SlideShare a Scribd company logo

MAC-Message Authentication Codes

Download as PPTX, PDF
D
DarshanPatil82

The document outlines the requirements and functions of message authentication codes (MACs) and their role in verifying message integrity and authenticity. It details various potential attacks on message integrity, such as disclosure, masquerade, and timing modifications, and introduces digital signatures as a countermeasure. Additionally, it covers the construction and security of MACs, including brute-force attacks and cryptanalysis, while presenting HMAC as a standard for implementing MAC with existing hash functions.

Engineering
1 of 38
Downloaded 152 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Most read
17
18
19
Most read
20
Most read
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Message Authentication Codes Members: ➔ Mohit Bhat ➔ Piyush Pandita ➔ Darshan Patil ➔ Ragini Patil ➔ Priyansh Acharya
ROAD MAP 1. Message Authentication Requirements 2. Message Authentication Functions a. Message Encryption b. Message Authentication Code 3. Requirements for Message Authentication Codes 4. Security of MACs a. Brute-Force Attacks b. Cryptanalysis
Message Authentication Requirements In the context of communications across a network, the following attacks can be identified. Description Measures Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key. Measures to deal with the first two attacks are in the realm of message confi- dentiality and are dealt with in Part One. Traffic analysis Discovery of the pattern of traffic between parties. In a connection- oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
Message Authentication Requirements Description Measures Masquerad e Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or non-receipt by someone other than the message recipient. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Content modificatio n Changes to the contents of a message, including insertion, deletion, transposition, and modification.
Message Authentication Requirements Description Measures Sequence modificatio n Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Timing modificatio n Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
Message Authentication Requirements Description Measures Source repudiation Denial of transmission of message by source. Mechanisms for dealing specifically with this comes under the heading of digital signatures. Destination repudiation Denial of receipt of message by destination. Dealing with this item may require a combination of the use of digital signatures and a protocol designed to counter this attack.
Message Authentication Requirements Message authentication is a procedure to verify that received messages come from the alleged source and have not been altered. Message authentication may also verify sequencing and timeliness. A digital signature is an authentication technique that also includes measures to counter repudiation by the source.
MESSAGE AUTHENTICATION FUNCTIONS: ▪ Any message authentication or digital signature mechanism has two levels of functionality. ▫ At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. ▫ This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
MESSAGE AUTHENTICATION FUNCTIONS: The types of functions that may be used to produce an authenticator may be grouped into three classes. ▪ Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator ▪ Message encryption: The ciphertext of the entire message serves as its authenticator ▪ Message authentication code (MAC): A function of the message and a secretkey that produces a fixed- length value that serves as the authenticator
Message Encryption SYMMETRIC ENCRYPTION PUBLIC-KEY ENCRYPTION
MESSAGE ENCRYPTION USES:
MESSAGE ENCRYPTION USES:
MESSAGE ENCRYPTION ERROR CONTROL:
MESSAGE ENCRYPTION ERROR CONTROL:
Public key Encryption ● Public key encryption provides confidentiality but not authentication ● The source (A) uses the public key of the destination (B) to encrypt M. ● Because only B has the corresponding private key , only B can decrypt the message.
Message authentication code(MAC) ● A message authentication code (MAC), also known as a cryptographic checksum, is an authentication technique involves the use of a secret key to generate a small fixed-size block of data. ● When A has a message to send to B, it calculates the MAC as a function of the message and the key: Where: M= input message C = MAC function K= shared secret key MAC= C(M,K)
● The tag is appended to the message at the source. ● The message and the MAC are transmitted to the recipient. ● The receiver recomputes the MAC from the secret key and the message data received. ● The receiver MAC is compared to the calculated MAC for message authentication ● MAC function is similar to encryption and is Many to one in nature.
★ If we assume that only the receiver and the sender know the identity of the secret key, and if the received MAC matches the calculated MAC, then: ○ The receiver is assured that the message has not been altered. If an attacker alters the message but does not alter the MAC, then the receiver’s calculation of the MAC will differ from the received MAC. Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations in the message. ○ The receiver is assured that the message is from the alleged sender. Because no one else knows the secret key, no one else could prepare a message with a proper MAC. ○ If the message includes a sequence number (such as is used with HDLC, X.25, and TCP), then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number
Message Authentication Code(MAC)
Message Authentication Code(MAC)
Message Authentication Code(MAC)
Mac Requirements MAC Function ● If an opponent observes M and MAC(K, M) , it should be computationally infeasible for the opponent to construct a message M' such that MAC(K, M') = MAC(K, M) ● MAC(K, M) should be uniformly distributed in the sense that for randomly chosen messages M' and M, the probability that MAC(K, M) = MAC(K, M') is 2-n ,where n is the number of bits in the tag.
