Message Authentication Code and Digital Signatures - Technical Report

8/2/2019 Message Authentication Code and Digital Signatures - Technical Report

1/33

__________________________________________________________

TECHNICAL REPORT SUBMITTED

IN PARTIAL FULFILLMENT OF THE REQUIREMENT

FOR THE AWARD OF DEGREE OF

Bachelor of Technology

In

COMPUTER SCIENCE AND ENGINEERING

BY

SRIKAR DHULIPALLA (08M91A0565)

Under the Guidance of

Ms. REKHA CHORARIA

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

AURORAS SCIENTIFIC AND TECHNOLOGICAL INSTITUTE

Aushapur (V), Ghatkesar (M), R. R. Dist - 501 301


2/33

AURORAS SCIENTIFIC AND TECHNOLOGICAL INSTITUTE

Aushapur (V), Ghatkesar (M), R. R. Dist - 501 301

CERTIFICATE

This is to certify that this technical report entitled Message Authentication

Code and Digital Signatures by Srikar Dhulipalla H.T. No: 08M91A0565 submitted

in partial fulfillment of the requirements for the award of degree of Bachelor of

Technology in Computer Science and Engineering of the Jawaharlal Nehru Technological

University Hyderabad, during the academic year 2011-12, carried out under our

guidance and supervision.

Signature of Internal Guide Signature of H.O.D


3/33

ACKNOWLEDGEMENT

I am heartily thankful to my internal guide, Ms. Rekha Choraria, for her constant motivationand valuable help throughout the technical seminar work. I also express my gratitude to Mr.

V. Satyanarayana, HOD of Computer Science and Engineering, for his valuable suggestions

and advices throughout the course. I also extend my thanks to other faculties for their

cooperation during my course.

SRIKAR DHULIPALLA


4/33

DECLARATION

I hereby declare that the technical report titled Message Authentication Code and Digital

Signatures submitted to Auroras Scientific and Technological Institute, in partial fulfillment

of the requirement for award of degree of Bachelor of Technology, is a bonafide work carried

out by me at our college.

SRIKAR DHULIPALLA


5/33

ABSTRACT

Innovative ideas and secure details are communicated through a network. Distrust of

communication leads to havoc. The main aim of communicating the things by using modern

technology will be defeated if it does not reach the party concerned. So proper care should be

taken to avoid the distrust in communication to achieve the desired goal. There are several

threats that cause mutual distrust among the parties and may end in confiscating their

resources associated with the other. To avoid such anomaly in the networks, a definite need

for authentication is required for communicating the parties. A Message Authentication Code

(MAC) has been introduced that helps in transmitting the messages through a network and

ensures the authenticity of the parties. MAC or message authentication code protects both the

parties who exchange messages from third party (such as the network acting as a medium of

transmission).

On the other hand, Digital Signatures protect the communicating parties form the other.

Repudiation threat can also be resolved by using Digital Signatures. Authentication as well as

legitimacy is required to protect each party from the other. These signatures authenticate the

parties and the data they transmit. These signatures are analogous to the hand written

signatures and thus provide a better security over the communications network.

The communications network invariably needs a channel of high security that enables the

communicating party to prove it to be legitimate and carry out its intended communication.

The word, proving itself, is the top priority, that can be addressed by adopting the MAC(message authentication code) and DS (digital signatures), that maintains mutual trust among

the parties.


6/33

TABLE OF CONTENTS

1. Introduction to authentication1.1 Authentication1.2 Authentication in Computer Networks1.3 Authentication versus Authorization1.4 Mutual Authentication1.5 Types of Authentication

2. Message Authentication Code1.1 An Overview Of MAC1.2 Need For MAC1.3 Message Confidentiality With Symmetric Encryption1.4 Approaches To Message Authentication Code

3. Digital Signatures1.1

An Overview Of Digital Signatures

1.2 Need For Digital Signatures1.3 How Digital Signatures Work?1.4 Use Of Digital Signatures1.5 Generation And Verification Of Digital Signatures1.6 Advantages Of Digital Signatures

4.

Conclusion

5. AppendixA1.1 Terminology

6. References


7/33

AUTHENTICATION

Authentication is a process which allows a sender and a receiver of information to validate

each other. If the sender and the receiver information cannot properly authenticate each other,

there is no trust in the activities or information provided by either party. Authentication can

involve highly complex and secure methods or can be very simple. The simplest form of

authentication is the transmission of shared password between entities wishing to authenticate

each other.

