UNIT IV INTEGRITY AND AUTHENTICATION ALGORITHMS 9

Authentication requirement – Authentication function – MAC – Hash function – Security of

hash
function: HMAC, CMAC – SHA – Digital signature and authentication protocols – DSS –
Schnorr Digital Signature Scheme – ElGamal cryptosystem – Entity Authentication:
Biometrics, Passwords, Challenge Response protocols – Authentication applications –
Kerberos
MUTUAL TRUST: Key management and distribution – Symmetric key distribution using
symmetric and asymmetric encryption – Distribution of public keys – X.509 Certificates.

Message Authentication:
• Message authentication is a procedure to verify that received messages
come from the alleged source and have not been altered.
• Message authentication may also verify sequencing and timeliness.
Message Authentication Requirements:
In the context of communications across a network, the following attacks can be
identified.
1. Disclosure:
- Release of message contents to any person or process not
possessing the appropriate cryptographic key.
2. Traffic analysis:
- Discovery of the pattern of traffic between parties.
- In a connection-oriented application, the frequency and
duration of connections could be determined.
- In either a connection-oriented or connectionless environment,
the number and length of messages between parties could be
determined.
3. Masquerade:
- Insertion of messages into the network from a fraudulent
source.
 - This includes the creation of messages by an opponent that are
purported to come from an authorized entity.
- Also included are fraudulent acknowledgments of message
receipt or nonreceipt by someone other than the message
recipient.
4. Content modification:
- Changes to the contents of a message, including insertion,
deletion, transposition, and modification.
5. Sequence modification:
- Any modification to a sequence of messages between parties,
including insertion, deletion, and reordering.
6. Timing modification:
- Delay or replay of messages. In a connection-oriented
application, an entire session or sequence of messages could be
a replay of some previous valid session, or individual messages
in the sequence could be delayed or replayed.
- In a connectionless application, an individual message (e.g.,
datagram) could be delayed or replayed.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by destination.
Message Encryption:
Message encryption by itself can provide a measure of message authentication.
Public key Encryption:
Message Authentication Code (MAC) :
Requirements for MAC/MAC function should have the following properties:

Hash function:
Requirements for a HASH function: