Presentation is loading. Please wait.

Presentation is loading. Please wait.

Message Authentication Code https://store.theartofservice.com/the-message-authentication-code-toolkit.html.

Published byTobias Lane Modified over 9 years ago

Similar presentations

Presentation on theme: "Message Authentication Code https://store.theartofservice.com/the-message-authentication-code-toolkit.html."— Presentation transcript:

1 Message Authentication Code https://store.theartofservice.com/the-message-authentication-code-toolkit.html

2 Key (cryptography) 1 In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature schemes and message authentication codes. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

3 IPsec Standards Track 1 RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH https://store.theartofservice.com/the-message-authentication-code-toolkit.html

4 Automated teller machine - Transactional secrecy and integrity 1 Message Authentication Code (MAC) or Partial MAC may also be used to ensure messages have not been tampered with while in transit between the ATM and the financial network. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

5 Transport Layer Security 1 This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product message authentication https://store.theartofservice.com/the-message-authentication-code-toolkit.html

6 Transport Layer Security - TLS 1 Numbering subsequent Application records with a sequence number and using this sequence number in the message authentication codes (MACs). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

7 Transport Layer Security - Protocol details 1 Each record can be compressed, padded, appended with a message authentication code (MAC), or encrypted, all depending on the state of the connection https://store.theartofservice.com/the-message-authentication-code-toolkit.html

8 Transport Layer Security - TLS record 1 A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

9 Stream cipher attack - Bit-flipping attack 1 Bit-flipping attacks can be prevented by including message authentication code to increase the likelihood that tampering will be detected. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

10 Cyclic redundancy check - CRCs and data integrity 1 Any application that requires protection against such attacks must use cryptographic authentication mechanisms, such as message authentication codes or digital signatures (which are commonly based on cryptographic hash functions). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

11 ISO 8583 - Data elements 1 64b 16Message authentication code (MAC) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

12 ISO 8583 - Data elements 1 128b 16Message authentication code https://store.theartofservice.com/the-message-authentication-code-toolkit.html

13 Encryption - Message verification 1 Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature https://store.theartofservice.com/the-message-authentication-code-toolkit.html

14 Secure Shell - Version 2.x 1 Better security, for example, comes through Diffie-Hellman key exchange and strong integrity checking via message authentication codes https://store.theartofservice.com/the-message-authentication-code-toolkit.html

15 SAFER - SAFER+ and SAFER++ 1 SAFER+ (Massey et al., 1998) was submitted as a candidate for the Advanced Encryption Standard and has a block size of 128 bits. The cipher was not selected as a finalist. Bluetooth uses custom algorithms based on SAFER+ for key derivation (called E21 and E22) and authentication as message authentication codes (called E1). Encryption in Bluetooth does not use SAFER+. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

16 Block cipher - Relation to other cryptographic primitives 1 Message authentication codes (MACs) are often built from block ciphers. CBC-MAC, OMAC and PMAC are such MACs. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

17 Cryptography - Symmetric-key cryptography 1 Message authentication codes (MACs) are much like cryptographic hash functions, except that a secret key can be used to authenticate the hash value upon receipt. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

18 Application security - Security standards and regulations 1 ISO/IEC 9797-1:1999 Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher https://store.theartofservice.com/the-message-authentication-code-toolkit.html

19 Application security - Security standards and regulations 1 ISO/IEC 9797-2:2002 Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 2: Mechanisms using a dedicated hash-function https://store.theartofservice.com/the-message-authentication-code-toolkit.html

20 Internet security - Message Authentication Code 1 A Message Authentication Code is a cryptography method that uses a secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message's data integrity as well as its authenticity. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

21 Wi-Fi Protected Access - WPA 1 Well tested message authentication codes existed to solve these problems, but they required too much computation to be used on old network cards https://store.theartofservice.com/the-message-authentication-code-toolkit.html

22 Wi-Fi Protected Access - Encryption protocol 1 CCMP (Counter Cipher Mode with block chaining message authentication code Protocol) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

23 Symmetric cryptography - Cryptographic primitives based on symmetric ciphers 1 Encrypting a message does not guarantee that this message is not changed while encrypted. Hence often a message authentication code is added to a ciphertext to https://store.theartofservice.com/the-message-authentication-code-toolkit.html

