message authentication code and digital signatures - technical report
TRANSCRIPT
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
1/33
__________________________________________________________
TECHNICAL REPORT SUBMITTED
IN PARTIAL FULFILLMENT OF THE REQUIREMENT
FOR THE AWARD OF DEGREE OF
Bachelor of Technology
In
COMPUTER SCIENCE AND ENGINEERING
BY
SRIKAR DHULIPALLA (08M91A0565)
Under the Guidance of
Ms. REKHA CHORARIA
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
AURORAS SCIENTIFIC AND TECHNOLOGICAL INSTITUTE
Aushapur (V), Ghatkesar (M), R. R. Dist - 501 301
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
2/33
AURORAS SCIENTIFIC AND TECHNOLOGICAL INSTITUTE
Aushapur (V), Ghatkesar (M), R. R. Dist - 501 301
CERTIFICATE
This is to certify that this technical report entitled Message Authentication
Code and Digital Signatures by Srikar Dhulipalla H.T. No: 08M91A0565 submitted
in partial fulfillment of the requirements for the award of degree of Bachelor of
Technology in Computer Science and Engineering of the Jawaharlal Nehru Technological
University Hyderabad, during the academic year 2011-12, carried out under our
guidance and supervision.
Signature of Internal Guide Signature of H.O.D
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
3/33
ACKNOWLEDGEMENT
I am heartily thankful to my internal guide, Ms. Rekha Choraria, for her constant motivationand valuable help throughout the technical seminar work. I also express my gratitude to Mr.
V. Satyanarayana, HOD of Computer Science and Engineering, for his valuable suggestions
and advices throughout the course. I also extend my thanks to other faculties for their
cooperation during my course.
SRIKAR DHULIPALLA
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
4/33
DECLARATION
I hereby declare that the technical report titled Message Authentication Code and Digital
Signatures submitted to Auroras Scientific and Technological Institute, in partial fulfillment
of the requirement for award of degree of Bachelor of Technology, is a bonafide work carried
out by me at our college.
SRIKAR DHULIPALLA
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
5/33
ABSTRACT
Innovative ideas and secure details are communicated through a network. Distrust of
communication leads to havoc. The main aim of communicating the things by using modern
technology will be defeated if it does not reach the party concerned. So proper care should be
taken to avoid the distrust in communication to achieve the desired goal. There are several
threats that cause mutual distrust among the parties and may end in confiscating their
resources associated with the other. To avoid such anomaly in the networks, a definite need
for authentication is required for communicating the parties. A Message Authentication Code
(MAC) has been introduced that helps in transmitting the messages through a network and
ensures the authenticity of the parties. MAC or message authentication code protects both the
parties who exchange messages from third party (such as the network acting as a medium of
transmission).
On the other hand, Digital Signatures protect the communicating parties form the other.
Repudiation threat can also be resolved by using Digital Signatures. Authentication as well as
legitimacy is required to protect each party from the other. These signatures authenticate the
parties and the data they transmit. These signatures are analogous to the hand written
signatures and thus provide a better security over the communications network.
The communications network invariably needs a channel of high security that enables the
communicating party to prove it to be legitimate and carry out its intended communication.
The word, proving itself, is the top priority, that can be addressed by adopting the MAC(message authentication code) and DS (digital signatures), that maintains mutual trust among
the parties.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
6/33
TABLE OF CONTENTS
1. Introduction to authentication1.1 Authentication1.2 Authentication in Computer Networks1.3 Authentication versus Authorization1.4 Mutual Authentication1.5 Types of Authentication
2. Message Authentication Code1.1 An Overview Of MAC1.2 Need For MAC1.3 Message Confidentiality With Symmetric Encryption1.4 Approaches To Message Authentication Code
3. Digital Signatures1.1
An Overview Of Digital Signatures
1.2 Need For Digital Signatures1.3 How Digital Signatures Work?1.4 Use Of Digital Signatures1.5 Generation And Verification Of Digital Signatures1.6 Advantages Of Digital Signatures
4.
Conclusion
5. AppendixA1.1 Terminology
6. References
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
7/33
AUTHENTICATION
Authentication is a process which allows a sender and a receiver of information to validate
each other. If the sender and the receiver information cannot properly authenticate each other,
there is no trust in the activities or information provided by either party. Authentication can
involve highly complex and secure methods or can be very simple. The simplest form of
authentication is the transmission of shared password between entities wishing to authenticate
each other.
In art, antiques, and anthropology, a common problem is verifying that a person has the said
identity or a given artifact produced by a certain person, or was produced in a certain place or
period of history. There are there types of techniques for doing this:
The first type of authentication is accepting proof of identity given by a credibleperson who has the evidence on the said identity or on the originator and the object
under assessment as his artifact respectively.
