Chap 11.

Message Authentication and

Hash Functions
 Authentication Requirements

Authentication Requirements

• Kind of attacks in the context of communications

across a network
1. Disclosure Confidentiality
2. Traffic analysis
3. Masquerade
4. Content modification Message
Digital
5. Sequence modification Authentication
Signature
6. Timing modification
7. Source repudiation
8. Destination repudiation Specialized Digital Signature
 Authentication Requirements

Authentication Requirements

• Message authentication
• A procedure to verify that received messages come from the alleged
source and have not been altered
• Message authentication may also verify sequencing and timeliness

• Digital signature
• An authentication technique that also includes measures to counter
repudiation by the source

• The objective of digital signatures is to authenticate and verify documents

and data. This is necessary to avoid tampering and digital modification or
forgery during the transmission of official documents.
 Authentication Functions

Authentication Functions
• Message authentication or digital signature mechanism can be viewed as having
two levels
• At lower level: there must be some sort of functions producing an authenticator – a value
to be used to authenticate a message
• This lower level functions is used as primitive in a higher level authentication protocol

• Three classes of functions that may be used to produce an authenticator

1. Message encryption
• Ciphertext itself serves as authenticator
2. Message authentication code (MAC)
 In cryptography, a message authentication code (MAC), sometimes known as a tag, is a
short piece of information used for authenticating a message. In other words, to
confirm that the message came from the stated sender (its authenticity) and has not
been changed.
 A function of the message and a secret key that produces a fixed-length value that
serves as the authenticator
3. Hash function
• A function that maps a message of any length into a fixed-length hash value that serves as the
authenticator
 Authentication Functions

Message Encryption
• Symmetric encryption can serve as authenticator

• Symmetric encryption provides authentication as well as confidentiality

• Requires recognizable plaintext or other structure to distinguish between
well-formed legitimate plaintext and meaningless random bits
• e.g., ASCII text, an appended checksum(a basic checksum may simply
be the number of bytes in a file), or use of layered protocols

• Public-key encryption also can serve as authenticator

• Remember: unlike symmetric encryption, which uses the same

secret key to encrypt and decrypt sensitive information, asymmetric
encryption, also known as public-key cryptography or public-key
encryption, uses mathematically linked public- and private-key pairs
to encrypt and decrypt senders’ and recipients’ sensitive data.
 Authentication Functions

Basic Uses of Message Encryption

 Authentication Functions

Basic Uses of Message Encryption

 SYMMETRIC ENCRYPTION
• A message M transmitted from sourc
to destination B is encrypted using a secret key K shared by A and B.

If no other party knows the key, then confidentiality is provided:

No other party can recover the plaintext of the message.

• In addition, B is assured that the message was generated by A. Why? The message must have
come from A, because A is the only other party that possesses K and therefore the only other party with the
information necessary to construct ciphertext that can be decrypted with K.

• both sender and receiver use private key to encrypt/decrypt ensures both authentication and
confidentiality.

So we may say that symmetric encryption provides authentication as well as confidentiality.

 Authentication Functions

Basic Uses of Message Encryption

Basic Uses of Message Encryption
Basic Uses of Message Encryption
• Symmetric Encryption
• A message M transmitted from source A to destination B is encrypted using a secret key
K shared by both
• If no other party knows the key, then confidentiality is provided
• B is assured that the message was generated by A because A is the only other party that
possesses K. Hence, authentication is provided.
• Hence, symmetric encryption provides authentication as well as confidentiality
• It may be difficult to determine automatically if incoming ciphertext decrypts to
intelligible plaintext or not
• an opponent could achieve a certain level of disruption

• Solution to this problem

• force the plaintext to have some structure for example, append an error-detecting
code, also known as a frame check sequence (FCS) or checksum, to each message before
encryption
• the order in which the FCS and encryption functions are performed is critical
 Authentication Functions