In art, antiques, and anthropology, a common problem is verifying that a person has the said

identity or a given artifact produced by a certain person, or was produced in a certain place or

period of history. There are there types of techniques for doing this:

The first type of authentication is accepting proof of identity given by a credibleperson who has the evidence on the said identity or on the originator and the object

under assessment as his artifact respectively.

The second type of authentication is comparing the attributes of the objects itself towhat is known about the objects of that origin. For example, an art expert might look

at the similarities in the style of painting, check the location and form a signature, or

compare the object to an old photograph.

The third type of authentication relies on the documentation or other externalaffirmations. For example, the rules of evidence in criminal courts often require

establishing the chain of custody of evidence presented.

The ways in which someone may be authenticated fall into three categories, based on what

are known as factors of authentication. Each authentication factor covers a range of elements

use to authenticate or verify a persons identity prior to being granted access, approving a

transaction request, signing a document or other work product, granting authority to others,

and establishing a chain of authority.

Security research has determined that a positive identification, elements from at least two,

and preferably all three, factors to be verified. The factors and some of the elements of each

factor are:

OWNERSHIP FACTOR: Something the user has e.g. wrist band, ID card, security token,

software token, phone or cell phone.

KNOWLEDGE FACTOR: Something the user knows e.g. a password, pass phrase or a PIN

(personal identification number), and challenge response.

INHERENCE FACTOR: Something the user is or does e.g. a fingerprint, retinal pattern,

DNA sequence, signature, face, voice, unique bio-electric signals, or other biometric

identifier.


8/33

AUTHENTICATION IN COMPUTER NETWORKS

Authentication in computer networks means verifying the identity of a user logging onto a

network. Passwords, digital certificates, smart cards and biometrics can be used to prove the

identity of the user to the network. Computer security authentication includes verifying

message integrity, e-mail authentication and MAC (Message Authentication Code), checking

the integrity of a transmitted message. There are human authentication, challenge-response

authentication, password, digital signature, IP spoofing and biometrics.

Human authentication is the verification that a person initiated the transaction, not the

computer. Challenge-response authentication is an authentication method used to prove the

identity of a user logging onto the network. When a user logs on, the network access server -

(NAS), wireless access point or authentication server creates a challenge, typically a randomnumber sent to the client machine. The client software uses its password to encrypt the

challenge through an encryption algorithm or a one-way hash function and sends the result

back to the network which probably is the response.

Two-factor authentication requires two independent ways to establish identity and privileges.

The methods of using more than one factor or authentication is also called strong

authentication. This contrasts with traditional authentication, requiring only one factor in

order to gain access to a system. Password is a secret word or code used to serve as a security

measure against unauthorized access to data. It is normally managed by the operating system

or DBMS. However, a computer can only verify the legality of the password no the legalityof the user.

Two major applications of digital signatures are for setting up a secure connection to a

website and verifying the integrity of files transmitted. IP spoofing refers to inserting the IP

address of an authorized user into the transmission of an unauthorized user in order to gain

illegal access to a computer system.

Biometrics is a more secure form of authentication than typing passwords or even using smart

cards that can be stolen. However, some ways have relatively high failure rates. For example,

fingerprints can be captured from a water glass and fool scanners.

The authentication of information can pose special problems especially man-in-the-middle

attack, and is often wrapped up with authenticating identity. Various systems have been

invented to allow users to authenticate that a given message was originated from or was

relayed by them. These involve authentication factors like:

A difficult to reproduce physical artifact, such as a seal, signature, watermark, specialstationery, or fingerprint.

A shared secret such as a pass-phrase, in the context of the message. An electronic signature, used to guarantee that a message has been signed bylegitimate user.


9/33

AUTHETNICATION VERSUS AUTHORIZATION

The process of authorization is distinct from that of authentication. Whereas authentication is

the process of verifying that you are who you say you are, authorization is the process of

verifying that you are permitted to do what you are trying to do. Authorization thus

presupposes authentication.

For example, when you show proper identification credentials to a bank teller, you are asking

to be authenticated to act on behalf of the account holder. If your authentication request is

approved, you become authorized to access the accounts of that accountholder, but no others.

Even though authorization cannot occur without authentication, the former term is sometimes

used to mean the combination of both.

To distinguish authentication from the closely related authorization, the short-hand

notations A1 (authentication), A2 (authorization) as well as AuthN / AuthZ or Au / Az are

used in some communities.

Normally delegation was considered to be part of authorization domain. Recently

authentication is also used for various types of delegation tasks. Delegation in IT network is

also a new but evolving field.