The second type of authentication is comparing the attributes of the objects itself towhat is known about the objects of that origin. For example, an art expert might look
at the similarities in the style of painting, check the location and form a signature, or
compare the object to an old photograph.
The third type of authentication relies on the documentation or other externalaffirmations. For example, the rules of evidence in criminal courts often require
establishing the chain of custody of evidence presented.
The ways in which someone may be authenticated fall into three categories, based on what
are known as factors of authentication. Each authentication factor covers a range of elements
use to authenticate or verify a persons identity prior to being granted access, approving a
transaction request, signing a document or other work product, granting authority to others,
and establishing a chain of authority.
Security research has determined that a positive identification, elements from at least two,
and preferably all three, factors to be verified. The factors and some of the elements of each
factor are:
OWNERSHIP FACTOR: Something the user has e.g. wrist band, ID card, security token,
software token, phone or cell phone.
KNOWLEDGE FACTOR: Something the user knows e.g. a password, pass phrase or a PIN
(personal identification number), and challenge response.
INHERENCE FACTOR: Something the user is or does e.g. a fingerprint, retinal pattern,
DNA sequence, signature, face, voice, unique bio-electric signals, or other biometric
identifier.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
8/33
AUTHENTICATION IN COMPUTER NETWORKS
Authentication in computer networks means verifying the identity of a user logging onto a
network. Passwords, digital certificates, smart cards and biometrics can be used to prove the
identity of the user to the network. Computer security authentication includes verifying
message integrity, e-mail authentication and MAC (Message Authentication Code), checking
the integrity of a transmitted message. There are human authentication, challenge-response
authentication, password, digital signature, IP spoofing and biometrics.
Human authentication is the verification that a person initiated the transaction, not the
computer. Challenge-response authentication is an authentication method used to prove the
identity of a user logging onto the network. When a user logs on, the network access server -
(NAS), wireless access point or authentication server creates a challenge, typically a randomnumber sent to the client machine. The client software uses its password to encrypt the
challenge through an encryption algorithm or a one-way hash function and sends the result
back to the network which probably is the response.
Two-factor authentication requires two independent ways to establish identity and privileges.
The methods of using more than one factor or authentication is also called strong
authentication. This contrasts with traditional authentication, requiring only one factor in
order to gain access to a system. Password is a secret word or code used to serve as a security
measure against unauthorized access to data. It is normally managed by the operating system
or DBMS. However, a computer can only verify the legality of the password no the legalityof the user.
Two major applications of digital signatures are for setting up a secure connection to a
website and verifying the integrity of files transmitted. IP spoofing refers to inserting the IP
address of an authorized user into the transmission of an unauthorized user in order to gain
illegal access to a computer system.
Biometrics is a more secure form of authentication than typing passwords or even using smart
cards that can be stolen. However, some ways have relatively high failure rates. For example,
fingerprints can be captured from a water glass and fool scanners.
The authentication of information can pose special problems especially man-in-the-middle
attack, and is often wrapped up with authenticating identity. Various systems have been
invented to allow users to authenticate that a given message was originated from or was
relayed by them. These involve authentication factors like:
A difficult to reproduce physical artifact, such as a seal, signature, watermark, specialstationery, or fingerprint.
A shared secret such as a pass-phrase, in the context of the message. An electronic signature, used to guarantee that a message has been signed bylegitimate user.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
9/33
AUTHETNICATION VERSUS AUTHORIZATION
The process of authorization is distinct from that of authentication. Whereas authentication is
the process of verifying that you are who you say you are, authorization is the process of
verifying that you are permitted to do what you are trying to do. Authorization thus
presupposes authentication.
For example, when you show proper identification credentials to a bank teller, you are asking
to be authenticated to act on behalf of the account holder. If your authentication request is
approved, you become authorized to access the accounts of that accountholder, but no others.
Even though authorization cannot occur without authentication, the former term is sometimes
used to mean the combination of both.
To distinguish authentication from the closely related authorization, the short-hand
notations A1 (authentication), A2 (authorization) as well as AuthN / AuthZ or Au / Az are
used in some communities.
Normally delegation was considered to be part of authorization domain. Recently
authentication is also used for various types of delegation tasks. Delegation in IT network is
also a new but evolving field.
