Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com These slides were prepared by Christof Paar and Jan Pelzl Chapter 12.

Published byTamsyn Griselda Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com These slides were prepared by Christof Paar and Jan Pelzl Chapter 12."— Presentation transcript:

1 Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com These slides were prepared by Christof Paar and Jan Pelzl Chapter 12 – Message Authentication Codes (MACs)

2  Permission to use these slide is only given for courses that use the book Understanding Cryptography by Christof Paar and Jan Pelzl.  If the slides are modified, appropriate credits to the book authors must remain within the slides.  It is not permitted to reproduce parts or all of the slides in printed form whatsoever without written consent by the authors.  The slides may not be used for any non-academic courses without written consent by the authors.  Some legal stuff (sorry): Terms of Use 2/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

3  The principle behind MACs  The security properties that can be achieved with MACs  How MACs can be realized with hash functions and with block ciphers  Content of this Chapter 3/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

4  Similar to digital signatures, MACs append an authentication tag to a message  MACs use a symmetric key k for generation and verification  Computation of a MAC: m = MAC k (x)  Principle of Message Authentication Codes 4/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

5 1. Cryptographic checksum A MAC generates a cryptographically secure authentication tag for a given message. 2. Symmetric MACs are based on secret symmetric keys. The signing and verifying parties must share a secret key. 3. Arbitrary message size MACs accept messages of arbitrary length. 4. Fixed output length MACs generate fixed-size authentication tags. 5. Message integrity MACs providemessage integrity: Any manipulations of a message during transit will be detected by the receiver. 6. Message authentication The receiving party is assured of the origin of the message. 7. No nonrepudiation Since MACs are based on symmetric principles, they do not provide nonrepudiation.  Properties of Message Authentication Codes 5/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

6  MAC is realized with cryptographic hash functions (e.g., SHA-1)  HMAC is such a MAC built from hash functions  Basic idea: Key is hashed together with the message  Two possible constructions: secret prefix MAC: m =MAC k (x) = h(k||x) secret suffix MAC: m =MAC k (x) = h(x||k)  Attacks: secret prefix MAC: Attack MAC for the message x = (x 1,x 2,...,x n,x n+1 ), where x n+1 is an arbitrary additional block, can be constructed from m without knowing the secret key secret suffix MAC: find collision x and x O such that h(x) = h(x O ), then m = h(x||k) = h(x O ||k)  MACs from Hash Functions 6/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

7  Proposed by Mihir Bellare, Ran Canetti and Hugo Krawczyk in 1996  Scheme consists of an inner and outer hash k + is expanded key k expanded key k + is XORed with the inner pad ipad = 00110110,00110110,...,00110110 opad = 01011100,01011100,...,01011100 HMAC k (x) = h[(k + ⊕ opad)||h[(k + ⊕ ipad)||x]]  HMAC 7/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

8  MAC constructed from block ciphers (e.g. AES)  Popular: Use AES in CBC mode  CBC-MAC:  MACs from Block Ciphers 8/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

9  MAC Generation Divide the message x into blocks x i Compute first iteration y 1 = e k (x 1 ⊕ IV) Compute y i = e k (x i ⊕ y i−1 ) for the next blocks Final block is the MAC value: m =MAC k (x) = y n  MAC Verification Repeat MAC computation (m‘) Compare results:In case m’ = m, the message is verified as correct In case m’ ≠ m, the message and/or the MAC value m have been altered during transmission  CBC-MAC 9/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

10  MACs provide two security services, message integrity and message authentication, using symmetric techniques. MACs are widely used in protocols.  Both of these services are also provided by digital signatures, but MACs are much faster.  MACs do not provide nonrepudiation.  In practice, MACs are either based on block ciphers or on hash functions.  HMAC is a popular MAC used in many practical protocols such as TLS.  Lessons Learned 10/10 Chapter 12 of Understanding Cryptography by Christof Paar and Jan Pelzl

Download ppt "Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com These slides were prepared by Christof Paar and Jan Pelzl Chapter 12."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 10 – Digital Signatures.

Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 10 – Digital Signatures.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester 2008-2009 ITGD 2202 University of Palestine.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

Similar presentations

Ads by Google