Cryptography Reference
In-Depth Information
Although the SHA-2 family of hash functions appear to be much stronger
than previous hash functions and are significantly different from SHA-1, they are
designed in a broadly similar way to SHA-1. As a result, new hash functions
designs are being considered by the cryptographic community. This process
was formally initiated by NIST who are leading an 'AES style' competition (see
Section 4.5) for hash functions that can be relied on in the longer term. This
SHA-3 process is expected to conclude in 2012.
In Section 6.2.2 we observed that hash functions can only provide a strong degree
of data integrity if they are combined with other security mechanisms that protect
the hash value from being manipulated. One such method is to introduce a key
into the process of generating a 'hash'. Of course this means that we are no longer
dealing with a 'hash function'.
In this sectionwe discuss
message authentication codes
, more commonly simply
referred to as MACs. These are symmetric cryptographic primitives designed
to provide data origin authentication which, as we mentioned in Section 1.3.2,
is a stronger notion than data integrity. This is one of the most commonly
encounteredmechanisms for providing data origin authentication (data integrity)
and the most common symmetric technique. The other commonmechanisms are
digital signature schemes, which are public-key primitives that we will discuss in
Chapter 7.
6.3.1
Does symmetric encryption provide data origin authentication?
Consider the following active attacks on a message:
1. unauthorised changing of part of a message;
2. unauthorised deletion of part of a message;
3. unauthorised sending of a false message;
4. trying to persuade the receiver that the message came from someone other
than it did.
Inmost secure environments these are attacks that we would clearly like to prevent
(or more realistically to
detect
in the event that they have occurred). It is often
believed that if Alice and Bob share a symmetric key
K
and Alice encrypts a
message and sends it to Bob then these attacks are prevented. After all, from Bob's
perspective,
Alice is the only other person who knows the key K
, so surely nobody
else could have tampered with the message in any way since it is encrypted. But is
this argument valid?
