SlideShare a Scribd company logo

MAC-Message Authentication Codes

Download as PPTX, PDF
D
DarshanPatil82

Brief Presentation about message authentication codes and HMAC with requirements, functions and security issues in cryptography

Engineering
1 of 38
Message Authentication Codes Members: ➔ Mohit Bhat ➔ Piyush Pandita ➔ Darshan Patil ➔ Ragini Patil ➔ Priyansh Acharya
ROAD MAP 1. Message Authentication Requirements 2. Message Authentication Functions a. Message Encryption b. Message Authentication Code 3. Requirements for Message Authentication Codes 4. Security of MACs a. Brute-Force Attacks b. Cryptanalysis
Message Authentication Requirements In the context of communications across a network, the following attacks can be identified. Description Measures Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key. Measures to deal with the first two attacks are in the realm of message confi- dentiality and are dealt with in Part One. Traffic analysis Discovery of the pattern of traffic between parties. In a connection- oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
Message Authentication Requirements Description Measures Masquerad e Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or non-receipt by someone other than the message recipient. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Content modificatio n Changes to the contents of a message, including insertion, deletion, transposition, and modification.
Message Authentication Requirements Description Measures Sequence modificatio n Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Timing modificatio n Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
Message Authentication Requirements Description Measures Source repudiation Denial of transmission of message by source. Mechanisms for dealing specifically with this comes under the heading of digital signatures. Destination repudiation Denial of receipt of message by destination. Dealing with this item may require a combination of the use of digital signatures and a protocol designed to counter this attack.
Message Authentication Requirements Message authentication is a procedure to verify that received messages come from the alleged source and have not been altered. Message authentication may also verify sequencing and timeliness. A digital signature is an authentication technique that also includes measures to counter repudiation by the source.
MESSAGE AUTHENTICATION FUNCTIONS: ▪ Any message authentication or digital signature mechanism has two levels of functionality. ▫ At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. ▫ This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
MESSAGE AUTHENTICATION FUNCTIONS: The types of functions that may be used to produce an authenticator may be grouped into three classes. ▪ Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator ▪ Message encryption: The ciphertext of the entire message serves as its authenticator ▪ Message authentication code (MAC): A function of the message and a secretkey that produces a fixed- length value that serves as the authenticator
Message Encryption SYMMETRIC ENCRYPTION PUBLIC-KEY ENCRYPTION
MESSAGE ENCRYPTION USES:
MESSAGE ENCRYPTION USES:
MESSAGE ENCRYPTION ERROR CONTROL:
MESSAGE ENCRYPTION ERROR CONTROL:
Public key Encryption ● Public key encryption provides confidentiality but not authentication ● The source (A) uses the public key of the destination (B) to encrypt M. ● Because only B has the corresponding private key , only B can decrypt the message.
Message authentication code(MAC) ● A message authentication code (MAC), also known as a cryptographic checksum, is an authentication technique involves the use of a secret key to generate a small fixed-size block of data. ● When A has a message to send to B, it calculates the MAC as a function of the message and the key: Where: M= input message C = MAC function K= shared secret key MAC= C(M,K)
● The tag is appended to the message at the source. ● The message and the MAC are transmitted to the recipient. ● The receiver recomputes the MAC from the secret key and the message data received. ● The receiver MAC is compared to the calculated MAC for message authentication ● MAC function is similar to encryption and is Many to one in nature.
★ If we assume that only the receiver and the sender know the identity of the secret key, and if the received MAC matches the calculated MAC, then: ○ The receiver is assured that the message has not been altered. If an attacker alters the message but does not alter the MAC, then the receiver’s calculation of the MAC will differ from the received MAC. Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations in the message. ○ The receiver is assured that the message is from the alleged sender. Because no one else knows the secret key, no one else could prepare a message with a proper MAC. ○ If the message includes a sequence number (such as is used with HDLC, X.25, and TCP), then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number
Message Authentication Code(MAC)
Message Authentication Code(MAC)
Message Authentication Code(MAC)
Mac Requirements MAC Function ● If an opponent observes M and MAC(K, M) , it should be computationally infeasible for the opponent to construct a message M' such that MAC(K, M') = MAC(K, M) ● MAC(K, M) should be uniformly distributed in the sense that for randomly chosen messages M' and M, the probability that MAC(K, M) = MAC(K, M') is 2-n ,where n is the number of bits in the tag.
MAC REQUIREMENTS ● On average, α rounds will be needed if . For example, if an 80-bit key is used and the tab is 32 bits, then the first round will produce about possible keys. The second round will narrow the possible keys to about possibilities. ● The third round should produce only a single key, which must be the one used by the sender.