MAC REQUIREMENTS ● On average, α rounds will be needed if . For example, if an 80-bit key is used and the tab is 32 bits, then the first round will produce about possible keys. The second round will narrow the possible keys to about possibilities. ● The third round should produce only a single key, which must be the one used by the sender.
Points to Note for MAC: ● An opponent is able to construct a new message to match a given tag, even though the opponent does not know and does not learn the key. ● The need to thwart a brute-force attack based on chosen plaintext. ● The authentication algorithm should not be weaker with respect to certain parts or bits of the message than others.
SECURITY OF MAC: ▪ Brute-Force Attacks ▪ Cryptanalysis
Brute-Force Attacks ▪ A brute-force attack on a MAC is a more difficult undertaking than a brute-force attack on a hash function because it requires known message-tag pairs ▪ To attack a hash code, we can proceed in the following way. Given a fixed message x with n-bit hash code h = H(x), a brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x) ▪ The attacker can do this repeatedly off line ▪ Whether an off-line attack can be used on a MAC algorithm depends on the relative size of the key and the tag
To proceed, we need to state the desired security property of a MAC algorithm, which can be expressed as follows. • Computation resistance: Given one or more text-MAC pairs ,[ xi, MAC(K,xi)] it is computationally infeasible to compute any text-MAC pair [x, MAC(K, x)] for any new input x ≠ xi There are two lines of attack possible: 1. Attack the key space 2. Attack the MAC value
Attack the key space: ▪ If an attacker can determine the MAC key, then it is possible to generate a valid MAC value for any input x ▪ Suppose the key size is k bits and that the attacker has one known text–tag pair ▪ Then the attacker can compute the n-bit tag on the known text for all possible keys ▪ At least one key is guaranteed to produce the correct tag, namely, the valid key that was initially used to produce the known text–tag pair ▪ This phase of the attack takes a level of effort proportional to 2k (that is, one operation for each of the 2k possible key values) ▪ However, as was described earlier, because the MAC is a many-to-one mapping, there may be other keys that produce the correct value ▪ Thus, if more than one key is found to produce the correct value, additional text–tag pairs must be tested
Attack the MAC value: ▪ An attacker can also work on the tag without attempting to recover the key ▪ Here, the objective is to generate a valid tag for a given message or to find a message that matches a given tag ▪ In either case, the level of effort is comparable to that for attacking the one-way or weak collision-resistant property of a hash code, or 2k ▪ In the case of the MAC, the attack cannot be conducted off-line without further input ▪ The attacker will require chosen text–tag pairs or knowledge of the key
SUMMARY OF BRUTE FORCE ATTACK ▪ To summarize, the level of effort for brute-force attack on a MAC algorithm can be expressed as min (2k, 2n) ▪ The assessment of strength is similar to that for symmetric encryption algorithms ▪ It would appear reasonable to require that the key length and tag length satisfy a relationship such as min(k,n) > N , where N is perhaps in the range of 128 bits
CRYPTANALYSIS ▪ As with encryption algorithms and hash functions, cryptanalytic attacks on MAC algorithms seek to exploit some property of the algorithm to perform some attack other than an exhaustive search. ▪ The way to measure the resistance of a MAC algorithm to cryptanalysis is to compare its strength to the effort required for a brute-force attack. ▪ That is, an ideal MAC algorithm will require a cryptanalytic effort greater than or equal to the brute-force effort. ▪ There is much more variety in the structure of MACs than in hash functions, so it is difficult to generalize about the cryptanalysis of MACs. ▪ Furthermore, far less work has been done on developing such attacks.
HMAC Keyed-Hashing for Message Authentication, a variation on the MAC algorithm, has emerged as an Internet standard for a variety of applications. It makes use of existing Message digest algorithms such as SHA-512 ,MD5 etc
Objectives Of HMAC ▪ To use Hash Functions that are available, without modification ▪ To allow replaceability of embedded Hash functions ▪ To use and handle keys in simple ways ▪ Preserving Original Performance of hash functions ▪ To have a well understood analysis of authentication mechanism strength.
Elements of the HMAC Algorithm ▪ H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160) ▪ IV = initial value input to hash function ▪ M = message input to HMAC ▪ Yi = ith block of M, 0 i (L - 1) ▪ L = number of blocks in M ▪ b = number of bits in a block ▪ n = length of hash code produced by embedded hash function ▪ K= secret key recommended length is n; (k>=b) ▪ K+ = K padded with zeros on the left so that the result is b bits in length ▪ ipad = 00110110 (36 in hexadecimal) repeated b/8 times ▪ opad = 01011100 (5C in hexadecimal) repeated b/8 times
HMAC Procedure
Steps Involved In the HMAC algorithm 1) Make the Size of K greater than OR equal to ‘b’ to obtain K+ 2) XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si. 3) Append M to Si. 4) Apply H to the stream generated in step 3.. 5) XOR K+ with opad to produce the b-bit block So 6) Append the hash result from step 4 to So 7) Apply H to the stream generated in step 6 and output the result.
HMAC: Conclusion The HMAC algorithm is a Hashed - Message Authentication Code generator, wherein the end product in turn is a MAC (message authentication Code). It uses available message Digest algorithms like SHA-512 Motivation HMAC makes use of Library Hash codes which are easily available. Cryptographic hash functions such as MD5 and SHA-1 generally execute faster in software than symmetric block ciphers such as DES. The aforementioned point contains factors which were the main motives for the interest in
Thank You!

