CAS, profile picture
Uploaded byCAS
PPT, PDF30,444 views

Message authentication

The document discusses computer security focusing on message authentication, highlighting the requirements for message integrity and sender validation. It covers methods such as symmetric and public-key encryption, hash functions, message authentication codes (MAC), and HMAC, explaining their roles in ensuring message security against various attacks. The content serves as an outline for effective communication protocol management in IT, emphasizing the importance of confidentiality and authentication mechanisms.

Technology
Related topics:
Computer Security

Embed presentation

Downloaded 516 times
COMPUTER SECURITY MESSAGE AUTHENTICATION Mr. RAJASEKAR RAMALINGAM Faculty - Department of IT College of Applied Sciences – Sur, Sultanate of Oman. vrrsekar@yahoo.com
CONTENT 1. MESSAGE SECURITY REQUIREMENTS 2. MESSAGE AUTHENTICATION 3. MESSAGE ENCRYPTION 4. HASH FUNCTIONS 5. MESSAGE AUTHENTICATION CODE (MAC) 6. HMAC 2MESSAGE AUTHENTICATION
1. MESSAGE SECURITY REQUIREMENTS • In communications from a computer to computer, the following attacks could be identified: • Disclosure: Release of message contents • Traffic analysis: Discovery of the pattern of traffic between parties • Masquerade: Insertion of messages into the network from a fraudulent source • Content modification: Modification of the contents of a message • Sequence modification: Modification to a sequence of messages between parties • Timing modification: Delay or replay of messages • Source repudiation: Denial of transmission of message by source • Destination repudiation: Denial of receipt of message by destination 3MESSAGE AUTHENTICATION
2. MESSAGE AUTHENTICATION • Message authentication is concerned with: • Protecting the integrity of a message • Validating identity of originator • Non-repudiation of origin (dispute resolution) • Will consider the security requirements • Three alternative functions used: • Message encryption • Hash functions • Message Authentication Code (MAC) 4MESSAGE AUTHENTICATION
3. MESSAGE ENCRYPTION 3.1 SYMMETRIC MESSAGE ENCRYPTION • Encryption can also provides authentication • If symmetric encryption is used then: • Receiver know sender must have created it • Since only sender and receiver now key used • Know content cannot of been altered • If message has suitable structure, redundancy or a checksum to detect any changes 5MESSAGE AUTHENTICATION
3.2 PUBLIC-KEY MESSAGE ENCRYPTION • If public-key encryption is used: • Encryption provides no confidence of sender • Since anyone potentially knows public-key However if • Sender signs message using their private-key • Then encrypts with recipients public key • Have both secrecy and authentication • Again need to recognize corrupted messages • But at cost of two public-key uses on message 6MESSAGE AUTHENTICATION
4. HASH FUNCTIONS Condenses arbitrary message to fixed size h = H(M) Usually assume hash function is public Hash used to detect changes to message Want a cryptographic hash function Computationally infeasible to find data mapping to specific hash (one-way property) Computationally infeasible to find two data to same hash (collision-free property) 7MESSAGE AUTHENTICATION
4.1 CRYPTOGRAPHIC HASH FUNCTION • Figure depicts the general operation of a cryptographic hash function. • The input is padded out to an integer multiple of some fixed length (e.g., 1024 bits) and the padding includes the value of the length of the original message in bits. • The length field is a security measure to increase the difficulty for an attacker to produce an alternative message with the same hash value. 8MESSAGE AUTHENTICATION
4.2 HASH FUNCTIONS & MESSAGE AUTHENTICATION • Message authentication is a mechanism or service used to verify the integrity of a message, by assuring that the data received are exactly as sent. • Figure A, B, C and D illustrates a variety of ways in which a hash code can be used to provide message authentication, as follows: 9MESSAGE AUTHENTICATION
• The message plus concatenated hash code is encrypted using symmetric encryption. Since only A and B share the secret key, the message must have come from A and has not been altered. • The hash code provides the structure or redundancy required to achieve authentication. A 10MESSAGE AUTHENTICATION
• Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications not requiring confidentiality. B 11MESSAGE AUTHENTICATION
C • Shows the use of a hash function but no encryption for message authentication. • The technique assumes that the two communicating parties share a common secret value S. • A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. • Because B possesses S, it can re-compute the hash value to verify. • Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message. 12MESSAGE AUTHENTICATION
• Confidentiality can be added to the approach of (c) by encrypting the entire message plus the hash code. D 13MESSAGE AUTHENTICATION
5. MESSAGE AUTHENTICATION CODE (MAC) • Generated by an algorithm that creates a small fixed-sized block • Depending on both message and some key • Like encryption though need not be reversible • Appended to message as a signature • Receiver performs same computation on message and checks it matches the MAC • Provides assurance that message is unaltered and comes from sender 14MESSAGE AUTHENTICATION
Message Authentication Code… • A small fixed-sized block of data • Generated from message + secret key • MAC = C(K,M) • Appended to message when sent 15MESSAGE AUTHENTICATION
5.1 MESSAGE AUTHENTICATION CODES • As shown the MAC provides authentication • Why use a MAC? • sometimes only authentication is needed • sometimes need authentication to persist longer than the encryption (eg. archival use) • Can also use encryption for secrecy • generally use separate keys for each • can compute MAC either before or after encryption • is generally regarded as better done before 16MESSAGE AUTHENTICATION
5.2 MAC PROPERTIES • A MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • Is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult 17MESSAGE AUTHENTICATION
6. HMAC 6.1 HMAC DESIGN OBJECTIVES Use, without modifications, hash functions Allow for easy re-placeability of embedded hash function Preserve original performance of hash function without significant degradation Use and handle keys in a simple way. Have well understood cryptographic analysis of authentication mechanism strength 18MESSAGE AUTHENTICATION
HMAC… • Uses hash function on the message: HMACK(M)= Hash[(K+ XOR opad) || Hash[(K+ XOR ipad) || M)] ] • where K+ is the key padded out to size • opad, ipad are specified padding constants • Overhead is just 3 more hash calculations than the message needs alone • Any hash function can be used • eg. MD5, SHA-1, RIPEMD-160, Whirlpool 19MESSAGE AUTHENTICATION
HMAC Overview Figure Illustrates the overall operation of HMAC: HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad) || M)] where: K+ is K padded with zeros on the left so that the result is b bits in length ipad is a pad value of 36 hex repeated to fill block opad is a pad value of 5C hex repeated to fill block M is the message input to HMAC (including the padding specified in the embedded hash function) Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly, the XOR with opad results in flipping one-half of the bits of K, but a different set of bits. In effect, pseudo randomly generated two keys from K.MESSAGE AUTHENTICATION 20
• HMAC should execute in approximately the same time as the embedded hash function for long messages. • HMAC adds three executions of the hash compression function (for Si, So, and the block produced from the inner hash). • A more efficient implementation is possible by precomputing the internal hash function on (K+ XOR opad) and (K+ XOR ipad) and inserting the results into the hash processing at start & end. • With this implementation, only one additional instance of the compression function is added to the processing normally produced by the hash function. • This is especially worthwhile if most of the messages for which a MAC is computed are short. 21MESSAGE AUTHENTICATION
6.2 HMAC SECURITY • Proved security of HMAC relates to that of the underlying hash algorithm • Attacking HMAC requires either: • Brute force attack on key used • Birthday attack (but since keyed would need to observe a very large number of messages) • Choose hash function used based on speed verses security constraints MESSAGE AUTHENTICATION 22

