Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 24, 2024

3. In this exercise, you will prove that the CBC-MAC in its plain form is not secure to authenticate variable-length messages (a) Consider the CBC-MAC

image text in transcribed

3. In this exercise, you will prove that the CBC-MAC in its plain form is not secure to authenticate variable-length messages (a) Consider the CBC-MAC scheme with an n-bit block cipher where the CBC checksum of a message is calculated with a zero IV. Describe an attack where an attacker Eve can construct the MAC of a message different from those she obtained from the legitimate sender. (Hint Let the attacker obtain the MAC of two n-bit messages and from them compute the MAC of a 2n-bit message.) (b) An attempt to solve this problem could be to append the number of blocks in the message as a final block to the message: i.e., to apply CBC on (M2) instead of M alone, where denotes the number of blocks in M. Show that this construction is not secure either. (Hint: Let the attacker obtain the MAC of some more messages of his choice (c) How about prepending the number of blocks; i.e., to apply CBC on (C|M)? Does a similar attack work on this construction as well? How would its performance compare to thel appending scheme of part (b)? 3. In this exercise, you will prove that the CBC-MAC in its plain form is not secure to authenticate variable-length messages (a) Consider the CBC-MAC scheme with an n-bit block cipher where the CBC checksum of a message is calculated with a zero IV. Describe an attack where an attacker Eve can construct the MAC of a message different from those she obtained from the legitimate sender. (Hint Let the attacker obtain the MAC of two n-bit messages and from them compute the MAC of a 2n-bit message.) (b) An attempt to solve this problem could be to append the number of blocks in the message as a final block to the message: i.e., to apply CBC on (M2) instead of M alone, where denotes the number of blocks in M. Show that this construction is not secure either. (Hint: Let the attacker obtain the MAC of some more messages of his choice (c) How about prepending the number of blocks; i.e., to apply CBC on (C|M)? Does a similar attack work on this construction as well? How would its performance compare to thel appending scheme of part (b)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Next Generation Databases NoSQLand Big Data

Next Generation Databases NoSQLand Big Data

Authors: Guy Harrison

1st Edition

1484213300, 978-1484213308

More Books

Students also viewed these Databases questions

Question

★★★★★

When does the auditor perform control tests to test his or her assessment of control risk? Is it assessed for the audit as a whole or for each business process?

Answered: 1 week ago

Question

★★★★★

Determine the pressure at the bottom of the tank in Fig. 3.25. 1.2 m --- --- -- -- Air 200 kPa (gage) Oil 15m/ (sg = 0.80) 2.6 m Water 2 m

Answered: 1 week ago

Question

★★★★★

Assuming Nick Woodman were to continue at GoPro, which organizational techniques might you employ to improve performance, and why?

Answered: 1 week ago

Question

★★★★★

Shimada Products Corporation of Japan is anxious to enter the electronic calculator market. Management believes that in order to be competitive in world markets, the price of the electronic...

Answered: 1 week ago

Question

★★★★★

3. In this exercise, you will prove that the CBC-MAC in its plain form is not secure to authenticate variable-length messages (a) Consider the CBC-MAC scheme with an n-bit block cipher where the CBC...

Answered: 1 week ago

Question

★★★★★

Evaluate the expression -9 and write the result in the form a + bi. The real number a equals The real number b equals

Answered: 1 week ago

Question

★★★★★

6. An economy consists of 2 risky assets, A and B, and a riskless asset. The risk-free rate of return is rf = 3%. The Market portfolio M consists of 50% in stock A and 50% in stock B, and the...

Answered: 1 week ago

Question

★★★★★

A company is 40% financed by risk-free debt. The interest rate is 10%, the expected market risk premium is 8%, and the beta of the companys common stock is .5. What is the company cost of capital?...

Answered: 1 week ago

Question

★★★★★

The Generic Genetic (GG) Corporation pays no cash dividends currently and is not expected to for the next four years. Its latest EPS was $7.00, all of which was reinvested in the company. The firm's...

Answered: 1 week ago

Question

★★★★★

Church Company completes these transactions and events during March of the current year (terms for all its credit sales are 2/10, n/30). March 1 March 2 March 3 (a) March 3 (b) March 6 March 9 March...

Answered: 1 week ago

Question

★★★★★

The Bonita Zimmer Case A FINANCIAL SITUATION MINI-CASE Bonita just turned thirty years of age. She lives in a house that she purchased three years ago for $110,000, right before housing prices began...

Answered: 1 week ago

Question

★★★★★

KEY QUESTION Alphas balance-of-payments data for 2006 are shown below. All figures are in billions of dollars. What are the ( a ) balance on goods, ( b ) balance on goods and services, ( c ) balance...

Answered: 1 week ago

Question

★★★★★

Describe how customers evaluate services and what determines their satisfaction.

Answered: 1 week ago

Question

★★★★★

Understand service quality, its dimensions and measurement, and how quality relates to customer loyalty.

Answered: 1 week ago

Previous Question Next Question