Abstract: Message authentication, the most important equipment for access control, is a technique to prevent a message from being invalid modified during transmission across Internet. Its security involves the unforgeability only. However, in the access control practice it is usually combined with data encryption to implement secure channels, in which we would like the authentication tag does not disclose the message information (e.g., SSH). We refer to this problem as the tag secrecy of authentication and deal with it in this paper. We present a new security notation, tIND-CMA (tag-indistinguishability against Chosen-Message Attacks), to characterize the tag secrecy of an authentication scheme, discuss its application to implementing secure channels. The results show that, for some common modes of encryption, CBC (cipher-block chaining) and OTP (one time pad) or CTR(counter), a tIND-CMA secure authentication scheme enables the MAC-and-Encrypt to be otherwise insecure to implement secure channels.
Zhenyu Hu , Dongdai Lin and Wenling Wu , 2006. The Tag Secrecy of Authentication and its Application to Implementing Secure Channels. Asian Journal of Information Technology, 5: 298-305.