Presentation is loading. Please wait.

Presentation is loading. Please wait.

Message Authentication Code July 2011. Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.

Published byGerard Dorsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Message Authentication Code July 2011. Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message."— Presentation transcript:

1 Message Authentication Code July 2011

2 Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message  validating identity of originator  How to detect changes by adversary to message?  Ancient solution :  sign and seal  More technique: break to message part and authenticator part (“tag”)  How to do this digitally?  Create a tag t(M) and send tag securely

3 Communication without authentication Shared key k to generate authenticate message Alice M M Bob Eve M’ Very easy.. Eve can simply change the message

4 Integrity Protection with MAC Shared key k to generate authenticate message Alice M M Bob Eve MAC (k,M) M’ MAC?? k=??, MAC=?? Key : k Eve can not forge MAC when k is unknown

5 MAC Authentication (I)  MAC allows two or more mutually trusting parties to authenticate messages sent between members Alice M M Bob Eve MAC (k,M) Key : k Only Alice and me know k, one of us sent M. If I do not send M, then Alice must have sent it.

6 MAC Authentication (II)  MAC allows two or more mutually trusting parties to authenticate messages sent between members Alice M M Bob Eve MAC (k,M) Key : k Only Alice, Chris, Doug and me know k, one of us sent M. Chris Key : k Doug Key : k

7 Integrity with Hash Can we simply send the hash with the message to serve message authentication ? Ans: No, Eve can change the message and recompute the hash. Using hash needs more appropriate procedure to guarantee integrity Alice M M Bob Eve h (M) M’ h (M) Forge M’ and compute h(M’) No shared key

8 Message Authentication Code  A function of the message and a secret key that produces a fixed-length value that serves as the authenticator  Generated by an algorithm :  generated from message + secret key : MAC = C(K,M)  A small fixed-sized block of data  appended to message as a signature when sent  Receiver performs same computation on message and checks it matches the MAC

9 MAC and Encryption  As shown the MAC provides authentication  But encryption can also provides authentication!  Why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use)  Note that a MAC is not a digital signature

10 MAC Properties  A MAC is a cryptographic checksum MAC = C K (M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator  A many-to-one function potentially many messages have same MAC but finding these needs to be very difficult

11 Keyed Hash Functions as MACs  Want a MAC based on a hash function because hash functions are generally faster crypto hash function code is widely available  Need a hashing including a key along with message  But hashing is internally has no key!  Original proposal: KeyedHash = Hash(Key|Message) some weaknesses were found with this  Eventually led to development of HMAC

12 HMAC  Hash-based Message Authentication Code  Developed by Mihir Bellare, Ran Canetti, and Hugo Krawczyk in1996  Specified as Internet standard RFC2104  Use cryptographic hash function in combination with a secret key  Any hash function can be used eg. MD5, SHA-1, RIPEMD-160, Whirlpool HMAC-MD5, HMAC-SHA1, HMAC-RIPEND-160, HMAC- Whirlpool  HMAC-SHA1 and HMAC-MD5 are used within the IPsec and TLS protocols

13 HMAC Overview HMAC(K,M) = H( (K + ⊕ opad) | H( (K + ⊕ ipad)| M) )  Scheme consists of 2-stage nested : an inner and outer hash  K + is expanded key k padded with zeros on the left so that the result is b bits in length  Intermediate result of first hash padded to increase complexity next hash  Different “round keys” generated for each hash  Stage 1: k1 = K +  ipad  Stage 2: k2 = K +  opad  Ipad : a string of repeated 0x36  00110110,00110110,...,00110110  Opad : is a string of repeated 0x5C  01011100,01011100,...,01011100

14 Simplified Visualize

15 CMAC (Cipher-based MAC)  “Hashless” MAC  Uses an encryption algorithm (DES, AES, etc.) to generate MAC  Based on same idea as cipher block chaining  Compresses result to size of single block (unlike encryption

16 CMAC Overview  Message broken into N blocks  Each block fed into an encryption algorithm with key  Result XOR’d with next block before encryption to make final MAC

17 17 CMAC Facts  Advantages:  Can use existing encryption functions  Encryption functions have properties that resist preimage and collision attacks  Ciphertext designed to appear like “random noise” – good approximation of random oracle model  Most exhibit strong avalanche effect – minor change in message gives great change in resulting MAC  Disadvantage:  Encryption algorithms (particularly when chained) can be much slower than hash algorithms

18 Summary  A Hash is used to guarantee the integrity of data, a MAC guarantees integrity AND authentication  A Hash take a single input – a message and produces a message digest  A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC  A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally to generate the MAC  A CMAC algorithm is a specific type of MAC algorithm that uses a block cipher internally to generate the MAC

Download ppt "Message Authentication Code July 2011. Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message."

Similar presentations

Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)

Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Lecture 13 Message Signing

Lecture 13 Message Signing
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google