Points to Note for MAC: ● An opponent is able to construct a new message to match a given tag, even though the opponent does not know and does not learn the key. ● The need to thwart a brute-force attack based on chosen plaintext. ● The authentication algorithm should not be weaker with respect to certain parts or bits of the message than others.
SECURITY OF MAC: ▪ Brute-Force Attacks ▪ Cryptanalysis
Brute-Force Attacks ▪ A brute-force attack on a MAC is a more difficult undertaking than a brute-force attack on a hash function because it requires known message-tag pairs ▪ To attack a hash code, we can proceed in the following way. Given a fixed message x with n-bit hash code h = H(x), a brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x) ▪ The attacker can do this repeatedly off line ▪ Whether an off-line attack can be used on a MAC algorithm depends on the relative size of the key and the tag
To proceed, we need to state the desired security property of a MAC algorithm, which can be expressed as follows. • Computation resistance: Given one or more text-MAC pairs ,[ xi, MAC(K,xi)] it is computationally infeasible to compute any text-MAC pair [x, MAC(K, x)] for any new input x ≠ xi There are two lines of attack possible: 1. Attack the key space 2. Attack the MAC value
Attack the key space: ▪ If an attacker can determine the MAC key, then it is possible to generate a valid MAC value for any input x ▪ Suppose the key size is k bits and that the attacker has one known text–tag pair ▪ Then the attacker can compute the n-bit tag on the known text for all possible keys ▪ At least one key is guaranteed to produce the correct tag, namely, the valid key that was initially used to produce the known text–tag pair ▪ This phase of the attack takes a level of effort proportional to 2k (that is, one operation for each of the 2k possible key values) ▪ However, as was described earlier, because the MAC is a many-to-one mapping, there may be other keys that produce the correct value ▪ Thus, if more than one key is found to produce the correct value, additional text–tag pairs must be tested
Attack the MAC value: ▪ An attacker can also work on the tag without attempting to recover the key ▪ Here, the objective is to generate a valid tag for a given message or to find a message that matches a given tag ▪ In either case, the level of effort is comparable to that for attacking the one-way or weak collision-resistant property of a hash code, or 2k ▪ In the case of the MAC, the attack cannot be conducted off-line without further input ▪ The attacker will require chosen text–tag pairs or knowledge of the key
SUMMARY OF BRUTE FORCE ATTACK ▪ To summarize, the level of effort for brute-force attack on a MAC algorithm can be expressed as min (2k, 2n) ▪ The assessment of strength is similar to that for symmetric encryption algorithms ▪ It would appear reasonable to require that the key length and tag length satisfy a relationship such as min(k,n) > N , where N is perhaps in the range of 128 bits
CRYPTANALYSIS ▪ As with encryption algorithms and hash functions, cryptanalytic attacks on MAC algorithms seek to exploit some property of the algorithm to perform some attack other than an exhaustive search. ▪ The way to measure the resistance of a MAC algorithm to cryptanalysis is to compare its strength to the effort required for a brute-force attack. ▪ That is, an ideal MAC algorithm will require a cryptanalytic effort greater than or equal to the brute-force effort. ▪ There is much more variety in the structure of MACs than in hash functions, so it is difficult to generalize about the cryptanalysis of MACs. ▪ Furthermore, far less work has been done on developing such attacks.
HMAC Keyed-Hashing for Message Authentication, a variation on the MAC algorithm, has emerged as an Internet standard for a variety of applications. It makes use of existing Message digest algorithms such as SHA-512 ,MD5 etc
Objectives Of HMAC ▪ To use Hash Functions that are available, without modification ▪ To allow replaceability of embedded Hash functions ▪ To use and handle keys in simple ways ▪ Preserving Original Performance of hash functions ▪ To have a well understood analysis of authentication mechanism strength.
Elements of the HMAC Algorithm ▪ H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160) ▪ IV = initial value input to hash function ▪ M = message input to HMAC ▪ Yi = ith block of M, 0 i (L - 1) ▪ L = number of blocks in M ▪ b = number of bits in a block ▪ n = length of hash code produced by embedded hash function ▪ K= secret key recommended length is n; (k>=b) ▪ K+ = K padded with zeros on the left so that the result is b bits in length ▪ ipad = 00110110 (36 in hexadecimal) repeated b/8 times ▪ opad = 01011100 (5C in hexadecimal) repeated b/8 times
HMAC Procedure
Steps Involved In the HMAC algorithm 1) Make the Size of K greater than OR equal to ‘b’ to obtain K+ 2) XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si. 3) Append M to Si. 4) Apply H to the stream generated in step 3.. 5) XOR K+ with opad to produce the b-bit block So 6) Append the hash result from step 4 to So 7) Apply H to the stream generated in step 6 and output the result.
HMAC: Conclusion The HMAC algorithm is a Hashed - Message Authentication Code generator, wherein the end product in turn is a MAC (message authentication Code). It uses available message Digest algorithms like SHA-512 Motivation HMAC makes use of Library Hash codes which are easily available. Cryptographic hash functions such as MD5 and SHA-1 generally execute faster in software than symmetric block ciphers such as DES. The aforementioned point contains factors which were the main motives for the interest in
Thank You!

