Why Integrity Check So far we have encrypted message which gives confidentiality. But, how can we ensure that Bob is receiving correct message from Alice? that is message is not modified by Eve. This is known as Integrity Check. One way is “Message Authentication Code”
MAC In cryptography, a message authentication code (often MAC) is a short piece of information used to authentication a message and to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin.
MAC MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. For the same reason, MACs do not provide the property of non-repudiation offered by signatures: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.
MAC MAC algorithms can be constructed from other cryptographic primitives, such as cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms ( OMAC, CBC, PMAC). However many of the fastest MAC algorithms such as UMAC, VMAC are constructed based on universal hashing
Message Integrity Alice Bob Alice sends message m_a. Bob receives message m_b. Bob wants to verify that m_b=m_a. Eve Eve might alter message m_a to m_e
Message Authentication Code (MAC) MAC uses two algorithms: MAC Signing Algorithm (Alice signs m_a) MAC Verification Algorithm (Bob verifies if m_b=m_a)
MAC Alice Bob Alice sends message m_a and a tag using MAC signing algo [m_a, tag] Bob uses MAC verification Algo to check if m_b=m_a MAC signing Algo m_a K tag MAC verifying Algo, m_b=m_a ? m_b K tag yes/no k k Alice & Bob shares a key
Notice: we are sending message (plaintext or encrypted) and sending a tag message can be gigabits, but tag is small 90/100bits. How to generate tag? By using MAC signing Algo. One example is CBC-MAC.
CBC-MAC: example 31313131 31313131 PlainText Blocks 0 xor Initial Vector= 0 xor 0 00110001 00000000 ————— 00110001 ————— 31 31 f f xor 3 k1=5 0 1 f f xor 1 k2=7 0 0 =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 3 xor 3 =0001 xor 0001=0000 = 0 f(r,k)=(2*r+k^2)%8 f(0,7)=(2*0+7^2)%8=1 1 xor 1 00 00110001 00000000 ————— 00110001 ————— 31 31 f f xor 3 k1=5 0 1 f f xor 1 k2=7 0 0 Now, Alice sends message = 3131 and tag=00 Now, Alice sends message = 3131 and tag=00
MAC verifying Algo: example CBC-MAC Now, Bob receives message = 3131 and tag=00 Now, Bob receives message = 3131 and tag=00 Bob uses CBC-MAC and generates the tag_bob. Then checks, if tag_bob=tag. If yes, then the message is authentic otherwise tampered.
MAC It uses key Used for integrity check CBC is used for encrypting message whereas CBC- MAC is used for integrity check. It is slow. Integrity check must be fast. Another way is hash[keyless]. Hash - next class..