More Related Content

PPTX
Hash Function
Siddharth Srivastava
 
PPT
Message Authentication Code & HMAC
Krishna Gehlot
 
PPT
Message authentication
CAS
 
PPT
PGP S/MIME
Sou Jana
 
PDF
Ch14
Francis Alamina
 
PPTX
Principles of public key cryptography and its Uses
Mohsin Ali
 
PPTX
unit 4.pptx of hash function in cryptography
NithyasriA2
 
PPT
PUBLIC KEY ENCRYPTION
raf_slide
 
Hash Function
Siddharth Srivastava
 
Message Authentication Code & HMAC
Krishna Gehlot
 
Message authentication
CAS
 
PGP S/MIME
Sou Jana
 
Ch14
Francis Alamina
 
Principles of public key cryptography and its Uses
Mohsin Ali
 
unit 4.pptx of hash function in cryptography
NithyasriA2
 
PUBLIC KEY ENCRYPTION
raf_slide
 

What's hot (20)

PPTX
Double DES & Triple DES
Hemant Sharma
 
PPTX
5. message authentication and hash function
Chirag Patel
 
PPT
Message authentication and hash function
omarShiekh1
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPT
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
PPTX
Data Encryption Standard (DES)
Haris Ahmed
 
PPT
Polyalphabetic Substitution Cipher
SHUBHA CHATURVEDI
 
PPTX
Cryptography
Sagar Janagonda
 
PPT
Message Authentication
chauhankapil
 
PPT
Network security cryptographic hash function
Mijanur Rahman Milon
 
PPTX
Encryption algorithms
trilokchandra prakash
 
PDF
RSA ALGORITHM
Dr. Shashank Shetty
 
PPTX
RSA Algorithm
Srinadh Muvva
 
PPTX
Elgamal & schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
PPTX
ElGamal Encryption Algoritham.pptx
Indian Institute of information technology Una
 
