MAC

Questions and Answers

Which type of attack involves modifying the content of a legitimate message?

• Timing Modification
• Impersonation
• Content Modification (correct)
• None of the above

Which type of authentication scheme is used for authentication between two communicating parties?

• Public key authentication
• Secret key authentication (correct)
• None of the above
• Both A and B

What is a MAC?

• A piece of information that is computed from the message using a secret key and transmitted along with the message (correct)
• A piece of information that is computed from the message using a symmetric key
• None of the above
• A piece of information that is computed from the message using a public key

Which type of MAC can be based on hash functions or symmetric cryptosystems?

Both A and B (B)

What is HMAC?

A MAC scheme based on a hash function and a shared secret key, applied twice with two keys derived from the original key (B)

In which mode is the message encrypted in MAC based on symmetric cryptosystems?

CFB mode (B)

What is authenticated encryption?

Providing both encryption and authentication (D)

Which authenticated encryption algorithm uses Galois/Counter Mode (GCM)?

GCM (A)

What is the purpose of including a timestamp in a message?

To authenticate the time of the message (C)

What is the purpose of a challenge/response authentication mechanism?

To prevent replay attacks (A)

What is the purpose of a Trusted Third Party in authentication?

To timestamp the message (C)

What is the CAESAR competition?

A competition organized by an international committee of cryptographers for authenticated encryption (C)

Which type of attack involves modifying the content of a legitimate message?

Content Modification (B)

Which type of authentication scheme is used for authentication between two communicating parties?

Secret key authentication (B)

What is a MAC?

A piece of information that is computed from the message using a secret key and transmitted along with the message (B)

Which type of MAC can be based on hash functions or symmetric cryptosystems?

Both A and B (D)

What is HMAC?

A MAC scheme based on a hash function and a shared secret key, applied twice with two keys derived from the original key (A)

In which mode is the message encrypted in MAC based on symmetric cryptosystems?

CFB mode (D)

What is authenticated encryption?

Providing both encryption and authentication (C)

Which authenticated encryption algorithm uses Galois/Counter Mode (GCM)?

GCM (D)

What is the purpose of including a timestamp in a message?

To authenticate the time of the message (D)

What is the purpose of a challenge/response authentication mechanism?

To prevent replay attacks (D)

What is the purpose of a Trusted Third Party in authentication?

To timestamp the message (B)

What is the CAESAR competition?

A competition organized by an international committee of cryptographers for authenticated encryption (C)

What is the purpose of a MAC in message authentication?

The MAC should ensure the integrity of the message and authenticate the sender as someone possessing the secret key.

What is the difference between public key authentication and secret key authentication?

Public keys are used for authentication aimed at everybody (i.e., Digital signatures). A secret key shared by the two communicating parties is used for authentication between them (i.e., Message Authentication Code (MAC)).

What are the three types of authentication attacks that can be prevented with MACs?

Impersonation, Content Modification, and Timing Modification.

What are the two types of MAC schemes?

MACs can be based on hash functions or symmetric cryptosystems.

What is HMAC?

HMAC (Hash-based Message Authentication Code) is a MAC scheme based on a hash function and a shared secret key, applied twice with two keys derived from the original key.

What is the main idea behind MAC based on hash functions?

Concatenate the secret key and the message, and apply a hash function. The result is the MAC.

What is the main idea behind MAC based on symmetric cryptosystems?

Encrypt the message using a symmetric cryptosystem in CBC (Cipher Block Chaining) or CFB (Cipher Feedback) mode using the shared secret key. The last block of ciphertext is used as a MAC.

What are authenticated encryption algorithms?

Authenticated encryption algorithms provide both encryption and authentication.

What is Galois/Counter Mode (GCM)?

Galois/Counter Mode (GCM) is an authenticated encryption algorithm where encryption is done in counter mode and a MAC of the ciphertext is computed using GHASH.

What is the purpose of including a timestamp in a message?

To authenticate the time of the message.

What is the purpose of a challenge/response authentication mechanism?

To prevent replay attacks.

What is the purpose of a Trusted Third Party in authentication?

To timestamp the message.

Which type of attack involves modifying the content of a legitimate message?

Content Modification (D)

What is the purpose of a Message Authentication Code (MAC)?

To authenticate the sender of a message (B)

What is the difference between authentication using public keys and authentication using a secret key shared between two parties?

Public keys are used for authentication, while secret keys are used for encryption (C)

What is the main idea behind a MAC based on hash functions?

Concatenate the secret key and the message, and apply a hash function (D)

What is HMAC?

A MAC scheme based on a hash function and a shared secret key (C)

What is the main idea behind a MAC based on symmetric cryptosystems?

Encrypt the message using a symmetric cryptosystem in CBC mode (C)

What is authenticated encryption?

Providing both encryption and authentication of a message (A)

What is the Galois/Counter Mode (GCM)?

An authenticated encryption algorithm (C)

What is the purpose of a timestamp in message authentication?

To authenticate the time of the message (C)

What is challenge/response in message authentication?

Each party sending a random number to the other when establishing a two-way connection (D)

What is the purpose of the CAESAR competition?

To organize a competition for authenticated encryption (C)

What is the purpose of a Trusted Third Party in message authentication?

To timestamp the message (A)