24 Symmetric cryptography - Cryptographic primitives based on symmetric ciphers 1 ensure that changes to the ciphertext will be noted by the receiver. Message authentication codes can be constructed from symmetric ciphers (e.g. CBC-MAC). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

25 Internet security - Message Authentication Code 1 A Message authentication code|Message Authentication Code is a cryptography method that uses a Key (cryptography)|secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message's data integrity as well as its Authentication|authenticity. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

26 Authenticated encryption 1 The need for AE emerged from observation that securely compositing a Block cipher modes of operation|confidentiality mode with an Block cipher modes of operation|authentication mode could be error prone and difficult.people had been doing rather poorly when they tried to glue together a traditional (privacy-only) encryption scheme and a message authentication code (MAC), in: it is very easy to accidentally combine secure encryption schemes with secure MACs and still get insecure authenticated encryption schemes, in: This was confirmed by a number of practical attacks introduced into production protocols and applications by incorrect implementation, or lack of, authentication (including Transport Layer Security|SSL/TLS). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

27 Authenticated encryption 1 ** Output: ciphertext and authentication tag (Message Authentication Code) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

28 Authenticated encryption 1 However, authenticated encryption can be generically constructed by combining an encryption scheme and a Message Authentication Code (MAC), provided that the encryption scheme is semantic security|semantically secure under chosen plaintext attack and the MAC function is unforgeable under chosen message attack https://store.theartofservice.com/the-message-authentication-code-toolkit.html

29 Cryptographic hash function 1 Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication https://store.theartofservice.com/the-message-authentication-code-toolkit.html

30 Cryptographic hash function - Use in building other cryptographic primitives 1 Message authentication codes (MACs) (also called keyed hash functions) are often built from hash functions. HMAC is such a MAC. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

31 IEEE 802.1AE 1 ** Message authentication code (ICV) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

32 Secure Sockets Layer 1 This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication https://store.theartofservice.com/the-message-authentication-code-toolkit.html

33 Secure Sockets Layer - TLS 1 * Numbering subsequent Application records with a sequence number and using this sequence number in the message authentication codes (MACs). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

34 Secure Sockets Layer - Protocol details 1 Each record can be compressed, padded, appended with a message authentication code (MAC), or encrypted, all depending on the state of the connection https://store.theartofservice.com/the-message-authentication-code-toolkit.html

35 Secure Sockets Layer - TLS record 1 : A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

36 Cipher suite 1 A 'cipher suite' is a named combination of authentication, encryption, and message authentication code (MAC) algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

37 Cipher suite - Detailed description 1 Each named cipher suite defines a key exchange algorithm, a bulk encryption algorithm, a message authentication code (MAC) algorithm, and a pseudorandom function (PRF). (RFC 5246, p. 40) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

38 Cipher suite - Detailed description 1 * The 'message authentication code' (MAC) algorithm is used to create the message digest, a cryptographic hash of each Block (telecommunications)|block of the message stream. (RFC 5246, p. 17) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

39 Cipher suite - Examples of algorithms used 1 ;message authentication: for TLS, a HMAC|Hash-based Message Authentication Code using MD5 or one of the Secure Hash Algorithm (disambiguation)|SHA hash functions is used. For SSL, Secure Hash Algorithm (disambiguation)|SHA, MD5, MD4, and MD2 (cryptography)|MD2 are used. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

40 Galois/Counter Mode 1 It is an authenticated encryption algorithm designed to provide both data authenticity (integrity) and confidentiality. GCM is defined for block ciphers with a block size of 128 bits. 'Galois Message Authentication Code' ('GMAC') is an authentication-only variant of the GCM which can be used as an incremental message authentication code. Both GCM and GMAC can accept initialization vectors of arbitrary length. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

41 Galois/Counter Mode - Use 1 GCM mode is used in the IEEE 802.1AE (MACsec) Ethernet security, 802.11ad|IEEE 802.11ad (also known as WiGig), ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), IEEE P1619.1 tape storage, Internet Engineering Task Force|IETF IPsec standards,RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)RFC 4543 The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH Secure Shell|SSH RFC 5647 AES Galois Counter Mode for the Secure Shell Transport Layer Protocol and Transport Layer Security|TLS 1.2.RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLSRFC 6367 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) AES-GCM is included into the NSA Suite B Cryptography. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

