Message Authentication Code

1
Message Authentication Code
2
MAC

• Definition
• MAC Security
• CBC-MAC
• Hash-MAC
• Using MAC

3
Definition

• MAC is a code that prevents message tampering
• MAC function has two arguments
• Fixed size key K
• Arbitrary size message m
• Denoted as MAC(K,m)
• Random mapping from any domain to a fixed domain
  of n-bits
• MAC is similar to the hash function

4
MAC Security

• MAC security depends on the number of bits of key
  K that the attacker does not know
• Security level k means that the attacker does not
  know k bits of the key K
• k 0 means the attacker knows the key K
• MAC security level can be lower than the output
  size of MAC
• A security level of k means the attacker has to
  perform 2k steps to find the key

5
MAC Security

• MAC is also known as cryptographic checksum
• MAC function is similar to encryption
• MAC function need not be reversible as a
  decryption function would require
• E.g., block size for message 100 bits
• MAC size 10 bits
• Number of messages 2100
• Number of MACs 210
• Each MAC value thus collides 2100/210 290
  times

6
MAC Security

• MAC function scenarios
• Message is sent in clear with MAC attached, e.g.,
  SNMP
• Message and MAC are combined first and then
  encrypted and sent
• Not every message is authenticated but only
  selectively for the sake of speed
• Separation of authentication and confidentiality
  (Application level authentication and transport
  level confidentiality)
• Hash functions usually do not use a key

7
CBC-MAC

• This method converts a block cipher into a MAC
• H0 IV
• Hi EK(Pi ? Hi-1)
• MAC Hk
• IV is commonly taken as 0
• Authentication and encryption keys should be
  different for security reasons

8
CBC-MAC

• Potential vulnerability
• If MAC(a) MAC(b) then MAC(ac) MAC(bc)
• Attacker watches messages to look for a collision
  of MAC (which will certainly occur)
• Attacker knows messages a and b that collided
  for the MAC value
• Using the above concatenation property, attacker
  feeds ac and gets it authenticated
• Then attacker can feed bc for any message b
  since it will be authenticated too automatically

9
CBC-MAC

• CBC-MAC provides 64-bit security for 128-bit
  block size
• CBC-MAC uses the same type of encryption as the
  block cipher encryption modes

10
HMAC

• Hash-MAC or HMAC uses a hash function to build
  the MAC value
• Hash functions provide n/2 bits of security for
  n-bit hash function
• MAC function is expected to produce n-bit
  security for n-bit MAC
• MAC(K,m) could be defined as h(Km) or h(mK)
  or h(KmK)
• HMAC is used widely with MD-5 and SHA-1

11
HMAC

• Encrypted data is decrypted and stored usually
• If stored data is also encrypted, then an attack
  could be online or offline
• HMAC works with both online and offline attacks
• HMAC has been tested for attack by many people
• HMAC is better for use than SHA-256

12
UMAC

• UMAC uses a universal hashing function
• UMAC has not been tested extensively as HMAC
• UMAC provides a way to speed up MAC calculation
  depending the security level needed
• UMAC is optimized for specific platforms such as
  Linux