One familiar use of authentication and authorization is access control. A computer system

that is supposed to be used only by those authorized must attempt to detect and exclude theunauthorized. Access to it is therefore usually controlled by insisting on an authentication

procedure to establish with some degree of confidence the identity of the user, granting

privileges established for that identity. Common examples of access control involving

authentication include:

Asking for photo ID when a contractor first arrives at a house to perform work. Using captcha as a means of asserting that a user is a human being and not a computer

program.

A computer program using a blind credential to authenticate to another program. Entering a country with a passport. Logging in to a computer. Using a confirmation E-mail to verify the ownership of an e-mail address. Using an internet banking system. Withdrawing cash from an ATM.

Security experts argue that it is impossible to prove the identity of a computer user with

absolute certainty. It is only possible to apply one or more tests which, if passed, have been

previously declared to be sufficient to proceed. The problem is to determine which tests are

sufficient, and many such are inadequate. Any given test can be spoofed one way or theother, with varying degrees of difficulty.


10/33

MUTUAL AUTHENTICATION

The term Mutual Authentication has been used in the literature to define where the parties

authenticate to each other within a single authentication process. Mutual authentication is

normally seen as two separate identity bindings within one authentication algorithm, but EAP

methods like AKA claim mutual authentication with a single identity binding based on joint

state held by both parties. IKE with pre-shared key also produces a mutual authentication

within its single exchange.

Mutuality in a single authentication process can be achieved in many ways with different

assumptions on trust. As such it is valuable to define different terminology here. In fact the

use of Mutual in this context is problematic as a single flow, consisting of two nested

authentication algorithms, can be attacked to the detriment of the authenticating parties.

An authentication process may be called mutual and still the following issues are undefined:

Is one or both identities exchanged? If only one identity is exchanged, is the other identity implied by knowledge of a

symmetric key?

Is/are the identities exchange secure? If two identities are securely exchanged, are they protected with one or two keys? If two identities, is there one identity exchange, two intertwined exchanges, or two serial

or parallel exchanges?

To resolve these issues, it is best to limit the applicability of Mutual Authentication to

authentication algorithms and how they act on Identity bindings. Authentication flows and

channels are silent on mutuality. Mutuality is NOT established by a bi-directional or coupled

unidirectional flow. It is appropriate to delineate the requirement of mutual authentication for

a system.

Describing an authentication algorithm as mutual or not mutual may be acceptable in some

instances, in others instances it is too general for a classification. To that end there are two

features that further typify an authentication.

Are both identities explicitly included within the algorithm or is one implicit as in AKA. Is one of the identities not bound to its key, but protected with the other partys key? Thus efficient algorithms can be built up by understanding the above listed issues and

classifying the scenarios to establish a mutual authentication between the communicating

parties and thus help encouraging a mutual trust between them to share their resources with

the other efficiently.


11/33

TYPES OF AUTHENTICATION

Authentication can be accomplished in many ways. The importance of selecting an

environment appropriate Authentication Method is perhaps the most crucial decision in

designing secure systems.

Authenticating protocols are capable of simply authenticating the connecting party or

authenticating the connecting party as well as authenticating itself to the connecting party.

The various ways in which an authentication process can be carried out are:

Passwords One-time passwords Public-key cryptography Zero-knowledge proofs Message Authentication Code Digital Signatures

PASSWORDS:

Passwords are the most widely used form of authentication. Users provide an identifier, a

typed in word or phrase or perhaps a token card, along with password. In many system the

passwords, on the host itself, are not stored as plain text but are encrypted. Passwordauthentication of this type is in general simple and does not require much processing power.

Password authentication has several vulnerabilities, some of the more obvious are:

Passwords are easy to guess. Writing the password and placing it in a high visible area. Discovering passwords by eavesdropping or even social engineering.The risk of eavesdropping can be managed by using digests for authentication. The

connecting party sends a value, typically a hash of the client IP address, time stamp, and

additional secret information. Because this hash is unique for each accessed URI, no other

documents can be accessed nor can it not be used from other IP address without detection.

The password is also not vulnerable to eavesdropping because of the hashing. The system is,

however, vulnerable to active attacks such as the man-in-the-middle attack.

ONE-TIME PASSWORDS:

To avoid the problems associated with passwords reuse, one-time passwords are developed.

There are two types of one-time passwords, a challenge-response password and a passwordlist.


12/33

The challenge-response password responds with a challenge value after receiving a user

identifier. The response is then calculated from either with response value or select from a

table based on the challenge.

A one-time password list makes use of lists of passwords which are sequentially used by the

person wanting to access a system. The values are generated so that it is very hard to

calculate the next value from the previously presented values.

It is important to keep in mind that Password systems only authenticate the connecting party.

It does not provide the connecting party with any method of authenticating the system they

are accessing, so it is vulnerable to spoofing or a man-in-the-middle attack.

