7.5. Message Authentication
As mentioned previously, encrypting a message makes the message a secret, but it doesn't automatically authenticate it. Encryption protects a message from disclosure. Only authentication protects a message from modification.
What does authentication do for a message? It ensures that the message has not been altered, either maliciously or inadvertently, during transmission. It has arrived exactly as it was sent. Authentication also ensures that the message is not a repeat (called a replay) of a message previously sent, that the message came from the origin stated in the message (was not forged by an imposter), and that the message went to the intended recipient (was not falsifiedfor example, to alter the date of receipt).
Authentication can be used alonejust to ensure against modification and forgeryor it can be used in conjunction with encryption. In the first case, the plaintext is authenticated. In the second case, the ciphertext is authenticated.
Historically, computer and communications systems have used such techniques as checksums (adding up the digits in a message before and after transmission to see if they have changed), parity checks (counting the ones and zeroes in a message to determine if the number of ones is odd or even, and verifying that whatever the state was before transmission, that it is the same after), and test words (special codes or words inserted in or preceding a message to signify authenticity) to check that the information received matched the information sent, and that nothing had been modifiedeither intentionally or unintentionally. The message authentication capabilities included in modern encryption technologies provide an extremely reliable replacement for the old checking techniques. Both private-key and public-key encryption algorithms allow for message authentication, though public key systems are better equipped to perform this function due to their two-key mechanism.
With the DES algorithm, for instance, certain modes (CBC or CFB) perform message authentication. Encrypting the data also produces a message authentication code, which is appended to the encrypted message. At the receiving end, the DES independently calculates the code for the message and compares it to the message authentication code sent with the message. If the two codes are identical, it's extremely likely that the message was sent without alteration.
There are a number of elaborations on this theme. To provide privacy as well as authentication, the DES can be used with two different secret keys, one for authentication and one for encryption. To safeguard against the sender or the receiver of a message forging or denying that he sent the message, you can use a digital signature (described earlier). Although it's possible to create a digital signature via the DES (using a message authentication code), public-key systems such as the RSA algorithm often do it more efficiently.