Message Authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid.
Need for Message Authentication
Following attacks are possible which are the reason why authentication is needed:
- Disclosure: Release of message contents to any person not knowing the secret key.
- Traffic analysis: Discovery of the pattern of traffic between parties. Traffic analysis reveals information like the frequency and length of messages between parties and the communicating parties could determine.
- Masquerade: Impersonating other person and sending messages.
- Content modification: Changes made to the contents of a message. Changes may include insertion, deletion, transposition, and modification.
- Sequence modification: Sequence of messages between parties modified. This attack may include insertion, deletion, and reordering.
- Timing modification: Delay or replay of messages.
- Source repudiation: Denial of transmission of a message by source.
- Destination repudiation: Denial of receipt of a message by destination.
Moreover, Message authentication verifies that received messages come from the alleged source and have not been altered.
Message authentication may also verify sequencing and timeliness.
Following techniques used for authentication:
- Hash function: Hash function maps a message of any length into a fixed-length hash value, which serves as the authenticator.
- Message encryption: The ciphertext of the entire message serves as its authenticator.
- Message authentication code (MAC): A MAC is a function of the message and a secret key that produces a fixed-length value that serves as the authenticator.
A message M transmitted from source A to destination B encrypted using a secret key K shared by A and B.
The source (A) uses the public key PUb of the destination (B) to encrypt M. Because only B has the corresponding private key PRb, only B can decrypt the message. Moreover, But this scheme provides confidentiality but not authentication because any opponent could also use B’s public key to encrypt a message, claiming to be A.