PPTX
Key Management and Distribution
Syed Bahadur Shah
 
PPT
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
PPT
Digital signature schemes
ravik09783
 
PPT
Authentication Protocols
Trinity Dwarka
 
PPTX
Cryptography.ppt
Uday Meena
 
Double DES & Triple DES
Hemant Sharma
 
5. message authentication and hash function
Chirag Patel
 
Message authentication and hash function
omarShiekh1
 
Public Key Cryptography
Gopal Sakarkar
 
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Data Encryption Standard (DES)
Haris Ahmed
 
Polyalphabetic Substitution Cipher
SHUBHA CHATURVEDI
 
Cryptography
Sagar Janagonda
 
Message Authentication
chauhankapil
 
Network security cryptographic hash function
Mijanur Rahman Milon
 
Encryption algorithms
trilokchandra prakash
 
RSA ALGORITHM
Dr. Shashank Shetty
 
RSA Algorithm
Srinadh Muvva
 
Elgamal & schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
ElGamal Encryption Algoritham.pptx
Indian Institute of information technology Una
 
Key Management and Distribution
Syed Bahadur Shah
 
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
Digital signature schemes
ravik09783
 
Authentication Protocols
Trinity Dwarka
 
Cryptography.ppt
Uday Meena
 
Ad

Similar to MAC-Message Authentication Codes (20)

PPT
Information and data security cryptography and network security
Mazin Alwaaly
 
PPTX
Information and network security 41 message authentication code
Vaibhav Khanna
 
PPTX
unit - III.pptx
sandyBS
 
PPT
Message Authentication Requirement-MAC
Sou Jana
 
PDF
Message Authentication and Hash Function.pdf
sunil sharma
 
PPTX
Meessage authentication and hash functions.pptx
JohnLagman3
 
PPTX
Information and network security 42 security of message authentication code
Vaibhav Khanna
 
PPTX
unit4- predicate logic in artificial intelligence
thirugnanasambandham4
 
PPT
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
jeevasreemurali
 
PDF
Is unit 5_message authentication and hash functions
Sarthak Patel
 
PPT
cryptography and network security by william stallings
HimaniP19CSE013
 
PPTX
Meessage authentication and hash functions.pptx
JohnLagman3
 
PPT
ch11.ppt
ssuser4198c4
 
PDF
BAIT1103 Chapter 2
limsh
 
PPT
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
PDF
Computer network system presentation pdf
prajjavalsingh2629
 
PPT
Ch11
Joe Christensen
 
PPTX
Cryptography 3 Cryptography 3 Cryptography 3
AhmedSaeed115917
 
PPT
ch11.ppt
SomuPatil8
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
Information and data security cryptography and network security
Mazin Alwaaly
 
Information and network security 41 message authentication code
Vaibhav Khanna
 
unit - III.pptx
sandyBS
 
Message Authentication Requirement-MAC
Sou Jana
 
Message Authentication and Hash Function.pdf
sunil sharma
 
Meessage authentication and hash functions.pptx
JohnLagman3
 
Information and network security 42 security of message authentication code
Vaibhav Khanna
 
unit4- predicate logic in artificial intelligence
thirugnanasambandham4
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
jeevasreemurali
 
Is unit 5_message authentication and hash functions
Sarthak Patel
 
cryptography and network security by william stallings
HimaniP19CSE013
 
Meessage authentication and hash functions.pptx
JohnLagman3
 
ch11.ppt
ssuser4198c4
 
BAIT1103 Chapter 2
limsh
 
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
Computer network system presentation pdf
prajjavalsingh2629
 
Ch11
Joe Christensen
 
Cryptography 3 Cryptography 3 Cryptography 3
AhmedSaeed115917
 
ch11.ppt
SomuPatil8
 
Cs8792 cns - unit iv
ArthyR3
 
Ad

Recently uploaded (20)

PDF
Queuing formulas to evaluate throughputs and servers
gptshubham
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
Monitoring Global Terrestrial Surface Water Height using Remote Sensing - ARS...
VICTOR MAESTRE RAMIREZ
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PDF
Geotechnical Engineering, Soil mechanics- Soil Testing.pdf
cyriljosephmahumoc
 
