Cryptography Reference
In-Depth Information
Chapter 7
Message Authentication
The true test of a first-rate mind is the ability to hold two contradictory ideas
at the same time.
F. Scott Fitzgerald
(1896-1940), American Novelist
7.1 Authentication Functions
Issues of authentication were discussed at various points previous to this
chapter, such as the presentation of Kerberos in Section 5.2 page 195; in Sec-
tion 5.7, page 220, in the presentation of SSL and issues surrounding it; in
Section 6.1, page 233, when we described authentication issues surrounding key
management; and in Section 6.3, page 243, when we delved into the details of
SET. We also looked at attacks on authenticity, such as the impersonation at-
tack presented on page 180, and methods for thwarting it. This impersonation
attack is essentially a man-in-the-middle attack, which we introduced in Foot-
note 3.7, page 134. This was in reference to authentication issues in the use of
the various modes of operation about which we learned in Section 3.3. Thus,
we are fairly well versed in authentication issues to date. Now we want to look
at authentication functions, such as MACs, which we briefly mentioned on page
136.
We are concerned in Chapter 7 with message authentication as opposed
merely to say, entity authentication, which we addressed on page 180 in the
discussion of digital signatures. A
message authentication scheme
is any algo-
rithm for ensuring that messages come from the legitimate source and have not
been altered. What is implicit in message authentication is the verification of
the message's content; nonrepudiation by sender; origin; receipt; timing; and
sequence (of messages) if there is more than one.
As with protocol layers studied in Section 5.7, there are layers to authenti-
cation schemes, albeit in the latter, only two basic ones. At the bottom layer,
there must exist a function, which produces an
authenticator
, or value a:xed
to a message as its means of being authenticated. (For instance, recall the Ker-
beros authenticator on page 197.) This bottom layer function is then used by
Search WWH ::
Custom Search