MAC Security and Hash Functions Quiz
40 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does a message authentication code (MAC) provide in a private key setting?

  • Data validation and key sharing
  • Data encryption and key generation
  • Data integrity and data origin authentication (correct)
  • Data confidentiality and data integrity
  • In the equation Hk : {0, 1}∗ → {0, 1}n, what does 'k' represent?

  • An n-bit key (correct)
  • The number of messages
  • The length of the message
  • The output size of the hash function
  • What does Alice do after computing the MAC of the message?

  • Sends the message only
  • Sends both the message and the MAC to Bob (correct)
  • Encrypts the message and sends it to Bob
  • Stores the MAC locally
  • Which of the following describes a chosen-message attack?

    <p>An attacker requests tags for messages they select</p> Signup and view all the answers

    What is existential forgery in the context of MAC security?

    <p>Generating a valid message-tag pair for any message</p> Signup and view all the answers

    What is a primary property of cryptographic hash functions that differentiates them from unkeyed hash functions?

    <p>Preimage resistance</p> Signup and view all the answers

    What is a characteristic of a secure MAC?

    <p>It prevents creation of new message-tag pairs with high probability</p> Signup and view all the answers

    What does a keyed hash function use in addition to a message to generate a hash value?

    <p>A secret key</p> Signup and view all the answers

    What does Bob check upon receiving the message and tag from Alice?

    <p>If the received tag is equal to Hk (m0)</p> Signup and view all the answers

    What distinguishes selective forgery from existential forgery?

    <p>Selective forgery focuses on a chosen message only</p> Signup and view all the answers

    Which property of a hash function ensures that it is computationally hard to find two different inputs that produce the same output?

    <p>Collision resistance</p> Signup and view all the answers

    In a message authentication code (MAC), what is the role of the verification algorithm V?

    <p>To confirm the authenticity of the message</p> Signup and view all the answers

    Which of the following statements about unkeyed hash functions is false?

    <p>They require a secret key for computation.</p> Signup and view all the answers

    What is a correct application of the function S in a MAC?

    <p>Creating a tag for a message using a key.</p> Signup and view all the answers

    In a keyed hash function, what should be true for distinct keys k1 and k2 when hashing the same message?

    <p>hk1(m) should not equal hk2(m) for most messages</p> Signup and view all the answers

    What is the main purpose of the key generation algorithm G in a MAC?

    <p>To generate a key with a security parameter.</p> Signup and view all the answers

    What is the probability of successfully guessing Hk(m) when assuming Hk() is a random function?

    <p>2^(-n)</p> Signup and view all the answers

    In an exhaustive search for key k, what is the expected number of keys such that all r message-tag pairs are verified?

    <p>2^(n - nr)</p> Signup and view all the answers

    What does the expression Hk(m) = h(k||m) represent in the context of Message Authentication Codes?

    <p>secret prefix MAC</p> Signup and view all the answers

    What type of attack can be executed if the underlying hash function has a Merkle-Damgård construction and k is one block in length?

    <p>chosen-message attack</p> Signup and view all the answers

    What type of forgery is possible when given (m, Hk(m)) and the length of k?

    <p>selective forgery</p> Signup and view all the answers

    Which statement is true regarding SHA-3 in relation to extension attacks?

    <p>SHA-3 does not admit extension attacks.</p> Signup and view all the answers

    What additional method is hinted at with the expression Hk(m) = h(k||m||k)?

    <p>sandwich method</p> Signup and view all the answers

    What is the main concern when trying to create a MAC from an unkeyed hash function?

    <p>selective forgery potential</p> Signup and view all the answers

    What does the MAC tag in the message creation process consist of?

    <p>Polynomial coefficients combined with AES encryption</p> Signup and view all the answers

    Which method of authenticated encryption is considered the preferred approach?

    <p>Encrypt-then-MAC</p> Signup and view all the answers

    Which of the following modes are specifically mentioned for authenticated encryption?

    <p>CCM, CWC, OCB, EAX, GCM</p> Signup and view all the answers

    What does Galois/Counter mode primarily provide?

    <p>Data integrity and confidentiality</p> Signup and view all the answers

    What is a significant characteristic of the ChaCha20-Poly1305 algorithm?

    <p>It encrypts plaintext using a 256-bit key and a 96-bit nonce.</p> Signup and view all the answers

    In the encrypt-and-MAC method, what does the message combine with?

    <p>The plaintext and its MAC</p> Signup and view all the answers

    What role does the nonce play in the authentication process?

    <p>It ensures the uniqueness of encryption for every tag.</p> Signup and view all the answers

    Which of the following encryption approaches is utilized in SSL/TLS?

    <p>MAC-then-encrypt only</p> Signup and view all the answers

    What is the function of HMAC in message authentication?

    <p>It generates a keyed hash to verify message integrity.</p> Signup and view all the answers

    Which hash function is mentioned as being too weak for MACs?

    <p>MD4</p> Signup and view all the answers

    Which of the following protocols uses HMAC for security?

    <p>TLS</p> Signup and view all the answers

    What is the basis for the security of HMAC?

    <p>The security of the hash function employed.</p> Signup and view all the answers

    Which mode of operation is generally associated with block cipher MACs?

    <p>CBC (Cipher Block Chaining) mode</p> Signup and view all the answers

    Which of the following is NOT a type of MAC based on block ciphers?

    <p>HMAC</p> Signup and view all the answers

    What is one example of a MAC that can be built using a block cipher?

    <p>OMAC</p> Signup and view all the answers

    Which RFC is associated with HMAC?