More Related Content

PPTX
Hash Function
bySiddharth Srivastava
 
PPT
Message Authentication
bychauhankapil
 
PPTX
MAC-Message Authentication Codes
byDarshanPatil82
 
PPTX
unit 4.pptx of hash function in cryptography
byNithyasriA2
 
PPTX
Hash Function
byssuserdfb2da
 
PPTX
MD5 ALGORITHM.pptx
byRajapriya82
 
PDF
Sha
byha123
 
PPTX
Cryptographic Algorithms: DES and RSA
byaritraranjan
 
Hash Function
bySiddharth Srivastava
 
Message Authentication
bychauhankapil
 
MAC-Message Authentication Codes
byDarshanPatil82
 
unit 4.pptx of hash function in cryptography
byNithyasriA2
 
Hash Function
byssuserdfb2da
 
MD5 ALGORITHM.pptx
byRajapriya82
 
Sha
byha123
 
Cryptographic Algorithms: DES and RSA
byaritraranjan
 

What's hot

PPTX
Message digest 5
byTirthika Bandi
 
PPT
PGP S/MIME
bySou Jana
 
PPT
Email security
byIndrajit Sreemany
 
PPTX
Public Key Cryptosystem
byDevakumar Kp
 
PPTX
Security services and mechanisms
byRajapriya82
 
DOCX
S/MIME
bymaria azam
 
PPT
CONVENTIONAL ENCRYPTION
bySHUBHA CHATURVEDI
 
PPTX
Pgp pretty good privacy
byPawan Arya
 
PPTX
Public Key Cryptography
byGopal Sakarkar
 
PDF
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
PPTX
Cryptography and network security
bypatisa
 
PPS
Message AUthentication Code
byKeval Bhogayata
 
PPTX
Security Mechanisms
bypriya_trehan
 
PDF
symmetric key encryption algorithms
byRashmi Burugupalli
 
PPT
Network Security and Cryptography
byAdam Reagan
 
PPTX
Security in distributed systems
byHaitham Ahmed
 
PPTX
SHA- Secure hashing algorithm
byRuchi Maurya
 
PPTX
Active and Passive Network Attacks
byPradipta Poudel
 
PPTX
Cryptography - Block cipher & stream cipher
byNiloy Biswas
 
PPTX
Types of attacks
byVivek Gandhi
 
Message digest 5
byTirthika Bandi
 
PGP S/MIME
bySou Jana
 
Email security
byIndrajit Sreemany
 
Public Key Cryptosystem
byDevakumar Kp
 
Security services and mechanisms
byRajapriya82
 
S/MIME
bymaria azam
 
CONVENTIONAL ENCRYPTION
bySHUBHA CHATURVEDI
 
Pgp pretty good privacy
byPawan Arya
 
Public Key Cryptography
byGopal Sakarkar
 
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
Cryptography and network security
bypatisa
 
Message AUthentication Code
byKeval Bhogayata
 
Security Mechanisms
bypriya_trehan
 
symmetric key encryption algorithms
byRashmi Burugupalli
 
Network Security and Cryptography
byAdam Reagan
 
Security in distributed systems
byHaitham Ahmed
 
SHA- Secure hashing algorithm
byRuchi Maurya
 
Active and Passive Network Attacks
byPradipta Poudel
 
Cryptography - Block cipher & stream cipher
byNiloy Biswas
 
Types of attacks
byVivek Gandhi
 

Similar to Message authentication

PPT
Message Authentication Requirement-MAC
bySou Jana
 
PPT
Message authentication and hash function
byomarShiekh1
 
PPTX
5. message authentication and hash function
byChirag Patel
 
PDF
Cs8792 cns - unit iv
byArthyR3
 
PPT
Information and data security cryptography and network security
byMazin Alwaaly
 
PDF
Message Authentication and Hash Function.pdf
bysunil sharma
 
PPTX
Meessage authentication and hash functions.pptx
byJohnLagman3
 
PDF
Cs8792 cns - unit iv
byArthyR3
 
PPT
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
byjeevasreemurali
 
PPT
cryptography and network security by william stallings
byHimaniP19CSE013
 
PDF
Cns
byArthyR3
 
PPTX
Introsuction to Message Authentictaion in mAC
byshailajacse
 
PDF
Computer network system presentation pdf
byprajjavalsingh2629
 
PPT
Chapter 11 Message intergrity and authentication.ppt
bysaaraunnathi
 
PPTX
unit4- predicate logic in artificial intelligence
bythirugnanasambandham4
 
PPTX
Information and network security 41 message authentication code
byVaibhav Khanna
 
