Unit 4 - Hash Functions and Authentication Applications -DB

Message Authentication

Critical applications , such as electronic funds transfer , depend on the integrity of the received information a misplaced decimal point or added zero could cause chaos . The authenticity of the information must be guaranteed to insure that it is genuine and has not been altered in transit . Message Authentication can be used with or without encryption

When user A wishes to send a message to user B , he appends the authentication value to the message . B receives the message and its authentication value . B then calculates the output of the authentication

br algorithm with the message received from A and the agreed secret key as input . If this output agrees with the authentication value sent by A then B can be confident that the message came from A and has not been altered (Thus the authentication function provides both data integrity and authenticates A ) The observant reader will have noticed that the use of this type of authenticator does not prevent replays . In to protect against this type of attack users need to append identifiers such as sequence numbers , to the messages

One important aspect of this authentication process is that the sender and receiver perform exactly the same calculations . Thus , if there were ever a dispute between A and B as to what was sent , there would be no cryptographic way of settling it . This is not really a fault of the system , but merely a consequence of using symmetric cryptography . Here A and B must trust each other . They share a secret key and are relying on the secrecy of that key to protect them against alteration attacks from any third party . They are not seeking protection from each other because they have this mutual trust . In general this is true of most users of symmetric cryptography . It is used by mutually trusting parties to protect their information from the rest of the world

Message Authentication uses the transmitted information and a secret encryption key to create a cyclic redundancy check (CRC ) character called a message authentication code (MAC ) or digital signature . MAC is the most widely used authenticator , particularly by the financial sector . Unlike a CRC , which is affixed to each frame , the MAC is appended to the end of the message . The MAC is recalculated by the receiver and must match the received MAC to indicate authenticity

Schematically , the MAC creating can be displayed in the following diagram

MAC is derived usually using hash function . Hash functions take a message as input and produce an output referred to as a hash-result More precisely , a hash function `h ' maps bit-strings

of arbitrary finite length to strings of fixed length , say `n ' bits

One of the most widespread possible attacks

One may expect a guessing attack to find a MAC key . An attempt may be made to determine it using exhaustive search . With a single known text-MAC pair , an attacker may compute the n-bit MAC on that text under all possible keys , and then check which of...