42 Galois/Counter Mode - Security 1 The authentication strength depends on the length of the authentication tag, as with all symmetric message authentication codes https://store.theartofservice.com/the-message-authentication-code-toolkit.html

43 Galois/Counter Mode - Security 1 As with any message authentication code, if the adversary chooses a t-bit tag at random, it is expected to be correct for given data with probability 2−t. With GCM, however, an adversary can choose tags that increase this probability, proportional to the total length of the ciphertext and additional authenticated data (AAD). Consequently, GCM is not well-suited for use with very short tag lengths or very long messages. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

44 Internet Protocol Security - Standards Track 1 * RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH https://store.theartofservice.com/the-message-authentication-code-toolkit.html

45 ARC4 - Security 1 If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack https://store.theartofservice.com/the-message-authentication-code-toolkit.html

46 Outline of cryptography - Cryptographic hash functions 1 * Keyed-hash message authentication code - https://store.theartofservice.com/the-message-authentication-code-toolkit.html

47 WS-Security - Issues 1 * If only Padding (cryptography)|CBC mode encryption/decryption is applied or if the CBC mode decryption is applied without verifying a secure checksum (Digital Signature|signature or Message authentication code|MAC) before decryption then the implementation is likely to be vulnerable to padding oracle attacks. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

48 Error correction - Cryptographic hash functions 1 If an attacker can change not only the message but also the hash value, then a keyed hash or message authentication code (MAC) can be used for additional security https://store.theartofservice.com/the-message-authentication-code-toolkit.html

49 Message authentication code 1 In cryptography, a 'message authentication code' (often 'MAC') is a short piece of information used to Authentication|authenticate a message and to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

50 Message authentication code - Standards 1 * ISO/IEC 9797-1 Mechanisms using a block cipher[ http://www.iso.org/iso/iso_catalogue/catalo gue_tc/catalogue_detail.htm?csnumber=3 0656 ISO/IEC 9797-1 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher] https://store.theartofservice.com/the-message-authentication-code-toolkit.html

51 Message authentication code - Standards 1 * ISO/IEC 9797-2 Mechanisms using a dedicated hash-function[ http://www.iso.org/iso/iso_catalogue/catalo gue_tc/catalogue_detail.htm?csnumber=3 1136 ISO/IEC 9797-2 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function] https://store.theartofservice.com/the-message-authentication-code-toolkit.html

52 Message authentication code - One-time MAC 1 Universal hashing and in particular pairwise independent hash functions provide a message authentication code as long as the key is used at most once (or less than k-times for k-wise independent hash functions. This can be seen as of the one-time pad for authentication. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

53 Chip Authentication Program - Protocol details 1 This confirmation message contains a message authentication code (typically CBC-MAC/Triple DES) that is generated with the help of a card-specific secret key stored securely in the smartcard https://store.theartofservice.com/the-message-authentication-code-toolkit.html

54 NIST SP 800-90A 1 The publication contains the specification for four cryptographically secure pseudorandom number generators for use in cryptography: Hash DRBG (based on hash functions), HMAC DRBG (Based on Hash-based message authentication code), CTR DRBG (based on block ciphers), and Dual_EC_DRBG (based on elliptic curve cryptography) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

55 Block ciphers - Relation to other cryptographic primitives 1 * Message authentication codes (MACs) are often built from block ciphers. CBC- MAC, One-key MAC|OMAC and PMAC (cryptography)|PMAC are such MACs. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

56 One-way function - Theoretical implications of one-way functions 1 *Message authentication codes https://store.theartofservice.com/the-message-authentication-code-toolkit.html

57 Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS) 1 *FIPS PUB 198 The Keyed-Hash Message Authentication Code (HMAC) 2002 https://store.theartofservice.com/the-message-authentication-code-toolkit.html

58 Threema - Security 1 A 128 bit message authentication code is added to the message to detect manipulations, as well as a random amount of cryptographic padding to prevent inferences or changes being made to the content of the message. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

