Lec7 - Message Authentication Sheng Zhong Target When we...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Message Authentication Sheng Zhong
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Target When we receive a message, we want to make sure: It is sent by the supposed sender. Nobody has tampered with it. This can be done: Using private key techniques, or Using public key techniques.
Background image of page 2
3 General Framework for Message Authentication (1) Sender: Use encoding key Ke to compute detection code: C=f(Ke, Data), Where f is an encoding algorithm. C is transmitted together with Data. Receiver: Use verification key Kv to verify message: g(Kv,Data,C)=?
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 General Framework for Message Authentication (2) If g(Kv,Data,C)=true, then the message is accepted. Otherwise, the message is rejected. Assuming there is no way to forge a valid C without knowing Ke, an accepted message is indeed from the supposed sender and has not been tampered with.
Background image of page 4
5 Variants of Framework (1) With private key techiques, we have message authentication code (MAC) . Encoding key=Verification key, called MAC key here. f: MAC algorithm. g: MAC verification algorithm.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Variants of Framework (2) With public key techiques, we have digital signature . Encoding key≠Verification key. Encoding key called signing key. f: signing algorithm. g: verification algorithm.
Background image of page 6
7 MAC based on Hash Suppose sender and receiver share a key k. Let H() be a “good” hash function. Sender: C=H(k,data). Receiver: Accept message if and only if C=H(k,data).
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
What do we need from H()? (1) For security, we need that C can’t be computed without knowing k. So we need H() to be
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/27/2010 for the course CSE 664 taught by Professor Shengzhong during the Spring '10 term at SUNY Buffalo.

Page1 / 23

Lec7 - Message Authentication Sheng Zhong Target When we...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online