Re: AES MAC security question

From: Andrew Swallow (am.swallow_at_btopenworld.com)
Date: 07/03/05


Date: Sun, 3 Jul 2005 00:06:07 +0000 (UTC)

Rein Anders Apeland wrote:

[snip]

>
> I belive this supports my proposal. The bandwidth is limited and
> once a count value has been used (and the transmission perhaps
> 'snapped' by an attacker), the receiver won't accept it anymore.
> The attacker needs to create a valid MAC with the next counter value.

The count protects against replay attacks. However if the thief has a
computer in his transmitter adding 1 is not hard. Watch out for the
count looping back to zero (mileometers have a similar problem).

The problem is then making sure that the thief cannot fake the MAC,
possibly by trying every value.

Time to try them all = (2**32 * 128) / 10,000 = 54975581.3888 seconds
  = 636.29 days = 1.74 years.

This could be a little short. Or put another way, try 100 cars for a
week and the thief will open one. There are plenty of car parks with 100
expensive cars in them.

Each bit you add to the MAC will double the time required. An extra
byte would increase it to 446.27 years.

Andrew Swallow



Relevant Pages

  • Re: About War Driving ..
    ... However, MAC filtering does not qualify as defense in depth, ... because the attacker can spoof a valid IP address. ... broadcasting the SSID doesn't hide a network, but just makes it show up ... machines in your building that you can control and check the MAC ...
    (Security-Basics)
  • Re: Tricks to impress Windows users
    ... many of the parts in some of the current cars (like the engine is very ... machine if I have the spare parts, so with a new Mac I wouldn't be ... is not an excuse to be as crap as it is. ... If I upgrade something on Windows doesn't ...
    (uk.comp.sys.mac)
  • Re: Authentication of a messages using a counter and a MAC
    ... used to do MAC of the message, so when the want to communicate the use ... Because you are taking a random walk, the odds of finding a collision ... the attacker build the data series they want ... forging the MAC for a single malicious packet." ...
    (sci.crypt)
  • Re: Authentication of a messages using a counter and a MAC
    ... I was thinking to have a MAC of size 3 byte, does it mean that i can ... Because you are taking a random walk, the odds of finding a collision ... the attacker build the data series they want ... forging the MAC for a single malicious packet." ...
    (sci.crypt)
  • Re: wireless help
    ... With some Mac and ip list restrict to your user only, ... if the attacker as an ip and a mac but cant use any services ... the victim, the victim, is out, and the attacker can get is connection. ... be encryption like VPN or IPSec, I suspect. ...
    (Security-Basics)