Message Authentication Overview

Questions and Answers

Message authentication codes and hash functions are unrelated to message confidentiality.

True

Public-key algorithms are primarily designed for securing data during transmission instead of key exchange.

False

To prevent active attacks, such as falsification, message authentication relies heavily on error-detection codes.

True

A message is considered authentic if it has been modified during transmission but retains its source identity.

False

Including a timestamp in a message can ensure that it has not been delayed beyond expected network transit times.

True

Study Notes

Message Authentication

• Message authentication protects against active attacks (falsification of data and transactions)
• Two main objectives:
  • Verify the contents have not been altered
  • Verify the source of the message
• Other concerns:
  • Timeliness verification (prevent message delay and replay)
  • Sequencing of messages between parties

Authentication Using Conventional Encryption

• Uses symmetric encryption (sender and receiver use the same key)
• Assumes the sender can encrypt a message successfully, and the receiver can recognize a valid message.
• If the message includes an error-detection code, a sequence number and a timestap, the receiver can confirm:
  • No alterations have been made
  • Sequencing is proper
  • The message hasn't been delayed beyond expected network transit

Message Authentication without Message Encryption

• Does not rely on encryption
• Appends an authentication tag to each message
• Allows the message to be read at the destination without decryption
• Three situations when message authentication without confidentiality is preferred:
  • Broadcasting messages: Cheaper and more efficient to have a single destination monitor authentication
  • Exchange with heavy load: Selective authentication on random messages
  • Authenticating a computer program in plaintext: Avoids costly decryption and allows program execution

Message Authentication Code (MAC)

• Uses a secret key to generate a small block of data (called a MAC) appended to the message
• Both sender and receiver share a secret key (KAB)
• MAC is calculated as a function of the message (M) and the key: MACM = F(KAB, M)
• The message plus MAC are transmitted to the receiver
• Receiver performs the same calculation using the same key to verify the received MAC
• Assumes only the receiver and sender know the secret key
• Benefits:
  • Assures the message has not been altered: An attacker cannot modify the message without changing the code
  • Assures the message is from the alleged sender: No one else knows the secret key
  • If the message includes a sequence number, it ensures the correct order

One-Way Hash Function

• Alternative to MAC
• Uses a hash function that takes a variable-size message M as input and outputs a fixed-size message digest H(M)
• Does not use a secret key
• To authenticate a message, the message digest is sent with the message
• Three authentication approaches:
  • Encrypt the message digest using conventional encryption (shared key)
  • Encrypt the message digest using public-key encryption
  • Avoid encryption altogether

Advantages of One-Way Hash Function over encryption

• Less computation
• Encryption software is slow
• Encryption hardware can be expensive

Description

This quiz explores the fundamentals of message authentication, detailing the mechanisms that protect against data falsification and ensure message integrity. It covers both conventional encryption methods and authentication without encryption, highlighting key objectives such as content verification, source validation, and timeliness concerns.