PUBLIC KEY CRYPTOGRAPHY:

PKC is based on very complex mathematical problems that require very specialized

knowledge. PKC makes use of two keys, one private and the other public. The two keys are

linked together by the way of an extremely complex mathematical equation. The private key

is used to decrypt and also encrypt messages between the communicating machines. Both

encryption and verification of signature is accomplished with the public key.

The advantage of PKC is that the public key is readily available to the public. In fact, public

keys are often published to public directories on the internet so that they can be easily

retrieved. This simplifies key-management efforts.

The integrity of the public key is of the utmost importance. The integrity of a public key is

usually assured by completion of a certification process carried out by a certification

authority. Once the CA has certified that the credentials provided by the entity securing the

public key are valid, the CA will digitally sign they key so that the visitors accessing the

material the key is protecting will know the entity has been certified.

ZERO-KNOWLEDGE PROOFS:

Zero-knowledge proofs make it possible for a Host to convince another Host to allow access

without revealing any secret information. The hosts involved in this form of authentication

usually communicate several times to finalize authentication.

The client will first create a random but difficult problem to solve and the solve it using

information it has. The client then commits the solution using a bit-commitment scheme and

then sends the problem and commitment to the server.

The server then asks the client to either prove that the problems are related to open the

committed solution and prove that it is the solution. The client compiles with the request.


13/33

Typically, about ten successful exchanges will be required to take place before the

authentication process is complete and access is granted.

The zero-knowledge proof of identity has its share of problems. Perhaps the most vulnerable

one is that while Host A thinks he is proving his identity to Host B, it is possible for Host B

to simultaneously authenticate to a third party, Host C, using Host As credentials.

MESSAGE AUTHENTICATION CODE:

In cryptography, a message authentication code (MAC) is a short piece of information used

to authenticate a message. A MAC algorithm, sometimes called a keyed hash function,

accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs

a MAC. The MAC value protects both a messages data integrity as well as its authenticity,

by allowing verifiers to detect any changes to the message content. The algorithmic structurewill be further illustrated in detail.

DIGITAL SIGNATURES:

In many instances it is not necessary to authenticate communicating parties; for instance

when downloading application updates or patches form the Internet. From a security point-of-

view, the server does not need to screen who is downloading the software. The user

downloading the software does not necessarily care what particular server it is downloadingform. However, the user may want to be assured that the downloadable data is genuine and

not a Trojan horse or other malicious or invalid information. In this instance a digital

signature would best serve to authenticate the downloadable data.

A digital signature is a digest calculated from a singed document which is then signed. The

client verifies the digest signature by decrypting it with the servers public key and compares

it to the digest value calculated from message received. The signature can also be used by the

server to verify data client is sending. More in-detail information will be given on digital

signatures.


14/33

MESSAGE AUTHENTICATION CODE

In cryptography, a message authentication code (MAC) is short information used to

authenticate a message. A MAC algorithm, sometimes called a keyed hash function, accepts

as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC.

The MAC value protects both a messages data integrity as well as its authenticity, by

allowing verifiers to detect any changes to the message content.

Message authentication is a mechanism or service used to verify the integrity of a message. It

assures that the data received are exactly as sent by and that the purported identity of a sender

is valid. These are used to protect the communication (the transit of messages) against active

attacks (falsification of data and transactions).

A message, file, document, or other collection of data is said to be authentic when it isgenuine and came from its alleged source. Two important aspects are to verify that the

contents of the message have not been altered and that the source is authentic.

While MAC functions are similar to cryptographic hash functions, they possess different

security requirements. To be considered secure, a MAC function must resist existential

forgery under chosen-plaintext attacks. This means that even if an attacker has access to an

oracle while possesses the secret key and generates MACs for messages of the attackers

choosing, the attacker cannot guess the MAC for other messages without performing

infeasible amounts of computation.

NEED FOR MESSAGE AUTHENTICATION

In the context of communication across the networks, the following attacks can be identified:

1. Disclosure: release of message contents to any person or process not possessing theappropriate cryptographic key.

2. Traffic analysis: Discovery of pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined.

In either a connection-oriented or connectionless environment, the number and length

of messages between parties could be determined.

3. Masquerade: Insertion of messages into the network from a fraudulent source. Thisincludes the creation of messages by an opponent that are purported to come from an

authorized entity. Also included are fraudulent acknowledgements of message receipt

or non-receipt by someone other than the message recipient.

4. Content modification: Changes of the contents of a message, including insertion,deletion, transposition and modification.


