Cryptography Reference
In-Depth Information
7.2 Message Authentication Codes
Success is to be measured not so much by the position that one has reached
in life as by the obstacles that one has overcome while trying to succeed.
Booker T. Washington
(1856-1915), Educator
In Section 7.1 we looked at the types of authentication functions of which
the MAC is the second that we study. A MAC consists of a secret key,
a
(for
authentication), shared by two communicating entities, such as Alice and Bob,
and a MAC function
h
, so that given any message
m
, a MAC is formed via
h
a
(
m
). Then the MAC together with
m
is sent, by say, Alice to Bob, who
computes the MAC on
m
, via
h
and
a
, and compares it to what Alice sent. If
they match, Bob can assume the message is authentic.
We have already studied hash functions in Section 7.1 and although hash
functions are typically considered to be
non
-keyed, there are types that a
are
keyed. In particular, MACs, whose particular purpose is message authentica-
tion, are often called
keyed hash functions
. Thus, the message digest (see page
170) from a MAC is a keyed message digest (message together with key sent),
whereas a
nonkeyed
message digest (message alone sent), is called a
Modifica-
tion Detection Code
(MDC), sometimes called a
Message Integrity Code
(MIC).
These are the two types of message digests possible. Recall, however, that a
message digest is a
digital fingerprint
, so saying that a MAC is a
keyed
hash
function does not mean that the message digest is signed (private key enci-
phered, in the sense of a digital signature; see page 180), rather it means that
the message digest is formed with a secret key.
Diagram 7.3 Generic MAC
h
a
(
m
)
↑
Bob
Compares
↓
h
a
(
m
)
m
Bob
h
a
(
m
)
m
Alice
h
m
−−−−−→
h
a
(
m
)
a
−−−−→
In the above scenario, there is no confidentiality since
m
is sent in the clear.
Eve can intercept the message
m
and modify it to
m
, say. However, given that
Eve does not know the secret key
a
, she cannot compute
h
a
(
m
), so Bob receives
m
and
h
a
(
m
). When he computes
h
a
(
m
) it will not equal
h
a
(
m
), so he discards
the message
m
as invalid. Yet, to ensure confidentiality of
m
, one technique is
to encipher (
m, h
a
(
m
)) with an SKC using a shared secret enciphering key
k
to
get
E
k
(
m, h
a
(
m
)).
Search WWH ::
Custom Search