论文信息 - Practical attack on NLM-MAC scheme

Practical attack on NLM-MAC scheme

The NLM stream cipher designed by Hoon Jae Lee, Sang Min Sung, Hyeong Rag Kim is a strengthened version of the LM summation generator that combines linear and non-linear feedback shift registers. In recent works, the NLM cipher has been used for message authentication in lightweight communication over wireless sensor networks and for RFID authentication protocols. The work analyses the security of the NLM stream cipher and the NLM-MAC scheme that is built on the top of the NLM cipher. We first show that the NLM cipher suffers from two major weaknesses that lead to key recovery and forgery attacks. We prove the internal state of the NLM cipher can be recovered with time complexity about nlog7×2, where the total length of internal state is 2⋅n+22⋅n+2 bits. The attack needs about n2n2 key-stream bits. We also show adversary is able to forge any MAC tag very efficiently by having only one pair (MAC tag, ciphertext). The proposed attacks are practical and break the scheme with a negligible error probability.

Ron Steinfeld | Josef Pieprzyk | Mohammad Ali Orumiehchiha

[1] Rainer A. Rueppel,et al. Correlation Immunity and the Summation Generator , 1985, CRYPTO.

[2] Hoon-Jae Lee,et al. On an improved summation generator with 2-bit memory , 2000, Signal Process..

[3] HyeongRag Kim,et al. NLM-128, an Improved LM-Type Summation Generator with 2-Bit memories , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[4] HoonJae Lee,et al. Hardware Implementation and Performance Analysis of NLM-128 Stream Cipher , 2011, ICHIT.

[5] Young Sil Lee,et al. RFID mutual authentication protocol with Unclonable RFID-tags , 2011, International Conference on Mobile IT Convergence.

[6] Daewan Han,et al. An algebraic attack on the improved summation generator with 2-bit memory , 2005, Inf. Process. Lett..

[7] Simon J. Shepherd,et al. Cryptanalysis of a summation generator with 2-bit memory , 2002, Signal Process..

[8] Young-Sil Lee,et al. Mutual Authentication Protocol for Enhanced RFID Security and Anti-counterfeiting , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[9] Hoon-Jae Lee,et al. NLM-MAC: Lightweight Secure Data Communication Framework Using Authenticated Encryption in Wireless Sensor Networks , 2012 .

[10] Lee-Ming Cheng,et al. Correlation properties of an improved summation generator with 2-bit memory , 2002, Signal Process..