15/33

5. Sequence modification: Any modification to a sequence of messages betweenparties, including insertion, deletion, and reordering.

6. Timing modifications: Delay or replay of messages. In a connection-orientedapplication, an entire session or sequence of messages could be replay of some

previous valid session or individual messages in the sequence could be delayed orreplayed. In a connectionless application, individual messages could be delayed or

replayed.

7. Source repudiation: Denial of transmission of message by source.8. Destination repudiation: Denial of receipt of message by destination.

DEFENSE AGAINST ATTACKS

Dealt with

Dealt with

Dealt with

The above figure depicts various ways in which the upcoming attacks in the communications

networks can be defended and thus provide a better security in various scenarios.

1. Disclosure

2. Traffic Analysis

SYMMETRIC

ENCRYPTION

3. Masquerade

4. Content Modification

5. Sequence Modification

6. Timing Modification

MESSAGE

AUTHENTICATION

7. Source repudiation

8. Destination repudiation

DIGITAL

SIGNATURES


16/33

MESSAGE CONFIDENTIALITY WITH

SYMMMETRIC ENCRYPTION

SYMMETRIC ENCRYPTION:

Symmetric encryption is an encryption scheme where a single secret key is shared between

the sender and the receiver to communicate with each other by encrypting and decrypting the

messages with the same secret key being shared.

MESSAGE CONFIDENTIALITY:

The two attacks in the context of communication networks i.e. disclosure and traffic

analysis fall under the category of confidentiality which can be attained by using the

symmetric encryption scheme. The approach towards the disclosure attack is possibly to

encrypt the message and send it to the desired recipient who is actually intended to read the

contents of the message. Even if the non-desired user gains an access to the message, since

the message in encrypted, he will not be able to read the contents of the message, unless he

attains the key for decryption.

The approach towards the traffic analysis attack over the context of the

communication networks can be dealt in by using the following two measures:

Link Encryption End To End Encryption


17/33


18/33

PROBLEMS WITH LINK ENCRYPTION AND END TO END ENCRYPTION

In LED, each PSN or P has to decrypt the packet it receives to identify thedestination of the packet, which ultimately reveals the contents of the packets

message and thus is prone to threat.

In EED, the destination address is clearly visible in the header of the packet andthus the route tables can be modified and the destination address can be forged

and thus prone to threat.

SOLUTION

One possible solution that can help in dealing with the problems listed above would be

combining both the encryption devices together to provide better confidentiality.

Link Encryption

End to End Encryption

P Packet Switching Network

TERMIN

AL 1

TERMIN

AL 3

TERMIN

AL 2

P


19/33

APPROACHES TO MESSAGE AUTHENTICATION

MESSAGE ENCRYPTION

It is possible to perform authentication simply by the use of the conventional encryption. If

we assume that only the sender and receiver share a key. Then only the genuine sender would

be able to encrypt a message successfully for the other participant. Furthermore, if the

message includes error detection code and a sequence number, the receiver is assured that no

alterations have been made and that sequence number is proper. If the message also includes

a timestamp, then the receiver is assured that the message has not been delayed beyond that

normally expected for network transit.

Message authentication using symmetric encryption Message authentication using public key encryption

MESSAGE AUTHENTICATION USING SYMMETRIC ENCRYPTION

In this scenario, the following are the steps that occur between the sender and the receiver

The sender generates a message and processes it for encryption. A shared key is used to encrypt the message denoted as Ek(M) and transmits it over to

the receiver,

The receiver on the other hand receives the message and decrypts the message withthe same shared key denoted as Dk(C) and obtains the original message M.

The drawback of such a symmetric encryption scenario is that anyone who can obtain the

shared key by any form of attack can read the message by successfully decrypting it which

leads to loss of valuable information which was not intended to read by any attacker over the

network.

M ME D

K KE(K,M)


20/33

MESSAGE AUTHENTICATION USING PUBLIC KEY ENCRYPTION

CONFIDENTIALITY

The following are sequence of steps that occur in the above scenario

Sender generates a key pair called public and private and distributes the public keyover the network. Anyone who is interested in communication can acquire the public

key and communicate.

The willing party will encrypt a message with the public key of sender which isdenoted as EPUk(M) and transmit it to the sender.

The sender will decrypt the message with his private key which is only known to himand will acquire the message which is denoted as DPRk(C).

The drawback in this scenario is the lack of authenticity. Any user over the network can

acquire the pubic key of sender and send him a message by masquerading that he is some

other legitimate user.