PPTX
Unit 5 BSP.pptxytrrftyyydfyujfttyczcgvcd
ghousebhasha2007
 
PPTX
“Next-Gen AI: Trends Reshaping Our World”
dikshendrasarpate2
 
PPTX
Fluid Mechanics, Module 3: Basics of Fluid Mechanics
Dr. Rahul Kumar
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PDF
algorithms-16-00088-v2hghjjnjnhhhnnjhj.pdf
Ajaykumar966781
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
Internship_Presentation_Final engineering.pptx
AbdullahTahir790840
 
PDF
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
PDF
Unit 5 Alignment of Tunnel in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
PPTX
The-Looming-Shadow-How-AI-Poses-Dangers-to-Humanity.pptx
shravanidabhane8
 
PDF
ETO & MEO Certificate of Competency Questions and Answers
Mahmoud Moghtaderi
 
PPT
Drone Technology Electronics components_1
EswaramoorthyKV
 
PDF
Unit 4 Tunnel Engineering in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
Queuing formulas to evaluate throughputs and servers
gptshubham
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Project quality management in manufacturing
BarMusaTetik
 
Monitoring Global Terrestrial Surface Water Height using Remote Sensing - ARS...
VICTOR MAESTRE RAMIREZ
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Geotechnical Engineering, Soil mechanics- Soil Testing.pdf
cyriljosephmahumoc
 
Unit 5 BSP.pptxytrrftyyydfyujfttyczcgvcd
ghousebhasha2007
 
“Next-Gen AI: Trends Reshaping Our World”
dikshendrasarpate2
 
Fluid Mechanics, Module 3: Basics of Fluid Mechanics
Dr. Rahul Kumar
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
algorithms-16-00088-v2hghjjnjnhhhnnjhj.pdf
Ajaykumar966781
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Internship_Presentation_Final engineering.pptx
AbdullahTahir790840
 
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
Unit 5 Alignment of Tunnel in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
The-Looming-Shadow-How-AI-Poses-Dangers-to-Humanity.pptx
shravanidabhane8
 
ETO & MEO Certificate of Competency Questions and Answers
Mahmoud Moghtaderi
 
Drone Technology Electronics components_1
EswaramoorthyKV
 
Unit 4 Tunnel Engineering in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 