Ways of Providing Structure - 1

• Append an error-detecting code (frame check sequence (FCS) or checksum) to each message before
encryption
• Data frames often get corrupted while transmission through a communication medium. FCS bits are added
to the frame prior to its transmission across the network. FCS code is again calculated at the destination site
and compared with FCS bits of the frame, if FCS matches then the transmission is considered successful
else frames are discarded. Hence, it is used for error detection.
 Authentication Functions

Internal error control

• We could, for example, append an error-detecting code, also known as a frame check sequence
(FCS) or checksum, to each message before encryption, as illustrated in Figure (a). A prepares a
plaintext message M and then provides this as input to a function F that produces an FCS. The
FCS is appended to M and the entire block is then encrypted.
• At the destination, B decrypts the incoming block and treats the results as a message
with an appended FCS. B applies the same function F to attempt to reproduce
the FCS. If the calculated FCS is equal to the incoming FCS, then the message is considered aut
hentic.
 Authentication Functions

Message Authentication Code

• Uses a shared secret key to generate a fixed-size block of data (known as a cryptographic
checksum or MAC) that is appended to the message
• This technique assumes that two communicating parties, say A and B, share a common
secret key K.
• Generated by an algorithm that creates a small fixed-sized block
• Provides assurance that message is unaltered and comes from sender
• Receiver performs same computation on message and checks it matches the MAC

• MAC = CK(M), where C is a MAC function

• Assurances:
• Message has not been altered
• Message is from the alleged sender
• Message sequence is unaltered (requires internal sequencing)

• Similar to encryption but MAC algorithm need not be reversible

 Authentication Functions

Message Authentication Code

• Theory of operation
• When A has a message to send to B, it calculates the MAC as a function of the message and the
key:
• MAC = C(K, M), where
• M = input message
• C = MAC function
• K = shared secret key
• MAC = message authentication code
• The message plus MAC are transmitted to the intended recipient.
• The recipient performs the same calculation on the received message, using the same secret
key, to generate a new MAC.
• The received MAC is compared to the calculated MAC
• if the received MAC matches the calculated MAC, then
• The receiver is assured that the message has not been altered
• The receiver is assured that the message is from the alleged sender
 Authentication Functions

Basic Uses of MAC

 Authentication Functions

Basic Uses of MAC

 Authentication Functions

Basic Uses of MAC

 Authentication Functions

Basic Uses of MAC

• The process depicted in Figure (a) provides authentication but not confidentiality, because the
message as a whole is transmitted in the clear.

• Confidentiality canbe provided by performing message encryption either after (Figure b) or b

efore (Figure c) the MAC algorithm.

• In both these cases, two separate keys are needed, each of which is shared by the sender and the receiver.

• In the first case (Figure b), the MAC is calculated with the message as input and is then concatenated to
the message. The entire block is then encrypted.

• In the second case (Figure c), the message is encrypted

first. Then the MAC is calculated using the resulting ciphertext and is concatenated to the
ciphertext to form the transmitted block.
• Typically, it is preferable to tie the authentication directly to the plaintext, so the method of Figure b
is used.
 Authentication Functions

Why Use MACs?

• Why not just use encryption?
• Cleartext stays clear
• MAC might be cheaper
• Sometimes only authentication is needed
• Broadcast
• Authentication of executable codes
• Sometimes need authentication to persist longer than the encryption (e.g., archival
use)
• Separation of authentication and confidentiality provides architectural flexibility

• MAC does not provide a digital signature

• Because both sender and receiver share the same key
 Authentication Functions

Hash Function
• One-way hash function
• Converts a variable size message M into fixed size hash code
H(M) (Sometimes called a message digest)
• Unlike the MAC, a hash code does not use a key but is a
function only of the input message
• Provides message integrity

• Can be used with encryption or a shared key for

authentication
• E(M || H(M)) : identical to the internal error control strategy
• M || E(H(M)) : a MAC
• M || signed H : typical digital signature
• E(M || signed H)
• M || H(M || K) : keyed hash (no encryption)
• E(M || H(M || K))