AUTHENTICATION

The above scenario is a converse of the previously discussed scenario where they keys for

encryption are interchanged i.e. the private key of the user is used to encrypt the message to

reveal his authenticity in the communication. This method will justify the authenticity of the

M ME D

PUb E (PUb, M) PRb

M ME D

PRa

E (PRa, M) PU

a


21/33

sender but still there exists a problem of confidentiality cause the public key of the sender is

available with the entire user over the network and thus can decrypt the message.

AUTHENTICATION AND CONFIDENTIALITY

The best way to overcome the lack of authenticity and confidentiality discussed in the above

scenarios are to double encrypt the message which can be illustrated in the following steps

SENDER

M ---- Message

EPRa(M) ---- Encrypting M with private key of sender

EPUb(EPRa(M)) ---- Encrypting the encrypted message with public key of Recipient

RECEIVER

DPRb(EPRa(M)) ---- Decrypting the encrypted message with private key of Recipient

DPUa(M) ---- Decrypting M with public key of sender

M ---- Message

M E E MD D

PRa

E (PRa, M) PU

bE (PU

b, E (PR

a, M)) PR

bE (PR

a, M) PU

a


22/33

MESSAGE AUTHENTICATION CODE (MAC)

One authentication technique involves the use of a secret key to generate a small block of

data, known as a message authentication code that is appended to the message. This

technique assumes that the two communicating parties share a common secret key. When one

party wants to send a message to the other, first party calculates the MAC as a function of the

message and the key and then appends the MAC to the original message and transmits it to

the other party. The receiving party separates the MAC from the message and then computes

the MAC on the message and compares it with the MAC received over the network from the

sender and if it matches then the authenticity of the sender is justified.

The following are the steps that are involved in the above scenario between the sender and

the receiver

Sender forms a message and computes MAC using the MAC algorithm. MAC isformed by encrypting the message with a shared secret key.

The MAC is appended to the original message and the entire content is transmittedover the network to the recipient.

The recipient separated the MAC from the message, performs MAC computation onthe message with the same secret key.

The recipient compares the received MAC and computed MAC and if they both tally,then he is satisfied that the message integrity is maintained and is not tampered by any

unauthorized user over the network.

A slight difficulty which arises in MAC is that it accepts only fixed size message blocks forprocessing and to obtain that preprocessing consumes a lot of time.

M

MA

M

MAC

MAC

M

MAC

MA

MAC

K

COMPARE

K


23/33

HASH FUNCTION

A variation in the MAC is one-way hash function which accepts a variable-size message M

as input and produces a fixed-size output which is referred to as hash code. The hash code is

also known as the message digest or the hash value. A secret key is not taken as an input to

hash function rather the message alone is passed to the hash algorithm to generate a message

digest. To authenticate a message, the message digest is sent with the message in such a way

that the message digest is authentic.

There are three ways in which the message can be authenticated:

Using conventional encryption Using public-key algorithm Using secret value

USING CONVENTIONAL ENCRYPTION

The Hash function technique is analogous to MAC where instead of a MAC algorithm a

HASH function / algorithm is used to generate what is called a message digest. The

processing is illustrated in the below steps:

Initially sender forms a message and computes the hash of that message using a hashalgorithm which produces a message digest.

The message digest is encrypted with the shared key and an encrypted message digestis produced out of it.

The content is then appended to entire message block and transmitted over thenetwork to the desired recipient.

The receiver detaches the message from the message digest and performs samecomputations performed by the sender and then matches the received message digest

M M M

H

E

H

D

K K COMPARE


24/33

with the computed digest to identify the integrity of the message and is satisfied if not

tampered.

USING PUBLIC KEY ALGORITHM

This technique is analogous to the previous method where a public, private key pair is used

instead of a shared secret value.

USING A SECRET VALUE

This technique is similar to that of the above two techniques where no encryption scheme is

followed. The flowing steps are involved in this technique:

M M M

H

E

H

D

PRa PUa COMPARE

M M M

H

H

S S

COMPARE


25/33

The sender computes the message digest by passing the message and the shared secretas arguments to the hash function.

The message digest produced is directly appended to the message without encryptingand is transmitted to the receiver over the network.

The receiver detaches the message from the message digest and computes themessage digest on the message with the shared key and message as input to the samehash function used by the sender.

The computed message digest is compared with the received message digest and ifthey both match, then the integrity of the message is verified and the receiver is

satisfied.


26/33

DIGITAL SIGNATURES

A digital signature or a digital signature scheme is a mathematical scheme for demonstrating

the authenticity of a digital message or document. A valid digital signature gives a recipient

reason to believe that the message was created by a known sender, and that it was not altered

in transit. Digital signatures are commonly used for software distribution, financial

transactions, and in other cases where it is important to detect forgery or tampering.