One familiar use of authentication and authorization is access control. A computer system
that is supposed to be used only by those authorized must attempt to detect and exclude theunauthorized. Access to it is therefore usually controlled by insisting on an authentication
procedure to establish with some degree of confidence the identity of the user, granting
privileges established for that identity. Common examples of access control involving
authentication include:
Asking for photo ID when a contractor first arrives at a house to perform work. Using captcha as a means of asserting that a user is a human being and not a computer
program.
A computer program using a blind credential to authenticate to another program. Entering a country with a passport. Logging in to a computer. Using a confirmation E-mail to verify the ownership of an e-mail address. Using an internet banking system. Withdrawing cash from an ATM.
Security experts argue that it is impossible to prove the identity of a computer user with
absolute certainty. It is only possible to apply one or more tests which, if passed, have been
previously declared to be sufficient to proceed. The problem is to determine which tests are
sufficient, and many such are inadequate. Any given test can be spoofed one way or theother, with varying degrees of difficulty.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
10/33
MUTUAL AUTHENTICATION
The term Mutual Authentication has been used in the literature to define where the parties
authenticate to each other within a single authentication process. Mutual authentication is
normally seen as two separate identity bindings within one authentication algorithm, but EAP
methods like AKA claim mutual authentication with a single identity binding based on joint
state held by both parties. IKE with pre-shared key also produces a mutual authentication
within its single exchange.
Mutuality in a single authentication process can be achieved in many ways with different
assumptions on trust. As such it is valuable to define different terminology here. In fact the
use of Mutual in this context is problematic as a single flow, consisting of two nested
authentication algorithms, can be attacked to the detriment of the authenticating parties.
An authentication process may be called mutual and still the following issues are undefined:
Is one or both identities exchanged? If only one identity is exchanged, is the other identity implied by knowledge of a
symmetric key?
Is/are the identities exchange secure? If two identities are securely exchanged, are they protected with one or two keys? If two identities, is there one identity exchange, two intertwined exchanges, or two serial
or parallel exchanges?
To resolve these issues, it is best to limit the applicability of Mutual Authentication to
authentication algorithms and how they act on Identity bindings. Authentication flows and
channels are silent on mutuality. Mutuality is NOT established by a bi-directional or coupled
unidirectional flow. It is appropriate to delineate the requirement of mutual authentication for
a system.
Describing an authentication algorithm as mutual or not mutual may be acceptable in some
instances, in others instances it is too general for a classification. To that end there are two
features that further typify an authentication.
Are both identities explicitly included within the algorithm or is one implicit as in AKA. Is one of the identities not bound to its key, but protected with the other partys key? Thus efficient algorithms can be built up by understanding the above listed issues and
classifying the scenarios to establish a mutual authentication between the communicating
parties and thus help encouraging a mutual trust between them to share their resources with
the other efficiently.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
11/33
TYPES OF AUTHENTICATION
Authentication can be accomplished in many ways. The importance of selecting an
environment appropriate Authentication Method is perhaps the most crucial decision in
designing secure systems.
Authenticating protocols are capable of simply authenticating the connecting party or
authenticating the connecting party as well as authenticating itself to the connecting party.
The various ways in which an authentication process can be carried out are:
Passwords One-time passwords Public-key cryptography Zero-knowledge proofs Message Authentication Code Digital Signatures
PASSWORDS:
Passwords are the most widely used form of authentication. Users provide an identifier, a
typed in word or phrase or perhaps a token card, along with password. In many system the
passwords, on the host itself, are not stored as plain text but are encrypted. Passwordauthentication of this type is in general simple and does not require much processing power.
Password authentication has several vulnerabilities, some of the more obvious are:
Passwords are easy to guess. Writing the password and placing it in a high visible area. Discovering passwords by eavesdropping or even social engineering.The risk of eavesdropping can be managed by using digests for authentication. The
connecting party sends a value, typically a hash of the client IP address, time stamp, and
additional secret information. Because this hash is unique for each accessed URI, no other
documents can be accessed nor can it not be used from other IP address without detection.
The password is also not vulnerable to eavesdropping because of the hashing. The system is,
however, vulnerable to active attacks such as the man-in-the-middle attack.
ONE-TIME PASSWORDS:
To avoid the problems associated with passwords reuse, one-time passwords are developed.
There are two types of one-time passwords, a challenge-response password and a passwordlist.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
12/33
The challenge-response password responds with a challenge value after receiving a user
identifier. The response is then calculated from either with response value or select from a
table based on the challenge.
A one-time password list makes use of lists of passwords which are sequentially used by the
person wanting to access a system. The values are generated so that it is very hard to
calculate the next value from the previously presented values.
It is important to keep in mind that Password systems only authenticate the connecting party.
It does not provide the connecting party with any method of authenticating the system they
are accessing, so it is vulnerable to spoofing or a man-in-the-middle attack.
