Outline

▪ MesAuthentication Codes
▪ MAC requirements and security
▪ MACs based on Hash Functions
▪ MACs based on Block sage Ciphers
 Message Authentication
▪ Message authentication is a procedure to verify that received
message came from the genuine source and has not been altered.
▪ Message authentication may also verify sequencing and
timeliness.
▪ Message authentication is a mechanism or service used to verify
the integrity of a message.
▪ Message authentication assures that data received are exactly
same as sent (i.e., message contains no modification, no insertion,
no deletion, or no replay).

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 2
 Message Authentication Requirements
1. Disclosure: Release of message contents.
2. Traffic analysis: Analyses the traffic and observe the pattern of
traffic between parties.
3. Masquerade: Insertion of messages into the network from a
fraudulent source.
4. Content modification: Changes to the contents of a message.
5. Sequence modification: Any modification to a sequence of
messages between parties.
6. Timing modification: Delay or replay of messages.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by
destination.
INS is very Interesting Subject
Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 3
 Message Authentication Requirements
1. Disclosure Requires Message
2. Traffic analysis Confidentiality
3. Masquerade
4. Content modification Requires Message
5. Sequence modification Authentication
6. Timing modification
7. Source repudiation Requires Digital
8. Destination repudiation Signature

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 4
 Message Authentication
Source A Destination B

M E D M

K K
(a) Symmetric encryption : confidentiality and authentication

M E D M

PUb PRb

(b) Public-key encryption : confidentiality

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 6
 Message Authentication
M E D M

PRa PUa

(c) Public-key encryption : authentication and signature

M E E D D M

PRa PUb PRb PUa

(d) Public-key encryption : confidentiality, authentication, and signature

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 7
 Message Authentication Code
▪ An alternative authentication technique involves the use of a
secret key to generate a small fixed-size block of data, known as a
cryptographic checksum or MAC.
▪ MAC is appended to the message. This technique assumes that
two communicating parties, say A and B, share a common secret
key K.
▪ When A has a message to send to B, it calculates the MAC as a
function of the message and the key.
MAC = C ( K , M )

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 8
 Message Authentication Code
Source A Destination B
C
M K ll M
Compare
K
C
C(K, M)
(a) Message authentication
▪ The receiver is assured that the message has not been altered.
▪ If an attacker alters the message but does not alter the MAC, then
the receiver’s calculation of the MAC will differ from the received
MAC.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 9
 Message Authentication Code
▪ The receiver is assured that the message is from the alleged
sender.
▪ Because no one else knows the secret key, no one else could
prepare a message with a proper MAC.
▪ A MAC function is similar to encryption. One difference is that the
MAC algorithm need not be reversible, as it must be for
decryption.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 10
 Message Authentication Code - Cont…

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 11
 Message Authentication Code
Source A Destination B
C
M K1 ll E D M
Compare
K1
C K2 K2
E(K2, [M||C(K1, M)]) C(K1, M)
(b) Message authentication and confidentiality; authentication tied to plaintext
E(K2, M)
D
E ll C
M K1 M
Compare K2
K2 K1
C

C(K1, E(K2, M))

(c) Message authentication and confidentiality; authentication tiedInteresting
INS is very to ciphertext
Subject
Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 12
 MAC Based on Hash Functions - HMAC
▪ Cryptographic hash functions such as MD5 and SHA generally
execute faster in software than symmetric block ciphers such as
DES.
▪ Library code for cryptographic hash functions is widely available.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 13
 Design objectives for HMAC
▪ To use available hash functions without modifications.
▪ To allow for easy replaceability of the embedded hash function in
case faster or more secure hash functions are found or required.
▪ To preserve the original performance of the hash function without
incurring a significant degradation..
▪ To use and handle keys in a simple way.
▪ To have a well understood cryptographic analysis of the strength
of the authentication mechanism based on reasonable
assumptions about the embedded hash function.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 14
 HMAC Structure

