Module 3

Cryptographic Hashes, Message

Digests, Digital Certificates
 Message Authentication
• Message authentication refers to the mechanism
used to ensure that the integrity of the received
message has been preserved – that the message
has not been altered during transmission.
• It also assures the receiver that the message has
originated from the intended sender and not
from any intruder.
• Thus, a message is said to be authentic if the
message has not been altered and has come from
the actual sender.
 Types of attacks addressed by
authentication
• Masquerade
– messages from a fraud source are put into the network
– an intruder impersonates an authorized entity
– fake acknowledgements
• Modification of the message
– making certain modifications in the contents of the
captured message
– insert, delete or transpose the contents
• Timing modification
– delaying or replaying the messages being transmitted.
– entire session or individual message can be delayed or
replayed
 Types of authentication functions
• Each authentication mechanism involves the
use of a function to produce a value to be
used for authenticating a message.
• This value is known as the authenticator.
• The authenticator enables the recipient of the
message to verify the authenticity of the
message.
 Types of authentication functions
• Message encryption
– In this class, the authenticator of the message is
the ciphertext that is produced after encrypting
the entire plaintext.
• Message authentication code (MAC)
– In this class, the authenticator of the message is a
fixed length value that is generated by applying a
function on the message and the secret key.
 Types of authentication functions
• Hash function
– In this class, a hash function (also called message
digest algorithm) is applied on a variable-length
message to produce a fixed-length output that
acts as the authenticator of the message.
 Message Authentication Code (MAC)
• Message authentication code (MAC) is a piece of
information used to authenticate a message being
transmitted between two communicating parties.
• A MAC algorithm is applied on an arbitrary- length
message to be authenticated and the common secret
key shared between the parties to generate a small
fixed-size block of data called cryptographic checksum
(or MAC ).
• The calculated MAC is concatenated with the original
message, and the message plus MAC are then sent to
the receiver.
 Message Authentication Code (MAC)
• Let A and B be two parties that share a
common secret key K .
• When A wants to send a message (say, M ) to
B , it computes MAC by applying the MAC
algorithm (say, C ) on message M and secret
key K , as shown here:
MAC = C(K, M)
 Message Authentication Code (MAC)
• After MAC has been computed, A sends the
message M and MAC to B through the network.
• On receiving, B distinguishes the message M from
MAC and applies the same MAC algorithm C on
the message M and the secret key K to generate
MAC′ .
• Then, MAC′ and MAC are compared to determine
whether they are the same.
• If so, then message integrity and sender’s
authenticity are proved.
Message authentication using MAC
 Message Authentication Code (MAC)
• MAC is different from message encryption in
the sense that the MAC algorithm is not
required to be reversible as it should be for
decryption at the receiver’s end.
• Useful in following situations:
– When the same message has to be broadcasted to
several destinations
– When the receiving side is heavily loaded and
cannot decrypt all the messages.