PUBLIC KEY CRYPTOGRAPHY:
PKC is based on very complex mathematical problems that require very specialized
knowledge. PKC makes use of two keys, one private and the other public. The two keys are
linked together by the way of an extremely complex mathematical equation. The private key
is used to decrypt and also encrypt messages between the communicating machines. Both
encryption and verification of signature is accomplished with the public key.
The advantage of PKC is that the public key is readily available to the public. In fact, public
keys are often published to public directories on the internet so that they can be easily
retrieved. This simplifies key-management efforts.
The integrity of the public key is of the utmost importance. The integrity of a public key is
usually assured by completion of a certification process carried out by a certification
authority. Once the CA has certified that the credentials provided by the entity securing the
public key are valid, the CA will digitally sign they key so that the visitors accessing the
material the key is protecting will know the entity has been certified.
ZERO-KNOWLEDGE PROOFS:
Zero-knowledge proofs make it possible for a Host to convince another Host to allow access
without revealing any secret information. The hosts involved in this form of authentication
usually communicate several times to finalize authentication.
The client will first create a random but difficult problem to solve and the solve it using
information it has. The client then commits the solution using a bit-commitment scheme and
then sends the problem and commitment to the server.
The server then asks the client to either prove that the problems are related to open the
committed solution and prove that it is the solution. The client compiles with the request.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
13/33
Typically, about ten successful exchanges will be required to take place before the
authentication process is complete and access is granted.
The zero-knowledge proof of identity has its share of problems. Perhaps the most vulnerable
one is that while Host A thinks he is proving his identity to Host B, it is possible for Host B
to simultaneously authenticate to a third party, Host C, using Host As credentials.
MESSAGE AUTHENTICATION CODE:
In cryptography, a message authentication code (MAC) is a short piece of information used
to authenticate a message. A MAC algorithm, sometimes called a keyed hash function,
accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs
a MAC. The MAC value protects both a messages data integrity as well as its authenticity,
by allowing verifiers to detect any changes to the message content. The algorithmic structurewill be further illustrated in detail.
DIGITAL SIGNATURES:
In many instances it is not necessary to authenticate communicating parties; for instance
when downloading application updates or patches form the Internet. From a security point-of-
view, the server does not need to screen who is downloading the software. The user
downloading the software does not necessarily care what particular server it is downloadingform. However, the user may want to be assured that the downloadable data is genuine and
not a Trojan horse or other malicious or invalid information. In this instance a digital
signature would best serve to authenticate the downloadable data.
A digital signature is a digest calculated from a singed document which is then signed. The
client verifies the digest signature by decrypting it with the servers public key and compares
it to the digest value calculated from message received. The signature can also be used by the
server to verify data client is sending. More in-detail information will be given on digital
signatures.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
14/33
MESSAGE AUTHENTICATION CODE
In cryptography, a message authentication code (MAC) is short information used to
authenticate a message. A MAC algorithm, sometimes called a keyed hash function, accepts
as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC.
The MAC value protects both a messages data integrity as well as its authenticity, by
allowing verifiers to detect any changes to the message content.
Message authentication is a mechanism or service used to verify the integrity of a message. It
assures that the data received are exactly as sent by and that the purported identity of a sender
is valid. These are used to protect the communication (the transit of messages) against active
attacks (falsification of data and transactions).
A message, file, document, or other collection of data is said to be authentic when it isgenuine and came from its alleged source. Two important aspects are to verify that the
contents of the message have not been altered and that the source is authentic.
While MAC functions are similar to cryptographic hash functions, they possess different
security requirements. To be considered secure, a MAC function must resist existential
forgery under chosen-plaintext attacks. This means that even if an attacker has access to an
oracle while possesses the secret key and generates MACs for messages of the attackers
choosing, the attacker cannot guess the MAC for other messages without performing
infeasible amounts of computation.
NEED FOR MESSAGE AUTHENTICATION
In the context of communication across the networks, the following attacks can be identified:
1. Disclosure: release of message contents to any person or process not possessing theappropriate cryptographic key.
2. Traffic analysis: Discovery of pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined.
In either a connection-oriented or connectionless environment, the number and length
of messages between parties could be determined.
3. Masquerade: Insertion of messages into the network from a fraudulent source. Thisincludes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgements of message receipt
or non-receipt by someone other than the message recipient.
4. Content modification: Changes of the contents of a message, including insertion,deletion, transposition and modification.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
15/33
5. Sequence modification: Any modification to a sequence of messages betweenparties, including insertion, deletion, and reordering.
