Chapter 11: Message Authentication and Hash Functions

Questions and Answers

What is the primary purpose of a Message Authentication Code (MAC)?

To provide a reversible transformation on the message

To ensure confidentiality of the message

To encrypt the message for secure transmission

To assure the message has not been altered and is from the alleged sender (correct)

Which formula correctly represents the relationship used to generate a MAC?

MAC = C(K, M) (correct)

MAC = K(M)

MAC = CK(M)

MAC = C(M, K)

What is the consequence if the calculated MAC does not match the received MAC?

The message remains unchanged and valid

The message is confirmed to be from the sender

The message may have been altered or is from a different sender (correct)

The same shared key can be used for verification

In which scenario is confidentiality assured when using a MAC?

When the message is encrypted before the MAC is calculated

Why is it preferable to tie authentication directly to the plaintext according to the preferred methods?

To improve the reliability of the MAC process

What additional measure must be taken to ensure confidentiality when using a MAC alone?

The message should not be transmitted in the clear

What does the MAC function primarily verify during the message transmission process?

The integrity and sequence of the message

What are the characteristics of a MAC algorithm compared to encryption?

It has no confidentiality guarantees

What is the primary objective of digital signatures?

To authenticate and verify documents and data

Which of the following is NOT considered an attack in the context of network communications?

Data encryption

What function does a Message Authentication Code (MAC) serve?

To ensure message authenticity and integrity

At what level does the authenticator function operate in the authentication protocol?

At a lower level, producing an authenticator value

Which attack aims to modify the sequence of messages?

Sequence modification

Which mechanism uses the ciphertext itself to serve as an authenticator?

Message encryption

What does message authentication verify?

The timeliness and sequencing of messages

What are the two levels viewed in the function of message authentication or digital signatures?

Lower level and higher level authentication protocol

What is the primary role of a hash function?

To map messages of any length to a fixed-length hash value

Which encryption method uses the same key for both encryption and decryption?

Symmetric encryption

How does symmetric encryption provide authentication?

By ensuring only the sender shares the encryption key

What is a key characteristic of asymmetric encryption?

Utilizes both public and private keys for secure communication

What can be used in symmetric encryption to distinguish between legitimate plaintext and random bits?

Recognizable plaintext or checksums

In symmetric encryption, if party A and party B share a secret key, what does this imply?

Party B can guarantee the message originated from party A

What is a major limitation of symmetric encryption?

The secret key must be securely shared between parties

Why is a checksum considered an authentication method in message encryption?

It verifies the integrity and origin of transmitted messages

What is the purpose of appending an error-detecting code, like an FCS, to a message before encryption?

To facilitate error detection for successful transmission

Which of the following describes a Message Authentication Code (MAC)?

A cryptographic checksum created using a shared secret key

What happens if the FCS does not match at the destination after decryption?

The message is discarded due to possible corruption

What classification describes error control methods applied internally to the communication system?

Internal error control

How is the structure in the encrypted message influenced according to the content?

The plaintext should maintain a specific structure prior to encryption

What is a critical factor for ensuring the successful transmission of data frames across a network?

Incorporating an error-detecting code like an FCS

Which of the following statements accurately reflects the function of symmetric encryption regarding message authenticity?

It ensures both authentication and confidentiality

Why might it be difficult to determine if incoming ciphertext decrypts to intelligible plaintext?

Ciphertext can appear similar regardless of content

Study Notes

Chapter 11: Message Authentication and Hash Functions

• Message authentication is a procedure to verify that received messages originate from the claimed source and haven't been altered. It may also verify message sequencing and timeliness.
• Digital signatures are an authentication technique that also addresses source repudiation (the denial of sending the message.)
• The goal of digital signatures is to authenticate and verify documents, preventing tampering and forgery during transmission.
• Message authentication or digital signatures can be viewed as having two levels. Lower level functions produce an authenticator for use in a higher-level authentication protocol.
• Authentication functions can be categorized into three classes:
  • Message encryption: The ciphertext itself serves as the authenticator. This provides confidentiality as well as authentication. Plaintext must be recognizable. Checksums (basic or layered) or ASCII text are examples.
  • Message Authentication Code (MAC): A short piece of information appended to a message to confirm its authenticity and prevent modification. It's a function of the message and a secret key, producing a fixed-length value.
  • Hash function: A function that maps a message of any length to a fixed-length hash value. This value serves as the authenticator. Hash functions do not require keys.

Authentication Requirements

• Attacks on network communications:
  • Disclosure
  • Traffic analysis
  • Masquerade
  • Content modification
  • Sequence modification
  • Timing modification
  • Source repudiation
  • Destination repudiation
• These attacks impact confidentiality, message authentication and digital signatures, and specialized digital signatures.

Symmetric Encryption

• Symmetric encryption uses the same secret key to encrypt and decrypt data.
• Confidentiality is provided if no other party knows the key.
• Authentication is also provided because only the sender possessing the key can construct the ciphertext.
• However, a recipient using symmetric encryption cannot be assured the message wasn't forged by an unauthorized party.
• The solution is to include a checksum or frame check sequence (FCS) which must be correctly calculated both at the source and destination.
  • The order of these operations is important for internal and external FCS error control.

Message Encryption

• Symmetric encryption can be used as an authenticator as well as for confidentiality.
• Requires recognizable plaintext format or structure to distinguish between authentic and inauthentic messages.
• Public key encryption also can serve as an authenticator. It uses mathematically linked public and private keys for encrypting and decrypting.

Basic Uses of Message Encryption

• Symmetric Encryption: A sends an encrypted message to B, using a key shared by both. No one but B can decrypt the message. Ensures confidentiality and a degree of authentication.
• Public-Key Encryption(asymmetric): A uses B's public key to encrypt a message, B uses their private key to decrypt it. Ensures confidentiality but no authentication; any party could use a public key to encrypt a message and claim it originated from A.

Additional Authentication Functions

• Message Authentication Code (MAC):

  • Uses a shared secret key to generate a fixed-size block of data (MAC or checksum.)
  • This algorithm creates a small, fixed-size block.
  • Provides assurance that the message was unaltered and came from the sender. The receiver performs the same computation.
  • MAC = C_K(M) where C is a MAC function.

• Hash Function

  • A one-way hash function converts a variable-sized message into a fixed-sized hash code.
  • Unlike a MAC, a hash code does not use a key, but is a function only of the input message;
  • Used to provide message integrity.

• Hash functions can be used with encryption or a shared key for authentication. Common strategies include : -E(M || H(M)); M || E(H(M)); M || signed H; M || H(M || K); E(M || H(M || K))

Description

This quiz covers key concepts in message authentication and hash functions, focusing on procedures to verify message integrity and origin. It explores digital signatures, their role in authentication, as well as various classes of authentication functions. Prepare to test your understanding of these critical security measures in information technology.