59 Block cipher modes of operation - History and standardization 1 HMAC was approved in 2002 as [http://csrc.nist.gov/publications/fips/fips198/fips- 198a.pdf FIPS 198], The Keyed-Hash Message Authentication Code (HMAC), CMAC was released in 2005 under [http://csrc.nist.gov/publications/nistpubs/800- 38B/SP_800-38B.pdf SP800-38B], Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, and GMAC was formalized in 2007 under [http://csrc.nist.gov/publications/nistpubs/800- 38D/SP-800-38D.pdf SP800-38D], Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

60 Digest access authentication - Impact of MD5 security on digest authentication 1 The HTTP scheme was designed by Phillip Hallam-Baker at CERN in 1993 and does not incorporate subsequent improvements in authentication systems, such as the development of keyed-hash message authentication code (HMAC) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

61 List of International Organization for Standardization standards - ISO 5000 – ISO 9999 1 * ISO/IEC 9797 Information technology – Security techniques – Message Authentication Codes (MACs) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

62 Sender Rewriting Scheme - The Rewriting Scheme 1 * 'The' Hash-based message authentication code (HHH) is computed against a local secret, but only a part of it is used; for example, storing the first 4 characters of a base64 representation provides 24 bits of security. The hash is checked by the domain who generated it, in case a bounce arrives. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

63 SMTP Authentication - History 1 John Gardiner Myers published the first draft of SMTP AUTH in 1995, and it has been successively developed and discussed in the IETF along with mail submission protocol, Extended SMTP (ESMTP), and Simple Authentication and Security Layer (SASL). An older SASL mechanism for ESMTP authentication (ESMTPA) is CRAM-MD5, and uses of the MD5 algorithm in HMACs (hash- based message authentication codes) are still considered sound. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

64 Jungle Disk - Criticism 1 * The lack of a Message Authentication Code means that file corruption (accidental or deliberate) or arbitrary file content insertionsIf the people running the underlying storage service (Amazon S3 or Rackspace Cloud Files) know the contents of a file stored via Jungle Disk, they could transform it into anything they want — planting files which are dangerous (e.g., viruses) or even illegal (e.g., child pornography). Percival 2011 will not be detected https://store.theartofservice.com/the-message-authentication-code-toolkit.html

65 AES-CCMP 1 'Counter Mode Cipher Block Chaining Message Authentication Code Protocol', 'Counter Mode CBC-MAC Protocol' or simply 'CCMP' ('CCM mode Protocol') is an encryption security protocol|protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard https://store.theartofservice.com/the-message-authentication-code-toolkit.html

66 AES-CCMP - Technical details 1 Lastly are the Message authentication code|Message Integrity Code (MIC) which protects the integrity and authenticity of the packet and the frame check sequence (FCS) which is used for error detection and correction https://store.theartofservice.com/the-message-authentication-code-toolkit.html

67 HTTPsec - Example with explanation 1 The responder is authenticated in the initialization stage, by the validating the signature against the public key presented by its certificate (authentication freshness is ensured by the requester's nonce). The requester is subsequently authenticated in the continuation stage by the use of HMAC message authentication codes (authentication freshness is ensured by the requester's ability to decrypt the responders's nonce). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

68 HTTPsec - Example with explanation 1 * The secret keys are inputs to message authentication codes and message body encryption. As the keys are only known by the two legitimate peers, they are used by the message-receiving peer to validate the message-sending peer, and to decrypt the message body. Additionally, message uniqueness is enforced by an incrementing counter, which is one of various inputs to the message's MAC. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

69 Encryption key 1 In cryptography, a 'key' is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature schemes and message authentication codes. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

70 Bilateral key exchange 1 A Bilateral Key allowed secure communication across the SWIFT|SWIFT Network. The text of a SWIFT:Message Types and the authentication key were used to generate a Message Authentication Code or MAC. The MAC ensured the origin of a message and the authenticity of the message contents. This was normally accomplished by the exchange of various FIN Message|SWIFT Messages used specifically for establishing a communicating key pair. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

71 Cryptographic Message Syntax 1 The 'Cryptographic Message Syntax' (CMS) is the IETF's standard for Cryptography|cryptographically protected messages. It can be used to Digital signature|digitally sign, Cryptographic hash function|digest, Message authentication code|authenticate or encryption|encrypt any form of digital data. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

72 SSL encryption 1 This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication https://store.theartofservice.com/the-message-authentication-code-toolkit.html

