Is a public function of the message and a secret key that produces a fixed length value serves as the authenticator?
In the last chapter, we discussed the data integrity threats and the use of hashing technique to detect if any modification attacks have taken place on the data. Show
Another type of threat that exist for data is the lack of message authentication. In this threat, the user is not sure about the originator of the message. Message authentication can be provided using the cryptographic techniques that use secret keys as done in case of encryption. Message Authentication Code (MAC)MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC process, the sender and receiver share a symmetric key K. Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication. The process of using MAC for authentication is depicted in the following illustration − Let us now try to understand the entire process in detail −
Limitations of MACThere are two major limitations of MAC, both due to its symmetric nature of operation −
Both these limitations can be overcome by using the public key based digital signatures discussed in following section. Purpose:
Level of functionality:
Functions:
Message Security Requirements:
Message EncryptionBasic uses of Message EncryptionNote: Using Private key(no matter it is symmetric or asymmetric key) for encryption ensure that the sender is indeed sender, which provides authentication. Using Private key for decryption ensure that only receiver can decrypt message, which provides confidentiality. While Private key(used only in public-cryptography), has the ability to provide signature. That’s the only way to ensure non-repudiation. That’s why for (a), both sender and receiver use private key to encrypt/decrypt ensures both authentication and confidentiality. That’s why for (b), the sender use other’s public key does not provide authentication. But the receiver use private key to provide confidentiality. Message Authentication Code(MAC)
Error ControlInternal Error ControlExternal Error ControlProperties
AttacksMessage replacement attacks Brute force attacks: Requires known message-tag pairs, A brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x) Two lines of attack:
Crypt-analysis: Being weaker with respect to certain parts: much more variety in the structure of MACs than in hash functions, , so it is difficult to generalize about the crypt-analysis of MACs HMACKeyed Hash Functions as MACs(Proposal) -> MACs Based on Hash Functions: HMAC HMAC StructureEfficient Implementation of HMACIt uses hash function on the message: HMAC K (M)= Hash[(K⁺ XOR opad) || Hash[(K⁺ XOR ipad) || M)] ] where K⁺ is the key padded out to size, and opad, ipad are specified padding constants Can be used for any hash functions Security is depending on the hash function Using Symmetric Ciphers for MACs
Authenticated EncryptionDefinition: A term used to describe encryption systems that simultaneously protect confidentiality and authenticity of communications Approaches: Counter with Cipher Block Chaining- Message Authentication Code (CCM)
Pseudorandom Number Generation (PRNG)Essential elements:
Using Hash Function
Using Mac What are the functions used to produce an authenticator?Some types of functions that may be used to produce an authenticator: Message encryption: Message authentication code (MAC):. Protecting the integrity of a message.. Validating identity of originator.. Non‐repudiation of origin.. What are the classes of message authentication function?Authentication Functions
These may be grouped into three classes, as follows: A- Message encryption: The ciphertext of the entire message serves as its authenticator. B- Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator.
Which protocol is used for authenticating the message?Kerberos (protocol)
It is the default authentication method in Windows 2000 and later.
What is meant by message authentication define the classes of message authentication function?The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them. It is based on using a cryptographic hash or symmetric encryption algorithm.
|