Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAC: Message Authentication Code

Published byJoel Malone Modified over 6 years ago

Similar presentations

Presentation on theme: "MAC: Message Authentication Code"— Presentation transcript:

1 MAC: Message Authentication Code
CS 465 MAC: Message Authentication Code Last Updated: Oct16, 2017

2 What Assurrances are Provided by Symmetric Encryption?
Assume CTR or CBC mode Authentication? Confidentiality? Integrity? Non-repudiation?

3 Bit Flipping Attacks (Block Cipher)

4 Bit Flipping Attacks (Stream Cipher)
Plaintext: ACCT_NO: ADD:100 Ciphertext: 15b1206b7efa68b9 89 c e3a27a138ca dc b2a1bb f8 eebee5

5 Goals of Message Authentication
Assure that the message has not been altered Assure the source of the message is authentic

6 Message Authentication: Ciphertext vs. Plaintext
Authentication of encrypted messages Include an error-detection code in plaintext message Attach a key-based error-detection code to an encrypted message Attach a TAG – remember the newer AEAD modes Authentication of plaintext messages Authentication without confidentiality Attach a key-based error-detection code to plaintext message

7 Message Authentication Code (MAC)
Dear BYU, Thank you so much for offering such an awesome computer security course. Sincerely, Joe Student Dear BYU, Thank you so much for offering such an awesome computer security course. Sincerely, Joe Student MAC Algorithm This message really is from me and hasn’t been modified. Key

8 Message Authentication Code (MAC)
Source: Network Security Essentials (Stallings)

9 MAC Creation with Block Cipher

10 Three Ways to Implement a MAC
CBC-MAC Use CBC mode and a block cipher Expensive Hash the message and encrypt the digest Source: Network Security Essentials (Stallings)

11 Three Ways to Implement a MAC
CBC-MAC Hash the message and encrypt the digest Hash the message along with a shared key MAC generated using hashing is known as an HMAC Source: Network Security Essentials (Stallings)

12 Design Flaw! Cryptographers recommend against this kind of HMAC using modern hash functions Vulnerable to a message extension attack An example of an implementation weaknesses in the algorithm

13 Iterative Hash Function
Popular hash functions (MD5, SHA1, SHA2) use an iterative implementation technique known as the Merkle-Damgård construction SHA-3 uses a sponge construction

14 MAC attack regions of interest
Length field is 64 bits MAC attack regions of interest

15 Alice and Bob Alice and Bob share a key K
Alice sends message M1 to Bob such that Bob knows it came from Alice Alice computes H(K || M1) = mac1 Alice sends M1 and mac1 to Bob Bob verifies the message Bob computes H(K || M1) = mac2 and compares it to mac1. If they match, the message came from Alice. Or did it????

16 Message Extension Attack
Mallory can intercept a plaintext message and a mac. Mallory “extends” the message – adds new material to the end of the message She modifies the mac without knowing the key. She needs to know some properties of the key. She replaces the message and mac with the extended message and new mac and forwards it along Bob receives the modified message and mac, and it passes his verification step. He believes is came from Alice! See Project 3 writeup, resources on that page along with the lectures page.

17 HMAC Because of the message extension attack vulnerability, the government standard HMAC algorithm guards against this threat FIPS 198 RFC 2104

18 HMAC H(K || H(K || M))

Download ppt "MAC: Message Authentication Code"

Similar presentations

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Information Security and Management 11

Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Similar presentations

Ads by Google