Message Authentication Code July 2011. Message Authentication Problem Message Authentication is...
-
Upload
gerard-dorsey -
Category
Documents
-
view
224 -
download
2
Transcript of Message Authentication Code July 2011. Message Authentication Problem Message Authentication is...
![Page 1: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/1.jpg)
Message Authentication Code
July 2011
![Page 2: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/2.jpg)
Message Authentication Problem Message Authentication is concerned with:
protecting the integrity of a message validating identity of originator
How to detect changes by adversary to message? Ancient solution :
sign and seal More technique: break to message part and
authenticator part (“tag”) How to do this digitally?
Create a tag t(M) and send tag securely
![Page 3: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/3.jpg)
Communication without authentication
Shared key k to generate authenticate message
Alice
M
Bob
Eve
M’
Very easy..
Eve can simply change the message
![Page 4: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/4.jpg)
Integrity Protection with MAC
Shared key k to generate authenticate message
Alice
M
Bob
Eve
MAC (k,M)
M’
MAC??
k=??, MAC=??
Key : k Key : k
Eve can not forge MAC when k is unknown
![Page 5: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/5.jpg)
MAC Authentication (I) MAC allows two or more mutually trusting parties to
authenticate messages sent between members
Alice
M
Bob
Eve
MAC (k,M)
Key : k Key : k
Only Alice and me know k, one of us
sent M.
If I do not send M, then Alice must have
sent it.
![Page 6: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/6.jpg)
MAC Authentication (II) MAC allows two or more mutually trusting parties to
authenticate messages sent between members
Alice
M
Bob
Eve
MAC (k,M)
Key : k Key : k
Only Alice, Chris, Doug and me know k, one of us sent M.
Chris
Key : k
Doug
Key : k
![Page 7: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/7.jpg)
Integrity with Hash
Can we simply send the hash with the message to serve message authentication ?
Ans: No, Eve can change the message and recompute the hash.
Using hash needs more appropriate procedure to guarantee integrity
Alice
M
Bob
Eve
h (M)
M’
h (M)
Forge M’ and
compute h(M’)
No shared key
![Page 8: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/8.jpg)
Message Authentication Code A function of the message and a secret key that produces a
fixed-length value that serves as the authenticator Generated by an algorithm :
generated from message + secret key : MAC = C(K,M) A small fixed-sized block of data appended to message as a signature when sent
Receiver performs same computation on message and checks it matches the MAC
![Page 9: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/9.jpg)
MAC and Encryption As shown the MAC provides authentication But encryption can also provides authentication! Why use a MAC?
sometimes only authentication is needed sometimes need authentication to persist longer than the
encryption (eg. archival use) Note that a MAC is not a digital signature
![Page 10: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/10.jpg)
MAC Properties A MAC is a cryptographic checksum
MAC = CK(M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator
A many-to-one function potentially many messages have same MAC but finding these needs to be very difficult
![Page 11: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/11.jpg)
Keyed Hash Functions as MACs Want a MAC based on a hash function
because hash functions are generally faster crypto hash function code is widely available
Need a hashing including a key along with message But hashing is internally has no key!
Original proposal:KeyedHash = Hash(Key|Message) some weaknesses were found with this
Eventually led to development of HMAC
![Page 12: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/12.jpg)
HMAC Hash-based Message Authentication Code Developed by Mihir Bellare, Ran Canetti, and Hugo
Krawczyk in1996 Specified as Internet standard RFC2104 Use cryptographic hash function in combination with
a secret key Any hash function can be used
eg. MD5, SHA-1, RIPEMD-160, Whirlpool HMAC-MD5, HMAC-SHA1, HMAC-RIPEND-160, HMAC-
Whirlpool HMAC-SHA1 and HMAC-MD5 are used within
the IPsec and TLS protocols
![Page 13: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/13.jpg)
HMAC Overview
HMAC(K,M) = H( (K+ opad) | H( (⊕ K+ ipad)| M) ⊕ )
Scheme consists of 2-stage nested : an inner and outer hash K+ is expanded key k padded with zeros on
the left so that the result is b bits in length Intermediate result of first hash padded to
increase complexity next hash Different “round keys” generated for
each hash Stage 1: k1 = K+ ipad Stage 2: k2 = K+ opad Ipad : a string of repeated 0x36
00110110,00110110, . . .,00110110 Opad : is a string of repeated 0x5C
01011100,01011100, . . .,01011100
![Page 14: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/14.jpg)
Simplified Visualize
![Page 15: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/15.jpg)
CMAC (Cipher-based MAC) “Hashless” MAC
Uses an encryption algorithm (DES, AES, etc.) to generate MAC
Based on same idea as cipher block chaining Compresses result to size of single block (unlike
encryption
![Page 16: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/16.jpg)
CMAC Overview
Message broken into N blocks Each block fed into an encryption algorithm
with key Result XOR’d with next block before encryption
to make final MAC
![Page 17: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/17.jpg)
17
CMAC Facts Advantages:
Can use existing encryption functions Encryption functions have properties that resist preimage
and collision attacks Ciphertext designed to appear like “random noise” – good
approximation of random oracle model Most exhibit strong avalanche effect – minor change in message gives
great change in resulting MAC
Disadvantage: Encryption algorithms (particularly when chained) can be
much slower than hash algorithms
![Page 18: Message Authentication Code July 2011. Message Authentication Problem Message Authentication is concerned with: protecting the integrity of a message.](https://reader030.fdocuments.in/reader030/viewer/2022033104/56649ed25503460f94be258d/html5/thumbnails/18.jpg)
Summary A Hash is used to guarantee the integrity of data, a MAC
guarantees integrity AND authentication A Hash take a single input – a message and produces a
message digest A MAC algorithm takes two inputs -- a message and a
secret key -- and produces a MAC A HMAC algorithm is simply a specific type of MAC
algorithm that uses a hash algorithm internally to generate the MAC
A CMAC algorithm is a specific type of MAC algorithm that uses a block cipher internally to generate the MAC