)
Hong, Seok-Hie (Center for Information Security Technologies, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.5, 2011 , pp. 27-33 More about this Journal
Abstract
At FDTC'05 and CISC-W'10, the authors showed that if they decrease the number of rounds of AES and Triple-DES by using the fault injections, it is possible to recover the secret key of the target algorithms, respectively. In this paper, we propose a key recovery attack on HMAC by using the main idea of these attacks. This attack is applicable to HMAC based on MD-family hash functions and can recover the secret key with the negligible computational complexity. Particularly, the attack result on HMAC-SHA-2 is the first known key recovery attack result on this algorithm.
Keywords
Side channel analysis; Fault injection attack; Cryptanalysis; HMAC; Hash function;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 강진건, 이제상, 성재철, 홍석희, 류희수, "HMAC/NMAC-MD4에 대한 향상된 키 복구 공격," 정보보학회논문지, 19(2), pp. 63-74, 2009년 4월.
2 최두식, 오두환, 배기석, 문상재, 하재철, "반복문 오류 주입을 이용한 Triple DES 차분 오류 공격," 한국정보보호학회 동계학술대회발표집, pp. 308-312, 2010년 12월.
3 M. Bellare, R. Canetti, and H. Krawczyk, "Keying Hash Functions for Message Authentication," Crypto'96, LNCS 1109, pp. 1-15, 1996.
4 D. Boneh, R. DeMillo, and R. Lipton, "On the importance of checking cryptographic protocols for faults," Eurocrypt'97, LNCS 1233, pp. 37-51, 1997.
5 H. Choukri and M. Tunstall, "Round Reduction Using Faults," Fault Diagnosis an Tolerance in Cryptography - FDTC'05, pp. 13-24, Sep. 2005.
6 P. Kocher, "Timing attacks on implementation of Diffie-Hellman," Crypto'96, LNCS 1109, pp. 104-113, 1996.
7 National Institute of Standards and Technology, "FIPS PUB 180-2: Secure Hash Standard," FIPS PUB 180-2, Aug. 2002.
8 National Institute of Standards and Technology, "FIPS PUB 198: The Keyed-Hash Message Authentication Code (HMAC)," FIPS PUB 198, Mar. 2002.
9 B. Preneel, A. Bosselaers, and H. Dobbertin, "The Cryptographic Hash Function RIPEMD-160," RSA'97, Crypto-Bytes 3(2), pp 9-14, Sep. 1997.
10 R. Rivest, "The MD4 Message Digest Algorithm," RFC 1320, Apr. 1992.
11 R. Rivest, "The MD5 Message Digest Algorithm," RFC 1321, Apr. 1992.
12 L. Wang, K. Ohta. and N. Kunihiro, "New Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5," Eurocrypt'08, LNCS 4965, pp. 237-253, 2008.