Scribd
Upload
3 views2 pages

7 - Message Authentication Code (MAC)

The document discusses the threat of lack of message authentication and introduces Message Authentication Code (MAC) as a symmetric key cryptographic technique to ensure message authenticity. It explains the MAC process, where a sender and receiver share a secret key to generate and verify a MAC value along with the message. However, it highlights two limitations of MAC: the need for a shared secret and the inability to provide non-repudiation, meaning the sender can deny sending the message in case of disputes.

Uploaded by

yume
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3 views2 pages

7 - Message Authentication Code (MAC)

The document discusses the threat of lack of message authentication and introduces Message Authentication Code (MAC) as a symmetric key cryptographic technique to ensure message authenticity. It explains the MAC process, where a sender and receiver share a secret key to generate and verify a MAC value along with the message. However, it highlights two limitations of MAC: the need for a shared secret and the inability to provide non-repudiation, meaning the sender can deny sending the message in case of disputes.

Uploaded by

yume
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Another type of threat that exist for data is the lack of message authentication.

In this threat,
the user is not sure about the originator of the message. Message authentication can be provided
using the cryptographic techniques that use secret keys as done in case of encryption.

Message Authentication Code (MAC)


MAC algorithm is a symmetric key cryptographic technique to provide message authentication.
For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent
along with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −

Let us now try to understand the entire process in detail −

 The sender uses some publicly known MAC algorithm, inputs the message and the secret key K
and produces a MAC value.
 Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output.
The major difference between hash and MAC is that MAC uses secret key during the compression.
 The sender forwards the message along with the MAC. Here, we assume that the message is sent
in the clear, as we are concerned of providing message origin authentication, not confidentiality.
If confidentiality is required then the message needs encryption.
 On receipt of the message and the MAC, the receiver feeds the received message and the shared
secret key K into the MAC algorithm and re-computes the MAC value.
 The receiver now checks equality of freshly computed MAC with the MAC received from the
sender. If they match, then the receiver accepts the message and assures himself that the
message has been sent by the intended sender.
 If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine
whether it is the message that has been altered or it is the origin that has been falsified. As a
bottom-line, a receiver safely assumes that the message is not the genuine.

Limitations of MAC
There are two major limitations of MAC, both due to its symmetric nature of operation −

 Establishment of Shared Secret.


o It can provide message authentication among pre-decided legitimate users who have
shared key.
o This requires establishment of shared secret prior to use of MAC.
 Inability to Provide Non-Repudiation
o Non-repudiation is the assurance that a message originator cannot deny any previously
sent messages and commitments or actions.
o MAC technique does not provide a non-repudiation service. If the sender and receiver get
involved in a dispute over message origination, MACs cannot provide a proof that a
message was indeed sent by the sender.
o Though no third party can compute the MAC, still sender could deny having sent the
message and claim that the receiver forged it, as it is impossible to determine which of
the two parties computed the MAC.

You might also like