73 SSL encryption - Data integrity 1 Message authentication code (MAC) is used for data integrity. HMAC is used for Cipher block chaining|CBC mode of block ciphers and stream ciphers. AEAD block cipher modes of operation|AEAD is used for Authenticated encryption such as Galois/Counter Mode|GCM mode and CCM mode. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

74 List of algorithms - Cryptography 1 ** keyed-hash message authentication code|HMAC: keyed-hash message authentication https://store.theartofservice.com/the-message-authentication-code-toolkit.html

75 Encrypt - Message verification 1 Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature https://store.theartofservice.com/the-message-authentication-code-toolkit.html

76 Project 25 - Jamming vulnerability 1 As a result bit errors may be expected in typical transmissions, and while harmless for voice communication, the presence of such errors force the use of stream ciphers, which can tolerate bit errors, and prevents the use of a standard technique, message authentication codes (MACs), to protect message integrity from stream cipher attacks https://store.theartofservice.com/the-message-authentication-code-toolkit.html

77 Selective forgery 1 In a cryptography|cryptographic digital signature or Message Authentication Code|MAC system, 'digital signature forgery' is the ability to create a pair consisting of a message m and a signature (or MAC) \sigma that is valid for m, where m has not been signed in the past by the legitimate signer. There are three types of forgery: existential, selective, and universal. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

78 Integrated Encryption Scheme 1 ** Message authentication code|MAC, e.g., HMAC-SHA-1-160 with 160-bit keys or HMAC-SHA-1-80 with 80-bit keys; https://store.theartofservice.com/the-message-authentication-code-toolkit.html

79 VMAC 1 'VMAC' is a block cipher-based message authentication code (MAC) algorithm using a universal hash proposed by Ted Krovetz and Wei Dai in April 2007. The algorithm was designed for high performance backed by a formal analysis. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

80 VMAC - Specification 1 See internet draft [http://fastcrypto.org/vmac/draft-krovetz- vmac-01.txt VMAC: Message Authentication Code using Universal Hashing] https://store.theartofservice.com/the-message-authentication-code-toolkit.html

81 Malleability (cryptography) - Example malleable cryptosystems 1 For this and many other reasons, using Message authentication code|message authentication codes is needed to guard against this method of tampering. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

82 CRYPTREC - e-Government Recommended Ciphers List 1 **Hash-based message authentication code|HMAC: NIST FIPS PUB 198-1 https://store.theartofservice.com/the-message-authentication-code-toolkit.html

83 Automatic teller machine - Transactional secrecy and integrity 1 Message Authentication Code (MAC) or Partial MAC may also be used to ensure messages have not been tampered with while in transit between the ATM and the financial network. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

84 Message Integrity Code - Standards 1 * ISO/IEC 9797-1 Mechanisms using a block cipher[http://www.iso.org/iso/iso_catalogue /catalogue_tc/catalogue_detail.htm?csnum ber=30656 ISO/IEC 9797-1 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher] https://store.theartofservice.com/the-message-authentication-code-toolkit.html

85 Message Integrity Code - Standards 1 * ISO/IEC 9797-2 Mechanisms using a dedicated hash- function[http://www.iso.org/iso/iso_catalog ue/catalogue_tc/catalogue_detail.htm?csn umber=31136 ISO/IEC 9797-2 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function] https://store.theartofservice.com/the-message-authentication-code-toolkit.html

86 ISO/IEC 9797-1 1 'ISO/IEC 9797-1' Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher[http://www.iso.org/iso/iso_catalogue/ca talogue_tc/catalogue_detail.htm?csnumber=3 0656 ISO/IEC 9797-1:1999 Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher] is an international standard that defines methods for calculating a message authentication code (MAC) over data. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

87 Station-to-Station protocol - STS-MAC 1 In cases where encryption is a not viable choice in session establishment, K can instead be used to create a message authentication code|MAC. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

88 PMAC (cryptography) 1 'PMAC', which stands for 'Parallelizable MAC', is a message authentication code algorithm. It was created by Phillip Rogaway (patent pending). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

89 PMAC (cryptography) 1 PMAC is a method of taking a block cipher and creating an efficient message authentication code that is provably reducible in security to the underlying block cipher. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

