Re: AES MAC security question

From: Rein Anders Apeland (apeland_at_mivu.no)
Date: 07/04/05 

Date: Mon, 04 Jul 2005 19:12:52 +0200

On Mon, 2005-07-04 at 00:00 +0000, Andrew Swallow wrote:

<snip>

> >
> > IMHO I do not need identification outside the encrypted packet.
> > The receiver just decrypts all received packets with the key
> > that is shared between the one car and all its associated fobs, and
> > then checks the MAC of the decrypted packet. If the MAC is not valid,
> > ignore the packet. Then, of course, wait e.g. 1 second before accepting
> > new packets. Yes, this requires another key stored in the fob, and more
> > computing, but the packet size is the same and the ID, counter and cmd
> > is hidden. Doesn't this give at least _some_ advantage other than just
> > "it _looks_ more secure to the non-expert customer", given that I can
> > afford the key storage and additional computation in the fob? And
> > wouldn't that give at least _some_ security advantage over the
> > shared-secret-solution? In this case, an attacker cannot just try
> > guessing the MAC. Even getting the ID right would be a major problem,
> > right?
> >
> Hiding the ID has advantages but you now need a IV field to initialise
> the crypto, possibly the count, which will have to be sent in plain text.

Maybe I am missing something here, but why do I need an IV if
the packet is smaller than the AES block size? Can't I just
encrypt it with the shared key? The receiver just decrypts whatever
packet it gets, and _then_ it can have a look at IDs and counters.

>
> In a busy car park several people may be unlocking their cars at the
> same time, so 1 packet a second may be too slow.
>
> Andrew Swallow 

-- 
Mvh / Regards
Rein Anders Apeland
MIVU Solutions

Relevant Pages

  • Re: Van Jacobsons net channels and real-time
    ... packages with real-time latencies. ... Finding the end point in the receive interrupt and send of the packet to ... through soft irq which might be busy working on IP packages. ... Each end receiver provides his own receive resources. ...
    (Linux-Kernel)
  • Re: Converting C++ header file to Delphi4 pas unit
    ... > component for long lines and situations where the transmitter and receiver ... If you choose the right PCI card, ... > can probably see that the issue of baudrate and packet size is critical. ... > not you can only get the approximate baud rate you are after. ...
    (comp.lang.pascal.delphi.misc)
  • Re: CSocketFiles / CArchive vs Raw Buffer Manipulation
    ... such as network packet transmission. ... UDP within a LAN often gives the effective illusion that it is reliable. ... fail without warning of any sort to either the sender or the receiver. ...
    (microsoft.public.vc.mfc)
  • Re: AES MAC security question
    ... >> compute overhead for the receiver by a lot. ... >> is that anyone who looks at information coming from the keeloq system ... >> particularly compelling marketting advantage to the encryption. ... > then checks the MAC of the decrypted packet. ...
    (sci.crypt)
  • Re: Please Recommend Wireless Protocol and How-To/Tutorial
    ... > and receiver going already. ... getting XModem or similar working ... when designing a protocol? ... the chance that your packet will contain a corrupted piece. ...
    (comp.arch.embedded)