A digital signature can be used with any kind of message, transactions and the like, whether it

is encrypted or not, simply so that the receiver can be sure of the senders identity and that

the message arrived intact. A digital certificate contains the digital signature of the certificate-

issuing authority so that anyone can verify that the certificate is real. This indeed is so

commonly observed now in internet transactions.

NEED FOR DIGITAL SIGNATURES

Message authentication protects two parties who exchange messages from any third party.

However, it does not protect the two parties against each other. Several forms of dispute

between the two are possible.

E.g. suppose that john sends an authenticated message to Mary, and then the following

disputes could arise:

Mary may forge different messages and claim that it came from John. Mary wouldsimply have to create a message and append an authentication code using the key that

John and Mary share.

John can deny sending the message. Because it is possible for Mary to forge amessage, there is no way to prove that John did in fact send the message.

Both scenarios are legitimate and thus they can lead to various kinds distrust between the

senders and receivers and can form a path of no trust between the communicating parties. In

situations where there is no complete trust between the sender and the receiver, something

more than authentication is needed. The more attractive solution to this problem is the digital

signature. The digital signature is analogous to the handwritten signature. It must have the

following properties:

It must verify the author and the date time of the signature. It must authenticate the contents at the time of the signature.

It must be verifiable by third parties to resolve disputes.


27/33

Thus, the digital signature function includes the authentication function. On the basis of these

properties, we can formulate the following requirements for a digital signature:

The signature must be a bit pattern that depends on the message digest signed. The signature must some information unique to the sender, to prevent both forgery

and denial.

It must be relatively easy to produce the digital signature. It must be relatively easy to produce the digital signature. It must be computationally infeasible to forge a digital signature, either by

constructing a new message for an existing digital signature or by constructing a

fraudulent digital signature for a given message.

It must be practical to retain a copy of the digital signature in storage.

HOW DIGITAL SIGNATURES WORK ?

Assume you were going to send the draft of a certain contract to your lawyer in another town.

You want to give your lawyer the assurance that it was unchanged from what you sent and

that it is really from you. Here then would be the process:

You copy-and-paste the contact into an e-mail note. Using special software, you obtain a message hash or message digest of the contract

by passing it to the hash algorithm.

You then use a private key that you have previously obtained from a public-privatekey authority to encrypt the hash.

The encrypted hash becomes your digital signature of the message (Note that it willbe different each time you send a message).

USES OF DIGITAL SIGNATURES

As organizations move away from paper documents with ink signatures or authenticity

stamps, digital signatures can provide added assurances of the evidence to provenance,

identity, and status of an electronic document as well as acknowledging informed consent and

approval by a signatory. The United States Government Printing Office (GPO) publishes

electronic versions of the budget, public and private laws, and congressional bills with digital

signatures. Universities including Penn State, University Of Chicago, and Stanford are

publishing electronic student transcripts with digital signatures. Below are some common

reasons for applying a digital signature to communications:


28/33

Authentication Integrity Non-repudiation

AUTHENTICATION

Although messages may often include information about the entity sending a message, that

information may not be accurate. Digital signatures can be used to authenticate the source of

messages. When ownership of a digital signature secret key is bound to a specific user, a

valid signature shows that the message was sent by that user. The importance of high

confidence in sender authenticity is especially obvious in a financial context. For example,

suppose a bank's branch office sends instructions to the central office requesting a change in

the balance of an account. If the central office is not convinced that such a message is truly

sent from an authorized source, acting on such a request could be a grave mistake.

INTEGRITY

In many scenarios, the sender and receiver of a message may have a need for confidence that

the message has not been altered during transmission. Although encryption hides the contents

of a message, it may be possible to change an encrypted message without understanding it.

(Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.)However, if a message is digitally signed, any change in the message after signature will

invalidate the signature. Furthermore, there is no efficient way to modify a message and its

signature to produce a new message with a valid signature, because this is still considered to

be computationally infeasible by most cryptographic hash functions (see collision resistance).

NON-REPUDIATION

Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of

digital signatures. By this property an entity that has signed some information cannot at alater time deny having signed it. Similarly, access to the public key only does not enable a

fraudulent party to fake a valid signature.
http://en.wikipedia.org/wiki/Malleability_(cryptography)http://en.wikipedia.org/wiki/Collision_resistancehttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Collision_resistancehttp://en.wikipedia.org/wiki/Malleability_(cryptography)


29/33

GENERATION AND VERIFICATION OF

DIGITAL SIGNATURES

The following figure depicts the generation and the verification of the digital signatures

which is illustrated in the form of steps below.

