UNIT-IV

MESSAGE AUTHENTICATION AND

INTEGRITY

Prepared By:
Dr. Somya Dubey
 Content
 Authentication requirement
 Authentication function – MAC – Hash function
 SHA
 Digital signature and authentication protocols – DSS
 Entity Authentication: Biometrics, Passwords
 Challenge Response protocols- Authentication applications
,Kerberos, X.509
 Authentication Requirements

 Authentication helps establish trust by identifying the particular user/system.

 Authentication ensures that the claimant is really who he/she claims to be.
 Authentication is the first step in any cryptographic solution.
 Message authentication is a procedure to verify that received messages come from the
alleged source and have not been altered. Message authentication may also verify
sequencing and timeliness.
 A digital signature is an authentication technique that also includes measures to counter
repudiation by either source or destination.
 There is no use of encryption without authentication.
 In the context of communications across a network, the following attacks can be
identified:
 1. Disclosure
 2. Traffic analysis: Discovery of the pattern of traffic between parties.
 3. Masquerade: Insertion of messages into the network from a fraudulent source.
 4. Content Modification: Changes to the contents of a message, including
insertion,
 5. Sequence modification: Any modification to a sequence of messages
 6. Timing modification: Delay or replay of messages.
 7. Repudiation: Denial of receipt of message by destination or denial of
transmission
 History of Authentication
 A timeline of digital authentication
 1960s: Passwords and encryption
In 1961, Corbato created a password program to use on the MIT computer system. By the late 1960s,
programmers worked to develop a stronger password solution—one that wasn’t stored in plaintext files.
Robert Morris, a cryptographer at Bell Labs, developed a password encryption scheme while working on
Unix. It used a key derivation function that calculates a secret value and makes it easy to compute in one
direction, but not in the opposite.
 1970s: Asymmetric cryptography
Asymmetric cryptography, also known as public-key cryptography, uses a mathematically related pair of
keys—one public and one private—to encrypt and decrypt information. Asymmetric cryptography was
developed in the 1970s by UK government employees, James Ellis, Clifford Cocks, and Malcolm J.
Williamson. However, this knowledge was not made public until 1997.
Contd..
 1980s: Dynamic passwords
Traditional passwords quickly became insufficient as technology advanced. Passwords were
easily guessable, and many people reused their passwords, making them vulnerable. So
computer scientists developed dynamic passwords. Dynamic passwords change based on
variables like location, time, or a physical password update. Eventually, two dynamic
password protocols were introduced:
 TOTP—Time-based One-Time Password(OTP), where the password is generated based on the
time requested.
 HOTP—HMAC (Hash-based Message Authentication Code) OTP is an event-based OTP,
where the password is generated by a hash code that uses an incremental counter.
 Dynamic passwords are often used in combination with regular passwords as one form of two-
factor authentication.
 1990s: Public key infrastructure
Once asymmetric cryptography was made public, computer scientists built on that work and
standardized it through the development of public key infrastructure (PKI). PKI defined how
to create, store, and send digital certificates—adding more robust protection for online users
and communication.
Contd…
 2000s: Multi-factor authentication and single sign-on
By the early 2000s, programmers built stronger authentication technologies with
layered protections.
 Multi-factor authentication required users to provide two forms of verification before
gaining access. And single sign-on (SSO) streamlined the verification process so that
users only have to provide credentials at one access point—verified by a trusted third
party.
 2010s: Biometrics
Before the 2010s, biometric authentication was reserved for high-security government
access and spy movies. But with the advancement of recent technology, biometrics is
now a common form of authentication—including fingerprint TouchID and FaceID on
smart devices.
Authentication Factors
 An authentication factor is a category of credentials used to authenticate or verify a user’s
identity. Authentication factors can include passwords, security tokens (like keys or smart
cards), and biometric verification such as fingerprint scans.
 Here are three main authentication factors:
 Something you know (aka knowledge factors): This is the most common authentication
factor. It verifies identity by confirming users through confidential information they have,
such as a login and password.
 Something you have (aka possession factors): Users verify their identity with a unique
object such as an access card or key fob.
 Something you are (aka inherence factors): An inherence factor verifies identity through
inherent biometric characteristics of the user—like a fingerprint, voice, or iris pattern
 Message authentication is a procedure to verify that received messages come from
the alleged source and have not been altered. Message authentication may also verify
sequencing and timeliness.
 Any message authentication or digital signature mechanism can be viewed as having
fundamentally two levels.
Message Authentication Functions:
 Lower level: At this level, there is a need for a function that produces an authenticator,
which is the value that will further help in the authentication of a message.
 Higher-level: The lower level function is used here in order to help receivers verify the
authenticity of messages.
 Types of functions that may be used to produce an
authenticator

