Cryptography Reference
In-Depth Information
6.3.2
MAC properties
In essence, a MAC is a cryptographic checksum that is sent along with a message
in order to provide an assurance of data origin authentication. The basic model
of a MAC is shown in Figure 6.6. In this model the sender and receiver share a
symmetric key
K
. The MAC takes as input the message and the key
K
. The sender
transmits the message accompanied by the MAC. Note that we will assume that
this message is sent in the clear, since we are only trying to provide data origin
authentication, not confidentiality. If confidentiality is also required then the
message will need to be encrypted. This raises some additional issues that we will
not consider until Section 6.3.6.
Upon receipt of the message and the MAC, the receiver inputs the received
message and the key into the MAC algorithm and recomputes the MAC. The
receiver then checks whether this freshly recomputedMACmatches theMAC sent
by the sender. If they do match then the receiver accepts the message and regards
data origin authentication as having been provided. We will discuss precisely why
this is appropriate in Section 6.3.3. Note that, just as in the basic model of a
cryptosystem discussed in Section 1.4.3, we will always assume that an attacker
knows the MAC algorithm but is unaware of the MAC key.
Note that if the MAC computed by the receiver does not match the MAC sent
by the sender, the receiver cannot determine whether it is the message that has
been altered or whether it is the origin that has been falsified. Nor do they know
whether the message has been altered accidentally or deliberately. The receiver
just knows that for some reason one of these events must have occurred.
Sender
Receiver
MAC key
message
MAC key
MAC
algorithm
message
MAC
algorithm
MAC
MAC
?
Interceptor
Figure 6.6.
Basic model of a MAC
