1 / 18

Message Authentication Code

Message Authentication Code. July 2011. Message Authentication Problem. Message Authentication is concerned with: protecting the integrity of a message validating identity of originator How to detect changes by adversary to message? Ancient solution : sign and seal

xannon
Download Presentation

Message Authentication Code

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Message Authentication Code July 2011

  2. Message Authentication Problem • Message Authentication is concerned with: • protecting the integrity of a message • validating identity of originator • How to detect changes by adversary to message? • Ancient solution : • sign and seal • More technique: break to message part and authenticator part (“tag”) • How to do this digitally? • Create a tag t(M) and send tag securely

  3. Communication without authentication Shared key k to generate authenticate message Very easy.. Eve Eve can simply change the message M M’ Alice Bob

  4. Integrity Protection with MAC Shared key k to generate authenticate message k=??, MAC=?? Eve Eve can not forge MAC when k is unknown M M’ MAC (k,M) MAC?? Alice Bob Key : k Key : k

  5. MAC Authentication (I) • MAC allows two or more mutually trusting parties to authenticate messages sent between members Only Alice and me know k, one of us sent M. Eve If I do not send M, then Alice must have sent it. Alice Bob M Key : k Key : k MAC (k,M)

  6. MAC Authentication (II) • MAC allows two or more mutually trusting parties to authenticate messages sent between members Chris Only Alice, Chris, Doug and me know k, one of us sent M. Eve Key : k Alice Bob M Key : k Key : k Doug MAC (k,M) Key : k

  7. Integrity with Hash Can we simply send the hash with the message to serve message authentication ? Ans: No, Eve can change the message and recompute the hash. Using hash needs more appropriate procedure to guarantee integrity Forge M’ and compute h(M’) Eve No shared key M M’ h (M) h (M) Alice Bob

  8. Message Authentication Code • A function of the message and a secret key that produces a fixed-length value that serves as the authenticator • Generated by an algorithm : • generated from message + secret key : MAC = C(K,M) • A small fixed-sized block of data • appended to message as a signature when sent • Receiver performs same computation on message and checks it matches the MAC

  9. MAC and Encryption • As shown the MAC provides authentication • But encryption can also provides authentication! • Why use a MAC? • sometimes only authentication is needed • sometimes need authentication to persist longer than the encryption (eg. archival use) • Note that a MAC is not a digital signature

  10. MAC Properties • A MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • A many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult

  11. Keyed Hash Functions as MACs • Want a MAC based on a hash function • because hash functions are generally faster • crypto hash function code is widely available • Need a hashing including a key along with message • But hashing is internally has no key! • Original proposal: KeyedHash = Hash(Key|Message) • some weaknesses were found with this • Eventually led to development of HMAC

  12. HMAC • Hash-based Message Authentication Code • Developed by Mihir Bellare, Ran Canetti, and Hugo Krawczyk in1996  • Specified as Internet standard RFC2104 • Use cryptographic hash function in combination with a secret key • Any hash function can be used • eg. MD5, SHA-1, RIPEMD-160, Whirlpool • HMAC-MD5, HMAC-SHA1, HMAC-RIPEND-160, HMAC-Whirlpool • HMAC-SHA1 and HMAC-MD5 are used within the IPsec and TLS protocols

  13. HMAC Overview • Scheme consists of 2-stage nested : an inner and outer hash • K+ is expanded key k padded with zeros on the left so that the result is b bits in length • Intermediate result of first hash padded to increase complexity next hash • Different “round keys” generated for each hash • Stage 1: k1 = K+ ipad • Stage 2: k2 = K+ opad • Ipad : a string of repeated 0x36 • 00110110,00110110, . . .,00110110 • Opad : is a string of repeated 0x5C • 01011100,01011100, . . .,01011100 HMAC(K,M) = H( (K+⊕opad) | H( (K+ ⊕ ipad)| M) )

  14. Simplified Visualize

  15. CMAC (Cipher-based MAC) • “Hashless” MAC • Uses an encryption algorithm (DES, AES, etc.) to generate MAC • Based on same idea as cipher block chaining • Compresses result to size of single block (unlike encryption

  16. CMAC Overview • Message broken into N blocks • Each block fed into an encryption algorithm with key • Result XOR’d with next block before encryption to make final MAC

  17. CMAC Facts • Advantages: • Can use existing encryption functions • Encryption functions have properties that resist preimage and collision attacks • Ciphertext designed to appear like “random noise” – good approximation of random oracle model • Most exhibit strong avalanche effect – minor change in message gives great change in resulting MAC • Disadvantage: • Encryption algorithms (particularly when chained) can be much slower than hash algorithms

  18. Summary • A Hash is used to guarantee the integrity of data, a MAC guarantees integrity AND authentication • A Hash take a single input – a message and produces a message digest • A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC • A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally to generate the MAC • A CMAC algorithm is a specific type of MAC algorithm that uses a block cipher internally to generate the MAC

More Related