Subverting MAC: How authentication in mobile environment can be undermined

Fatema Al Mansoori, Joonsang Baek, Khaled Salah

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Due to its efficiency, message authentication code (MAC) has widely been used to provide data integrity and authentication in the mobile computing environment. Subverting MAC schemes will have serious consequences as it undermines the authentication services that the MAC schemes are supposed to offer in such environment, for example, authentication for mobile payments and secure software updates in mobile devices. Subverting cryptographic schemes and protocols by subliminally modifying or replacing some parts of legitimate implementation of cryptography is newly conceptualized as 'algorithmic substitution attack (ASA)', and is receiving a great deal of attention recently. In this paper, we investigate issues related to the ASA on MAC: First, we formalize security notions for MAC against ASA. We then show that the randomized MAC, a popular scheme proposed to improve the security of MAC, is vulnerable to ASA. Furthermore, we discuss how our subversion attack can be applied to the EAP-PSK protocol (a pre-shared key extensible authentication protocol method), widely used in wireless networks including IEEE 802.11.

Original languageBritish English
Title of host publication2016 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages870-874
Number of pages5
ISBN (Electronic)9781467399555
DOIs
StatePublished - 6 Sep 2016
Event35th IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016 - San Francisco, United States
Duration: 10 Apr 201614 Apr 2016

Publication series

NameProceedings - IEEE INFOCOM
Volume2016-September
ISSN (Print)0743-166X

Conference

Conference35th IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2016
Country/TerritoryUnited States
CitySan Francisco
Period10/04/1614/04/16

Fingerprint

Dive into the research topics of 'Subverting MAC: How authentication in mobile environment can be undermined'. Together they form a unique fingerprint.

Cite this