Unit 3: Message Authentication

and Hash Functions (6hrs)

Message Authentication, Hash Functions, Message Digests: MD4 and MD5, Secure
Hash Algorithms: SHA-1, SHA-2, Hash Based MAC (HMAC), Digital Signature
 Message Authentication
• One major type of threat that exists for data is the lack of

• In this threat, the user is not sure about the originator of the message.

• Message authentication can be provided using the cryptographic techniques

that use secret keys as done in case of encryption.

• Message authentication is a critical aspect of securing communication in

information systems. It ensures that the messages received are from the
claimed sender and have not been altered during transmission.
 Methods of Message Authentication
1. Message Authentication Codes (MACs):

• A Message Authentication Code (MAC) is a cryptographic checksum

generated from a message and a secret key.

• It provides data integrity and authenticity, ensuring that the message has
not been altered and that it comes from a legitimate sender.

• The sender computes the MAC by applying a MAC algorithm to the

message and the secret key, and the recipient veri

fi
 Methods of Message Authentication
2. Digital Signatures:

• A Digital Signature is a cryptographic technique used to verify the

authenticity and integrity of a digital message or document.

• It employs asymmetric cryptography, where the sender uses their private

key to generate a signature on the message, and the recipient uses the
sender's public key to verify the signature.

• Digital signatures provide non-repudiation, meaning the sender cannot

deny having signed the message.
 Methods of Message Authentication

3. Hash Functions:

• A Hash Function is a mathematical function that takes an input (or

'message') and returns a

• The output appears random and unique for different inputs, though the
same input will always produce the same hash.

• Examples include SHA-256 and SHA-3

fi
 Message Authentication Code (MAC)
• A message authentication code (MAC) is a cryptographic checksum on data
that uses a session key to detect both accidental and intentional modi

• A MAC requires two inputs: a message and a secret key known only to the
originator of the message and its intended recipient(s).

• This allows the recipient of the message to verify the integrity of the message
and authenticate that the messege's sender has the shared secret key.

• If a sender doesn’t know the secret key, the hash value would then be
different, which would tell the recipient that the message was not from the
original sender.

fi
MAC
• The sender uses some publicly known MAC algorithm, inputs the message and secret key and produce a MAC
value.

• Similar to hash, MAC function also compress a arbitrary long input into a

• The sender forwards the message along with MAC. Here, we assume that the message is sent in the clear, as we
concerned of providing message origin authentication, not con

• On receipt of the message and the MAC, the receiver feeds the received message and shared secret key into the
MAC algorithm and re-computes the MAC value.

• The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they
match, then the receiver accepts the message and assures himself/ herself that the message has been sent by the
intended sender.

• If computed MAC does not match MAC sent by sender, the receiver cannot determine whether it is the message
that has been altered or it is the origin that has been falsi
fi
fi
fi
Basic Uses of MAC
Basic Uses of MAC
 Why Use MACs?
• – i.e., why not just use encryption?

• Cleartext Stays Clear: Ensures data integrity and authenticity without requiring decryption.

• MAC Might Be Cheaper: Reduces computational overhead compared to encryption.

• Broadcast: Ef

• Authentication of Executable Codes: Veri

• Architectural Flexibility: Allows modular design with separate authentication and

encryption mechanisms.

• Separation of Authentication Check from Message Use: Enables independent veri

fi
fi
fi
 Limitation of MAC
• Symmetric Key Requirement: Both sender and receiver must share a secret
key, complicating key management.

• No Con

• Key Distribution Challenge: Securely distributing and managing secret keys

can be complex and vulnerable to interception.

• Single Key Vulnerability: If the shared key is compromised, all

communications using that key are at risk.

• Limited Scalability: For systems with many users, maintaining unique keys for
each pair of users can be impractical.
fi
 Hash Function
• Hash functions are extremely useful
and appear in almost all information
security applications.

• A hash function is a mathematical

function that converts a numerical
input value into another compressed
numerical value. The input to the
hash function is of arbitrary length
but output is always of

• Values returned by a hash function

are called message digest or simply
hash values.
fi
• Converts a variable size message M into

• Can be used with encryption for authentication

• E(M || H)

• M || E(H)

• M || signed H

• E( M || signed H ) gives con

• M || H( M || K )

• E( M || H( M || K ) )
fi
fi
Basic Uses of Hash Function

Note: KRa= Private key encryption

Kua= Public key decryption
Basic Uses of Hash Function

When sender and receiver both have secret code “S”

Basic Uses of Hash Function
 Hash Functions
• h = H(M)

• M is a variable-length message, h is a

• The hash value is appended at the source

• The receiver authenticates the message by recomputing the hash value

• Because the hash function itself is not considered to be secret, some means is
required to protect the hash value
fi
 Applications of Hash Function

• There are two direct applications of hash function based on its cryptographic
properties.

