Authentication Requirements

In the context of communications across a network, the following attacks can be identified:

Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.

Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented

application, the frequency and duration of connections could be determined. In either a
connection-oriented or connectionless environment, the number and length of messages
between parties could be determined.

Masquerade: Insertion of messages into the network from a fraudulent source. This includes
the creation of messages by an opponent that are purported to come from an authorized
entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by
someone other than the message recipient.

Content modification:Changes to the contents of a message, including insertion, deletion,

transposition, and modification.

Sequence modification: Any modification to a sequence of messages between parties,

including insertion, deletion, and reordering.

Timing modification: Delay or replay of messages. In a connection-oriented application, an

entire session or sequence of messages could be a replay of some previous valid session, or
individual messages in the sequence could be delayed or replayed. In a connectionless
application, an individual message (e.g., datagram) could be delayed or replayed.

Source repudiation: Denial of transmission of message by source.

Destination repudiation:Denial of receipt of message by destination.

Authentication Functions

Message encryption: The ciphertext of the entire message serves as its authenticator.

Message authentication code (MAC): A function of the message and a secret key that
produces a fixed-length value that serves as the authenticator.

Hash function:A function that maps a message of any length into a fixed-length hash value,
which serves as the authenticator.

Message Encryption
Message encryption by itself can provide a measure of authentication. The analysis differs for
symmetric and public-key encryption schemes.

Symmetric Encryption
Consider the straightforward use of symmetric encryption . A message M transmitted from
source A to destination B is
encrypted using a secret key K shared by A and B. If no other party knows the key, then
confidentiality is provided: No other party can recover the plaintext of the message.

Basic Uses of Message Encryption

Message Authentication Code

An alternative authentication technique involves the use of a secret key to generate a small
fixed-size block of data, known as a cryptographic checksum or MAC that is appended to the
message. This technique assumes that two communicating parties, say A and B, share a
common secret key K. When A has a message to send to B, it calculates the MAC as a
function of the message and the key:
MAC = C(K, M), where

M = input message
C = MAC function
K = shared secret key
MAC = message authentication code

The message plus MAC are transmitted to the intended recipient. The recipient performs the
same calculation on the received message, using the same secret key, to generate a new
MAC. The received MAC is compared to the calculated MAC (Figure 11.4a). If we assume
that only the receiver and the sender know the identity of the secret key, and if the received
MAC matches the calculated MAC, then The receiver is assured that the message has not
been altered. If an attacker alters the message but does not alter the MAC, then the receiver's
calculation of the MAC will differ from the received MAC. Because the attacker is assumed
not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations
in the message.

1. The receiver is assured that the message has not been altered. If an attacker alters the
message but does not alter the MAC, then the receiver's calculation of the MAC will differ
from the received MAC. Because the attacker is assumed not to know the secret key, the
attacker cannot alter the MAC to correspond to the alterations in the message.

2. The receiver is assured that the message is from the alleged sender. Because no one else
knows the secret key, no one else could prepare a message with a proper MAC.

3. If the message includes a sequence number (such as is used with HDLC, X.25, and TCP),
then the receiver can be assured of the proper sequence because an attacker cannot
successfully alter the sequence number.

Figure 11.4. Basic Uses of Message Authentication Code (MAC)

The process depicted in Figure 11.4a provides authentication but not confidentiality, because
the message as a whole is transmitted in the clear. Confidentiality can be provided by
performing message encryption either after (Figure 11.4b) or before (Figure 11.4c) the MAC
algorithm. In both these cases, two separate keys are needed, each of which is shared by the
sender and the receiver. In the first case, the MAC is calculated with the message as input and
is then concatenated to the message. The entire block is then encrypted. In the second case,
the message is encrypted first. Then the MAC is calculated using the resulting ciphertext and
is concatenated to the ciphertext to form the transmitted block. Typically, it is preferable to
tie the authentication directly to the plaintext, so the method of Figure 11.4b is used.

Hash Function

A variation on the message authentication code is the one-way hash function. As with the
message authentication code, a hash function accepts a variable-size message M as input and
produces a fixed-size output, referred to as ahash code H(M). Unlike a MAC, a hash code
does not use a key but is a function only of the input message. The hash code is also referred
to as a message digest or hash value. The hash code is a function of all the bits of the message
and provides an error-detection capability: A change to any bit or bits in the message results
in a change to the hash code.

Figure 11.5. Basic Uses of Hash Function