Cryptography and Network Security

Chapter 4 – Part B
Message Authetication Codes
Lectured by
Nguyễn Đức Thái
Outline
 Message Authentication Requirements
 Message Authentication Functions
 Basic Use of MACs
 MACs based on Hash Functions: HMAC

2
Message Authentication
 Message authentication is a mechanism or service
used to verify the integrity of a message.
 Message authentication assures that data received
are exactly as sent by (i.e., contain no modification,
insertion, deletion, or replay) and that the purported
identity of the sender is valid.
 Symmetric encryption provides authentication
among those who share the secret key.

3
Message Authentication
 A message authentication code (MAC) is an
algorithm that requires the use of a secret key.
 A MAC takes a variable-length message and a secret
key as input and produces an authentication code.
 A recipient in possession of the secret key can
generate an authentication code to verify the
integrity of the message
 One way: a MAC is to combine a cryptographic hash
function in some fashion with a secret key
 Another way: to use a symmetric block cipher in
such a way that it produces a fixed-length output for
a variablelength input
4
Message Authentication Requirements
 Disclosure
 Sequence modification
• Release of message contents
to any person or process not • Any modification to a
possessing the appropriate sequence of messages
cryptographic key between parties, including
insertion, deletion, and
 Traffic analysis reordering
• Discovery of the pattern of  Timing modification
traffic between parties
• Delay or replay of
 Masquerade messages
• Insertion of messages into  Source repudiation
the network from a
fraudulent source • Denial of transmission of
message by source
 Content modification
 Destination repudiation
• Changes to the contents of a
message, including insertion, • Denial of receipt of
deletion, transposition, and message by destination
modification

5
Message Authentication
 Message authentication is a procedure to verify that
received messages come from the alleged source
and have not been altered.
 Message authentication may also verify sequencing
and timeliness
 A digital signature is an authentication technique
that also includes measures to counter repudiation
by the source.

6
 Message Authentication Functions
• Hash function
Two levels of • A function that maps a
message of any length into a
Lower level fixed-length hash value
functionality: which serves as the
• There must be some sort of function authenticator
that produces an authenticator
• Message encryption
• The ciphertext of the entire
message serves as its
authenticator

• Message authentication code

(MAC)
• A function of the message
Higher-level and a secret key that
produces a fixed-length
•Uses the lower-level function as a primitive in an value that serves as the
authentication protocol that enables a receiver to authenticator
verify the authenticity of a message
7
Message Encryption

8
Internal and External Error Control

9
TCP Segment

10
Public Key Encryption
 The straightforward use of public-key encryption
provides confidentiality but not authentication
 To provide both confidentiality and authentication, A
can encrypt M first using its private key which
provides the digital signature, and then using B’s
public key, which provides confidentiality
 Disadvantage is that the public-key algorithm must
be exercised four times rather than two in each
communication

11
Basic Uses of MAC

12
Requirements for MAC

The final
The first requirement requirement
deals with message The second dictates that the
replacement attacks,
in which an opponent requirement authentication
Taking into account deals with the algorithm should
the types of attacks, is able to construct a
the MAC needs to
new message to need to thwart a not be weaker
match a given MAC, brute-force with respect to
satisfy the following: even though the
opponent does not attack based on certain parts or
know and does not chosen plaintext bits of the
learn the key message than
others

13
Brute-Force Attacks

 Requires known message-tag pairs

• A brute-force method of finding a collision is to pick
a random bit string y and check if H(y) = H(x)

Two lines of attack:

• Attack the key space
• If an attacker can determine the MAC key then it is possible to
generate a valid MAC value for any input x
• Attack the MAC value
• Objective is to generate a valid tag for a given message or to find a
message that matches a given tag

14
Cryptanalysis
 Cryptanalytic attacks seek to exploit some property
of the algorithm to perform some attack other than
an exhaustive search

 An ideal MAC algorithm will require a cryptanalytic

effort greater than or equal to the brute-force effort

 There is much more variety in the structure of MACs

than in hash functions, so it is difficult to generalize
about the cryptanalysis of MACs

15
MACs based on Hash Functions: HMAC
 There has been increased interest in developing a
MAC derived from a cryptographic hash function

 Motivations:
• Cryptographic hash functions such as MD5 and SHA
generally execute faster in software than symmetric block
ciphers such as DES
• Library code for cryptographic hash functions is widely
available
 HMAC has been chosen as the mandatory-to-
implement MAC for IP security
 Has also been issued as a NIST standard (FIPS 198)
16
Summary
 Message Authentication Requirements
 Message Authentication Functions
 Basic Use of MACs
 MACs based on Hash Functions: HMAC

17
References
1. Cryptography and Network Security, Principles
and Practice, William Stallings, Prentice Hall,
Sixth Edition, 2013

18