Is a public function of the message and a secret key that produces a fixed length value serves as the authenticator?

In the last chapter, we discussed the data integrity threats and the use of hashing technique to detect if any modification attacks have taken place on the data.

Another type of threat that exist for data is the lack of message authentication. In this threat, the user is not sure about the originator of the message. Message authentication can be provided using the cryptographic techniques that use secret keys as done in case of encryption.

Message Authentication Code (MAC)

MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −

Let us now try to understand the entire process in detail −

• The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces a MAC value.

• Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The major difference between hash and MAC is that MAC uses secret key during the compression.

• The sender forwards the message along with the MAC. Here, we assume that the message is sent in the clear, as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is required then the message needs encryption.

• On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key K into the MAC algorithm and re-computes the MAC value.

• The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they match, then the receiver accepts the message and assures himself that the message has been sent by the intended sender.

• If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether it is the message that has been altered or it is the origin that has been falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.

Limitations of MAC

There are two major limitations of MAC, both due to its symmetric nature of operation −

• Establishment of Shared Secret.

  • It can provide message authentication among pre-decided legitimate users who have shared key.

  • This requires establishment of shared secret prior to use of MAC.

• Inability to Provide Non-Repudiation

  • Non-repudiation is the assurance that a message originator cannot deny any previously sent messages and commitments or actions.

  • MAC technique does not provide a non-repudiation service. If the sender and receiver get involved in a dispute over message origination, MACs cannot provide a proof that a message was indeed sent by the sender.

  • Though no third party can compute the MAC, still sender could deny having sent the message and claim that the receiver forged it, as it is impossible to determine which of the two parties computed the MAC.

Both these limitations can be overcome by using the public key based digital signatures discussed in following section.

Purpose:

• Integrity
• Validation

Level of functionality:

• Lower level: the function that produces an authenticator
• Higher-level: a higher level protocol that enables a receiver to verify the authenticity of a message

Functions:

• Hash functions: A function that maps a message of any length into a fixed-length hash value which serves as the authenticator
• Message encryption: The ciphertext of the entire message serves as its authenticator
• Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator

Message Security Requirements:

• disclosure
• traffic analysis
• masquerade
• content modification
• sequence modification
• timing modification
• source repudiation
• destination repudiation

Message Encryption

Note: Using Private key(no matter it is symmetric or asymmetric key) for encryption ensure that the sender is indeed sender, which provides authentication. Using Private key for decryption ensure that only receiver can decrypt message, which provides confidentiality.

While Private key(used only in public-cryptography), has the ability to provide signature. That’s the only way to ensure non-repudiation.

That’s why for (a), both sender and receiver use private key to encrypt/decrypt ensures both authentication and confidentiality.

That’s why for (b), the sender use other’s public key does not provide authentication. But the receiver use private key to provide confidentiality.

Message Authentication Code(MAC)

• Generated by an algorithm that creates a small fixed-sized block
• Provides assurance that message is unaltered and comes from sender
• Receiver performs same computation on message and checks it matches the MAC

Error Control

Properties

• a cryptographic checksum MAC = Cₖ (M)
• many-to-one function

Attacks

Message replacement attacks

Brute force attacks:

Requires known message-tag pairs, A brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x)

Two lines of attack:

• Attack the key space: If an attacker can determine the MAC key then it is possible to generate a valid MAC value for any input x
• Attack the MAC value: Objective is to generate a valid tag for a given message or to find a message that matches a given tag

Crypt-analysis: Being weaker with respect to certain parts:

much more variety in the structure of MACs than in hash functions, , so it is difficult to generalize about the crypt-analysis of MACs

HMAC

Keyed Hash Functions as MACs(Proposal) -> MACs Based on Hash Functions: HMAC

It uses hash function on the message: HMAC K (M)= Hash[(K⁺ XOR opad) || Hash[(K⁺ XOR ipad) || M)] ] where K⁺ is the key padded out to size, and opad, ipad are specified padding constants

Can be used for any hash functions

Security is depending on the hash function

Using Symmetric Ciphers for MACs

• can use any block cipher chaining mode and use final block as a MAC
• Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC.(send just the final block as the MAC)

• but final MAC is now too small for security

Authenticated Encryption

Definition: A term used to describe encryption systems that simultaneously protect confidentiality and authenticity of communications

Approaches:
Hash-then-encrypt: E(K, (M || h))
MAC-then-encrypt: T = MAC(K₁ , M), E(K₂ , [M || T])
Encrypt-then-MAC: C = E(K₂ , M), T = MAC(K₁ , C)
Encrypt-and-MAC: C = E(K₂ , M), T = MAC(K₁ , M)

Counter with Cipher Block Chaining- Message Authentication Code (CCM)

• variation of encrypt-and-MAC approach
• single key used for both encryption & MAC

Pseudorandom Number Generation (PRNG)

Essential elements:

• seed value: Generated Random Bits should depend only the seed
  value
• deterministic algorithm

Using Hash Function

• secure if good hash
  used

Using Mac

What are the functions used to produce an authenticator?

What are the classes of message authentication function?

Which protocol is used for authenticating the message?

What is meant by message authentication define the classes of message authentication function?