PPT
ch11.ppt
bySomuPatil8
 
PPTX
final ppt TS.pptx
bypaluribalu2001
 
PPT
ch11.ppt
byssuser4198c4
 
PDF
BAIT1103 Chapter 2
bylimsh
 
Message Authentication Requirement-MAC
bySou Jana
 
Message authentication and hash function
byomarShiekh1
 
5. message authentication and hash function
byChirag Patel
 
Cs8792 cns - unit iv
byArthyR3
 
Information and data security cryptography and network security
byMazin Alwaaly
 
Message Authentication and Hash Function.pdf
bysunil sharma
 
Meessage authentication and hash functions.pptx
byJohnLagman3
 
Cs8792 cns - unit iv
byArthyR3
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
byjeevasreemurali
 
cryptography and network security by william stallings
byHimaniP19CSE013
 
Cns
byArthyR3
 
Introsuction to Message Authentictaion in mAC
byshailajacse
 
Computer network system presentation pdf
byprajjavalsingh2629
 
Chapter 11 Message intergrity and authentication.ppt
bysaaraunnathi
 
unit4- predicate logic in artificial intelligence
bythirugnanasambandham4
 
Information and network security 41 message authentication code
byVaibhav Khanna
 
ch11.ppt
bySomuPatil8
 
final ppt TS.pptx
bypaluribalu2001
 
ch11.ppt
byssuser4198c4
 
BAIT1103 Chapter 2
bylimsh
 

More from CAS

PPTX
Cryptographic tools
byCAS
 
PPTX
Symmetric encryption and message confidentiality
byCAS
 
PPTX
Intrusion detection
byCAS
 
PPTX
Public key cryptography and message authentication
byCAS
 
PPT
IT Security management and risk assessment
byCAS
 
PPT
Internet security association and key management protocol (isakmp)
byCAS
 
PPT
Database security
byCAS
 
PPTX
Introduction to IoT Security
byCAS
 
PPTX
It security controls, plans, and procedures
byCAS
 
PPTX
Malicious software
byCAS
 
PPTX
Legal and ethical aspects
byCAS
 
PPT
RRB JE Stage 2 Computer and Applications Questions part 3
byCAS
 
PPTX
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
byCAS
 
PPTX
Human resources security
byCAS
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 4
byCAS
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 2
byCAS
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 5
byCAS
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 1
byCAS
 
PPTX
Can you solve this
byCAS
 
PPTX
Introduction to research methodology
byCAS
 
Cryptographic tools
byCAS
 
Symmetric encryption and message confidentiality
byCAS
 
Intrusion detection
byCAS
 
Public key cryptography and message authentication
byCAS
 
IT Security management and risk assessment
byCAS
 
Internet security association and key management protocol (isakmp)
byCAS
 
Database security
byCAS
 
Introduction to IoT Security
byCAS
 
It security controls, plans, and procedures
byCAS
 
Malicious software
byCAS
 
Legal and ethical aspects
byCAS
 
RRB JE Stage 2 Computer and Applications Questions part 3
byCAS
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
byCAS
 