90 SipHash - Overview 1 SipHash computes 64-bit message authentication code from a variable-length message and 128-bit secret key. It was designed to be efficient even for short inputs, with performance comparable to non-cryptographic hash functions, such as CityHash, https://store.theartofservice.com/the-message-authentication-code-toolkit.html

91 OMAC (cryptography) 1 'OMAC (One-key MAC)' is a message authentication code constructed from a block cipher much like the CBC-MAC algorithm. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

92 Replay attack - Countermeasures 1 Bob can also send Cryptographic nonce|nonces but should then include a message authentication code (MAC), which Alice should check. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

93 List of cryptographic key types 1 * 'authentication key' - Key used in a keyed-hash message authentication code, or HMAC. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

94 CipherSuite 1 A 'cipher suite' is a named combination of authentication, encryption, message authentication code (MAC) and Key_exchange | key exchange algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

95 SILC (protocol) - Components 1 The packets are secured using algorithms based on symmetric cryptography and authenticated by using Message Authentication Code algorithm, HMAC. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

96 Data Authentication Algorithm 1 The 'Data Authentication Algorithm' ('DAA') is a former Federal Information Processing Standard|U.S. government standard for producing cryptographic message authentication codes. According to the standard, a code produced by the DAA is called a 'Data Authentication Code' ('DAC'). The algorithm is not considered secure by today's standards. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

97 Length extension attack 1 In cryptography and computer security, 'length extension attacks' are a type of Attack (computing)|attack when certain types of Hash function|hashes are misused as message authentication codes, allowing for inclusion of extra information. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

98 Length extension attack - Example 1 The server would perform the request given (to deliver a waffle of type eggo to the given location for user 1) only if the signature is valid for the user. The signature used here is a Message authentication code|MAC, signed with a key not known to the attacker. (This example is also vulnerable to a replay attack, by sending the same request and signature a second time.) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

99 OCB mode - Encryption and authentication 1 OCB mode was designed to provide both authentication and privacy. It is essentially a scheme for integrating a Message Authentication Code (MAC) into the operation of a block cipher. In this way, OCB mode avoids the need to use two systems: a MAC for authentication and encryption for privacy. This results in lower computational cost compared to using separate encryption and authentication functions. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

100 TCP Fast Open - Details 1 The cookie is generated by applying a block cipher keyed on a key held secret by the server to the client's IP address, generating a Message authentication code|MAC tag that cannot be forged. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

101 MMH-Badger MAC 1 In cryptography, to guarantee the integrity of a message, one can use either public key digital signatures or use a Message Authentication Code (MAC) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

102 MMH-Badger MAC - Introduction 1 Carter and Wegman introduced universal hashing to construct a message authentication codes (MACs) https://store.theartofservice.com/the-message-authentication-code-toolkit.html

103 MMH-Badger MAC - Universal hash function families 1 Universal hashing was first introduced by Carter and Wegman in 1979 and was studied further by Sarwate, Wegman and Carter and Stinson. Universal hashing has many important applications in theoretical computer science and was used by Wegman and Carter in the construction of message authentication codes (MACs) in. Universal hashing can be defined as a mapping from a finite set A with size a to a finite set B with size b. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

104 Poly1305-AES 1 'Poly1305-AES' is a Cryptography|cryptographic message authentication code (MAC) written by Daniel J. Bernstein. It can be used to verify the data integrity and the authenticity of a message. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

105 Cryptographic key types 1 An example with devastating consequences is the reuse of the same symmetric key algorithm|symmetric key for both symmetric message authentication code|authentication in CBC-MAC and symmetric data encryption in block cipher modes of operation|CBC encryption. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

106 Cryptographic key types 1 ; Private key transport key: Private key transport keys are the private keys of asymmetric key pairs that are used to decrypt keys that have been encrypted with the associated public key using a public key algorithm. Key transport keys are usually used to establish keys (e.g., key wrapping keys, data encryption keys or message authentication code|MAC keys) and, optionally, other keying material (e.g., initialization vectors). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

107 CMAC 1 In cryptography, 'CMAC' (Cipher-based MAC) is a block cipher-based message authentication code algorithm. It may be used to provide assurance of the authenticity and, hence, the integrity of binary data. This block cipher modes of operation|mode of operation fixes security deficiencies of CBC-MAC (CBC-MAC is secure only for fixed-length messages). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