These functions may be grouped into three classes, as follows:

 1. Message Encryption: The ciphertext of the entire message serves as its
authenticator.
 2. Message Authentication Code1 (MAC): A public function of the message and a
secret key that produces a fixed length value that serves as the authenticator.
 3. Hash Functions: A public function that maps a message of any length into a
 fixed length hash value, which serves as the authenticator.
 MESSAGE ENCRYPTION

 Message encryption by itself can provide a measure of authentication.

 The analysis differs for conventional and public-key encryption schemes.
 The message must have come from the sender itself, because the ciphertext can be
decrypted using his (secret or public) key.
 Also, none of the bits in the message have been altered because an opponent does not
know how to manipulate the bits of the ciphertext to induce meaningful changes to the
plaintext. Often one needs alternative authentication schemes than just encrypting the
message.
 Sometimes one needs to avoid encryption of full messages due to legal requirements.
 Encryption and authentication may be separated in the system architecture.
 Message Authentication Code (MAC)
 An alternative authentication technique involves the use of a secret key to generate a small fixed-size
block of data, known as cryptographic checksum or MAC, which is appended to the message.
 The concept of Message Authentication Code (MAC) is quite similar to that of a message digest.
 Message Authentication Code, is a short piece of information that is used to authenticate a message
and ensure its integrity and authenticity. It is generated from the message itself and a secret key,
making it useful for verifying that a message has not been altered or forged during transmission.
 However, there is one difference. As we have seen, a message digest is simply a fingerprint of a
message. There is no cryptographic process involved in the case of message digests. In contrast, a
MAC requires that the sender and the receiver should know a shared symmetric (secret) key, which is
used in the preparation of the MAC.
MAC Process
 MAC processing

1. A and B share a symmetric (secret) key K, which is not known to anyone else. A
calculates the MAC by applying key K to the message M.
2. A then sends the original message M and the MAC H1 to B.
3. When B receives the message, B also uses K to calculate its own MAC H2 over M.
4. B now compares H1 with H2. If the two match, B concludes that the message M has not
been changed during transit. However, if H1 is not equals to H2, B rejects the message,
realizing that the message was changed during transit.
 MAC Significance

1. The receiver is assured that the message has not been altered: Any alternations been done the
MAC’s do not match.
2. The receiver is assured that the message is from the alleged sender: No one except the sender has
the secret key and could prepare a message with a proper MAC.
3. If the message includes a sequence number, then receiver is assured of proper sequence as an
attacker cannot successfully alter the sequence number.
*Interestingly, although the calculation of the MAC seems to be quite similar to an encryption
process, it is actually different in one important respect. As we know, in symmetric-key
cryptography, the cryptographic process must be reversible. That is, the encryption and
decryption are the mirror images of each other. However, note that in the case of MAC, both the
sender and the receiver are performing encryption process only. Thus, a MAC algorithm need not
be reversible—it is sufficient to be a oneway function (encryption) only.
 HMAC
 HMAC stands for Hash-based Message Authentication Code.
 HMAC is specified as Internet standard RFC2104.
 It makes use of the hash function on the given message. Any of MD5, SHA-1, RIPEMD-160 can be
used.
 HMAC has been chosen as a mandatory security implementation for the Internet Protocol (IP)
security, and is also used in the Secure Socket Layer (SSL) protocol, widely used on the Internet.
HMAC Design Objectives :
 To use, without modifications, available hash functions.
 To allow for easy replaceability of the embedded hash function
 To preserve the original performance of the hash function
 To use and handle keys in a simple way
 To have a well understood cryptographic analysis of the strength of the MAC based on reasonable
assumptions on the embedded hash function
HMAC
 The Working of HMAC

