揭示ISO/IEC 9797-1 MACs安全漏洞:超越生日界限的攻击研究

研究论文
2 下载量 104 浏览量 更新于2024-07-15 收藏 515KB PDF 举报
本文主要探讨了ISO/IEC 9797-1:2011国际标准中关于基于块密码的消息认证码(MAC)的安全性问题。ISO/IEC 9797-1标准提出了六种单次通过的CBC(Cipher Block Chaining)类似结构的MAC算法,这些算法的设计目标是提供与生日攻击相关的安全性,即所谓的"生日安全"。然而,当需要超越这一安全边界,提高到更高级别的安全性时,该标准推荐采用两个单次MAC的串联组合器。 作者Yaobin Shen和Lei Wang在本研究中揭示了这种建议的局限性。他们展示了对串联组合器的一种生日攻击方法,这是基于Joux的多碰撞概念。值得注意的是,他们针对两个MAC算法(Algorithm 1和带有填充方案2的MAC)的串联攻击仅需3个查询,这表明当前推荐的解决方案并非如预期般能提供超越生日安全的保护。这项工作的重要性在于它挑战了当前标准的安全假设,并提出了一个实际可行的攻击手段。 为了弥补这一漏洞,论文作者重新审视了ISO/IEC 9797-1的发展过程,可能寻找改进MAC设计或者提出新的安全策略,以抵御此类攻击。这包括对现有MAC算法的增强、新型构造方法的研究,以及对标准制定者提出的建议,以便在保持实用性和安全性之间找到平衡。这篇论文不仅对现有的信息安全实践提出了质疑,也对后续的MAC标准制定和现有系统的安全性评估提供了重要的洞见。因此,对于任何依赖ISO/IEC 9797-1或类似MAC技术的系统来说,理解并评估这篇论文的结果是至关重要的。

ISO 9797 part 1

2016-06-15 上传
ISO 9797

#! /bin/sh echo -e "====== Start Test EVS(snapshot) " testRes="false" cat << EOF | kubectl apply -f - apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: evs-sc provisioner: evs.csi.huaweicloud.com allowVolumeExpansion: true parameters: type: SSD reclaimPolicy: Delete --- apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: evs-snapshot-class driver: evs.csi.huaweicloud.com deletionPolicy: Delete parameters: force-create: "false" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: evs-snapshot-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: evs-sc EOF for (( i=0; i<4; i++)); do lines=`kubectl get pvc | grep evs-snapshot-pvc | grep Bound | wc -l` if [ "$lines" = "1" ]; then testRes="true" else testRes="false" fi sleep 5 done cat << EOF | kubectl create -f - apiVersion: v1 kind: Pod metadata: name: test-snapshot-demo1 spec: containers: - image: nginx imagePullPolicy: IfNotPresent name: nginx command: ["/bin/sh"] args: ["-c", "while true; do echo $(date -u) >> /var/lib/www/html/outfile; sleep 1; done"] ports: - containerPort: 80 protocol: TCP volumeMounts: - mountPath: /var/lib/www/html name: csi-data-evs volumes: - name: csi-data-evs persistentVolumeClaim: claimName: evs-snapshot-pvc readOnly: false EOF for (( i=0; i<10; i++)); do lines=`kubectl get pod | grep test-snapshot-demo1 | grep Running | wc -l` if [ "$lines" = "1" ]; then testRes="true" else testRes="false" fi sleep 5 done

2023-07-15 上传
4. 创建一个名为 "test-snapshot-demo1" 的 Pod,其中包含一个 nginx 容器和一个与持久卷声明 "evs-snapshot-pvc" 关联的卷。 在脚本的最后,使用循环检查 PVC 和 Pod 的状态,如果它们成功运行,则将 `testRes` ...

oidc-client-bound-assertions-spec:用于证书颁发的OpenID Connect扩展

2021-03-31 上传
OpenID Connect凭证提供者 之前的版本 该存储库是规范草案的来源,用于扩展OpenID Connect提供程序以支持证书的颁发,从而支持围绕身份信息联合共享的新方法。 贡献 主要规范是用markdown编写的,但是要预览您在...

