Cryptography and Network Security (4th Edition)

[Page 317]

11.1 Authentication Requirements

11.2 Authentication Functions

Message Encryption

Message Authentication Code

Hash Function

11.3 Message Authentication Codes

Requirements for MACs

Message Authentication Code Based on DES

11.4 Hash Functions

Requirements for a Hash Function

Simple Hash Functions

Birthday Attacks

Block Chaining Techniques

11.5 Security of Hash Functions and MACs

Brute-Force Attacks

Cryptanalysis

11.6 Recommended Reading

11.7 Key Terms, Review Questions, and Problems

Key Terms

Review Questions

Problems

Appendix 11A Mathematical Basis of the Birthday Attack

Related Problem

The Birthday Paradox

Useful Inequality

The General Case of Duplications

Overlap between Two Sets

[Page 318]

At cats' green on the Sunday he took the message from the inside of the pillar and added Peter Moran's name to the two names already printed there in the "Brontosaur" code. The message now read: "Leviathan to Dragon: Martin Hillman, Trevor Allan, Peter Moran: observe and tail." What was the good of it John hardly knew. He felt better, he felt that at last he had made an attack on Peter Moran instead of waiting passively and effecting no retaliation. Besides, what was the use of being in possession of the key to the codes if he never took advantage of it?

Talking to Strange Men, Ruth Rendell

Key Points

  • Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid.

  • Symmetric encryption provides authentication among those who share the secret key. Encryption of a message by a sender's private key also provides a form of authentication.

  • The two most common cryptographic techniques for message authentication are a message authentication code (MAC) and a secure hash function.

  • A MAC is an algorithm that requires the use of a secret key. A MAC takes a variable-length message and a secret key as input and produces an authentication code. A recipient in possession of the secret key can generate an authentication code to verify the integrity of the message.

  • A hash function maps a variable-length message into a fixed length hash value, or message digest. For message authentication, a secure hash function must be combined in some fashion with a secret key.

Perhaps the most confusing area of network security is that of message authentication and the related topic of digital signatures. The attacks and countermeasures become so convoluted that practitioners in this area begin to remind one of the astronomers of old, who built epicycles on top of epicycles in an attempt to account for all contingencies. Fortunately, it appears that today's designers of cryptographic protocols, unlike those long-forgotten astronomers, are working from a fundamentally sound model.

It would be impossible, in anything less than book length, to exhaust all the cryptographic functions and protocols that have been proposed or implemented for message authentication and digital signatures. Instead, the purpose of this chapter and the next two is to provide a broad overview of the subject and to develop a systematic means of describing the various approaches.

[Page 319]

This chapter begins with an introduction to the requirements for authentication and digital signature and the types of attacks to be countered. Then the basic approaches are surveyed, including the increasingly important area of secure hash functions. Specific hash functions are examined in Chapter 12.

Related

Категории