6. Timing modifications: Delay or replay of messages. In a connection-orientedapplication, an entire session or sequence of messages could be replay of some
previous valid session or individual messages in the sequence could be delayed orreplayed. In a connectionless application, individual messages could be delayed or
replayed.
7. Source repudiation: Denial of transmission of message by source.8. Destination repudiation: Denial of receipt of message by destination.
DEFENSE AGAINST ATTACKS
Dealt with
Dealt with
Dealt with
The above figure depicts various ways in which the upcoming attacks in the communications
networks can be defended and thus provide a better security in various scenarios.
1. Disclosure
2. Traffic Analysis
SYMMETRIC
ENCRYPTION
3. Masquerade
4. Content Modification
5. Sequence Modification
6. Timing Modification
MESSAGE
AUTHENTICATION
7. Source repudiation
8. Destination repudiation
DIGITAL
SIGNATURES
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
16/33
MESSAGE CONFIDENTIALITY WITH
SYMMMETRIC ENCRYPTION
SYMMETRIC ENCRYPTION:
Symmetric encryption is an encryption scheme where a single secret key is shared between
the sender and the receiver to communicate with each other by encrypting and decrypting the
messages with the same secret key being shared.
MESSAGE CONFIDENTIALITY:
The two attacks in the context of communication networks i.e. disclosure and traffic
analysis fall under the category of confidentiality which can be attained by using the
symmetric encryption scheme. The approach towards the disclosure attack is possibly to
encrypt the message and send it to the desired recipient who is actually intended to read the
contents of the message. Even if the non-desired user gains an access to the message, since
the message in encrypted, he will not be able to read the contents of the message, unless he
attains the key for decryption.
The approach towards the traffic analysis attack over the context of the
communication networks can be dealt in by using the following two measures:
Link Encryption End To End Encryption
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
17/33
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
18/33
PROBLEMS WITH LINK ENCRYPTION AND END TO END ENCRYPTION
In LED, each PSN or P has to decrypt the packet it receives to identify thedestination of the packet, which ultimately reveals the contents of the packets
message and thus is prone to threat.
In EED, the destination address is clearly visible in the header of the packet andthus the route tables can be modified and the destination address can be forged
and thus prone to threat.
SOLUTION
One possible solution that can help in dealing with the problems listed above would be
combining both the encryption devices together to provide better confidentiality.
Link Encryption
End to End Encryption
P Packet Switching Network
TERMIN
AL 1
TERMIN
AL 3
TERMIN
AL 2
P
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
19/33
APPROACHES TO MESSAGE AUTHENTICATION
MESSAGE ENCRYPTION
It is possible to perform authentication simply by the use of the conventional encryption. If
we assume that only the sender and receiver share a key. Then only the genuine sender would
be able to encrypt a message successfully for the other participant. Furthermore, if the
message includes error detection code and a sequence number, the receiver is assured that no
alterations have been made and that sequence number is proper. If the message also includes
a timestamp, then the receiver is assured that the message has not been delayed beyond that
normally expected for network transit.
Message authentication using symmetric encryption Message authentication using public key encryption
MESSAGE AUTHENTICATION USING SYMMETRIC ENCRYPTION
In this scenario, the following are the steps that occur between the sender and the receiver
The sender generates a message and processes it for encryption. A shared key is used to encrypt the message denoted as Ek(M) and transmits it over to
the receiver,
The receiver on the other hand receives the message and decrypts the message withthe same shared key denoted as Dk(C) and obtains the original message M.
The drawback of such a symmetric encryption scenario is that anyone who can obtain the
shared key by any form of attack can read the message by successfully decrypting it which
leads to loss of valuable information which was not intended to read by any attacker over the
network.
M ME D
K KE(K,M)
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
20/33
MESSAGE AUTHENTICATION USING PUBLIC KEY ENCRYPTION
CONFIDENTIALITY
The following are sequence of steps that occur in the above scenario
Sender generates a key pair called public and private and distributes the public keyover the network. Anyone who is interested in communication can acquire the public
key and communicate.
The willing party will encrypt a message with the public key of sender which isdenoted as EPUk(M) and transmit it to the sender.
The sender will decrypt the message with his private key which is only known to himand will acquire the message which is denoted as DPRk(C).
The drawback in this scenario is the lack of authenticity. Any user over the network can
acquire the pubic key of sender and send him a message by masquerading that he is some
other legitimate user.
