Message Authentication Code - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Message Authentication Code

Description:

Not every message is authenticated but only selectively for the sake of speed ... Hi = EK(Pi Hi-1) MAC = Hk. IV is commonly taken as 0 ... – PowerPoint PPT presentation

Number of Views:449
Avg rating:3.0/5.0
Slides: 13
Provided by: lakshmisr
Category:

less

Transcript and Presenter's Notes

Title: Message Authentication Code


1
Message Authentication Code
2
MAC
  • Definition
  • MAC Security
  • CBC-MAC
  • Hash-MAC
  • Using MAC

3
Definition
  • MAC is a code that prevents message tampering
  • MAC function has two arguments
  • Fixed size key K
  • Arbitrary size message m
  • Denoted as MAC(K,m)
  • Random mapping from any domain to a fixed domain
    of n-bits
  • MAC is similar to the hash function

4
MAC Security
  • MAC security depends on the number of bits of key
    K that the attacker does not know
  • Security level k means that the attacker does not
    know k bits of the key K
  • k 0 means the attacker knows the key K
  • MAC security level can be lower than the output
    size of MAC
  • A security level of k means the attacker has to
    perform 2k steps to find the key

5
MAC Security
  • MAC is also known as cryptographic checksum
  • MAC function is similar to encryption
  • MAC function need not be reversible as a
    decryption function would require
  • E.g., block size for message 100 bits
  • MAC size 10 bits
  • Number of messages 2100
  • Number of MACs 210
  • Each MAC value thus collides 2100/210 290
    times

6
MAC Security
  • MAC function scenarios
  • Message is sent in clear with MAC attached, e.g.,
    SNMP
  • Message and MAC are combined first and then
    encrypted and sent
  • Not every message is authenticated but only
    selectively for the sake of speed
  • Separation of authentication and confidentiality
    (Application level authentication and transport
    level confidentiality)
  • Hash functions usually do not use a key

7
CBC-MAC
  • This method converts a block cipher into a MAC
  • H0 IV
  • Hi EK(Pi ? Hi-1)
  • MAC Hk
  • IV is commonly taken as 0
  • Authentication and encryption keys should be
    different for security reasons

8
CBC-MAC
  • Potential vulnerability
  • If MAC(a) MAC(b) then MAC(ac) MAC(bc)
  • Attacker watches messages to look for a collision
    of MAC (which will certainly occur)
  • Attacker knows messages a and b that collided
    for the MAC value
  • Using the above concatenation property, attacker
    feeds ac and gets it authenticated
  • Then attacker can feed bc for any message b
    since it will be authenticated too automatically

9
CBC-MAC
  • CBC-MAC provides 64-bit security for 128-bit
    block size
  • CBC-MAC uses the same type of encryption as the
    block cipher encryption modes

10
HMAC
  • Hash-MAC or HMAC uses a hash function to build
    the MAC value
  • Hash functions provide n/2 bits of security for
    n-bit hash function
  • MAC function is expected to produce n-bit
    security for n-bit MAC
  • MAC(K,m) could be defined as h(Km) or h(mK)
    or h(KmK)
  • HMAC is used widely with MD-5 and SHA-1

11
HMAC
  • Encrypted data is decrypted and stored usually
  • If stored data is also encrypted, then an attack
    could be online or offline
  • HMAC works with both online and offline attacks
  • HMAC has been tested for attack by many people
  • HMAC is better for use than SHA-256

12
UMAC
  • UMAC uses a universal hashing function
  • UMAC has not been tested extensively as HMAC
  • UMAC provides a way to speed up MAC calculation
    depending the security level needed
  • UMAC is optimized for specific platforms such as
    Linux
Write a Comment
User Comments (0)
About PowerShow.com