• – Password Storage

• – Data Integrity Check

 Password Storage

• Hash functions provide protection to password storage.

• Instead of storing password in clear, mostly all logon processes store the hash
values of passwords in the

• The Password
fi
fi
• The process of logon is depicted in the following illustration:
• An intruder can only see the hashes of passwords, even if he accessed the
password. He can neither logon using hash nor can he derive the password
from hash value since hash function possesses the property of pre-image
resistance.
 Data Integrity Check
• Data integrity check is a most common application of the hash functions. It is
used to generate the checksums on data

• The process is depicted in the following illustration−

fi
• The integrity check helps the user to detect any changes made to original

• It however, does not provide any assurance about originality.

• The attacker, instead of modifying

• This integrity check application is useful only if the user is sure about the
originality of
fi
fi
fi
 Message Digest-5 (MD-5)
• Designed and developed by Roald Rivest (the R in RSA).

• It is widely used secure hash algorithm that takes as input message

of arbitrary length and provide 128 bit message digest as an output.

• It processes input in 512 bit blocks.

• Pad message so its length is 448 mod 512.

• Append a 64 bit length value to message.

• Initialize 4-word (128 bit) MD buffer (A, B, C, D).

• Process message in 16 word (512 bit) block:

• Using 4 rounds of 16 bit operations on message block and

buffer.

• Add output buffer input to form new buffer value.

• Output hash value is the

fi
 Message Digest-5 (MD-5)
• MD5 is a cryptographic hash function algorithm that takes the message as input of any length
and changes it into a

• MD5 algorithm stands for the message-digest algorithm.

• MD5 was developed as an improvement of MD4, with advanced security purposes.

• The output of MD5 (Digest size) is always 128 bits. MD5 was developed in 1991 by Ronald
Rivest.

• ➢ Use Of MD5 Algorithm:

• 1. It is used for

• 2. In a web application, it is used for security purposes. e.g. Secure password of users etc.

• 3. Using this algorithm, We can store our password in 128 bits format.
fi
fi
 Working of MD-5 Algorithm
1. Append Padding Bits: In the first step, we add padding bits in the original message in
such a way that the total length of the message is 64 bits less than the exact multiple
of 512.
Suppose we are given a message of 1000 bits. Now we have to add padding bits to the
original message. Here we will add 472 padding bits to the original message.
After adding the padding bits the size of the original message/output of the first step
will be 1472 i.e. 64 bits less than an exact multiple of 512 (i.e. 512*3 = 1536).
Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .
2. Append Length Bits: In this step, we add the length bit in the output of the first step
in such a way that the total number of the bits is the perfect multiple of 512. Simply,
here we add the 64-bit as a length bit in the output of the first step.
i.e. output of first step = 512 * n – 64
length bits = 64.
After adding both we will get 512 * n i.e. the exact multiple of 512.
3. Dividing it in 512-bit blocks: The entire string is converted into multiple blocks of 512
bits each.

4. Initialize 4- MD Buffers (Chaining Variables): You also need to initialize four different
buffers, namely A, B, C, and D.
These buffers are 32 bits each and are initialized as follows:
A = 01 23 45 67
C = fe dc ba 98
5. Process Each Blocks: Each 512-bit block gets broken down further into 16 sub-blocks
of 32 bits each.
There are four rounds of operations, with each round utilizing all the sub-blocks, the
buffers, and a constant array value.
• This constant array can be denoted as T[1] -> T[64].
• Each of the sub-blocks are denoted as M[0] -> M[15].
According to the image above, you see the values being run for a single buffer A. The
correct order is as follows:
•It passes B, C, and D onto a non-linear process.
•The result is added with the value present at A.
•It adds the sub-block value to the result above.
•Then, it adds the constant value for that particular iteration.
•There is a circular shift applied to the string.
•As a final step, it adds the value of B to the string and is stored in buffer A.