Human resources security
byCAS
 
RRB JE Stage 2 Computer and Applications Questions Part 4
byCAS
 
RRB JE Stage 2 Computer and Applications Questions Part 2
byCAS
 
RRB JE Stage 2 Computer and Applications Questions Part 5
byCAS
 
RRB JE Stage 2 Computer and Applications Questions Part 1
byCAS
 
Can you solve this
byCAS
 
Introduction to research methodology
byCAS
 

Recently uploaded

PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 

Message authentication

  • 1.
    COMPUTER SECURITY MESSAGE AUTHENTICATION Mr.RAJASEKAR RAMALINGAM Faculty - Department of IT College of Applied Sciences – Sur, Sultanate of Oman. vrrsekar@yahoo.com
  • 2.
    CONTENT 1. MESSAGE SECURITYREQUIREMENTS 2. MESSAGE AUTHENTICATION 3. MESSAGE ENCRYPTION 4. HASH FUNCTIONS 5. MESSAGE AUTHENTICATION CODE (MAC) 6. HMAC 2MESSAGE AUTHENTICATION
  • 3.
    1. MESSAGE SECURITYREQUIREMENTS • In communications from a computer to computer, the following attacks could be identified: • Disclosure: Release of message contents • Traffic analysis: Discovery of the pattern of traffic between parties • Masquerade: Insertion of messages into the network from a fraudulent source • Content modification: Modification of the contents of a message • Sequence modification: Modification to a sequence of messages between parties • Timing modification: Delay or replay of messages • Source repudiation: Denial of transmission of message by source • Destination repudiation: Denial of receipt of message by destination 3MESSAGE AUTHENTICATION
  • 4.
    2. MESSAGE AUTHENTICATION •Message authentication is concerned with: • Protecting the integrity of a message • Validating identity of originator • Non-repudiation of origin (dispute resolution) • Will consider the security requirements • Three alternative functions used: • Message encryption • Hash functions • Message Authentication Code (MAC) 4MESSAGE AUTHENTICATION
  • 5.
    3. MESSAGE ENCRYPTION 3.1SYMMETRIC MESSAGE ENCRYPTION • Encryption can also provides authentication • If symmetric encryption is used then: • Receiver know sender must have created it • Since only sender and receiver now key used • Know content cannot of been altered • If message has suitable structure, redundancy or a checksum to detect any changes 5MESSAGE AUTHENTICATION
  • 6.
    3.2 PUBLIC-KEY MESSAGEENCRYPTION • If public-key encryption is used: • Encryption provides no confidence of sender • Since anyone potentially knows public-key However if • Sender signs message using their private-key • Then encrypts with recipients public key • Have both secrecy and authentication • Again need to recognize corrupted messages • But at cost of two public-key uses on message 6MESSAGE AUTHENTICATION
  • 7.
    4. HASH FUNCTIONS Condensesarbitrary message to fixed size h = H(M) Usually assume hash function is public Hash used to detect changes to message Want a cryptographic hash function Computationally infeasible to find data mapping to specific hash (one-way property) Computationally infeasible to find two data to same hash (collision-free property) 7MESSAGE AUTHENTICATION
  • 8.
    4.1 CRYPTOGRAPHIC HASHFUNCTION • Figure depicts the general operation of a cryptographic hash function. • The input is padded out to an integer multiple of some fixed length (e.g., 1024 bits) and the padding includes the value of the length of the original message in bits. • The length field is a security measure to increase the difficulty for an attacker to produce an alternative message with the same hash value. 8MESSAGE AUTHENTICATION
  • 9.
    4.2 HASH FUNCTIONS& MESSAGE AUTHENTICATION • Message authentication is a mechanism or service used to verify the integrity of a message, by assuring that the data received are exactly as sent. • Figure A, B, C and D illustrates a variety of ways in which a hash code can be used to provide message authentication, as follows: 9MESSAGE AUTHENTICATION
  • 10.
    • The messageplus concatenated hash code is encrypted using symmetric encryption. Since only A and B share the secret key, the message must have come from A and has not been altered. • The hash code provides the structure or redundancy required to achieve authentication. A 10MESSAGE AUTHENTICATION
  • 11.