Recommended

Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
chauhankapil
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
Devakumar Kp
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
Ruchi Maurya
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 

Recommended

Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
chauhankapil
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
Devakumar Kp
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
Ruchi Maurya
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
DUET
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
Gopal Sakarkar
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
Chirag Patel
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
Mazin Alwaaly
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
Tirthika Bandi
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
Computer_ at_home
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
Adarsh Patel
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptx
JohnLagman3
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
sandyBS
 

More Related Content

What's hot

MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
DUET
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
Gopal Sakarkar
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
Chirag Patel
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
Mazin Alwaaly
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
Tirthika Bandi
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
Computer_ at_home
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
Adarsh Patel
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 

What's hot (20)

MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Key management
Key managementKey management
Key management
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
DES
DESDES
DES
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
 
Email security
Email securityEmail security
Email security
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
IP Security
IP SecurityIP Security
IP Security
 
S/MIME
S/MIMES/MIME
S/MIME
 

Similar to MAC-Message Authentication Codes

Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptx
JohnLagman3
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
sandyBS
 
Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptx
JohnLagman3
 
Information and network security 41 message authentication code
Information and network security 41 message authentication codeInformation and network security 41 message authentication code
Information and network security 41 message authentication code
Vaibhav Khanna
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 
Information and network security 42 security of message authentication code
Information and network security 42 security of message authentication codeInformation and network security 42 security of message authentication code
Information and network security 42 security of message authentication code
Vaibhav Khanna
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MAC
Sou Jana
 
Message Authentication and Hash Function.pdf
Message Authentication and Hash Function.pdfMessage Authentication and Hash Function.pdf
Message Authentication and Hash Function.pdf
sunil sharma
 
MACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block CiphersMACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block Ciphers
Maitree Patel
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
ArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
ArthyR3
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2limsh
 
Unit 3
Unit 3Unit 3
Unit 3
tamil arasan
 
Is unit 5_message authentication and hash functions
Is unit 5_message authentication and hash functionsIs unit 5_message authentication and hash functions
Is unit 5_message authentication and hash functionsSarthak Patel
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
Shakas Technologies
 
Message auth. code Based on Hash Functions.pptx
Message auth. code Based on Hash Functions.pptxMessage auth. code Based on Hash Functions.pptx
Message auth. code Based on Hash Functions.pptx
aribariaz507
 
Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4
mallikarjun batchanaboina
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
final ppt TS.pptx
final ppt TS.pptxfinal ppt TS.pptx
final ppt TS.pptx
paluribalu2001
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
IGEEKS TECHNOLOGIES
 

Similar to MAC-Message Authentication Codes (20)

Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptx
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
 
Meessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptxMeessage authentication and hash functions.pptx
Meessage authentication and hash functions.pptx
 
Information and network security 41 message authentication code
Information and network security 41 message authentication codeInformation and network security 41 message authentication code
Information and network security 41 message authentication code
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
Information and network security 42 security of message authentication code
Information and network security 42 security of message authentication codeInformation and network security 42 security of message authentication code
Information and network security 42 security of message authentication code
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MAC
 
Message Authentication and Hash Function.pdf
Message Authentication and Hash Function.pdfMessage Authentication and Hash Function.pdf
Message Authentication and Hash Function.pdf
 
MACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block CiphersMACs based on Hash Functions, MACs based on Block Ciphers
MACs based on Hash Functions, MACs based on Block Ciphers
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2
 
Unit 3
Unit 3Unit 3
Unit 3
 
Is unit 5_message authentication and hash functions
Is unit 5_message authentication and hash functionsIs unit 5_message authentication and hash functions
Is unit 5_message authentication and hash functions
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
 
Message auth. code Based on Hash Functions.pptx
Message auth. code Based on Hash Functions.pptxMessage auth. code Based on Hash Functions.pptx
Message auth. code Based on Hash Functions.pptx
 
Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, Hashes
 
final ppt TS.pptx
final ppt TS.pptxfinal ppt TS.pptx
final ppt TS.pptx
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
 

Recently uploaded

Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
MuhammadTufail242431
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
ShahidSultan24
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 

Recently uploaded (20)

Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 

MAC-Message Authentication Codes

  • 1. Message Authentication Codes Members: ➔ Mohit Bhat ➔ Piyush Pandita ➔ Darshan Patil ➔ Ragini Patil ➔ Priyansh Acharya
  • 2. ROAD MAP 1. Message Authentication Requirements 2. Message Authentication Functions a. Message Encryption b. Message Authentication Code 3. Requirements for Message Authentication Codes 4. Security of MACs a. Brute-Force Attacks b. Cryptanalysis
  • 3. Message Authentication Requirements In the context of communications across a network, the following attacks can be identified. Description Measures Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key. Measures to deal with the first two attacks are in the realm of message confi- dentiality and are dealt with in Part One. Traffic analysis Discovery of the pattern of traffic between parties. In a connection- oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
  • 4. Message Authentication Requirements Description Measures Masquerad e Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or non-receipt by someone other than the message recipient. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Content modificatio n Changes to the contents of a message, including insertion, deletion, transposition, and modification.
  • 5. Message Authentication Requirements Description Measures Sequence modificatio n Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Timing modificatio n Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
  • 6. Message Authentication Requirements Description Measures Source repudiation Denial of transmission of message by source. Mechanisms for dealing specifically with this comes under the heading of digital signatures. Destination repudiation Denial of receipt of message by destination. Dealing with this item may require a combination of the use of digital signatures and a protocol designed to counter this attack.
  • 7. Message Authentication Requirements Message authentication is a procedure to verify that received messages come from the alleged source and have not been altered. Message authentication may also verify sequencing and timeliness. A digital signature is an authentication technique that also includes measures to counter repudiation by the source.
  • 8. MESSAGE AUTHENTICATION FUNCTIONS: ▪ Any message authentication or digital signature mechanism has two levels of functionality. ▫ At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. ▫ This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
  • 9. MESSAGE AUTHENTICATION FUNCTIONS: The types of functions that may be used to produce an authenticator may be grouped into three classes. ▪ Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator ▪ Message encryption: The ciphertext of the entire message serves as its authenticator ▪ Message authentication code (MAC): A function of the message and a secretkey that produces a fixed- length value that serves as the authenticator
  • 15. Public key Encryption ● Public key encryption provides confidentiality but not authentication ● The source (A) uses the public key of the destination (B) to encrypt M. ● Because only B has the corresponding private key , only B can decrypt the message.
  • 16. Message authentication code(MAC) ● A message authentication code (MAC), also known as a cryptographic checksum, is an authentication technique involves the use of a secret key to generate a small fixed-size block of data. ● When A has a message to send to B, it calculates the MAC as a function of the message and the key: Where: M= input message C = MAC function K= shared secret key MAC= C(M,K)
  • 17. ● The tag is appended to the message at the source. ● The message and the MAC are transmitted to the recipient. ● The receiver recomputes the MAC from the secret key and the message data received. ● The receiver MAC is compared to the calculated MAC for message authentication ● MAC function is similar to encryption and is Many to one in nature.
  • 18. ★ If we assume that only the receiver and the sender know the identity of the secret key, and if the received MAC matches the calculated MAC, then: ○ The receiver is assured that the message has not been altered. If an attacker alters the message but does not alter the MAC, then the receiver’s calculation of the MAC will differ from the received MAC. Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations in the message. ○ The receiver is assured that the message is from the alleged sender. Because no one else knows the secret key, no one else could prepare a message with a proper MAC. ○ If the message includes a sequence number (such as is used with HDLC, X.25, and TCP), then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number
  • 22. Mac Requirements MAC Function ● If an opponent observes M and MAC(K, M) , it should be computationally infeasible for the opponent to construct a message M' such that MAC(K, M') = MAC(K, M) ● MAC(K, M) should be uniformly distributed in the sense that for randomly chosen messages M' and M, the probability that MAC(K, M) = MAC(K, M') is 2-n ,where n is the number of bits in the tag.
  • 23. MAC REQUIREMENTS ● On average, α rounds will be needed if . For example, if an 80-bit key is used and the tab is 32 bits, then the first round will produce about possible keys. The second round will narrow the possible keys to about possibilities. ● The third round should produce only a single key, which must be the one used by the sender.
