Following techniques are used for authentication:
- Hash function
- Message encryption
- Message authentication code (MAC)
Authentication using message code encryption is explained below:
Message Authentication Code /Cryptographic Checksum
A cryptographic checksum or MAC is a function of the message and a secret key that produces a fixed-length value that serves as the authenticator.
MAC = MAC(K,M)
M = Input Message
C = MAC Function
K = Shared Secret Key
MAC = Message Authentication Code
A MAC function is similar to encryption. One difference is that the MAC algorithm need not be reversible, as in the case of decryption.
A MAC function is generally a many-to-one function.
Application of MAC
Three situations in which a message authentication code is used are:
- Many applications need to broadcast message to a number of destinations.
- Examples are notification to users that the network is now unavailable or an alarm signal in a military control center.
- Instead of decrypting message at every node it is cheaper and more reliable to have only one destination responsible for monitoring authenticity.
- The message is broadcasted in plaintext with an associated message authentication code. The responsible system has the secret key and performs authentication.
- If a violation occurs, the other destination systems are alerted by a general alarm.
- One side in the communication has a heavy load and cannot afford the time to decrypt all incoming messages.
- Authentication carried out on a selective basis. Messages are chosen at random for checking.
- Authentication of a computer program in plaintext.
- The computer program can execute without having to decrypt it every time.
- However, if a message authentication code attached to the program, it could be checked whenever assurance required for the integrity of the program.
Basic Uses of MAC
- A MAC is an authentication technique involves the use of a secret key to generate a small fixed-size block of data, known as a cryptographic checksum or MAC. The MAC then appended to the message.
- Here, sender and receiver share a secret key.
- Moreover, When A has to send a message to B, it calculates the MAC as a function of the message and the key:
MAC = MAC (K, M)
Where M is plaintext
C is the MAC function
K is the secret key and
MAC is the message authentication code.
- The message plus MAC transmitted to the intended recipient.
- The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC compared to the calculated MAC.
- Since only the receiver and the sender know the secret key, and if the received MAC matches the calculated MAC, then
- The receiver assured that the message has not been altered. If an attacker alters the message but does not alter the MAC, then the receiver’s calculation of the MAC will differ from the received MAC.
- The receiver assured that the message from the alleged sender. Because no one else knows the secret key.
- Moreover, Confidentiality can be provided by performing message encryption either after or before the MAC algorithm.
- In both these cases, two separate keys needed, each of which shared by the sender and the receiver.
- MAC can calculate with the message as input and then concatenated to the message. The entire block then encrypted.
- Moreover, It is preferable to tie the authentication directly to the plaintext, hence the above method typically preferred.
- Alternately, the message encrypted first. Then the MAC calculated using the resulting ciphertext and concatenated to the ciphertext.