The use of cryptographic hash functions like MD5 or SHA for message authentication has become a standard approach inmanyInternet applications and protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitativeway, that the schemes retain almost all the security of the underlying hash function. In addition our schemes are e cient and practical. Their performance is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.

Recent papers have taken a new look at cryptographic protocols from the perspective of proposing design principles. For years the main approach to cryptographic protocols has been logical, and a number of papers have examined the limitations of those logics. This paper takes a similar cautionary look at the design principal approach. Limitations and exceptions are offered on some of the previously given basic design principals. The focus is primarily on public key protocols, especially on the order of signature and encryption. But, other principles are discussed as well. Apparently secure protocols that fail to meet principles are presented. Also presented are new attacks on protocols as well as previously claimed attacks which are not. 1. Introduction Protocols employing cryptography for key distribution, authenticated and/or confidential data exchange, and a host of other applications have been around for a long time. And, analysis and modelling techniques for evaluating cryptograph...

Abstract. When the safety community designs their systems to also maintain security properties, it is likely that public-key encryption will be among the tools that are applied. The security guarantees of this technology are based on a particular model of computation. We present the properties of this model that are relevant in the setting of distributed systems. Of particular importance is that the model has no notion of time. From this it follows that systems that need to be available must exercise the utmost care before applying public-key encryption in any form. We discuss the relation between public-key encryption and timeliness, the tradeoffs that must be made at design time, and how the property of (lack of) availability might very well contaminate other system components. 1

Telematics applications are complex, distributed systems which manage multimedia, structured and large sets of information. The design and development of these complex applications requires a careful evaluation of which are the more appropriate technologies to create the development environment used to build the applications, as well as the operating environment needed to run them. The STARTEL project aims at surveying, comparing, and classifying existing technologies that can be used to build the infrastructure for development and operating environments in the telematics domain. This part of the document reports the results of WP2, i.e., an overview and classification of the technologies available to the

Linköpings tekniska högskola