消息认证(Message Authentication).pptVIP

消息认证（Message Authentication） Goal: A = M = B  1. Guarantee no message changed 2. Confirm the message sent by specified user  Authenticator: a short string (value) MAC appended to a message M for authenticating the message Sender: M ? M||MAC Receiver: M||MAC ? yes/no (authentication) Message Encryption message encryption by itself also provides a measure of authentication if symmetric encryption is used then: receiver know sender must have created it since only sender and receiver know key used know content cannot of been altered if message has suitable structure, redundancy or a checksum to detect any changes Encryption for authentication First symmetric encryption: Let M be a message of some bit pattern Eg. M=X||111110000011111 Authenticator: V=EK(M) Authentication Compute DK(V)=M’ Check M’=X’||111110000011111 Encryption for authentication (cont.) Second symmetric encryption Compute a “checksum” (frame check sequence) Let F be a public checksum function Compute C=EK(M||F(M)) Authentication Compute DK(C)=M’||S’ Check S’=F(M’) Encryption for authentication (cont.) Message Encryption if public-key encryption is used: encryption provides no confidence of sender since anyone potentially knows public-key however if sender signs message using their private-key then encrypts with recipients public key have both secrecy and authentication again need to recognize corrupted messages but at cost of two public-key uses on message Message authentication code Prerequisite: A and B shares a key K Can be a session key MAC: a short fixed-size data block, depending on the message M and the shared key K MAC(K,M)=CK(M) Sender: M||CK(M) Receiver: on receiving M’|C’ Compute C’’=CK(M’) Check whether C’=C’’ MAC: example The last block of DES-CBC Cipher block chaining mode MAC: security Only A and B who share a key can create a valid MAC code for a message M Only the designated receiver A or B can authenticate the received message An attacker cannot modif