Abstract
The SecurID hash function is used for authenticating users to a corporate computer infrastructure. We analyse an alleged implementation of this hash function. The block cipher at the heart of the function can be broken in few milliseconds on a PC with 70 adaptively chosen plaintexts. The 64-bit secret key of 10% of the cards can be discovered given two months of token outputs and 248 analysis steps. A larger fraction of cards can be covered given more observation time.
The work described in this paper has been supported by the Concerted Research Action (GOA) Mefisto.
Chapter PDF
Similar content being viewed by others
Keywords
References
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)
Biryukov, A., Lano, J., Preneel, B.: Cryptanalysis of the Alleged SecurID Hash Function (2003) (extended version), http://eprint.iacr.org/2003/162/
Contini, S.: The Effect of a Single Vanishing Differential on ASHF, sci.crypt post, September 6 (2003)
Internet Security, Applications, Authentication and Cryptography, University of California, Berkeley, GSM Cloning, http://www.isaac.cs.berkeley.edu/isaac/gsmfaq.html
McLellan, V.: Re: SecurID Token Emulator, post to BugTraq, http://cert.unistuttgart.de/archive/bugtraq/2001/01/msg00090.html
Mudge, K.: Initial Cryptanalysis of the RSA SecurID Algorithm, http://www.atstake.com/research/reports/acrobat/initial_securid_analysis.pdf
Preneel, B., van Oorschot, P.: MDx-MAC and Building Fast MACs From Hash Functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995)
Preneel, B., van Oorschot, P.: On the Security of Two MAC Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19–32. Springer, Heidelberg (1996)
RSA security website, http://www.rsasecurity.com/company/news/releases/pr.asp?doc_id=1543
Wiener, I. C.: Sample SecurID Token Emulator with Token Secret Import, post to BugTraq, http://archives.neohapsis.com/archives/bugtraq/2000-12/0428.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biryukov, A., Lano, J., Preneel, B. (2004). Cryptanalysis of the Alleged SecurID Hash Function. In: Matsui, M., Zuccherato, R.J. (eds) Selected Areas in Cryptography. SAC 2003. Lecture Notes in Computer Science, vol 3006. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24654-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-24654-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21370-3
Online ISBN: 978-3-540-24654-1
eBook Packages: Springer Book Archive