108 Padding oracle attack - Solution 1 To prevent this attack, one could append an HMAC (Hash-based message authentication code) to the ciphertext. Without the key used to generate the HMAC, an attacker won't be able to produce valid ciphertexts. Since the HMAC is checked before the decryption stage, the attacker cannot do the required bit-fiddling and hence cannot discover the plaintext. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

109 Initialization vector 1 Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

110 CBC-MAC 1 In cryptography, a 'cipher block chaining message authentication code' ('CBC- MAC') is a technique for constructing a message authentication code from a block cipher https://store.theartofservice.com/the-message-authentication-code-toolkit.html

111 CBC-MAC - Security with fixed and variable-length messages 1 [http://www.cs.ucdavis.edu/research/tech- reports/1997/CSE-97-15.pdf The security of the cipher block chaining message authentication code.] JCSS 61(3):362– 399, 2000 https://store.theartofservice.com/the-message-authentication-code-toolkit.html

112 CBC-MAC - Using the same key for encryption and authentication 1 By definition, a Message Authentication Code is broken if we can find a different message (a sequence of plain-text pairs P') which produces the same tag as the previous message, P, with P \not = P' https://store.theartofservice.com/the-message-authentication-code-toolkit.html

113 CBC-MAC - Using the same key for encryption and authentication 1 However, due to the MAC's usage of a different key K_2, we cannot undo the decryption process in the forward step of the computation of the message authentication code so as to produce the same tag; each modified P_i' will now be encrypted by K_2 in the CBC-MAC process to some value MAC_i \not = C_i'. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

114 CBC-MAC - Allowing the initialisation vector to vary in value 1 When computing a message authentication code, such as by CBC- MAC, the use of an initialisation vector is a possible attack vector. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

115 Lucky Thirteen attack - Attack 1 It is a novel variant of Serge Vaudenay's padding oracle attack that had previously thought to have been fixed, that uses a timing side-channel attack against the message authentication code (MAC) check stage in the TLS algorithm to break the algorithm in a way that was not fixed by previous attempts to mitigate Vaudenay's attack. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

116 Trusted timestamping - Classification 1 * Message authentication code|MAC - simple secret key based scheme, found in ANSI ASC X9.95 Standard. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

117 UMAC 1 In cryptography, a 'message authentication code based on universal hashing', or 'UMAC', is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message https://store.theartofservice.com/the-message-authentication-code-toolkit.html

118 LibreSSL - Cryptographic 1 In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (ChaCha (cipher)|ChaCha stream cipher and Poly1305 message authentication code) along with a safer set of elliptic curve cryptography|elliptic curves (brainpool curves from RFC5639,http://tools.ietf.org/html/rfc5639 up to 512 bits in strength). https://store.theartofservice.com/the-message-authentication-code-toolkit.html

119 Mac & Devin Go to High School (soundtrack) - Technology 1 * Message authentication code, used to authenticate a message in cryptography https://store.theartofservice.com/the-message-authentication-code-toolkit.html

120 Windows Media DRM - How it works 1 An analysis of version 2 of the DRM scheme in Windows Media Audio revealed that it was using a combination of elliptic curve cryptography key exchange, the Data Encryption Standard|DES block cipher, a custom block cipher dubbed MultiSwap (for message authentication code|MACs only), the RC4 cipher|RC4 stream cipher, and the SHA-1 hashing function. https://store.theartofservice.com/the-message-authentication-code-toolkit.html

121 Deniable encryption - Deniable authentication 1 This is achieved by the fact that all information necessary to forge messages is appended to the encrypted messages ndash; if an adversary is able to create digitally authentic messages in a conversation (see hash-based message authentication code (HMAC)), he is also able to forgery|forge messages in the conversation https://store.theartofservice.com/the-message-authentication-code-toolkit.html

122 For More Information, Visit: https://store.theartofservice.co m/the-message- authentication-code- toolkit.html https://store.theartofservice.co m/the-message- authentication-code- toolkit.html The Art of Service https://store.theartofservice.com

Download ppt "Message Authentication Code https://store.theartofservice.com/the-message-authentication-code-toolkit.html."

Similar presentations

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google