掌握UF-DRAW-define-bound-by-objects: NX二次开发利器

点击了解资源详情
资源摘要信息:"NX二次开发UF-DRAW-define-bound-by-objects 函数介绍" 知识点: 1. NX二次开发 - NX是由西门子PLM软件公司开发的一款高端计算机辅助设计(CAD)、计算机辅助工程(CAE)和计算机辅助制造(CAM)...

Code Details 500 Error: Response body { "timestamp": "2023-06-06T06:04:50.468+0000", "status": 500, "error": "Internal Server Error", "message": "Invalid bound statement (not found): com.youzi.mapper.GuanggaoTypeMapper.selectById", "path": "/ads-api/queryPage" }

2023-06-07 上传
错误信息显示 "Invalid bound statement (not found): com.youzi.mapper.GuanggaoTypeMapper.selectById",这意味着你的应用程序无法找到指定的绑定语句。这可能是因为语句的名称或路径不正确,或者语句没有被正确地...

kind: PersistentVolumeClaim apiVersion: v1 metadata: name: minio1 annotations: kubesphere.io/creator: '75093' pv.kubernetes.io/bind-completed: 'yes' pv.kubernetes.io/bound-by-controller: 'yes' volume.beta.kubernetes.io/storage-provisioner: fs.csi.cloudstore finalizers: - kubernetes.io/pvc-protection spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi volumeName: pvc-6a0d73ae-9108-48be-bdfd-b2373fddab34 storageClassName: cloudstore volumeMode: Filesystem

2023-07-14 上传
根据您提供的 PersistentVolumeClaim(PVC)的定义,看起来您正在使用名为 `minio1` 的 PVC,并且请求的存储容量为 10Gi。该 PVC 使用的存储插件为 `fs.csi.cloudstore`,存储类名为 `cloudstore`。 请确保以下几点...

[2023-06-03T16:39:50,544][INFO ][o.e.b.BootstrapChecks ] [node-1] bound or publishing to a non-loopback address, enforcing bootstrap checks

2023-06-04 上传
这是一个 Elasticsearch 的日志信息,表示 Elasticsearch 节点正在绑定或发布到非回环地址,并正在执行引导检查。Elasticsearch 会在节点启动时执行引导检查以确保配置正确,并尝试防止一些常见的问题。...

java.lang.IllegalStateException: Failed to execute CommandLineRunner at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:798) [spring-boot-2.3.4.RELEASE.jar:2.3.4.RELEASE] at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:779) [spring-boot-2.3.4.RELEASE.jar:2.3.4.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:322) [spring-boot-2.3.4.RELEASE.jar:2.3.4.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) [spring-boot-2.3.4.RELEASE.jar:2.3.4.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) [spring-boot-2.3.4.RELEASE.jar:2.3.4.RELEASE] at com.unkown.data.hw.ipran.straight.collect.UnkownDataHwIpranStraightCollectApplication.main(UnkownDataHwIpranStraightCollectApplication.java:39) [classes/:na] Caused by: org.apache.ibatis.binding.BindingException: Invalid bound statement (not found): com.unkown.data.hw.ipran.straight.collect.dao.RTrsHwIpranCircuitDao.queryById at org.apache.ibatis.binding.MapperMethod$SqlCommand.<init>(MapperMethod.java:235) ~[mybatis-3.5.5.jar:3.5.5] at org.apache.ibatis.binding.MapperMethod.<init>(MapperMethod.java:53) ~[mybatis-3.5.5.jar:3.5.5] at org.apache.ibatis.binding.MapperProxy.lambda$cachedInvoker$0(MapperProxy.java:115) ~[mybatis-3.5.5.jar:3.5.5] at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660) ~[na:1.8.0_271] at org.apache.ibatis.binding.MapperProxy.cachedInvoker(MapperProxy.java:102) ~[mybatis-3.5.5.jar:3.5.5] at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:85) ~[mybatis-3.5.5.jar:3.5.5] at com.sun.proxy.$Proxy108.queryById(Unknown Source) ~[na:na] at com.unkown.data.hw.ipran.straight.collect.service.impl.RTrsHwIpranCircuitServiceImpl.queryById(RTrsHwIpranCircuitServiceImpl.java:29) ~[classes/:na] at com.unkown.data.hw.ipran.straight.collect.controller.RTrsHwIpranCircuitController.IpranSend(RTrsHwIpranCircuitController.java:54) ~[classes/:na] at com.unkown.data.hw.ipran.straight.collect.MyRunner.run(MyRunner.java:24) ~[classes/:na] at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:795) [spring-boot-2.3.4.RELEASE.jar:2.3.4.RELEASE] ... 5 common frames omitted

