Professional Documents
Culture Documents
and Network
Security
Sixth Edition
by William Stallings
Chapter 12
Message Authentication Codes
“At cats' green on the Sunday he took the message
from the inside of the pillar and added Peter Moran's
name to the two names already printed there in the
"Brontosaur" code. The message now read: “Leviathan
to Dragon: Martin Hillman, Trevor Allan, Peter Moran:
observe and tail.” What was the good of it John hardly
knew. He felt better, he felt that at last he had made an
attack on Peter Moran instead of waiting passively and
effecting no retaliation. Besides, what was the use of
being in possession of the key to the codes if he never
took advantage of it?”
—Talking to Strange Men,
Ruth Rendell
Message Authentication
Requirements
• Disclosure
• Sequence modification
• Release of message contents to any
person or process not possessing • Any modification to a
the appropriate cryptographic key sequence of messages
• Traffic analysis between parties, including
insertion, deletion, and
• Discovery of the pattern of traffic reordering
between parties
• Timing modification
• Masquerade
• Delay or replay of messages
• Insertion of messages into the
network from a fraudulent source • Source repudiation
• Content modification • Denial of transmission of
• Changes to the contents of a message by source
message, including insertion, • Destination repudiation
deletion, transposition, and
modification • Denial of receipt of message
by destination
Message Authentication
Functions
• Hash function
• Two levels of • A function that maps a message
of any length into a fixed-length
Lower level hash value which serves as the
functionality:
• There must be some sort of function authenticator
that produces an authenticator
• Message encryption
• The ciphertext of the entire
message serves as its
authenticator
The final
The first requirement requirement
deals with message The second
dictates that the
replacement attacks, in requirement deals
which an opponent is authentication
Taking into account the with the need to
types of attacks, the able to construct a new algorithm should
thwart a brute-
MAC needs to satisfy the message to match a not be weaker with
following: given MAC, even force attack based
respect to certain
though the opponent on chosen
does not know and parts or bits of the
plaintext
does not learn the key message than
others
Brute-Force Attack
• Requires known message-tag pairs
• A brute-force method of finding a collision is to
pick a random bit string y and check if H(y) = H(x)
This is a unique
value that is
An example is a
different for every
protocol header instance during the
that must be
This is the plaintext lifetime of a
transmitted in the
message P of the protocol association
clear for proper
data block and is intended to
protocol operation
prevent replay
but which needs to
attacks and certain
be authenticated
other types of
attacks