Message Authentication Code(MAC)
Purpose:
- Integrity
- Validation
Level of functionality:
- Lower level: the function that produces an authenticator
- Higher-level: a higher level protocol that enables a receiver to verify the authenticity of a message
Functions:
- Hash functions: A function that maps a message of any length into a fixed-length hash value which serves as the authenticator
- Message encryption: The ciphertext of the entire message serves as its authenticator
- Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator
Message Security Requirements:
- disclosure
- traffic analysis
- masquerade
- content modification
- sequence modification
- timing modification
- source repudiation
- destination repudiation
Message Encryption
Note: Using Private key(no matter it is symmetric or asymmetric key) for encryption ensure that the sender is indeed sender, which provides authentication. Using Private key for decryption ensure that only receiver can decrypt message, which provides confidentiality.
While Private key(used only in public-cryptography), has the ability to provide signature. That’s the only way to ensure non-repudiation.
That’s why for (a), both sender and receiver use private key to encrypt/decrypt ensures both authentication and confidentiality.
That’s why for (b), the sender use other’s public key does not provide authentication. But the receiver use private key to provide confidentiality.
Message Authentication Code(MAC)
- Generated by an algorithm that creates a small fixed-sized block
- Provides assurance that message is unaltered and comes from sender
- Receiver performs same computation on message and checks it matches the MAC
Error Control
Properties
- a cryptographic checksum MAC = Cₖ (M)
- many-to-one function
Attacks
Message replacement attacks
Brute force attacks:
Requires known message-tag pairs, A brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x)
Two lines of attack:
- Attack the key space: If an attacker can determine the MAC key then it is possible to generate a valid MAC value for any input x
- Attack the MAC value: Objective is to generate a valid tag for a given message or to find a message that matches a given tag
Crypt-analysis: Being weaker with respect to certain parts:
much more variety in the structure of MACs than in hash functions, , so it is difficult to generalize about the crypt-analysis of MACs
HMAC
Keyed Hash Functions as MACs(Proposal) -> MACs Based on Hash Functions: HMAC
It uses hash function on the message: HMAC K (M)= Hash[(K⁺ XOR opad) || Hash[(K⁺ XOR ipad) || M)] ] where K⁺ is the key padded out to size, and opad, ipad are specified padding constants
Can be used for any hash functions
Security is depending on the hash function
Using Symmetric Ciphers for MACs
- can use any block cipher chaining mode and use final block as a MAC
- Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC.(send just the final block as the MAC)
- but final MAC is now too small for security
Authenticated Encryption
Definition: A term used to describe encryption systems that simultaneously protect confidentiality and authenticity of communications
Approaches:
Hash-then-encrypt: E(K, (M || h))
MAC-then-encrypt: T = MAC(K₁ , M), E(K₂ , [M || T])
Encrypt-then-MAC: C = E(K₂ , M), T = MAC(K₁ , C)
Encrypt-and-MAC: C = E(K₂ , M), T = MAC(K₁ , M)
Counter with Cipher Block Chaining- Message Authentication Code (CCM)
- variation of encrypt-and-MAC approach
- single key used for both encryption & MAC
Pseudorandom Number Generation (PRNG)
Essential elements:
- seed value: Generated Random Bits should depend only the seed
value - deterministic algorithm
Using Hash Function
- secure if good hash
used
Using Mac