The steps mentioned above are run for every buffer and every sub-block.
When the last block’s final buffer is complete, you will receive the MD5 digest.
The non-linear process above is different for each round of the sub-block.
Round 1: (b AND c) OR ((NOT b) AND d)
Round 2: (b AND d) OR (c AND (NOT d))
Round 3: b XOR c XOR d
Round 4: c XOR (b OR (NOT d))
 MD4 (Message Digest Algorithm 4)

• The MD4 (Message Digest Algorithm 4) is a cryptographic hash function

developed by Ronald Rivest in 1990.

• It produces a 128-bit hash value from an input message of arbitrary length.

• Although it has been largely superseded by more secure algorithms,

understanding MD4 is important for historical context and foundational
cryptographic concepts.
 Overview of MD4 Algorithm

• Padding the Message:

• The original message is padded to ensure its length is congruent to 448

modulo 512.

• Padding is done by appending a single '1' bit followed by '0' bits, and then
appending the length of the original message (before padding) as a 64-bit
integer.
• Initialization of MD Buffer:

• Four 32-bit variables are used (A, B, C, D) and initialized to speci

• A = 01 23 45 67

• B = 89 ab cd ef

• C = fe dc ba 98

• D = 76 54 32 10

fi
• Processing Message in 512-bit Blocks:

• The padded message is divided into 512-bit blocks, and each block is
processed to update the MD buffer.

• Each block is processed in three rounds, and each round involves 16

operations. The operations use bitwise logical functions and modular
addition.

• Final Output:

• After processing all blocks, the

fi
• MD4 was designed to be fast and straightforward, but it has signi

• Collision Resistance: It is relatively easy to

• Preimage Resistance: Given a hash,

• Due to these weaknesses, MD4 is not recommended for cryptographic use in

modern applications.
fi
fi
fi
 Key Differences between MD4 and MD5

• Design and Rounds:

• MD4: MD4 processes the input in three rounds, each consisting of 16

operations on 32-bit words.

• MD5: MD5 processes the input in four rounds, each consisting of 16

operations on 32-bit words. The additional round adds complexity and
aims to improve security.
 SHA-1 (Secure Hash Algorithm 1)

• SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function

designed by the National Security Agency (NSA) and published by the
National Institute of Standards and Technology (NIST) in 1993 as a U.S.
Federal Information Processing Standard.

• SHA-1 produces a 160-bit (20-byte) hash value from an input of arbitrary

length.

• Despite being widely used for many years, SHA-1 is now considered
insecure due to its vulnerabilities to collision attacks.
Working of SHA 1
• Security Considerations

• Collision Resistance: SHA-1 is no longer collision-resistant. Researchers

have demonstrated practical collision attacks, meaning it's possible to

• Preimage Resistance: While not as severely broken as collision resistance,

preimage resistance is also weaker than desired.

• Security Recommendation: Due to these vulnerabilities, SHA-1 is

deprecated for most cryptographic uses. Modern applications should use
more secure hash functions like SHA-256, SHA-3 etc.

fi
 SHA 2 Algorithm
• Now that you know what a hash function is, and that the SHA-2 family is a
speci

• As we have mentioned, SHA-2 is not just a single hash function, but a family
of six.

• They are collectively referred to as SHA-2 because the family are the
replacements to SHA-1, which was just a single algorithm.

• The SHA-2 family are as follows:

fi
• SHA-224

• SHA-256

• SHA-384

fi
• SHA-512

• SHA-512/224

• SHA-512/256
 HMAC
HMAC, which stands for Hash-based Message Authentication Code, is a speci

fi
Working of HMAC
HMAC Algorithm
 Advantages of HMAC
• Strong Authentication: Combines a cryptographic hash function with a secret key, ensuring only
those with the secret key can generate or verify the HMAC.

• Resistance to Cryptographic Attacks: When paired with a strong hash function like SHA-256, it
resists various cryptographic attacks, including collision attacks.

• Data Integrity: Ensures any change in the message content results in a different HMAC value,
detecting tampering.

• Message Authenticity: Con

• Ef

• Minimal Overhead: The additional overhead of computing an HMAC is minimal compared to

other encryption-based authentication methods.
fi
fi
 Disadvantages of HMAC
• Secret Key Distribution: Securely distributing and managing the secret keys can be
challenging, especially in large-scale systems.

• Key Storage: Safeguarding the secret keys from unauthorized access is critical, as
compromised keys can lead to security breaches.

• Dependency on Hash Function: The security of HMAC depends on the underlying

hash function, and vulnerabilities in the hash function compromise HMAC security.

• Performance Variations: Different hash functions have different performance

characteristics, affecting overall HMAC performance.