AUTHENTICATION
The above scenario is a converse of the previously discussed scenario where they keys for
encryption are interchanged i.e. the private key of the user is used to encrypt the message to
reveal his authenticity in the communication. This method will justify the authenticity of the
M ME D
PUb E (PUb, M) PRb
M ME D
PRa
E (PRa, M) PU
a
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
21/33
sender but still there exists a problem of confidentiality cause the public key of the sender is
available with the entire user over the network and thus can decrypt the message.
AUTHENTICATION AND CONFIDENTIALITY
The best way to overcome the lack of authenticity and confidentiality discussed in the above
scenarios are to double encrypt the message which can be illustrated in the following steps
SENDER
M ---- Message
EPRa(M) ---- Encrypting M with private key of sender
EPUb(EPRa(M)) ---- Encrypting the encrypted message with public key of Recipient
RECEIVER
DPRb(EPRa(M)) ---- Decrypting the encrypted message with private key of Recipient
DPUa(M) ---- Decrypting M with public key of sender
M ---- Message
M E E MD D
PRa
E (PRa, M) PU
bE (PU
b, E (PR
a, M)) PR
bE (PR
a, M) PU
a
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
22/33
MESSAGE AUTHENTICATION CODE (MAC)
One authentication technique involves the use of a secret key to generate a small block of
data, known as a message authentication code that is appended to the message. This
technique assumes that the two communicating parties share a common secret key. When one
party wants to send a message to the other, first party calculates the MAC as a function of the
message and the key and then appends the MAC to the original message and transmits it to
the other party. The receiving party separates the MAC from the message and then computes
the MAC on the message and compares it with the MAC received over the network from the
sender and if it matches then the authenticity of the sender is justified.
The following are the steps that are involved in the above scenario between the sender and
the receiver
Sender forms a message and computes MAC using the MAC algorithm. MAC isformed by encrypting the message with a shared secret key.
The MAC is appended to the original message and the entire content is transmittedover the network to the recipient.
The recipient separated the MAC from the message, performs MAC computation onthe message with the same secret key.
The recipient compares the received MAC and computed MAC and if they both tally,then he is satisfied that the message integrity is maintained and is not tampered by any
unauthorized user over the network.
A slight difficulty which arises in MAC is that it accepts only fixed size message blocks forprocessing and to obtain that preprocessing consumes a lot of time.
M
MA
M
MAC
MAC
M
MAC
MA
MAC
K
COMPARE
K
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
23/33
HASH FUNCTION
A variation in the MAC is one-way hash function which accepts a variable-size message M
as input and produces a fixed-size output which is referred to as hash code. The hash code is
also known as the message digest or the hash value. A secret key is not taken as an input to
hash function rather the message alone is passed to the hash algorithm to generate a message
digest. To authenticate a message, the message digest is sent with the message in such a way
that the message digest is authentic.
There are three ways in which the message can be authenticated:
Using conventional encryption Using public-key algorithm Using secret value
USING CONVENTIONAL ENCRYPTION
The Hash function technique is analogous to MAC where instead of a MAC algorithm a
HASH function / algorithm is used to generate what is called a message digest. The
processing is illustrated in the below steps:
Initially sender forms a message and computes the hash of that message using a hashalgorithm which produces a message digest.
The message digest is encrypted with the shared key and an encrypted message digestis produced out of it.
The content is then appended to entire message block and transmitted over thenetwork to the desired recipient.
The receiver detaches the message from the message digest and performs samecomputations performed by the sender and then matches the received message digest
M M M
H
E
H
D
K K COMPARE
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
24/33
with the computed digest to identify the integrity of the message and is satisfied if not
tampered.
USING PUBLIC KEY ALGORITHM
This technique is analogous to the previous method where a public, private key pair is used
instead of a shared secret value.
USING A SECRET VALUE
This technique is similar to that of the above two techniques where no encryption scheme is
followed. The flowing steps are involved in this technique:
M M M
H
E
H
D
PRa PUa COMPARE
M M M
H
H
S S
COMPARE
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
25/33
The sender computes the message digest by passing the message and the shared secretas arguments to the hash function.
The message digest produced is directly appended to the message without encryptingand is transmitted to the receiver over the network.
The receiver detaches the message from the message digest and computes themessage digest on the message with the shared key and message as input to the samehash function used by the sender.
The computed message digest is compared with the received message digest and ifthey both match, then the integrity of the message is verified and the receiver is
satisfied.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
26/33
DIGITAL SIGNATURES
A digital signature or a digital signature scheme is a mathematical scheme for demonstrating
the authenticity of a digital message or document. A valid digital signature gives a recipient
reason to believe that the message was created by a known sender, and that it was not altered
in transit. Digital signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to detect forgery or tampering.
