[Page 317] 11.1 Authentication Requirements | 11.2 Authentication Functions | Message Encryption Message Authentication Code Hash Function
| 11.3 Message Authentication Codes | Requirements for MACs Message Authentication Code Based on DES
| 11.4 Hash Functions | Requirements for a Hash Function Simple Hash Functions Birthday Attacks Block Chaining Techniques
| 11.5 Security of Hash Functions and MACs | Brute-Force Attacks Cryptanalysis
| 11.6 Recommended Reading | 11.7 Key Terms, Review Questions, and Problems | Key Terms Review Questions Problems
| Appendix 11A Mathematical Basis of the Birthday Attack | Related Problem The Birthday Paradox Useful Inequality The General Case of Duplications Overlap between Two Sets
|
[Page 318]At cats' green on the Sunday he took the message from the inside of the pillar and added Peter Moran's name to the two names already printed there in the "Brontosaur" code. The message now read: "Leviathan to Dragon: Martin Hillman, Trevor Allan, Peter Moran: observe and tail." What was the good of it John hardly knew. He felt better, he felt that at last he had made an attack on Peter Moran instead of waiting passively and effecting no retaliation. Besides, what was the use of being in possession of the key to the codes if he never took advantage of it? Talking to Strange Men, Ruth Rendell Key Points Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid. Symmetric encryption provides authentication among those who share the secret key. Encryption of a message by a sender's private key also provides a form of authentication. The two most common cryptographic techniques for message authentication are a message authentication code (MAC) and a secure hash function. A MAC is an algorithm that requires the use of a secret key. A MAC takes a variable-length message and a secret key as input and produces an authentication code. A recipient in possession of the secret key can generate an authentication code to verify the integrity of the message. A hash function maps a variable-length message into a fixed length hash value, or message digest. For message authentication, a secure hash function must be combined in some fashion with a secret key.
|
Perhaps the most confusing area of network security is that of message authentication and the related topic of digital signatures. The attacks and countermeasures become so convoluted that practitioners in this area begin to remind one of the astronomers of old, who built epicycles on top of epicycles in an attempt to account for all contingencies. Fortunately, it appears that today's designers of cryptographic protocols, unlike those long-forgotten astronomers, are working from a fundamentally sound model. It would be impossible, in anything less than book length, to exhaust all the cryptographic functions and protocols that have been proposed or implemented for message authentication and digital signatures. Instead, the purpose of this chapter and the next two is to provide a broad overview of the subject and to develop a systematic means of describing the various approaches.
[Page 319]This chapter begins with an introduction to the requirements for authentication and digital signature and the types of attacks to be countered. Then the basic approaches are surveyed, including the increasingly important area of secure hash functions. Specific hash functions are examined in Chapter 12. |