MAC-Message Authentication Codes

  • 1. Message Authentication Codes Members: ➔ Mohit Bhat ➔ Piyush Pandita ➔ Darshan Patil ➔ Ragini Patil ➔ Priyansh Acharya
  • 2. ROAD MAP 1. Message Authentication Requirements 2. Message Authentication Functions a. Message Encryption b. Message Authentication Code 3. Requirements for Message Authentication Codes 4. Security of MACs a. Brute-Force Attacks b. Cryptanalysis
  • 3. Message Authentication Requirements In the context of communications across a network, the following attacks can be identified. Description Measures Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key. Measures to deal with the first two attacks are in the realm of message confi- dentiality and are dealt with in Part One. Traffic analysis Discovery of the pattern of traffic between parties. In a connection- oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
  • 4. Message Authentication Requirements Description Measures Masquerad e Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or non-receipt by someone other than the message recipient. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Content modificatio n Changes to the contents of a message, including insertion, deletion, transposition, and modification.
  • 5. Message Authentication Requirements Description Measures Sequence modificatio n Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. Measures to deal with these items are generally regarded as message authentication. Generally, a digital signature technique will also counter some or all of the attacks here. Timing modificatio n Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
  • 6. Message Authentication Requirements Description Measures Source repudiation Denial of transmission of message by source. Mechanisms for dealing specifically with this comes under the heading of digital signatures. Destination repudiation Denial of receipt of message by destination. Dealing with this item may require a combination of the use of digital signatures and a protocol designed to counter this attack.
  • 7. Message Authentication Requirements Message authentication is a procedure to verify that received messages come from the alleged source and have not been altered. Message authentication may also verify sequencing and timeliness. A digital signature is an authentication technique that also includes measures to counter repudiation by the source.
  • 8. MESSAGE AUTHENTICATION FUNCTIONS: ▪ Any message authentication or digital signature mechanism has two levels of functionality. ▫ At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. ▫ This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
  • 9. MESSAGE AUTHENTICATION FUNCTIONS: The types of functions that may be used to produce an authenticator may be grouped into three classes. ▪ Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator ▪ Message encryption: The ciphertext of the entire message serves as its authenticator ▪ Message authentication code (MAC): A function of the message and a secretkey that produces a fixed- length value that serves as the authenticator
  • 15. Public key Encryption ● Public key encryption provides confidentiality but not authentication ● The source (A) uses the public key of the destination (B) to encrypt M. ● Because only B has the corresponding private key , only B can decrypt the message.
  • 16. Message authentication code(MAC) ● A message authentication code (MAC), also known as a cryptographic checksum, is an authentication technique involves the use of a secret key to generate a small fixed-size block of data. ● When A has a message to send to B, it calculates the MAC as a function of the message and the key: Where: M= input message C = MAC function K= shared secret key MAC= C(M,K)
  • 17. ● The tag is appended to the message at the source. ● The message and the MAC are transmitted to the recipient. ● The receiver recomputes the MAC from the secret key and the message data received. ● The receiver MAC is compared to the calculated MAC for message authentication ● MAC function is similar to encryption and is Many to one in nature.
  • 18. ★ If we assume that only the receiver and the sender know the identity of the secret key, and if the received MAC matches the calculated MAC, then: ○ The receiver is assured that the message has not been altered. If an attacker alters the message but does not alter the MAC, then the receiver’s calculation of the MAC will differ from the received MAC. Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations in the message. ○ The receiver is assured that the message is from the alleged sender. Because no one else knows the secret key, no one else could prepare a message with a proper MAC. ○ If the message includes a sequence number (such as is used with HDLC, X.25, and TCP), then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number
  • 22. Mac Requirements MAC Function ● If an opponent observes M and MAC(K, M) , it should be computationally infeasible for the opponent to construct a message M' such that MAC(K, M') = MAC(K, M) ● MAC(K, M) should be uniformly distributed in the sense that for randomly chosen messages M' and M, the probability that MAC(K, M) = MAC(K, M') is 2-n ,where n is the number of bits in the tag.
  • 23. MAC REQUIREMENTS ● On average, α rounds will be needed if . For example, if an 80-bit key is used and the tab is 32 bits, then the first round will produce about possible keys. The second round will narrow the possible keys to about possibilities. ● The third round should produce only a single key, which must be the one used by the sender.