2023-05-18 上传
1. 确认 SQL 语句是否正确,以及是否在 MyBatis 的 Mapper 文件中正确定义了这个语句。 2. 确认 Mapper 文件是否被正确加载,并且命名空间和语句 ID 是否与代码中的调用一致。 3. 确认是否正确配置了 MyBatis 的扫描...

Failed binding to auth address * port 1812 bound to server default: Address alreadv in use/etc/freeradius/3.0/sites-enabled/default[597: Error binding to port for 0.0.0. port 1812

2023-05-25 上传
1. 打开FreeRADIUS配置文件 `/etc/freeradius/3.0/sites-enabled/default` 2. 找到下面两行代码: ``` listen { type = auth ipaddr = * port = 1812 } ``` 3. 将 `port` 改为其他未被占用的端口号,例如 `port...

ource Type VolumeSnapshot by Name new-snapshot-demo: snapshot new-snapshot-demo not bound I0714 08:37:27.829848 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"snapshot-demo-restore", UID:"8dd75b4b-9a16-4940-b078-7088a672a649", APIVersion:"v1", ResourceVersion:"2855605", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "evs-sc": error getting handle for DataSource Type VolumeSnapshot by Name new-snapshot-demo: snapshot new-snapshot-demo not bound I0714 08:38:13.719937 1 controller.go:1279] provision "default/snapshot-demo-restore" class "evs-sc": started I0714 08:38:13.720202 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"snapshot-demo-restore", UID:"8dd75b4b-9a16-4940-b078-7088a672a649", APIVersion:"v1", ResourceVersion:"2868531", FieldPath:""}): type: 'Normal' reason: 'Provisioning' External provisioner is provisioning volume for claim "default/snapshot-demo-restore" W0714 08:38:13.723506 1 controller.go:933] Retrying syncing claim "8dd75b4b-9a16-4940-b078-7088a672a649", failure 31 E0714 08:38:13.723534 1 controller.go:956] error syncing claim "8dd75b4b-9a16-4940-b078-7088a672a649": failed to provision volume with StorageClass "evs-sc": error getting handle for DataSource Type VolumeSnapshot by Name new-snapshot-demo: snapshot new-snapshot-demo not bound I0714 08:38:13.723562 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"snapshot-demo-restore", UID:"8dd75b4b-9a16-4940-b078-7088a672a649", APIVersion:"v1", ResourceVersion:"2868531", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "evs-sc": error getting handle for DataSource Type VolumeSnapshot by Name new-snapshot-demo: snapshot new-snapshot-demo not bound

2023-07-15 上传
1. 确保卷快照"new-snapshot-demo"存在并已正确创建。 2. 检查StorageClass "evs-sc"的配置,确保其与卷快照匹配。 3. 检查您的配置和权限,确保您具有正确的权限来访问和管理卷快照。 4. 如果问题仍然存在,请尝试...
weixin_38659374
  • 粉丝: 0
  • 资源: 966
上传资源 快速赚钱

最新资源