UNIT - 3

Introduction to Message Authentication

Message Authentication is responsible for ensuring and verifying the integrity of the message. It
ensures that the received data is exactly the same, as sent by the sender without any
modifications or updates. It also verifies that the identity of the sender is valid. Symmetric
Encryption provides authentication among parties that share the secret key.

The common attacks that occur in a network include Disclosure (Release of Message Contents to
parties that do not possess key), Traffic Analysis, Masquerade, Content Modification, Sequence
Modification, Timing Modification (Delay or Replay of Messages), Source Repudiation (Denial
of Transmission of Message by the Sender) and Destination Repudiation (Denial of Receipt of
Message by the Receiver). Disclosure and Traffic Analysis dealt with Confidentiality of
Messages; Masquerade, Content Modification, Sequence Modification and Timing Modification
dealt with Message Authentication; Source Repudiation dealt with Digital Signatures; while
Destination Repudiation dealt with a combination of Digital Signatures and a protocol to counter
it.

Message Authentication is a process of verifying that the received message is generated by an

alleged or authentic source and is not altered during transmission. Message Authentication also
verifies the sequences and timelines. A Digital Signature is an authentication technique that also
includes measures to counter Repudiation by the source.

Suppose, A and B are two parties under communication using Symmetric Key Cryptography.
Let, M be the Message to transmit and K be the Key used for encryption and decryption. As, K is
known only to A and B; Confidentiality is achieved, as no other party can extract the original
message without having a valid key K. Authentication is also achieved because as the same key
is used for encryption and decryption, B knows that only A is having the key K, so A will be the
sender. Symmetric Key Cryptosystem ensures Encryption / Confidentiality and Authentication
simultaneously.

In Public Key Cryptography, by default, Public Key is used for Encryption and Private Key is
used for Decryption. In this case, both the keys used belongs to the receiver B. Using this
approach, Confidentiality can be achieved but not Authentication because any one can encrypt
the message to transmit using the receiver’s public key as it is known to all. However,
Confidentiality and Encryption are achieved as the message will only be decrypted using
receiver’s private key, which is known to the intended receiver only.

Another scenario of Public Key Cryptography involves encryption of message using Private Key
and decryption using Public Key. In this case, both keys belonging to the sender A are used. In
this approach, Authentication and Signature is achieved, as sender uses his private key for
encryption and it is known only to him. However, Confidentiality is not possible as message is
decrypted using sender’s public key, which is known to all; therefore, anyone can extract the
original message, if it gains access to the encrypted message.
In Public Key Cryptosystem using Multiple Encryption, we can achieve Confidentiality,
Authentication and Signature at the same time. In this case, first the original message M is
encrypted using the private key of the sender A. Then this encrypted message is further
encrypted using the public key of the receiver B. At the receiving end, the received message is
first decrypted using the private key of the receiver, which is known only to the receiver. Now,
this decrypted message is further decrypted using the sender’s public key, which is known to all,
to get the original plain-text message M. In this way, Confidentiality and Authentication are
achieved simultaneously along with Signature using Multiple Encryption in Public Key
Cryptography.

Message Authentication Code

It is an authentication technique that involves the use of a secret key K to generate a small fixed-
sized block of data, termed Cryptographic Checksum or MAC. This MAC is then appended with
the message M while transmission. It assumes that two communicating parties A and B share a
common key K.

MMAC = MAC(M, K)

MMAC is the MAC or Cryptographic Checksum of message M, generated using shared secret key
K.

The message M and its MAC MMAC are transmitted to the intended recipient. The recipient
performs the same computations for generation of MAC using the same secret key to generate a
new MAC. The received MAC is compared with the new MAC. If both MAC’s are same, then
receiver is assured that the message is not altered; its integrity is intact, the message is from an
authentic sender; as shared key is known only to authentic parties and the message is received in
proper sequence; the order of packets is not changed.
MAC is similar to encryption; the only difference is that the MAC is irreversible. MAC doesn’t
provide Digital Signatures, as both parties use the same key. MAC is based on the principle of
Symmetric Key Cryptography.

Here, C represents a MAC function used for computing the MAC of the original message M
using key K. However, here, Confidentiality is not achieved because message is directly
transmitted after appending the computed MAC to it without using encryption. Hence, message
authentication is achieved, but not confidentiality.

Here, after appending the computed MAC with the original message, the combined message is
encrypted using a key K2. At the receiving end, first the message is decrypted using key K2.
Then, a new MAC is computed using key K1 and both the MAC’s are compared. This approach
ensures Confidentiality as well as Authentication. It is the most preferred authentication
approach, as authentication is tied to the plain-text.

Another approach is to tie the authentication with the cipher-text. Here, first the message is
encrypted using a key K2 and then its MAC is computed using key K1. This MAC is then
appended to the cipher-text. At the receiving end, the same MAC function with same key K1 is
used to compute a new MAC for the received cipher-text. If both the MAC’s of cipher-text
matches, the message is said to be authentic; from valid source and unaltered during transmission
and is accepted. Then, the key K2 is used to decrypt the cipher-text to generate the original
message. The diagram of this scenario is depicted below:

HMAC

In recent times, researchers are taking keen interests in developing MAC based on cryptographic
Hash functions. This is because cryptographic hash functions such as SHA and MD5 executes
faster in software compared to symmetric block ciphers like DES. Another advantage of using
cryptographic hash functions is that the libraries for them are widely available. HMAC (Hash
Function based MAC) is the most widely accepted and used MAC based on Hash functions. It is
a RFC2104 standard, mandatory for implementing MAC in IP Security and is used in other
protocols such as SSL. It is also released as NIST standard.

The design objectives of HMAC include:

~ Making use of Hash functions without modifications in MAC; to use Hash functions that
perform well in Software and for which code is freely and widely available.

~ Easy replacement of embedded hash functions; in case a more secure hash function is found or
required.

~ Preserving the performance of the original hash function without any degradation.

~ Handling and Usage of Keys in a simple way.

~ Well understood cryptographic analysis about the strength of authentication mechanisms based
on assumptions about the embedded Hash functions.
The operation of HMAC is given, as:

Here, H represents embedded Hash function such as MD5 and SHA; IV is the initial value input
for Hash function and M is the Message.

Yi is the ith block of message; L is the number of blocks in M; b is number of bits in a block; n is
the length of the Hash Code generated by the embedded Hash function and K is the secret key.
Here, k >= n. If k > b, then Key is given as input to the hash function to generate an n bit key.

K+ represents the K padded with 0’s on the left to make it of length b; ipad = 00110110, i. e., 36
in HEX, repeated b/8 times and opad = 01011100, i. e., 5C in HEX, repeated b/8 times.
HMAC is expressed, as:

The algorithm for HMAC is given, as:

1. Append 0’s to the left of K to create a b bit string K+.

2. XOR K+ with ipad to produce Si.

3. Append M to Si.

4. Apply H to stream generated in 3.

5. XOR K+ to opad to produce So.

6. Append result of 4 to So.

7. Apply H to stream generated in 6 and output the result.

HMAC will execute in same time as embedded Hash functions. A more efficient implementation
of HMAC is possible, if two quantities are precomputed, as:

The efficient implementation of HMAC is given, as: