Message Authentication and Hash Functions

1. Message Authentication

Purpose:

 Ensures message integrity

 Validates origin of the message

 Provides non-repudiation

Functions used for authentication:

1. Message Encryption

2. Message Authentication Code (MAC)

3. Hash Functions

2. Security Requirements

To secure communications, the system should resist:

 Disclosure (unauthorized message reading)

 Traffic analysis

 Masquerade (pretending to be another)

 Content modification

 Sequence/timing modification

 Source/destination repudiation

3. Message Authentication Code (MAC)

Definition:

 A MAC is a small, fixed-size code created from a message and a

secret key.

 Appended to the message to serve as a signature.

How it works:
  Sender generates MAC from the message and key.

 Receiver recalculates MAC from received message and verifies it

matches.

Key Points:

 Ensures message integrity and authenticity

 Can be used with or without encryption

 Not a digital signature (as it uses symmetric keys)

4. MAC Properties

 MAC is a cryptographic checksum: MAC = C_K(M)

 Fixed-size output from a variable-length message

 Must be computationally hard to forge

Requirements:

 Infeasible to find another message with same MAC

 Uniformly distributed outputs

 Dependent on all bits of the message

5. Symmetric Ciphers for MAC

 Can use block ciphers (e.g., DES in CBC mode)

 Data Authentication Algorithm (DAA):

o Based on DES-CBC

o Uses IV = 0, zero-pads final block

o Uses final block or part of it as MAC (though security may be

limited)

6. Hash Functions

Definition:
  A public, non-keyed function to condense a message: h = H(M)

 Used to detect changes or create digital signatures

Properties:

 One-way function

 Fixed output size regardless of input length

 Resistant to:

o Preimage attacks (given h, hard to find M)

o Second preimage attacks (given M1, hard to find M2 where

H(M1) = H(M2))

o Collision attacks (hard to find any M1, M2 with same hash)

7. Birthday Attacks

 Based on Birthday Paradox

 Effective against 64-bit hashes

 Attack steps:

1. Generate many similar-looking valid messages

2. Generate many fake messages

3. Find two with the same hash

4. Trick someone into signing the valid one and replace with the
fake

Countermeasure: Use larger hash sizes (e.g., 160+ bits)

8. Hash and MAC Algorithms

 Hash Functions: Use compression functions or block ciphers

 MACs: Use block cipher modes or hash functions with a secret key

9. Secure Hash Algorithms (SHA)

  SHA-1 (1995): 160-bit output, now considered weak

 SHA-2 family (2002): SHA-256, SHA-384, SHA-512

o More secure, designed to align with AES

SHA-512 Details:

 Processes 1024-bit blocks

 80 rounds

 Uses a 512-bit buffer and round constants

10. Using Block Ciphers for Hashing

 Use a block cipher like DES without key

 Output from last round used as the hash

 Susceptible to:

o Birthday attacks

o Meet-in-the-middle attacks

11. Hash & MAC Security

Threats:

 Brute-force attacks

 Structural cryptanalysis (exploiting round functions)

 Known MAC pairs used to guess key or break function