Chapter 11: Message Authentication & Hash Functions

Questions and Answers

What is the purpose of appending an error-detecting code to a message before encryption?

• To facilitate error detection during transmission (correct)
• To increase the size of the encrypted message
• To enhance the speed of encryption processes
• To ensure the plaintext does not remain confidential

What does the Message Authentication Code (MAC) rely on for its effectiveness?

• The strength of the transmission medium
• A shared secret key between communicating parties (correct)
• A dynamic encryption algorithm
• The use of a public encryption key

What happens if the calculated frame check sequence (FCS) does not match the incoming FCS?

• The message is authenticated successfully
• The message is discarded or rejected (correct)
• The message is sent back for retransmission
• The message is automatically corrected

In what order must FCS and encryption functions be performed for effective error detection?

FCS computation first, then encryption (D)

Which of the following describes both internal and external error control?

Techniques to add structure to messages for validation (A)

What is the primary purpose of message authentication?

To confirm that messages originate from the claimed source and have not been altered (B)

Which of the following describes a digital signature?

An authentication technique including measures to counter repudiation (B)

Which of the following functions produces an authenticator by using a secret key?

Message authentication code (MAC) (D)

What is the primary purpose of a hash function?

To authenticate by mapping messages to fixed-length hash values (C)

Which of the following statements about symmetric encryption is true?

It uses a single secret key shared between sender and receiver. (A)

How does B determine that a message was generated by A in symmetric encryption?

By knowing that only A has the shared secret key. (B)

Flashcards

Message Authentication

Guarantees that a message originated from the claimed sender and hasn't been altered during transmission.

Digital Signature

An authentication technique that also prevents the sender from denying they sent the message.

Message Authentication Code (MAC)

A function that creates a small, fixed-length value (MAC) based on a message and a secret key, used to verify authenticity and integrity.

Masquerade

The act of disguising yourself as someone else to gain access to a system or network.

Content Modification

Unauthorized changes made to the content of a message during transmission.

Hash Function

A function that takes arbitrary length input and produces a fixed-length output, serving as a unique identifier for the input.

Hash Value

The fixed-length output generated by a hash function, representing the input data.

Symmetric Encryption

A type of encryption that relies on a single secret key shared by both sender and receiver.

Asymmetric Encryption

A type of encryption that uses two separate keys: a public key for encryption and a private key for decryption.

Frame Check Sequence (FCS)

A block of data appended to a message before encryption to ensure the message's integrity, often used to detect accidental modifications.

Checksum

An error-detecting code added to a message before encryption to ensure authenticity and prevent unauthorized alteration.

Authenticity in Cryptography

Authenticity is a key concept in cryptography that verifies the origin and integrity of a message, ensuring it has not been altered or forged.

Internal Error Control

A method that calculates a checksum or FCS before encryption, to ensure the integrity of the message and verify it hasn't been altered during transmission.

Study Notes

Chapter 11: Message Authentication and Hash Functions

• Message authentication is a process to verify messages originate from the claimed source and haven't been altered. It can also verify message sequencing and timeliness.

Authentication Requirements

• Types of attacks in network communications include disclosure, traffic analysis, masquerade, content modification, sequence modification, timing modification, source repudiation, and destination repudiation.
• Confidentiality protects against disclosure and traffic analysis.
• Message authentication defends against content modification, sequence modification, timing modification, source repudiation, and destination repudiation.

Authentication Requirements

• Digital signatures are authentication techniques designed to prevent repudiation by a source.
• The goal of digital signatures is authenticating and verifying documents to safeguard against tampering, modification, or forgery.

Authentication Functions

• Authentication mechanisms can be categorized as two levels:
  • Lower level functions produce an authenticator (a value used to authenticate a message).
  • Higher level authentication protocols use lower-level functions as primitives.
• Three types of functions that can produce an authenticator are:
  • Message encryption - ciphertext itself serves as the authenticator.
  • Message authentication codes (MACs) - these are short pieces of information that authenticate messages by confirming their origin and ensuring they haven't been altered. A MAC function takes a message and a secret key as input to produce a fixed-length value.
  • Hash functions- a function mapping a message of any length into a fixed-length hash value to serve as the authenticator.

Message Encryption

• Symmetric encryption can be used for authentication and confidentiality.
• It needs a recognizable plaintext to distinguish it from random bits(like ASCII text).
• Public-key cryptography is different; it uses mathematically linked key pairs.

Basic Uses of Message Encryption

• Symmetric encryption guarantees confidentiality by sharing a secret key between sender and receiver, thereby only A and B can decrypt it. It doesn't prevent the possibility of receiver forgeries.
• Public-key encryption provides confidentiality (uses recipients public key to encrypt, and private decryption key for the receiver.). It doesn't offer authentication in the same way.

Symmetric Encryption

• A message transmitted from A to B using a shared secret key ensures only A and B can decrypt it.
• If no one else has the key, then confidentiality is guaranteed.
• B is certain the message originated from A because only A holds the key. This also authenticates the message.

Internal vs External Error Control

• Append error detecting codes(FCSs or checksums) to the message before encryption.
• Data frames may get corrupted in transit.
• FCS bits are added to the frame before transmission, and then compared at the receiving end. If matches, the frame is valid; otherwise, it's discarded.

Message Authentication Code (MAC)

• A shared secret key is used to generate a fixed-size block of data (called a MAC) appended to the message.
• This ensures message integrity and that it originated from the claimed sender, as both parties perform the same computation.
• This technique works well when only authenticity is required.

Theory of Operation MAC

• When sender A sends a message to B, it calculates the MAC using a shared secret key and the message.
• The receiver B performs the same calculation and compares the results to the received MAC. A match confirms the message's integrity and origin.

Hash Functions

• Hash functions convert variable-sized messages into fixed-sized hash codes (message digests). Hashing does not require a key. It's primarily useful for verifying message integrity.
• It can be used for authentication (e.g., with encryption or a shared key).
• There are methods for authentication including hashing with encryption, a MAC, and using a signed hash (digital signatures):
  • M || E(H(M)): Equivalent to internal error control.
  • M || signed H: Typical digital signature.
  • M || H(M || K): Keyed hash (no encryption).

Why Use MACs?

• Cleartext can remain clear if encrypting as a whole.
• MACs may be cheaper or sufficient for some use cases.
• Authentication may be needed in cases where executable code persists longer than the encryption.
• A MAC does not provide a digital signature (because the same key is used by both sender and receiver).