Computer Networks
Message Authentication (8.2-8.3, 8.4.2-8.4.3)
David Wetherall (djw@[Link]) Professor of Computer Science & Engineering
�Topic
Encrypting information to provide authenticity (=correct sender) and integrity (=unaltered)
Confidentiality isnt enough
Network Alice Bob
Computer Networks
�Goal and Threat Model
Goal is to let Bob verify the message came from Alice and is unchanged
This is called integrity/authenticity
Threat is Trudy will tamper with messages
Trudy is an active adversary (interferes)
Inetworks ????
Alice
Computer Networks
Trudy
Bob
3
�Wait a Minute!
Were already encrypting messages to provide confidentiality Why isnt this enough?
Computer Networks
�Encryption Issues
What will happen if Trudy flips some of Alices message bits?
Bob will decrypt it, and
Um??
Trudy
Computer Networks
Bob
5
�Encryption Issues (2)
What will happen if Trudy flips some of Alices message bits?
Bob will receive an altered message
yuiE#E3@
Um??
Trudy
Computer Networks
Bob
6
�Encryption Issues (3)
Typically encrypt blocks of data What if Trudy reorders message?
Bob will decrypt, and 4
Trudy
1
Bob
Computer Networks
�Encryption Issues (4)
What if Trudy reorders message?
Bob will receive altered message
BUY NOW! DO NOT STOP OK!
4
Trudy
1
Bob
Should have been (Woops)
Computer Networks
�MAC (Message Authentication Code)
MAC is a small token to validate the integrity/authenticity of a message
Send the MAC along with message Validate MAC, process the message Example: HMAC scheme
Message MAC Alice
Computer Networks
Bob
9
�MAC (2)
Kind of symmetric encryption operation key is shared
Lets Bob validate unaltered message came from Alice Doesnt let Bob convince Charlie that Alice sent the message
Inetworks Generate Alice Message Inetworks Validate
MAC KAB KAB
Bob
Secret key
Computer Networks
Secret key
10
�Digital Signature
Signature validates the integrity/ authenticity of a message
Send it along with the message Lets all parties validate Example: RSA signatures
Message Signature Alice
Computer Networks 11
�Digital Signature (2)
Kind of public key operation public/private key parts
Alice signs with private key, KA-1, Bob verifies with public key, KA Does let Bob convince Charlie that Alice sent the message
Inetworks Sign Alice Message Inetworks Verify
Bob
Alices private key
Computer Networks
KA-1
Signature KA
Alices public key
12
�Speeding up Signatures
Same tension as for confidentiality:
Public key has keying advantages But it has slow performance!
Use a technique to speed it up
Message digest stands for message Sign the digest instead of full message
Computer Networks 13
�Message Digest or Cryptographic Hash
Digest/Hash is a secure checksum
Deterministically mangles bits to pseudo-random output (like CRC) Cant find messages with same hash Acts as a fixed-length descriptor of message very useful!
I might be a tiny bit sick of networks
Input Output
14
e.g., SHA1 Hash (160 bits) function
Computer Networks
�Speeding up Signatures (2)
Conceptually as before except sign the hash of message
Hash is fast to compute, so it speeds up overall operation Hash stands for message as cant find another with same hash
Inetworks Sign Alice Message Inetworks Verify
Bob
Alices private key
Computer Networks
KA-1
Signature of hash of message
KA
Alices public key
15
�Preventing Replays
We normally want more than confidentiality, integrity, and authenticity for secure messages!
Want to be sure message is fresh
Dont want to mistake old message for a new one a replay
Acting on it again may cause trouble
Computer Networks 16
�Preventing Replays (2)
Replay attack:
Trudy records Alices messages to Bob Trudy later replays them (unread) to Bob; she pretends to be Alice
Hi Alice!
Password?
Trudy
Computer Networks
Bob
17
�Preventing Replays (3)
To prevent replays, include proof of freshness in messages
Use a timestamp, or nonce
Freshness
Tue [Link] sell stocks Message MAC OK!
Alice
Computer Networks
Bob
18
Confidentiality Authenticity/Integrity
�Takeaway
Cryptographic designs can give us integrity, authenticity and freshness as well as confidentiality. Yay! Real protocol designs combine the properties in different ways
Well see some examples Note many pitfalls in how to combine, as well as in the primitives themselves
Computer Networks 19
�END
2013 D. Wetherall
Slide material from: TANENBAUM, ANDREW S.; WETHERALL, DAVID J., COMPUTER NETWORKS, 5th Edition, 2011. Electronically reproduced by permission of Pearson Education, Inc., Upper Saddle River, New Jersey
Computer Networks 20