    • Only thehash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications not requiring confidentiality. B 11MESSAGE AUTHENTICATION
  • 12.
    C • Shows theuse of a hash function but no encryption for message authentication. • The technique assumes that the two communicating parties share a common secret value S. • A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. • Because B possesses S, it can re-compute the hash value to verify. • Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message. 12MESSAGE AUTHENTICATION
  • 13.
    • Confidentiality canbe added to the approach of (c) by encrypting the entire message plus the hash code. D 13MESSAGE AUTHENTICATION
  • 14.
    5. MESSAGE AUTHENTICATIONCODE (MAC) • Generated by an algorithm that creates a small fixed-sized block • Depending on both message and some key • Like encryption though need not be reversible • Appended to message as a signature • Receiver performs same computation on message and checks it matches the MAC • Provides assurance that message is unaltered and comes from sender 14MESSAGE AUTHENTICATION
  • 15.
    Message Authentication Code… •A small fixed-sized block of data • Generated from message + secret key • MAC = C(K,M) • Appended to message when sent 15MESSAGE AUTHENTICATION
  • 16.
    5.1 MESSAGE AUTHENTICATIONCODES • As shown the MAC provides authentication • Why use a MAC? • sometimes only authentication is needed • sometimes need authentication to persist longer than the encryption (eg. archival use) • Can also use encryption for secrecy • generally use separate keys for each • can compute MAC either before or after encryption • is generally regarded as better done before 16MESSAGE AUTHENTICATION
  • 17.
    5.2 MAC PROPERTIES •A MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • Is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult 17MESSAGE AUTHENTICATION
  • 18.
    6. HMAC 6.1 HMACDESIGN OBJECTIVES Use, without modifications, hash functions Allow for easy re-placeability of embedded hash function Preserve original performance of hash function without significant degradation Use and handle keys in a simple way. Have well understood cryptographic analysis of authentication mechanism strength 18MESSAGE AUTHENTICATION
  • 19.
    HMAC… • Uses hashfunction on the message: HMACK(M)= Hash[(K+ XOR opad) || Hash[(K+ XOR ipad) || M)] ] • where K+ is the key padded out to size • opad, ipad are specified padding constants • Overhead is just 3 more hash calculations than the message needs alone • Any hash function can be used • eg. MD5, SHA-1, RIPEMD-160, Whirlpool 19MESSAGE AUTHENTICATION
  • 20.
    HMAC Overview Figure Illustratesthe overall operation of HMAC: HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad) || M)] where: K+ is K padded with zeros on the left so that the result is b bits in length ipad is a pad value of 36 hex repeated to fill block opad is a pad value of 5C hex repeated to fill block M is the message input to HMAC (including the padding specified in the embedded hash function) Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly, the XOR with opad results in flipping one-half of the bits of K, but a different set of bits. In effect, pseudo randomly generated two keys from K.MESSAGE AUTHENTICATION 20
  • 21.
    • HMAC shouldexecute in approximately the same time as the embedded hash function for long messages. • HMAC adds three executions of the hash compression function (for Si, So, and the block produced from the inner hash). • A more efficient implementation is possible by precomputing the internal hash function on (K+ XOR opad) and (K+ XOR ipad) and inserting the results into the hash processing at start & end. • With this implementation, only one additional instance of the compression function is added to the processing normally produced by the hash function. • This is especially worthwhile if most of the messages for which a MAC is computed are short. 21MESSAGE AUTHENTICATION
  • 22.
    6.2 HMAC SECURITY •Proved security of HMAC relates to that of the underlying hash algorithm • Attacking HMAC requires either: • Brute force attack on key used • Birthday attack (but since keyed would need to observe a very large number of messages) • Choose hash function used based on speed verses security constraints MESSAGE AUTHENTICATION 22

