Why message Authentication?
-Protect the integrity of a message
-Validating identity of originator 验证发送方的身份
-Non-repudiation of orign 无否认 (dispute resolution)
Three alternative functions for authenticator:
-Hash function
-message encryption
-message authentication code(MAC)
Message Authentication requirements
Attacks: 1.Disclosure 2.Traffic analysis ---------Measures: message hiding
attacks: 1. masquerade伪装 2.content modification 3. sequence modification 4. Timing modification--------
Measures:1.message authentication 2. digital signature
attacks: source reputation-------measures: digital signature
attacks: destination reputdiation抵赖--------measures: digital signature+addtional protocol
Symmetric Encryption for message authentication:
- Encryption can provide authentication: Ciphertext seves as its authenticator
-Receiver knows: 1.sender must have created if since only sender and receiver know key 2. content have not been altered改变
Public Encryption for message authentication:
-Encryption provides no confidence of sender since anyone knows public-key
-If sender signs message using his private-key: have both secrey and authentication
Message Authentication Code(MAC)
-Generated by an algorithm that creates a small fixed-size block
-Appended 附上 to message as a signature
-Receiver performs same computation 计算 on message and checks it matches the MAC
MAC=C(K,M)
If the received MAC matches the calculated MAC
-Receiver is assured that the message has not been altered
-Receiver is assured that the message is from the alleged所谓的 sender
-Receiver can be assured of the proper sequence, if the message includes a sequence number
Why use a MAC rather than enceyption?
-sometimes only authentication is needed
-Sometimes need authentication to persist longer than the cryption
MAC is not a digital signature:
Both sender and receiver share the same key
MAC properties
-MAC is a cryptographic checksum: MAC=Ck(M)
-Many-to-one function
Requirements for MACs
-Taking into account the types of attacks
-Need the MAC to satisfy the following:
1.Knowing a message and MAC, it is infeasible to find another message with same MAC(Message replacement attack)
2. MACs should be uniformly 一致地 distributed(Brute-force attack)
3. MAC should depend equally on all bits of the message
Security of MACs
-Brute-force attacks:1. In hash function,strength solely depends on the length of hash code. 2. In MAC, MACs with known message-MAC pairs are required.
-Cryptanalytic 密码分析 attacks: 1.like block ciphers, want brute-force attacks to be the best alternative 2. Much more varity in the MAC structures, which makes it diffcult to generalize about the cryptanalysis of MACs
MAC Based on Hash Function
Why hash function?
-Because hash function are generally faster
-Crypto hash function code is widely available
HMAC Design Objectives目标
-Use available hash functions without modifications
-Allow for easy replaceability of embedded hash function
-Preserve original performance of hash function without significant degradation
-Use and handle keys in a simple way
-Have well understand cryptographic analysis of authentication mechanism strength
Use hash function on the message:
-K+ is the key padded with zeros on the left to size b-bit
-– opad, ipad are specified padding constants (00110110, 01011100 repeated b/8 times)
HMAC Security
-Proved security of HMAC relates to that of the underlying hash algorithm
- Attacking HMAC requires either: --Brute force attack on key used -- Birthday attack
-Choose hash function based on speed versus security constraints
MAC Based on Block Ciphers:
can use any block cipher chaining mode and use final block as a MAC
-Data authentication algorithm (DAA)
-Cipher-based message authentication code(CMAC)