MD = The message digest/hash function used (e.g. MD5, SHA-1,

etc.)
M = The input message whose MAC is to be calculated
L = The number of blocks in the message M
b = The number of bits in each block
K = The shared symmetric key to be used in HMAC
ipad = A string 00110110 repeated b/8 times
opad = A string 01011010 repeated b/8 times
 Step 1: Make the length of K equal to b

The algorithm starts with three possibilities, depending on the length of the key K:
 Length of K < b In this case, we need to expand the key (K) to make the length of K equal to the
 number of bits in the original message block (i.e. b).
 For this, we add as many 0 bits as required to the left of K.
 For example, if the initial length of K = 170 bits, and b = 512 then we add 342 bits, all with a value 0,
to the left of K. We shall continue to call this modified key as K.
Contd…

 Length of K = b :In this case, we do not take any action, and proceed to step 2.
 ● Length of K > b: In this case, we need to trim K to make the length of K equal to the
number of bits in the original message block (i.e. b).
 For this, we pass K through the message-digest algorithm.
 (H) selected for this particular instance of HMAC, which will give us a key K, trimmed
so that its length is equal to b.
Step 2: XOR K with ipad to produce S1

 We XOR K (the output of step 1) and ipad to produce a variable called

S1.
Step 3: Append M to S1

 Append M to S1: We now take the original message (M) and simply append it to the
end of S1 (which was calculated in step 2) .

Step 4: Message-digest algorithm
Now, the selected message-digest algorithm (e.g. MD5,
SHA-1, etc.) is applied to the output of step 3 (i.e. to the combination of S1 and
M). Let us call the
output of this operation as H.
Step 5: XOR K with opad to produce S2

Now, we XOR K (the output of step 1) with opad to produce a variable called as S2
 Step 6: Append H to S2

 In this step, we take the message digest calculated in step 4 (i.e. H) and simply append it to the
end of S2 (which was calculated in step 5).
Step 7: Message-digest algorithm
 Disadvantages of HMAC

 Problem of Key exchange

 HMAC cannot be used if the number of receivers is greater than one. This is
because, to produce a MAC by using HMAC, we need to make use of a
symmetric key. The symmetric key is supposed to be shared only by two
parties: one sender and one receiver. Of course, this problem can be solved if
multiple parties (one sender and all the receivers) share the same symmetric
key. However, this resolution leads to a third problem.
 Disadvantages of HMAC

 The new problem is that how does a receiver know that the message was prepared and sent by the
sender, and not by one of the other receivers? After all, all the co-receivers also know the symmetric
key. Therefore, it is quite possible that one of the co-receivers might have created a false message on
behalf of the alleged sender, and using HMAC, the co-receiver might have prepared a MAC for the
message, and sent the message and the MAC as if it originated at the alleged sender! There is no way to
prevent or detect this.
 Only two parties—the sender (say A, a bank customer) and the receiver (say B, a bank) share the
symmetric-key secret. Suppose that one fine day, B transfers all the balance standing in the account of A
to a third person’s account, and closes A’s bank account. A is shocked, and files a suit against B. In the
court of law, B argues that A had sent an electronic message in order to perform this transaction, and
produces that message as evidence. A claims that she never sent that message, and that it is a forged
message. Fortunately,
 Hash Functions
 A variation on the message authentication code is the one-way hash function.
 As with the message authentication code, the hash function accepts a variable-size message M as input
and produces a fixed-size hash code H(M), sometimes called a message digest, as output.
 The hash code is a function of all bits of the message and provides an error- detection capability: A
change to any bit or bits in the message results in a change to the hash code.
 Requirements for a hash function:
 The purpose of a hash function is to produce a “fingerprint” of a file, message, or other block of data.
 Examples of simple hash functions are:
 Bit-by-bit XOR of plaintext blocks: h= D1⊕D2⊕…⊕DN
 Rotated XOR –before each addition the hash value is rotated to the left with 1 bit
 Cipher block chaining technique without a secret key