Authentication Protocols Based on Advanced Encryption Standard (AES)

For the last three decades, hash functions have been an essential element of the cryptography used for securing computers and electronic communications. The SmartDongle is a flash drive produced by MicroWorks and is meant to secure data and assure authorized use of software. In this project, we investigate the security of certain cryptographic techniques used in the current implementation of the SmartDongle’s authentication protocol. In particular, we analyze how the use of Merkle-Damgard hash functions based on a simplified version of the Advanced Encryption Standard (AES) can affect the SmartDongle's security. Our study involves extensive computational experimentation and analysis that produced a range of conjectures about the security of the SmartDongle. Merkle-Damgard Schema The Merkle-Damgard Schema is a function that can be used in producing a collision-resistant hash function. The message (M) is split into blocks of a fixed size which are then computed through AES individually. The output from the previous computation is then used as the key in the following computation, until all blocks have been computed. The final output is then the hashed text. Project Summary We investigated the security of the SmartDongle Device produced by MicroWorks. The fundamental security idea is that the device computes and communicates ‘x, y’ pairs from a given equation. The security was based on the computational difficulty of determining the parameter ‘A’ of the equation y = Ax mod n given these ‘x’ and ‘y’ values. • We developed Java software to compute the possible ‘A’ values that would satisfy the given ‘x’ and ‘y’ values. • This software would export large amounts of data to Excel which would then be used to create graphs of the ‘A’ values. • Using these graphs, we discovered patterns that assisted in finding the correct ‘A’ values when they were unknown • We created a hash function based on AES and the Merkle-Damgard Schema to hash the ‘y’ values. • We developed software that would compute the values of the original protocol and the hashed protocol • These values would then be exported to Excel and graphed for the purpose of comparison. • The pattern previously followed by the correct ‘A’ value was disguised, though all possible ‘A’ values converged where ‘x’ was equal to a factor of ‘n’. • Rehashing ‘y’ a number of times based on A modulo the factor of n eliminated these collisions. Regular Protocol AES Hashed Protocol The pattern of the regular protocol is easily identifiable and vulnerable to attack due to its predictability with just a small amount of data collection. There are also several collision points, making it possible for imposter dongles to authenticate. The pattern of ‘A’ value is disguised by AES encryption of the ‘y’ value. However, all possible ‘A’ values converge to the same value where x is equal to a factor of ‘n.’ This is an algebraic vulnerability of the function that exists with or without hashing any values. Main Result Though some encryption schemes run into a problem of reversing the encryption in repeated applications of the encryption, AES does not appear to suffer from this, allowing us to eliminate collisions by rehashing ‘y’ a number of times based on a modulus of A that is equal to the factor of n (in this example, A mod 3). We successfully disguise A while ensuring that ‘y’ is not hashed to the same value at a given ‘x’ for any other possible A.