In network security, message confidentiality is crucial, but message authentication is equally important. This chapter explores three key aspects of message authentication. Firstly, we discuss message authentication codes (MACs) and hash functions. Following that, the principles of public-key encryption and two specific public-key algorithms are examined, which are valuable for exchanging conventional encryption keys. Finally, we explore how public-key encryption can generate digital signatures, enhancing message authentication.
Importance of Message Authentication
While encryption prevents passive attacks such as eavesdropping, message authentication safeguards against active attacks like data falsification. A message is considered authentic if it is genuine and originates from its alleged source. Message authentication verifies the authenticity of messages between communicating parties by ensuring the message has not been altered, the source is legitimate, and it maintains the correct sequence and timeliness. These elements fall under data integrity considerations, as outlined in Chapter 1.
Authentication Using Conventional Encryption
One might assume symmetric encryption alone can fulfill authentication needs. Since only the sender and receiver share the encryption key, only the legitimate sender can encrypt a message recognizable by the receiver. Additionally, by incorporating an error-detection code, sequence number, and timestamp, the sender ensures message integrity and order. However, symmetric encryption alone falls short for data authentication. For example, in ECB mode, if an attacker reorders ciphertext blocks, the meaning of the message might change, despite successful decryption. Consequently, block reordering presents a threat.
Message Authentication Without Message Encryption
There are methods of message authentication that do not rely on encrypting the message. These techniques involve generating an authentication tag, which is appended to the message. Although the message itself is not encrypted and can be read independently of the authentication function, this approach does not ensure message confidentiality. However, authentication tags are useful in scenarios where confidentiality is unnecessary. For example:
1. Broadcast Messages: In applications where one message is broadcast to several destinations, such as network status notifications or alarm signals, plaintext messages with authentication tags can be verified by one responsible system.
2. High Load Situations: In exchanges where one party is heavily loaded, not decrypting every incoming message might be necessary. Instead, perform authentication selectively.
3. Computer Program Authentication: Authenticating a program in plaintext allows execution without decryption, saving processor resources while still verifying program integrity when needed.
Message Authentication Codes and Hash Functions
A common authentication approach involves using a secret key to create a message authentication code (MAC), which is appended to the message. If two parties, say A and B, share a secret key (K_AB), A calculates the MAC as a function of the message and the key, and transmits it to B. B then performs the same calculation to generate a new MAC, and compares it to the received MAC to ensure message integrity and authenticity.
Alternatively, one-way hash functions can be employed. A hash function takes a variable-sized message as input and outputs a fixed-size message digest. Unlike a MAC, it requires no secret key. The message digest can be authenticated through various methods, including encryption using conventional or public-key systems. This offers advantages such as reduced key distribution and the creation of digital signatures for enhanced authentication.
Authentication Techniques Without Encryption
Interest exists in non-encryption-based authentication methods due to concerns like encryption software speed, hardware costs, and patent restrictions. One such technique using hash functions involves a shared secret value between communicators, say A and B. A concatenates this secret with the message and computes the hash function, sending the message along with the hash to B. B, possessing the secret, can independently verify the hash, ensuring message authenticity without exposing the secret or needing message encryption. A variation of this technique, HMAC, has been adopted for IP security and SNMPv3.
These authentication methods showcase the balance between using encryption and alternative strategies to ensure message integrity and authenticity while addressing distinct security needs.
0 Comments