Fig: Creation and verification of digital signatures

GENERATION

A key pair, public and the private are generated by all the communicating parties. The message or data is hashed using a hash function which produces a message

digest.

The message digest is encrypted with the private key of the sender which ultimatelyturn forms a digital signature.

This digital signature is appended with the message or any other related informationand is transmitted over the network to the desired recipient.


30/33

VERIFICATION

The recipient receives the information or message along with the digital signature. The receiver decrypts the digital signature with the public key of the sender which he

has already received prior to communication and thus obtains the message digest.

Since hashing is one-way meaning that it is not reversible, the message is taken by thereceiver and then he performs hash on the message to obtain the message digest.

The receiver compares the computed message digest with the received message digestand if the both tally, then he is assured of the authenticity of the sender as well as the

integrity of the message.

ADVANTAGES OF DIGITAL SIGNATURES

Just as with any technology, there will be plus and minuses. This is the way it is with

anything, whether it is technology related or not. The advantages of using digital signatures

include:

IMPOSTER PREVENTION:By using digital signatures you are actually eliminating the possibility of committing

fraud by an imposter signing the document. Since the digital signature cannot be

altered, this makes forging the signature impossible.

MESSAGE INTEGIRTY:By having a digital signature you are in fact showing and simply proving the

document to be valid. You are assuring the recipient that the document is free from

forgery or false information.

LEGAL REQUIREMENTS:Using a digital signature satisfies some type of legal requirement for the document in

question. A digital signature takes care of any formal legal aspect of executing the

document.


31/33

CONCLUSION

User authentication can be handled using one or more different authentication methods. Some

authentication methods such as plain password authentication are easily implemented but are

in general weak and primitive. The fact that plain password authentication it is still by far themost widely used form of authentication, gives credence to the seriousness of the lack of

security on both the Internet and within private networks.

Other methods of authentication that may be more complex and require more time to

Implement and maintain, provide strong and reliable authentication (provided one keeps its

secrets secret, i.e. private keys and phrases).

That being said, one of the key factors to be considered in determining which method of

authentication to implement is usability. The usability factor cannot be ignored when

designing authentication systems. If the authentication methods are not deemed usable by

those forced to utilize them, then they will avoid using the system or persistently try to

bypass them. Usability is a key issue to the adoption and maintenance of a security system.


32/33

APPENDIX-A

TERMINOLOGY

KEYWORD DESCRIPTION

K SHARED SECRET KEY

KPU PUBLIC KEY OF USER

KPR PRIVATE KEY OF USER

PKC PUBLIC KEY CRYPTOGTAPHY

MA MAC ALGORITHM

MAC MESSAGE AUTHENTICATION CODE

H HASH FUNCTION

MD MESSAGE DIGEST

E and D ENCRYPTION AND DECRYPTION

DS DIGITAL SIGNATURES


33/33

REFERENCES

E-BOOKS:

http://www.entrust.com/resources/pdf/cryptointro.pdf http://www.ehow.com/list_5910155_types-authentication-protocols.pdf http://technet.microsoft.com/en-us/library/cc962021.pdf

WEBSITES:

http://en.wikipedia.org/wiki/Authentication http://www.duke.edu/~rob/kerberos/authvauth.html http://www.youdzone.com/signature.html http://cs.ucsb.edu/~koc/ccs130h/notes/mac2.html

TEXT BOOKS:

Cryptography and network securityWilliam Stallings, 4th Edition Hack proofing your network2nd Edition, Dreamtech Publications Network Security EssentialsWilliam Stallings, 3rd Edition Internet and World Wide WebNieto, Dreamtech Publications
http://www.entrust.com/resources/pdf/cryptointro.pdfhttp://www.ehow.com/list_5910155_types-authentication-protocols.pdfhttp://technet.microsoft.com/en-us/library/cc962021.pdfhttp://en.wikipedia.org/wiki/Authenticationhttp://www.duke.edu/~rob/kerberos/authvauth.htmlhttp://www.youdzone.com/signature.htmlhttp://cs.ucsb.edu/~koc/ccs130h/notes/mac2.htmlhttp://cs.ucsb.edu/~koc/ccs130h/notes/mac2.htmlhttp://www.youdzone.com/signature.htmlhttp://www.duke.edu/~rob/kerberos/authvauth.htmlhttp://en.wikipedia.org/wiki/Authenticationhttp://technet.microsoft.com/en-us/library/cc962021.pdfhttp://www.ehow.com/list_5910155_types-authentication-protocols.pdfhttp://www.entrust.com/resources/pdf/cryptointro.pdf

Message Authentication Code and Digital Signatures - Technical Report

Documents