Professional Documents
Culture Documents
July 2011
Message Authentication Problem
Message Authentication is concerned with:
protecting the integrity of a message
validating identity of originator
How to detect changes by adversary to message?
Ancient solution :
sign and seal
More technique: break to message part and
authenticator part (“tag”)
How to do this digitally?
Create a tag t(M) and send tag securely
Communication without authentication
Very easy..
M M’
Alice Bob
M M’
Alice Bob
Key : k Key : k
If I do not send M,
Alice Bob then Alice must
have sent it.
M
Key : k Key : k
MAC (k,M)
MAC Authentication (II)
MAC allows two or more mutually trusting parties to
authenticate messages sent between members
Alice Bob
M
Key : k Key : k
Key : k
Integrity with Hash
Forge M’ and
compute h(M’)
Eve
No shared key
M M’
h (M) h (M)
Alice Bob
Can we simply send the hash with the message to serve message authentication ?
Ans: No, Eve can change the message and recompute the hash.
Using hash needs more appropriate procedure to guarantee integrity
Message Authentication Code
➢ A function of the message and a secret key that produces a
fixed-length value that serves as the authenticator
➢ Generated by an algorithm :
➢ generated from message + secret key : MAC = C(K,M)
➢ A small fixed-sized block of data
➢ appended to message as a signature when sent
➢ Receiver performs same computation on message and checks
it matches the MAC
MAC and Encryption
➢ Asshown the MAC provides authentication
➢ But encryption can also provides authentication!
➢ Why use a MAC?
⚫ sometimes only authentication is needed
⚫ sometimes need authentication to persist longer than the
encryption (eg. archival use)
➢ Note that a MAC is not a digital signature
MAC Properties
➢ A MAC is a cryptographic checksum
MAC = CK(M)
⚫ condenses a variable-length message M
⚫ using a secret key K
⚫ to a fixed-sized authenticator
➢ A many-to-one function
⚫ potentially many messages have same MAC
⚫ but finding these needs to be very difficult
Keyed Hash Functions as MACs
➢ Want a MAC based on a hash function
⚫ because hash functions are generally faster
⚫ crypto hash function code is widely available
➢ Need a hashing including a key along with message
➢ But hashing is internally has no key!
➢ Original proposal:
KeyedHash = Hash(Key|Message)
⚫ some weaknesses were found with this
17
Summary
➢ A Hash is used to guarantee the integrity of data, a MAC
guarantees integrity AND authentication
➢ A Hash take a single input – a message and produces a
message digest
➢ A MAC algorithm takes two inputs -- a message and a
secret key -- and produces a MAC
➢ A HMAC algorithm is simply a specific type of MAC
algorithm that uses a hash algorithm internally to
generate the MAC
➢ A CMAC algorithm is a specific type of MAC algorithm
that uses a block cipher internally to generate the MAC