Message Authentication
What is a message authentication code?
A function of the message and a secret key that produces a fixed-length value that serves as the authenticator. A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.
What is the difference between a message authentication code and a one-way hash function?
A hash function, by itself, does not provide message authentication. A secret key must be used in some fashion with the hash function to produce authentication. A MAC, by definition, uses a secret key to calculated a code used for authentication.
What types of attacks are addressed by message authentication?
Content modification: Changes to the contents of the message. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion and recording. • Timing modification: Delay or replay of messages.
When a combination of symmetric encryption and an error control code is used for message authentication, in what order must the two functions be performed?
Error control code, then encryption.
In what ways can a hash value be secured so as to provide message authentication?
Hash codes can be secured to become a MAC in various ways: HMAC, CBC-MAC and CMAC are examples
What are some approaches to producing message authentication?
Message encryption, message authentication code, digital signature
Is it necessary to recover the secret key in order to attack a MAC algorithm?
No. See problem with h(key|m).
What changes in HMAC are required in order to replace one underlying hash function with another?
To replace a given hash function in an HMAC implementation, all that is required is to remove the existing hash function module and drop in the new module.
What two levels of functionality comprise a message authentication or digital signature
Two levels of functionality comprise a message authentication or digital signature mechanisms are Low level authentication and High level authentication. At the lower level there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower level function is then used as primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of message.