Professional Documents
Culture Documents
Sessions 26
2
Message Authentication
message authentication is concerned with:
protecting the integrity of a message
validating identity of originator
non-repudiation of origin (dispute resolution)
three alternative functions used:
hash function
encryption
message authentication code (MAC)
3
Message Security Requirements
Disclosure: Release of message contents to any person or process not possessing the appropriate
cryptographic key.
Traffic analysis: Discovery of the pattern of traffic between parties.
Masquerade: Insertion of messages into the network from a fraudulent source
content modification: Changes to the contents of a message, including insertion,deletion,
transposition, and modification.
Sequence modification:Any
modification: modification to a sequence of messages between parties, including
insertion, deletion, and reordering.
Timing modification: Delay or replay of messages
Source repudiation: Denial of transmission of message by source
Destination repudiation: Denial of receipt of message by destination
4
Message Security Requirements
Measures to deal with the first two attacks are in the realm of message confidentiality
and are dealt with in Part One.
Measures to deal with items (3) through (6) in the foregoing list are generally regarded
as message authentication.
Mechanisms for dealing specifically with item (7) come under the heading of digital
signatures. Generally, a digital signature technique will also counter some or all of
the attacks listed under items (3) through (6). Dealing with item
(8) may require a combination of the use of digital signatures and a protocol designed to
counter this attack.
5
Message Security Requirements
Any message authentication or digital signature mechanism has two levels of
functionality.
At the lower level, there must be some sort of function that produces an authenticator:
a value to be used to authenticate a message.
• Hash function: A function that maps a message of any length into a fixed length
hash value, which serves as the authenticator
Message Encryption
8
Encryption
9
MAC Properties
A MAC is a cryptographic checksum MAC = C(k,M)
Condenses a variable-length message M
Is a many-to-one function
potentially many messages have same MAC
15
HMAC
•MACs based on hash functions are called HMAC
HMAC Algorithm
H = embedded hash function (e.g., MD5, SHA-1)
IV = initial input value
M = message input , L blocks in M
Yi = i th block of M, 0 ≤ I ≤ (L – 1)
b = number of bits in a block
n = length of hash code to be produced
K = secret key; recommended length is ≥ n
19
K+ = K padded with zeros on the left
so that the result is b bits in length
ipad = 00110110 (36 in hex) repeated b/8 times
opad = 01011100 (5C in hex) repeated b/8 times
HMAC
Structure
21
Efficient Implementation of
HMAC
f(IV, (K + Ⓧ ipad))
f(IV, (K + Ⓧ opad))