1

Sessions 26
 2

Message Authentication
 message authentication is concerned with:
 protecting the integrity of a message
 validating identity of originator
 non-repudiation of origin (dispute resolution)
 three alternative functions used:
 hash function
 encryption
 message authentication code (MAC)
 3
Message Security Requirements
Disclosure: Release of message contents to any person or process not possessing the appropriate
cryptographic key.
Traffic analysis: Discovery of the pattern of traffic between parties.
Masquerade: Insertion of messages into the network from a fraudulent source
content modification: Changes to the contents of a message, including insertion,deletion,
transposition, and modification.
Sequence modification:Any
modification: modification to a sequence of messages between parties, including
insertion, deletion, and reordering.
 Timing modification: Delay or replay of messages
 Source repudiation: Denial of transmission of message by source
 Destination repudiation: Denial of receipt of message by destination
 4
Message Security Requirements
Measures to deal with the first two attacks are in the realm of message confidentiality
and are dealt with in Part One.

Measures to deal with items (3) through (6) in the foregoing list are generally regarded
as message authentication.

Mechanisms for dealing specifically with item (7) come under the heading of digital
signatures. Generally, a digital signature technique will also counter some or all of
the attacks listed under items (3) through (6). Dealing with item

(8) may require a combination of the use of digital signatures and a protocol designed to
counter this attack.
 5
Message Security Requirements
Any message authentication or digital signature mechanism has two levels of
functionality.

At the lower level, there must be some sort of function that produces an authenticator:
a value to be used to authenticate a message.

This lower-level function is then used as a primitive in a higher-level authentication

protocol that enables a receiver to verify the authenticity of a message.
 6
Message Security Requirements
Types of functions that may be used to produce an authenticator.
These may be grouped into three classes.

• Hash function: A function that maps a message of any length into a fixed length
hash value, which serves as the authenticator

• Message encryption: The ciphertext of the entire message serves as its

authenticator

• Message authentication code (MAC): A function of the message and a secret

key that produces a fixed-length value that serves as the authenticator
 7

Message Encryption
 8

Encryption
 9

Internal and External Error Control

 10
Message Authentication Code (MAC)
 generated by an algorithm that creates a small
fixed-sized block
 depending on both message and secret key

 like encryption though need not be reversible

 appended to message as a “signature”

 receiver performs same computation on
message and checks it matches the MAC
 provides assurance that message is unaltered
and comes from sender
 11
Message Authentication Code
 a small fixed-sized block of data
 generated from message + secret key
 MAC = C(K,M)
 appended to message when sent
 12

Message Authentication Codes

 as shown the MAC provides authentication

 can also use encryption for secrecy
 generally use separate keys for each
 can compute MAC either before or after
encryption
 is generally regarded as better done before
Basic Uses of Message Authentication Code (MAC) 13
 14

MAC Properties
 A MAC is a cryptographic checksum MAC = C(k,M)
 Condenses a variable-length message M

 Using a secret key K to a fixed-sized authenticator

 Is a many-to-one function
 potentially many messages have same MAC
 15

Requirements for MACs

 taking into account the types of attacks
 need the MAC to satisfy the following:
1. knowing a message and MAC, is infeasible to find
another message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the
message
 16
Security of MACs
 like block ciphers have:
 brute-force attacks at least 128-bit MAC is
needed for security
 cryptanalytic attacks exploit structure
varieties of MACs are available harder to
generalize about cryptanalysis
 17

HMAC
•MACs based on hash functions are called HMAC

HMAC Design Objectives

 To use available hash functions without modifications
 To allow for easy replacement of embedded hash function
in case faster hash functions are found
 To preserve original performance of hash function without
significant degradation
 To use and handle keys in a simple way.
 18

HMAC Algorithm
H = embedded hash function (e.g., MD5, SHA-1)
IV = initial input value
M = message input , L blocks in M
Yi = i th block of M, 0 ≤ I ≤ (L – 1)
b = number of bits in a block
n = length of hash code to be produced
K = secret key; recommended length is ≥ n
 19
K+ = K padded with zeros on the left
so that the result is b bits in length
ipad = 00110110 (36 in hex) repeated b/8 times
opad = 01011100 (5C in hex) repeated b/8 times

Then HMAC can be expressed as

HMAC(K, M) = H[(K+ Ⓧ opad) || H[(K+ Ⓧ ipad) || M]]
 20

HMAC
Structure
 21
Efficient Implementation of
HMAC

f(IV, (K + Ⓧ ipad))
f(IV, (K + Ⓧ opad))