Length extension attack

Abstract: A dynamic network security system (20) responds to a security attack (92) on a computer network (22) having a multiplicity of computer nodes (24). The security system (20) includes a plurality of security agents (36) that concurrently detect occurrences of security events (50) on associated computer nodes (24). A processor (40) processes the security events (50) that are received from the security agents (36) to form an attack signature (94) of the attack (92). A network status display (42) displays multi-dimensional attack status information representing the attack (92) in a two dimensional image to indicate the overall nature and severity of the attack (92). The network status display (42) also includes a list of recommended actions (112) for mitigating the attack. The security system (20) is adapted to respond to a subsequent attack that has a subsequent signature most closely resembling the attack signature (94).

Abstract: This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative FIPS-approved cryptographic hash function, in combination with a shared secret key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. The HMAC specification in this standard is a generalization of Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI X9.71, Keyed Hash Message Authentication Code.

Abstract: Smart grid has emerged as the next generation of power grid, due to its reliability, flexibility, and efficiency. However, smart grid faces some critical security challenges such as the message injection attack and the replay attack. If these challenges cannot be properly addressed, an adversary can maliciously launch the injected or replayed message attacks to degrade the performance of smart grid. To cope with these challenging issues, in this paper, we propose an efficient authentication scheme that employs the Merkle hash tree technique to secure smart gird communication. Specifically, the proposed authentication scheme considers the smart meters with computation-constrained resources and puts the minimum computation overhead on them. Detailed security analysis indicates its security strength, namely, resilience to the replay attack, the message injection attack, the message analysis attack, and the message modification attack. In addition, extensive performance evaluation demonstrates its efficiency in terms of computation complexity and communication overhead.