• Lack of Encryption: HMAC provides authentication and integrity but does not
encrypt the message, so it must be used with encryption for scenarios requiring
con
fi
 Digital Signature

• Digital Signature is a type of asymmetric cryptography used

to simulate the security properties of a signature in digital,
rather than written, form.
• Digital signature schemes normally give two algorithms, one
for signing which involves the user's secret or private key,
and one for verifying signatures which involves the user's
public key. The output of the signature process is called the
"digital signature.“

60
 Digital Signature
• Digital signature is an electronic signature that can be used
to authenticate the identity of the sender of a message or the
signer of a document, and possibly to ensure that the
original content of the message or document that has been
sent is unchanged.
• Digital signatures are easily transportable, cannot be
imitated by someone else, and can be automatically time-
stamped.
• The ability to ensure that the original signed message
arrived means that the sender cannot easily repudiate it later.
How Digital Signature works?
• Key Generation:
• The entity wishing to sign messages generates a pair of cryptographic keys: a
private key and a public key.
• The private key is kept secret and should only be known to the owner.
• The public key is shared openly.
• Signing the Message:
• To sign a message or document, the owner uses their private key to perform a
mathematical operation on a hash (a fixed-size output derived from the
content of the message).
• This mathematical operation produces the digital signature.

62
How Digital Signature works?
• Sending the Message and Signature:
• The original message, along with the digital signature, is sent to the recipient.
• Verification:
• Upon receiving the message and signature, the recipient uses the public key of the
sender to verify the signature.
• The recipient computes the hash of the received message using the same hash
function used by the sender.
• The recipient then decrypts or verifies the digital signature using the sender's public
key.
• If the decrypted signature matches the hash of the received message, the signature is
valid. This indicates that the message has not been tampered with and was indeed
signed by the private key holder.
63
How Digital Signature Works?

64
65
 Advantages/Benefits of Digital Signature
1. Authentication:
• Although messages may often include information about the entity sending a message,
that information may not be accurate.
• Digital signatures can be used to authenticate the source of messages.
• When ownership of a digital signature secret key is bound to a specific user, a valid
signature shows that the message was sent by that user.
• The importance of high confidence in sender authenticity is especially obvious in a
financial context.
• For example, suppose a bank's branch office sends instructions to the central office
requesting a change in the balance of an account. If the central office is not convinced that
such a message is truly sent from an authorized source, acting on such a request could be
a grave mistake.
66
 Advantages/Benefits of Digital Signature
2. Integrity:
• In many scenarios, the sender and receiver of a message may have a need for
confidence that the message has not been altered during transmission.
• Although encryption hides the contents of a message, it may be possible to
change an encrypted message without understanding it. (Some encryption
algorithms, known as nonmalleable ones, prevent this, but others do not.)
• However, if a message is digitally signed, any change in the message will
invalidate the signature.
• Furthermore, there is no efficient way to modify a message and its signature to
produce a new message with a valid signature, because this is still considered
to be computationally infeasible by most cryptographic hash functions.
67
Advantages/Benefits of Digital Signature
• Non-Repudiation:
•

• Secure Communication:
•

• Legal Validity:
•

68
 Drawbacks of Digital Signature
Key Management:
• In the world of cryptography, repudiation means saying, "I didn't send that
message" or denying responsibility for it. If you receive a message, you might
ask the sender to add a signature, like a special stamp, to make it harder for them
to later say they didn't send it.
• This signature can be shown to others, like a court, to prove who sent the message
and that it hasn't been changed.
• But, if someone loses control of their private key, which is like the key to their
special stamp, all the signatures made with that key become suspicious.
• It's as if they lost control of a special stamp, and now someone else could use it to
pretend to be them. If they say, "I didn't send the message," it means admitting
they lost control of their private key.
69
 Direct Digital Signature
• Involve only sender & receiver
• Assumed receiver has sender’s public-key
• Digital signature made by sender signing
entire message or hash with private-key
• Can encrypt using receivers public-key
• Important that sign first then encrypt
message & signature
• Security depends on sender’s private-key
70
 Arbitrated Digital Signature
• Involves use of arbiter that
◦ validates any signed message
◦ then add timestamp and sent to recipient
• The

• The arbiter gets the message from the sender and encrypt it with its private
key and add timestamp for more security and then pass it to the receiver.
• Requires suitable level of trust in arbiter
• Can be implemented with either private or public-key algorithms
• Arbiter may or may not see message
71
Arbitrated Digital Signature