    <p>RFC 2104</p> Signup and view all the answers

    Study Notes

    Applied Cryptography & Authentication

    • This presentation covers Keyed Hash Functions & MACs.
    • A hash function maps binary strings of any length to strings of fixed length.
    • Hash functions require easy computation and compression.
    • Cryptographic hash functions also require pre-image resistance, second pre-image resistance, and collision resistance.
    • Unkeyed hash functions produce data integrity.
    • Data integrity is verified by the hash of a message, as long as the compared hash is unchanged.
    • Keyed hash functions utilize a secret key and a message for input.
    • For a given key, the hash value remains constant for any repeated input.
    • Different keys will always produce different hash values, except for a few messages.

    Keyed Hash Functions

    • Keyed hash functions use a secret key in addition to a message as input.
    • For a given key, a keyed hash function generates the same hash value every time it's called for a given message.
    • Two distinct keys produce distinct hash values except for a limited number of messages.
    • Cryptographic algorithms often use keyed hash functions (e.g., MACs, PRFs).

    Message Authentication Codes (MACs)

    • A MAC is a triple of efficient algorithms (G, S, V).
    • G generates a key with a security parameter.
    • S generates a tag given a key and message.
    • V verifies a given tag, message, and key, returning accept or reject.
    • For all messages m and keys k, V(k, m, S(k, m)) must return 'accept'.
    • MACs offer data integrity and data origin authentication in private key scenarios.
    • The MAC function is parametrized by k (a key).
    • hₖ(m) is the MAC or tag of the message m.
    • Alice and Bob can verify message origin and integrity using a shared secret key k.

    Security of MACs

    • Alice and Bob know k.
    • Eve doesn't know k.
    • Eve can receive polynomially many tags for chosen messages using an oracle access to Hₖ( ).
    • Eve tries to generate a valid message/tag pair (m', t') without knowing k as a chosen-message attack.
    • A secure MAC prevents computationally feasible generation of a new message-tag pair for any new message.
    • Security is based on the security of the hash function used.
    • MACs can be forged using weak hash functions
    • MACs are used in TLS (transport layer security)
    • MACs are used in IPsec (Internet Protocol security).

    Generic Attacks on MACs

    • Choose y in (0,1)^n, guess Hk(m)=y
    • Probability of success is 2^(-n) if Hₖ( ) is a random function
    • Exhaustive search for key k, given r message-tag pairs.
    • Test each possible key k by verifying each pair.
    • The expected number of keys that verify all r pairs is 2^(l-nr) if Hₖ( ) is random.
    • (where l = key length, n = number of bits).

    Making a MAC from an Unkeyed Hash Function

    • Hₖ(m) = h(k||m) (secret prefix MAC)
    • If the underlying hash function has a Merkle-Damgård construction and k is the length of one block, then Hₖ(m) can be subject to a chosen message attack that recovers Hₖ( ).
    • A hash function with a Merkle-Damgård construction is vulnerable when k is one block in length.
    • First, find a collision x₁, x₂ for the hash function; then mount a chosen-message attack by asking for MAC(x₁), which will also be MAC(x₂).
    • Hₖ(m) = h(m||k) (secret sufix MAC), and if the underlying hash function has Merkle-Damgård construction, then security is compromised if k is one block in length.

    HMAC (Keyed-Hash Message Authentication Code)

    • HMAC(k, m) = h((k + opad) || h((k + ipad) \ m)).
    • Security of HMAC relies on its underlying hash function.
    • HMAC can be vulnerable to forgeries if a weak hash function is used.
    • MACs using MD4 are weak and forgeable.
    • HMACs are used in TLS (transport layer security) and IPsec (Internet Protocol security).
    • RFC 2104 and FIPS 198-1 provide HMAC specifications.

    Block Cipher MACs

    • CBC-MAC, ECB-MAC, and other related MACs use block cipher encryption modes like CBC, and are used in many applications.
    • CBC-MAC is based on CBC mode encryption and utilizes an initialization vector (IV) of zero.
    • For fixed message lengths, security is based on the underlying block cipher.
    • EMAC (Encrypted MAC) improves upon CBC-MAC by encrypting the output multiple times using a change of keys, allowing it to work with arbitrary message lengths.
    • Other MACs include XCBC-MAC, CMAC, and OMAC.

    Authenticated Encryption

    • Authenticated encryption combines confidentiality, integrity, and data origin authentication.
    • Encrypt-then-mac (preferred).
    • Authenticate before encrypt (for example a TLS 1.3).
    • Recent addition to TLS (and DTLS), also found in SSHv2.
    • Encrypt-and-mac
    • Mac-then-encrypt
    • Authenticated Encryption (AE) modes for block ciphers such as CCM, CWC, OCB, EAX, and GCM.
    • Galois/Counter mode (GCM) is a mode of AE for block ciphers used in TLS/SSL for achieving authentication of encrypted data.
    • ChaCha20-Poly1305, described in RFC 8439, uses a 256-bit key and 96-bit nonce to combine ChaCha20 and poly1305 for data.

    AEAD (Authenticated Encryption with Associated Data)

    • AEAD enables authentication of both encrypted data and associated data (plaintext).
    • Protocols like TLS 1.3 support AEAD modes (AES-GCM, AES-CCM).
    • Other examples of AEADs, include Ghost R 34.12 2015 and ChaCha20-Poly1305.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Test your knowledge on Message Authentication Codes (MAC) and their properties in cryptographic systems. This quiz covers fundamental concepts such as keyed hash functions, chosen-message attacks, and the distinctions between different forgery types. Perfect for anyone studying cryptography or security protocols.

    More Like This

    Use Quizgecko on...
    Browser
    Browser