Message Authentication Codes ‘Syllabus Message Authentication Codes, its requirements and security: MACS based om Hash Functions Macs based on Block Ciphers. Contents 6.1 Message Authentication Codes (MAC) 6.2 MAC Based on Hash Functions 6.3 Macs Basad on Block Ciphers: 6.4 Short Questions and Answers 6.5 Mutiple Choice Questions 6-9Coptography and Network Securty 6 Message Authentication Codes [EI Message Authentication Codes (MAC) EEIEAIENTy ‘© Message authentication is a mechanism or service used to verify the integrity of a message. Message integrity guarantees that the message has not been changed, Message authentication guarantees that the sender of the message is authentic. ‘© A MAC algorithm, sometimes called a keyed hash function accepts as input a sceret key and an arbitrary-length message to be authenticated, and outputs a MAC. The MAC valve protects both a message's data integrity as well as its authenticity, by allowing verifiers to detect any changes to the message content. Properties of Message Authentication Codes L Cryptographic checksum : A MAC generates a cryptographically secure suthentication tag for a given message. 2. Symmetric : MACs are based on secret symmetric keys. The signing, and verifying parties must share a secret ey. 3. Arbitrary message size : MACs accept messages of arbitrary length. 4. Fixed output length : MACs generate fixed-size authentication tags 5. Message integrity : MACS provide message integrity: Any manipulations of a message during transit will be detected by the receiver 6. Message authentication : The receiving party is assured of the origin of the message 7. No non-repudiation : Since MACs are based! on symmetric principles, they do not provide non-repudiation. © MACs provide two security services, message integrity and message authentication, using symmetric ciphers. MACs are widely used in protocols. Both fof these services are also provided by digital signatures, but MACS are much faster. # MACs do not provide non-repudiation + In practice, MACS are either based on block ciphers or on hash functions HMAC is a popular MAC used in many practical protocols such as Transport Layee Security (TLS) indicated by a small lock in the browser. ‘Applications of MAC + Following are the situations in which MAC used. 1. Application in which the same message is broadcast to a number of destinations, 2 Authentication of a computer program in plaintext isan attractive service.Cryptography and Network Secunty 6 Message Authentication Codes 3. Another scenario is an exchange in which one side has a heavy load and cannot afford the time to decrypt all incoming, messages. ‘+ Message Authentication Codes (MAC) also known as a cryptographic check. The MAC is generated by a function C. MAC = C(K, M) where M_-= Variable length message K = Secret key shared only by sender and receiver. C(K, M) = Fixed length authenticator + Security of the MAC generally depends on the bit egth of the key. Weakness of the algorithm sth brute force atch. «For a ciphertet only attack, the opponent, given ciphertext C, would perform F, = DOK, C) fo all possible Key values K; ula, Was produced that matched the form of acceptable plaintext. Suppose the key size is greater than the MAC siz Round 1 Given My, MAC, = CXK; Mi) Compute MAC, = CXky My) for al ® heys Number of matches = 2-® + Round 2 Given : My MAC) = C(K, Ma) Compute MAC, = C(K;, Mj) for all 2*=") keys resulting from Round 1 Number of matches = 2*=?*) ‘© On average, « rounds will be needed if K = axn For example : If the key size is 80-bit and MAC is 32 bits long, then the first round will produce about 2 possible keys. Key length is less than or equal to MAC length ‘First round will produce a single match. ‘© It is possible that more than one key will produce such a match, in which case the ‘opponent would need to perform the same test on a new (message, MAC) pair. Consider the following MAC algorithm. © Let M = (X |] Xp ff sss |] Ny) be a message that is treated as a concatenation of ‘64-bit blocks X,. Then define AM) = X,OXzOX30....OXq, CCK, M) = E(K, AM) TECHNCAL PUBLICATIONS «An wp Ywuat or howledMessage Authentication Codes Cryptography and Network Secunty 6 Where @ is the exclusive-OR (XOR) and the encryption algorithm is DES in electronic codebook mode. © Key length = 56 bits MAC length = 64 bits fan opponent observes (M || C(K, M)}, a brute force attempt to determine. K will require at least 2° encryptions. ‘© Assume that an opponent knows the MAC function C but does not know K. Then the MAC function should satisfy the following requirements 1. If an opponent observes M and C(K, M), it should be computationally infeasible for the opponent to construct 0: message M’ such that CK, M?) = C(K, M). 2.C(K, M) should be uniformly distributed in the sense that for randomly chosen ‘messages, M and M’, the probability that C(K, M) = C(K, Mis 2, where n is the number of bits in the MAC. 3. Let M’ be equal to some known transformation on M. That is, M’ = f(M). ‘Message authentication code based on DES ‘The data authentication algorithm based an DES, has been one of the most widely ‘used MAC for a number of years, The algorithm can be defined as using the cipher block chaining mode of operation of DES with an initialization vector of ‘© Fig. 6.11 shows the data authentication algorithm, Tmost Times? Tmo =n men A k wat Fig. 61.4 Data authentication algorithm ‘© The algorithm can be defined as using the cipher block chaining mode of ‘operation of DES. The data to be authenticated are grouped into contiguous GLbIt blocks : Dy, Dy, Dy, esnnenns Dy TECHNICAL PUBLICATIONS «An up Uust for howledCoptography and Network Securty 65 Message Authentication Cade Using the DES encryption algorithm (E) and a secret key (K), a data authentication code (DAC) is calculated as follows ©, = EK, D) 0, = E(k, [D; @ O,) 0, = E(K, [D, @ O,) Oy = E(K, [Dy ® Oy) The DAC consists of either the entire block Oy, or the leftmost M bits of the block, with 16 5 Ms 64. TERRI Autnentication Requirements tack canbe identified as follows iL. Diedooum/t Relous of taeage cooks bo any pamom or proce not ponmesing the appropriate cryptographic key 2, Trafic analysis: Dicovery of the pater of trafic between partes. 3. Masquerade : Insertion of messages into the network from a fraudulent 4. Sequence modification : Any modification to a sequence of messages between parties, including insertion, deletion and reordering, 5. Content modification : Changes to the contents of a message, including. insertion, deletion, transposition and modification. 6. Timing modification : Delay or replay of messages 7. Source repudiation : Denial of transmission of message by source. 8. Destination repudiation : Denial of receipt of message by destination ‘© Message authentication is a procedure to verify that received messages come form the alleged source and have not been altered. ‘© Digital signature is an authentication technique that also incluxies measures to counter repudiation by the source. 1. Write a mate on: Message Authentication Cas [CTU Summert7, Marks 7 | 2 Describe MAC with t's security implications I TECHINCAL PUBLICATIONS" «nop Uma or kromiecgeCoptography and Network Securty 6 [G2] mac Based on Hash Functions [GTU : Summer-19 } © The IPsec authentication scheme uses a scheme called Hashed Message Authentication Codes (HMAC), which is an encrypted message digest described in RFC 1024 © HMAC uses a shared secret key between two parties rather than public key ‘methods for message authentication. Objectives for HMAC 1. To use, without modifications, available hash function. 2. To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required. 3, To use and handle keys in a simple way. 4. To preserve the original performance of the hash function without incurring a Significant degradation, 5.To have a well understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions about the embedded ‘hash function. HMAC algorithm Fig. 6211 shows HMAC structure ‘© Define the following terms : H. = Embedded hash funetion Initial value input to hash function = Message input to HMAC i block of M,0» |e « |e . Ce « [os goaCryptography and Network Secunty 6-14 Message Authentication Codes TECHNICAL PUBLICATIONS® - An wp thust for know