Manipulation detection codes (MDCs) are cryptographic check-sums applied to electronic machines, designed to detect intentional (or accidental) changes in the message. MDCs can be used in electronic funds transfer, satellite control, and other applications. The paper describes MDCs that are computed with publicly known quantities and later encrypted with a secret key.
The paper describes several possible threats facing the designer of an MDC, including:
(1) “Insider attack:” If an attacker is able to present legitimate messages for signature, he or she needs only to create a legitimate message and a bogus message with the same MDC in order to spoof the system. This is generally easier than producing a bogus message to match a given MDC.
(2) “Birthday attack:” In many instances, including the insider attack, one can spoof an n-bit MDC using computation time only the square-root of the apparent 2n.
(3) “Playback attack:” The attacker replays a previous valid message along with its signed MDC. This possibility necessitates a time-varying component of the MDC.
A secure MDC is difficult to achieve. The paper’s primary goal is a secure and computationally efficient MDC, dubbed QCMDCV4, based on modular arithmetic and bit manipulation. Here it fails; the described scheme is insecure (a fact apparently not noted elsewhere); its simple construction allows a direct attack. The reader is hereby warned against its implementation. The author presents this fairly technical material in a manner accessible to a general engineering audience. The background material on attacks and applications is worthwhile. A more secure scheme in place of the QCMDCV4 would have been welcome.