Editor's Notes

  • #5 One of the most fascinating and complex areas of cryptography is that of message authentication and the related area of digital signatures. We now consider how to protect message integrity (ie protection from modification), as well as confirming the identity of the sender. Generically this is the problem of message authentication, and in eCommerce applications is arguably more important than secrecy. Message Authentication is concerned with: protecting the integrity of a message, validating identity of originator, & non-repudiation of origin (dispute resolution). There are three types of functions that may be used to produce an authenticator: a hash function, message encryption, message authentication code (MAC). Hash functions, and how they may serve for message authentication, are discussed in Chapter 11. The remainder of this section briefly examines the remaining two topics. The remainder of the chapter elaborates on the topic of MACs.
  • #6 Message encryption by itself can provide a measure of authentication. The analysis differs for symmetric and public-key encryption schemes. If use symmetric encryption, If no other party knows the key, then confidentiality is provided. As well, symmetric encryption provides authentication as well as confidentiality, since only the other party can have encrypted a properly constructed message (Stallings Figure 12.1a). Here, the ciphertext of the entire message serves as its authenticator, on the basis that only those who know the appropriate keys could have validly encrypted the message. This is provided you can recognize a valid message (ie if the message has suitable structure such as redundancy or a checksum to detect any changes).
  • #7 With public-key techniques, can use a digital signature which can only have been created by key owner to validate the integrity of the message contents. To provide both confidentiality and authentication, A can encrypt M first using its private key, which provides the digital signature, and then using B's public key, which provides confidentiality (Stallings Figure 12.1d). The disadvantage of this approach is that the public-key algorithm, which is complex, must be exercised four times rather than two in each communication.
  • #15 An alternative authentication technique involves the use of a secret key to generate a small fixed-size block of data, known as a cryptographic checksum or MAC that is appended to the message. This technique assumes that two communicating parties, say A and B, share a common secret key K. A MAC function is similar to encryption, except that the MAC algorithm need not be reversible, as it must for decryption.
  • #16 An alternative authentication technique involves the use of a secret key to generate a small fixed- size block of data, known as a cryptographic checksum or MAC that is appended to the message. This technique assumes that two communicating parties, say A and B, share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the message and the key: MAC = C(K, M). The message plus MAC are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated MAC (Stallings Figure 12.4a). If we assume that only the receiver and the sender know the identity of the secret key, and if the received MAC matches the calculated MAC, then the receiver is assured that the message has not been altered, is from the alleged sender, and if the message includes a sequence number then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number. A MAC function is similar to encryption. One difference is that the MAC algorithm need not be reversible, as it must for decryption. In general, the MAC function is a many-to-one function.
  • #17 The process depicted on the previous slide provides authentication but not confidentiality, because the message as a whole is transmitted in the clear. Confidentiality can be provided by performing message encryption either after (see Stallings Figure 12.4b) or before (see Stallings Figure 12.4c) the MAC algorithm. In both these cases, two separate keys are needed, each of which is shared by the sender and the receiver. Typically, it is preferable to tie the authentication directly to the plaintext, so the method of Figure 12.4b is used. Can use MAC in circumstances where just authentication is needed (or needs to be kept), see text for examples (e.g. such as when the same message is broadcast to a number of destinations; when one side has a heavy load and cannot afford the time to decrypt all incoming messages; or do not need to keep messages secret, but must authenticate messages). Finally, note that the MAC does not provide a digital signature because both sender and receiver share the same key.
  • #18 A MAC (also known as a cryptographic checksum, fixed-length authenticator, or tag) is generated by a function C. The MAC is appended to the message at the source at a time when the message is assumed or known to be correct. The receiver authenticates that message by re-computing the MAC. The MAC function is a many-to-one function, since potentially many arbitrarily long messages can be condensed to the same summary value, but don’t want finding them to be easy (see text for discussion)!
  • #19 RFC 2104 lists the following design objectives for HMAC: • To use, without modifications, available hash functions. In particular, hash functions that perform well in software, and for which code is freely and widely available. • To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required. • To preserve the original performance of the hash function without incurring a significant degradation. • To use and handle keys in a simple way. • To have a well understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions about the embedded hash function.
  • #20 The idea of a keyed hash evolved into HMAC, designed to overcome some problems with the original proposals. It involves hashing padded versions of the key concatenated with the message, and then with another outer hash of the result prepended by another padded variant of the key. The hash function need only be used on 3 more blocks than when hashing just the original message (for the two keys + inner hash). HMAC can use any desired hash function, and has been shown to have the same security as the underlying hash function. Can choose the hash function to use based on speed/security concerns.
  • #23 The appeal of HMAC is that its designers have been able to prove an exact relationship between the strength of the embedded hash function and the strength of HMAC. The security of a MAC function is generally expressed in terms of the probability of successful forgery with a given amount of time spent by the forger and a given number of message-MAC pairs created with the same key. Have two classes of attacks: brute force attack on key used which has work of order 2^n; or a birthday attack which requires work of order 2^(n/2) - but which requires the attacker to observe 2^n blocks of messages using the same key - very unlikely. For a hash code length of 128 bits, this requires 264 observed blocks (272 bits) generated using the same key. On a 1-Gbps link, one would need to observe a continuous stream of messages with no change in key for about 150,000 years in order to succeed. So even MD5 is still secure for use in HMAC given these constraints.