A digital signature can be used with any kind of message, transactions and the like, whether it
is encrypted or not, simply so that the receiver can be sure of the senders identity and that
the message arrived intact. A digital certificate contains the digital signature of the certificate-
issuing authority so that anyone can verify that the certificate is real. This indeed is so
commonly observed now in internet transactions.
NEED FOR DIGITAL SIGNATURES
Message authentication protects two parties who exchange messages from any third party.
However, it does not protect the two parties against each other. Several forms of dispute
between the two are possible.
E.g. suppose that john sends an authenticated message to Mary, and then the following
disputes could arise:
Mary may forge different messages and claim that it came from John. Mary wouldsimply have to create a message and append an authentication code using the key that
John and Mary share.
John can deny sending the message. Because it is possible for Mary to forge amessage, there is no way to prove that John did in fact send the message.
Both scenarios are legitimate and thus they can lead to various kinds distrust between the
senders and receivers and can form a path of no trust between the communicating parties. In
situations where there is no complete trust between the sender and the receiver, something
more than authentication is needed. The more attractive solution to this problem is the digital
signature. The digital signature is analogous to the handwritten signature. It must have the
following properties:
It must verify the author and the date time of the signature. It must authenticate the contents at the time of the signature.
It must be verifiable by third parties to resolve disputes.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
27/33
Thus, the digital signature function includes the authentication function. On the basis of these
properties, we can formulate the following requirements for a digital signature:
The signature must be a bit pattern that depends on the message digest signed. The signature must some information unique to the sender, to prevent both forgery
and denial.
It must be relatively easy to produce the digital signature. It must be relatively easy to produce the digital signature. It must be computationally infeasible to forge a digital signature, either by
constructing a new message for an existing digital signature or by constructing a
fraudulent digital signature for a given message.
It must be practical to retain a copy of the digital signature in storage.
HOW DIGITAL SIGNATURES WORK ?
Assume you were going to send the draft of a certain contract to your lawyer in another town.
You want to give your lawyer the assurance that it was unchanged from what you sent and
that it is really from you. Here then would be the process:
You copy-and-paste the contact into an e-mail note. Using special software, you obtain a message hash or message digest of the contract
by passing it to the hash algorithm.
You then use a private key that you have previously obtained from a public-privatekey authority to encrypt the hash.
The encrypted hash becomes your digital signature of the message (Note that it willbe different each time you send a message).
USES OF DIGITAL SIGNATURES
As organizations move away from paper documents with ink signatures or authenticity
stamps, digital signatures can provide added assurances of the evidence to provenance,
identity, and status of an electronic document as well as acknowledging informed consent and
approval by a signatory. The United States Government Printing Office (GPO) publishes
electronic versions of the budget, public and private laws, and congressional bills with digital
signatures. Universities including Penn State, University Of Chicago, and Stanford are
publishing electronic student transcripts with digital signatures. Below are some common
reasons for applying a digital signature to communications:
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
28/33
Authentication Integrity Non-repudiation
AUTHENTICATION
Although messages may often include information about the entity sending a message, that
information may not be accurate. Digital signatures can be used to authenticate the source of
messages. When ownership of a digital signature secret key is bound to a specific user, a
valid signature shows that the message was sent by that user. The importance of high
confidence in sender authenticity is especially obvious in a financial context. For example,
suppose a bank's branch office sends instructions to the central office requesting a change in
the balance of an account. If the central office is not convinced that such a message is truly
sent from an authorized source, acting on such a request could be a grave mistake.
INTEGRITY
In many scenarios, the sender and receiver of a message may have a need for confidence that
the message has not been altered during transmission. Although encryption hides the contents
of a message, it may be possible to change an encrypted message without understanding it.
(Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.)However, if a message is digitally signed, any change in the message after signature will
invalidate the signature. Furthermore, there is no efficient way to modify a message and its
signature to produce a new message with a valid signature, because this is still considered to
be computationally infeasible by most cryptographic hash functions (see collision resistance).
NON-REPUDIATION
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of
digital signatures. By this property an entity that has signed some information cannot at alater time deny having signed it. Similarly, access to the public key only does not enable a
fraudulent party to fake a valid signature.
http://en.wikipedia.org/wiki/Malleability_(cryptography)http://en.wikipedia.org/wiki/Collision_resistancehttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Collision_resistancehttp://en.wikipedia.org/wiki/Malleability_(cryptography) -
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
29/33
GENERATION AND VERIFICATION OF
DIGITAL SIGNATURES
The following figure depicts the generation and the verification of the digital signatures
which is illustrated in the form of steps below.
