HTEE: AN HMAC BASED TAMPER EVIDENT ENCRYPTION

Bradley Baker, C. Edward Chow

Abstract

This paper presents a HMAC based Temper Evident Encryption (HTEE) technique for providing confidentiality and integrity of numeric data in a database environment through an encryption scheme based on the keyed Hash Message Authentication Code (HMAC) function. The encryption scheme implemented in this project extends and improves an existing HMAC based encryption scheme. The result is a symmetric encryption process which detects unauthorized updates to ciphertext data, verifies integrity and provides confidentiality. This encryption scheme provides an alternative to standard approaches that offer confidentiality and integrity of data such as combining the Advanced Encryption Standard (AES) algorithm with a hash digest. The purpose of the scheme is to provide a straightforward and efficient encryption that supports data integrity, to investigate the use of HMAC for reversible encryption and key transformation, and to improve upon an existing method.

References

  1. Brad Baker, 2009a "Analysis of an HMAC Based Database Encryption Scheme," UCCS Summer 2009 Independent study July. 2009 URL: http://cs.uccs.edu/gsc/pub/master/bbaker/doc/ final_paper_bbaker_cs592.doc
  2. Brad Baker, 2009b “Tamper Evident Encryption of Integers using keyed Hash Message Authentication Code” Project materials and documentation. December 2009 URL = http://cs.uccs.edu/gsc/pub/master/ bbaker/
  3. Forouzan, Behrouz A. 2008. Cryptography and Network Security. McGraw Hill higher Education. ISBN 978-0- 07-287022-0
  4. Mihir Bellare; Ran Canetti; Hugo Krawczyk; “Keying Hash Functions for Message Authentication”, IACR Crypto 1996 URL: http://cseweb.ucsd.edu/ users/mihir/papers/kmd5.pdf
  5. Mihir Bellare, “Attacks on SHA-1,” 2005 URL: http://www.openauthentication.org/pdfs/Attacks%20o n%20SHA-1.pdf
  6. Mihir Bellare, “New Proofs for NMAC and HMAC: Security without Collision-Resistance,” IACR Crypto 2006. URL: http://eprint.iacr.org/2006/043.pdf
  7. Ran Canetti, “The HMAC construction: A decade later,” 2007. URL: http://people.csail.mit.edu/canetti/ materials/hmac-10.pdf
  8. Scott Contini; Yiqun Lisa Yin, “Forgery and Partial KeyRecovery Attacks on HMAC and NMAC using Hash Collisions (Extended Version),” 2006 URI: http:// eprint.iacr.org/2006/319.pdf
  9. Pierre-Alain Fouque; Gaëtan Leurent; Phong Q. Nguyen, "Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5," IACR Crypto 2007 URL: ftp://ftp.di.ens.fr/pub/users/pnguyen/Crypto07. pdf
  10. Vishal Kher; Yongdae Kim, “Securing Distributed Storage: Challenges, Techniques, and Systems” Workshop On Storage Security And Survivability, Nov. 2005 URL = http://doi.acm.org/10.1145/ 1103780.1103783
  11. Jongsung Kim; Alex Biryukov; Bart Preneel; and Seokhie Hong, “On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1”, 2006. URL: http://eprint.iacr.org/2006/187.pdf
  12. Dong Hyeok Lee; You Jin Song; Sung Min Lee; Taek Yong Nam; Jong Su Jang, 2007 "How to Construct a New Encryption Scheme Supporting Range Queries on Encrypted Database," Convergence Information Technology, 2007. International Conference on , vol., no., pp.1402-1407, 21-23 Nov. 2007. URL: http:// ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=44204 52&isnumber=4420217
  13. NIST, March 2002. FIPS Pub 198 HMAC specification. URL = http://csrc.nist.gov/publications/fips/fips198/ fips-198a.pdf
  14. Kyriacos Pavlou; Richard Snodgrass, “Forensic Analysis of Database Tampering,” ACM Transactions on Database Systems (TODS), 2008. URL = http:// doi.acm.org/10.1145/1412331.1412342
  15. PostgreSQL, October 2009. Server Documentation. URL= http://www.postgresql.org/docs/8.4/static/index.html
  16. Yu Sasaki, “A Full Key Recovery Attack on HMACAURORA-512,” 2009 URL: http://eprint.iacr.org/ 2009/125.pdf
  17. Gopalan Sivathanu; Charles P. Wright; and Erez Zadok, “Ensuring data integrity in storage: techniques and applications,” Workshop On Storage Security And Survivability, Nov. 2005 URL = http://doi.acm.org/ 10.1145/1103780.1103784
  18. Torres et al. 2006a
  19. Elbaz, R.; Torres, L.; Sassatelli, G.; Guillemin, P.; Bardouillet, M.; Rigaud, J.B., 2006a "How to Add the Integrity Checking Capability to Block Encryption Algorithms," Research in Microelectronics and Electronics 2006, Ph. D. , vol., no., pp.369-372, 0-0 0 URI: http://ieeexplore.ieee.org/stamp/stamp.jsp? arnumber=1689972&isnumber=35631
  20. Torres et al. 2006b
  21. Elbaz, R.; Torres, L.; Sassatelli, G.; Guillemin, P.; Bardouillet, M., 2006b "PE-ICE: Parallelized Encryption and Integrity Checking Engine," Design and Diagnostics of Electronic Circuits and systems, 2006 IEEE, vol., no., pp.141-142, 0-0 0. URL: http:// ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=16495 95&isnumber=34591
Download


Paper Citation


in Harvard Style

Baker B. and Edward Chow C. (2010). HTEE: AN HMAC BASED TAMPER EVIDENT ENCRYPTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 196-205. DOI: 10.5220/0002997301960205


in Bibtex Style

@conference{secrypt10,
author={Bradley Baker and C. Edward Chow},
title={HTEE: AN HMAC BASED TAMPER EVIDENT ENCRYPTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={196-205},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002997301960205},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - HTEE: AN HMAC BASED TAMPER EVIDENT ENCRYPTION
SN - 978-989-8425-18-8
AU - Baker B.
AU - Edward Chow C.
PY - 2010
SP - 196
EP - 205
DO - 10.5220/0002997301960205