1. Append zeros to the left end of K to

create a b-bit string K+
2. XOR K+ with ipad to produce the b-bit
block Si.
3. Append M to Si.
4. Apply H to the stream generated in
step 3.
5. XOR K+ with opad to produce the b-bit
block S0.
6. Append the hash result from step 4 to
S0.
7. Apply H to the stream generated in
step 6 and output the result.
K+ ipad
HMAC Structure
b bits b bits b bits

Si Y0 Y1 … YL-1 1. Append zeros to the left end of K to

create a b-bit string K+
n bits 2. XOR K+ with ipad to produce the
IV Hash
b-bit block Si.
n bits
3. Append M to Si.
K+ opad
4. Apply H to the stream generated in
Pad to b bits
step 3.
n bits 5. XOR K+ with opad to produce the
So
b-bit block S0.
6. Append the hash result from step 4
n bits
Hash
to S0.
IV
n bits
7. Apply H to the stream generated in
step 6 and output the result.
Unit-2 Darshan Institute of Engineering & Technology 16
 HMAC Structure
▪ H = Embedded hash function (e.g. MD5, SHA-1, RIPEMD-160).
▪ IV = Initial value that is input to hash function.
▪ M = Message input to HMAC.
▪ Yi = i th block of M.
▪ L = Number of blocks in M.
▪ N = Length of hash code produced by embedded hash function.
▪ K + = K padded with zeros on the left so that the result is b bits in
length.
▪ ipad = 00110110 (36 in hexadecimal) repeated b/8 times.
▪ opad = 01011100 (5C in hexadecimal) repeated b/8 times.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 17
 MAC based on Block Ciphers
▪ The Data Authentication Algorithm (DAA) based on DES, has been
one of the most widely used MACs for a number of years.
▪ The algorithm can be defined as using the cipher block chaining
(CBC) mode of operation of DES with an initialization vector of
zero.

P1 P2 PN
IV CN-1
K K K
Encrypt Encrypt … Encrypt

C1 C2 CN
INS is very Interesting Subject
Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 18
 Data Authentication Algorithm (DAA)
Time = 1 Time = 2 Time = N
D1
D2 DN
(64 bits)

K DES K DES K DES

(56 bits) Encrypt Encrypt
… Encrypt

O1
O2 ON
(64 bits)

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 19
 Data Authentication Algorithm (DAA)

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 20
 Data Authentication Algorithm (DAA)
▪ The data (e.g. message, record, file, or program) to be
authenticated are grouped into contiguous 64-bit blocks D 1, D2, …,
D n.
▪ If necessary, the final block is padded on the right with zeroes to
form a full 64-bit block.
▪ Using the DES encryption algorithm E and a secret key K, a data
authentication code (DAC) is calculated.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 21
 Cipher-Based Message Authentication Code (CMAC)
▪ Cipher-based Message Authentication Code (CMAC) mode of
operation for use with AES and triple DES.
▪ First, let us define the operation of CMAC when the message is an
integer multiple of n of the cipher block length b.
▪ For AES, b = 128, and for triple DES, b = 64. The message is divided
into n blocks (M1, M2,…, Mn).

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 22
 Cipher-Based Message Authentication Code (CMAC)
▪ The algorithm makes use of a k-bit encryption key K and a b-bit
constant K1.
▪ For AES, the key size k is 128, 192 or 256 bits.
▪ For triple DES, the key size is 112 or 168 bits.

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 23
 Cipher-Based Message Authentication Code (CMAC)

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 24
 Cipher-Based Message Authentication Code (CMAC)
M1 M2
… Mn

b K1
k
K Encrypt K Encrypt K Encrypt

MSB(Tlen)
(a) Message length is integer multiple of block size T

M1 M2 … Mn 10..0

K2

K Encrypt K Encrypt K Encrypt

MSB(Tlen)
(b) Message length is not integer multiple of block size T
INS is very Interesting Subject
Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 25
 Cipher-Based Message Authentication Code (CMAC)

INS is very Interesting Subject

Unit-6 Message Authentication Codes Darshan Institute of Engineering & Technology 26