Fig: Creation and verification of digital signatures
GENERATION
A key pair, public and the private are generated by all the communicating parties. The message or data is hashed using a hash function which produces a message
digest.
The message digest is encrypted with the private key of the sender which ultimatelyturn forms a digital signature.
This digital signature is appended with the message or any other related informationand is transmitted over the network to the desired recipient.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
30/33
VERIFICATION
The recipient receives the information or message along with the digital signature. The receiver decrypts the digital signature with the public key of the sender which he
has already received prior to communication and thus obtains the message digest.
Since hashing is one-way meaning that it is not reversible, the message is taken by thereceiver and then he performs hash on the message to obtain the message digest.
The receiver compares the computed message digest with the received message digestand if the both tally, then he is assured of the authenticity of the sender as well as the
integrity of the message.
ADVANTAGES OF DIGITAL SIGNATURES
Just as with any technology, there will be plus and minuses. This is the way it is with
anything, whether it is technology related or not. The advantages of using digital signatures
include:
IMPOSTER PREVENTION:By using digital signatures you are actually eliminating the possibility of committing
fraud by an imposter signing the document. Since the digital signature cannot be
altered, this makes forging the signature impossible.
MESSAGE INTEGIRTY:By having a digital signature you are in fact showing and simply proving the
document to be valid. You are assuring the recipient that the document is free from
forgery or false information.
LEGAL REQUIREMENTS:Using a digital signature satisfies some type of legal requirement for the document in
question. A digital signature takes care of any formal legal aspect of executing the
document.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
31/33
CONCLUSION
User authentication can be handled using one or more different authentication methods. Some
authentication methods such as plain password authentication are easily implemented but are
in general weak and primitive. The fact that plain password authentication it is still by far themost widely used form of authentication, gives credence to the seriousness of the lack of
security on both the Internet and within private networks.
Other methods of authentication that may be more complex and require more time to
Implement and maintain, provide strong and reliable authentication (provided one keeps its
secrets secret, i.e. private keys and phrases).
That being said, one of the key factors to be considered in determining which method of
authentication to implement is usability. The usability factor cannot be ignored when
designing authentication systems. If the authentication methods are not deemed usable by
those forced to utilize them, then they will avoid using the system or persistently try to
bypass them. Usability is a key issue to the adoption and maintenance of a security system.
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
32/33
APPENDIX-A
TERMINOLOGY
KEYWORD DESCRIPTION
K SHARED SECRET KEY
KPU PUBLIC KEY OF USER
KPR PRIVATE KEY OF USER
PKC PUBLIC KEY CRYPTOGTAPHY
MA MAC ALGORITHM
MAC MESSAGE AUTHENTICATION CODE
H HASH FUNCTION
MD MESSAGE DIGEST
E and D ENCRYPTION AND DECRYPTION
DS DIGITAL SIGNATURES
-
8/2/2019 Message Authentication Code and Digital Signatures - Technical Report
33/33
REFERENCES
E-BOOKS:
http://www.entrust.com/resources/pdf/cryptointro.pdf http://www.ehow.com/list_5910155_types-authentication-protocols.pdf http://technet.microsoft.com/en-us/library/cc962021.pdf
WEBSITES:
http://en.wikipedia.org/wiki/Authentication http://www.duke.edu/~rob/kerberos/authvauth.html http://www.youdzone.com/signature.html http://cs.ucsb.edu/~koc/ccs130h/notes/mac2.html
TEXT BOOKS:
Cryptography and network securityWilliam Stallings, 4th Edition Hack proofing your network2nd Edition, Dreamtech Publications Network Security EssentialsWilliam Stallings, 3rd Edition Internet and World Wide WebNieto, Dreamtech Publications
http://www.entrust.com/resources/pdf/cryptointro.pdfhttp://www.ehow.com/list_5910155_types-authentication-protocols.pdfhttp://technet.microsoft.com/en-us/library/cc962021.pdfhttp://en.wikipedia.org/wiki/Authenticationhttp://www.duke.edu/~rob/kerberos/authvauth.htmlhttp://www.youdzone.com/signature.htmlhttp://cs.ucsb.edu/~koc/ccs130h/notes/mac2.htmlhttp://cs.ucsb.edu/~koc/ccs130h/notes/mac2.htmlhttp://www.youdzone.com/signature.htmlhttp://www.duke.edu/~rob/kerberos/authvauth.htmlhttp://en.wikipedia.org/wiki/Authenticationhttp://technet.microsoft.com/en-us/library/cc962021.pdfhttp://www.ehow.com/list_5910155_types-authentication-protocols.pdfhttp://www.entrust.com/resources/pdf/cryptointro.pdf