  • 24. Points to Note for MAC: ● An opponent is able to construct a new message to match a given tag, even though the opponent does not know and does not learn the key. ● The need to thwart a brute-force attack based on chosen plaintext. ● The authentication algorithm should not be weaker with respect to certain parts or bits of the message than others.
  • 25. SECURITY OF MAC: ▪ Brute-Force Attacks ▪ Cryptanalysis
  • 26. Brute-Force Attacks ▪ A brute-force attack on a MAC is a more difficult undertaking than a brute-force attack on a hash function because it requires known message-tag pairs ▪ To attack a hash code, we can proceed in the following way. Given a fixed message x with n-bit hash code h = H(x), a brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x) ▪ The attacker can do this repeatedly off line ▪ Whether an off-line attack can be used on a MAC algorithm depends on the relative size of the key and the tag
  • 27. To proceed, we need to state the desired security property of a MAC algorithm, which can be expressed as follows. • Computation resistance: Given one or more text-MAC pairs ,[ xi, MAC(K,xi)] it is computationally infeasible to compute any text-MAC pair [x, MAC(K, x)] for any new input x ≠ xi There are two lines of attack possible: 1. Attack the key space 2. Attack the MAC value
  • 28. Attack the key space: ▪ If an attacker can determine the MAC key, then it is possible to generate a valid MAC value for any input x ▪ Suppose the key size is k bits and that the attacker has one known text–tag pair ▪ Then the attacker can compute the n-bit tag on the known text for all possible keys ▪ At least one key is guaranteed to produce the correct tag, namely, the valid key that was initially used to produce the known text–tag pair ▪ This phase of the attack takes a level of effort proportional to 2k (that is, one operation for each of the 2k possible key values) ▪ However, as was described earlier, because the MAC is a many-to-one mapping, there may be other keys that produce the correct value ▪ Thus, if more than one key is found to produce the correct value, additional text–tag pairs must be tested
  • 29. Attack the MAC value: ▪ An attacker can also work on the tag without attempting to recover the key ▪ Here, the objective is to generate a valid tag for a given message or to find a message that matches a given tag ▪ In either case, the level of effort is comparable to that for attacking the one-way or weak collision-resistant property of a hash code, or 2k ▪ In the case of the MAC, the attack cannot be conducted off-line without further input ▪ The attacker will require chosen text–tag pairs or knowledge of the key
  • 30. SUMMARY OF BRUTE FORCE ATTACK ▪ To summarize, the level of effort for brute-force attack on a MAC algorithm can be expressed as min (2k, 2n) ▪ The assessment of strength is similar to that for symmetric encryption algorithms ▪ It would appear reasonable to require that the key length and tag length satisfy a relationship such as min(k,n) > N , where N is perhaps in the range of 128 bits
  • 31. CRYPTANALYSIS ▪ As with encryption algorithms and hash functions, cryptanalytic attacks on MAC algorithms seek to exploit some property of the algorithm to perform some attack other than an exhaustive search. ▪ The way to measure the resistance of a MAC algorithm to cryptanalysis is to compare its strength to the effort required for a brute-force attack. ▪ That is, an ideal MAC algorithm will require a cryptanalytic effort greater than or equal to the brute-force effort. ▪ There is much more variety in the structure of MACs than in hash functions, so it is difficult to generalize about the cryptanalysis of MACs. ▪ Furthermore, far less work has been done on developing such attacks.
  • 32. HMAC Keyed-Hashing for Message Authentication, a variation on the MAC algorithm, has emerged as an Internet standard for a variety of applications. It makes use of existing Message digest algorithms such as SHA-512 ,MD5 etc
  • 33. Objectives Of HMAC ▪ To use Hash Functions that are available, without modification ▪ To allow replaceability of embedded Hash functions ▪ To use and handle keys in simple ways ▪ Preserving Original Performance of hash functions ▪ To have a well understood analysis of authentication mechanism strength.
  • 34. Elements of the HMAC Algorithm ▪ H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160) ▪ IV = initial value input to hash function ▪ M = message input to HMAC ▪ Yi = ith block of M, 0 i (L - 1) ▪ L = number of blocks in M ▪ b = number of bits in a block ▪ n = length of hash code produced by embedded hash function ▪ K= secret key recommended length is n; (k>=b) ▪ K+ = K padded with zeros on the left so that the result is b bits in length ▪ ipad = 00110110 (36 in hexadecimal) repeated b/8 times ▪ opad = 01011100 (5C in hexadecimal) repeated b/8 times
  • 36. Steps Involved In the HMAC algorithm 1) Make the Size of K greater than OR equal to ‘b’ to obtain K+ 2) XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si. 3) Append M to Si. 4) Apply H to the stream generated in step 3.. 5) XOR K+ with opad to produce the b-bit block So 6) Append the hash result from step 4 to So 7) Apply H to the stream generated in step 6 and output the result.
  • 37. HMAC: Conclusion The HMAC algorithm is a Hashed - Message Authentication Code generator, wherein the end product in turn is a MAC (message authentication Code). It uses available message Digest algorithms like SHA-512 Motivation HMAC makes use of Library Hash codes which are easily available. Cryptographic hash functions such as MD5 and SHA-1 generally execute faster in software than symmetric block ciphers such as DES. The aforementioned point contains factors which were the main motives for the interest in