  • 24. Points to Note for MAC: ● An opponent is able to construct a new message to match a given tag, even though the opponent does not know and does not learn the key. ● The need to thwart a brute-force attack based on chosen plaintext. ● The authentication algorithm should not be weaker with respect to certain parts or bits of the message than others.
  • 25. SECURITY OF MAC: ▪ Brute-Force Attacks ▪ Cryptanalysis
  • 26. Brute-Force Attacks ▪ A brute-force attack on a MAC is a more difficult undertaking than a brute-force attack on a hash function because it requires known message-tag pairs ▪ To attack a hash code, we can proceed in the following way. Given a fixed message x with n-bit hash code h = H(x), a brute-force method of finding a collision is to pick a random bit string y and check if H(y) = H(x) ▪ The attacker can do this repeatedly off line ▪ Whether an off-line attack can be used on a MAC algorithm depends on the relative size of the key and the tag
  • 27. To proceed, we need to state the desired security property of a MAC algorithm, which can be expressed as follows. • Computation resistance: Given one or more text-MAC pairs ,[ xi, MAC(K,xi)] it is computationally infeasible to compute any text-MAC pair [x, MAC(K, x)] for any new input x ≠ xi There are two lines of attack possible: 1. Attack the key space 2. Attack the MAC value
  • 28. Attack the key space: ▪ If an attacker can determine the MAC key, then it is possible to generate a valid MAC value for any input x ▪ Suppose the key size is k bits and that the attacker has one known text–tag pair ▪ Then the attacker can compute the n-bit tag on the known text for all possible keys ▪ At least one key is guaranteed to produce the correct tag, namely, the valid key that was initially used to produce the known text–tag pair ▪ This phase of the attack takes a level of effort proportional to 2k (that is, one operation for each of the 2k possible key values) ▪ However, as was described earlier, because the MAC is a many-to-one mapping, there may be other keys that produce the correct value ▪ Thus, if more than one key is found to produce the correct value, additional text–tag pairs must be tested
  • 29. Attack the MAC value: ▪ An attacker can also work on the tag without attempting to recover the key ▪ Here, the objective is to generate a valid tag for a given message or to find a message that matches a given tag ▪ In either case, the level of effort is comparable to that for attacking the one-way or weak collision-resistant property of a hash code, or 2k ▪ In the case of the MAC, the attack cannot be conducted off-line without further input ▪ The attacker will require chosen text–tag pairs or knowledge of the key
  • 30. SUMMARY OF BRUTE FORCE ATTACK ▪ To summarize, the level of effort for brute-force attack on a MAC algorithm can be expressed as min (2k, 2n) ▪ The assessment of strength is similar to that for symmetric encryption algorithms ▪ It would appear reasonable to require that the key length and tag length satisfy a relationship such as min(k,n) > N , where N is perhaps in the range of 128 bits
  • 31. CRYPTANALYSIS ▪ As with encryption algorithms and hash functions, cryptanalytic attacks on MAC algorithms seek to exploit some property of the algorithm to perform some attack other than an exhaustive search. ▪ The way to measure the resistance of a MAC algorithm to cryptanalysis is to compare its strength to the effort required for a brute-force attack. ▪ That is, an ideal MAC algorithm will require a cryptanalytic effort greater than or equal to the brute-force effort. ▪ There is much more variety in the structure of MACs than in hash functions, so it is difficult to generalize about the cryptanalysis of MACs. ▪ Furthermore, far less work has been done on developing such attacks.
  • 32. HMAC Keyed-Hashing for Message Authentication, a variation on the MAC algorithm, has emerged as an Internet standard for a variety of applications. It makes use of existing Message digest algorithms such as SHA-512 ,MD5 etc
  • 33. Objectives Of HMAC ▪ To use Hash Functions that are available, without modification ▪ To allow replaceability of embedded Hash functions ▪ To use and handle keys in simple ways ▪ Preserving Original Performance of hash functions ▪ To have a well understood analysis of authentication mechanism strength.
  • 34. Elements of the HMAC Algorithm ▪ H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160) ▪ IV = initial value input to hash function ▪ M = message input to HMAC ▪ Yi = ith block of M, 0 i (L - 1) ▪ L = number of blocks in M ▪ b = number of bits in a block ▪ n = length of hash code produced by embedded hash function ▪ K= secret key recommended length is n; (k>=b) ▪ K+ = K padded with zeros on the left so that the result is b bits in length ▪ ipad = 00110110 (36 in hexadecimal) repeated b/8 times ▪ opad = 01011100 (5C in hexadecimal) repeated b/8 times
  • 36. Steps Involved In the HMAC algorithm 1) Make the Size of K greater than OR equal to ‘b’ to obtain K+ 2) XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si. 3) Append M to Si. 4) Apply H to the stream generated in step 3.. 5) XOR K+ with opad to produce the b-bit block So 6) Append the hash result from step 4 to So 7) Apply H to the stream generated in step 6 and output the result.
  • 37. HMAC: Conclusion The HMAC algorithm is a Hashed - Message Authentication Code generator, wherein the end product in turn is a MAC (message authentication Code). It uses available message Digest algorithms like SHA-512 Motivation HMAC makes use of Library Hash codes which are easily available. Cryptographic hash functions such as MD5 and SHA-1 generally execute faster in software than symmetric block ciphers such as DES. The aforementioned point contains factors which were the main motives for the interest in