This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 7 Message Authentication In most peoples minds, privacy is the goal most strongly associated to cryptography. But message authentication is arguably even more important. Indeed you may or may not care if some particular message you send out stays private, but you almost certainly do want to be sure of the originator of each message that you act on. Message authentication is what buys you that guarantee. Message authentication allows one partythe senderto send a message to another party the receiverin such a way that if the message is modified en route, then the receiver will almost certainly detect this. Message authentication is also called data-origin authentication. Message authentication is said to protect the integrity of a message, ensuring that each message that it is received and deemed acceptable is arriving in the same condition that it was sent outwith no bits inserted, missing, or modified. Here well be looking at the shared-key setting for message authentication (remember that message authentication in the public-key setting is the problem addressed by digital signatures ). In this case the sender and the receiver share a secret key, K , which theyll use to authenticate their transmissions. Well define the message authentication goal and well describe some different ways to achieve it. As usual, well be careful to pin down the problem were working to solve. 7.1 The setting It is often crucial for an agent who receives a message to be sure who sent it. If a hacker can call into his banks central computer and produce deposit transactions that appears to be coming from a branch office, easy wealth is just around the corner. If an unprivileged user can interact over the network with his companys mainframe in such a way that the machine thinks that the packets it is receiving are coming from the system administrator, then all the machines access- control mechanisms are for naught. In such cases the risk is that an adversary A , the forger , will create messages that look like they come from some other party, S , the (legitimate) sender . The attacker will send a message M to R , the receiver (or verifier ), under S s identity. The receiver R will be tricked into believing that M originates with S . Because of this wrong belief, R may inappropriately act on M . The rightful sender S could be one of many different kinds of entities, like a person, a corpora- tion, a network address, or a particular process running on a particular machine. As the receiver R , you might know that it is S that supposedly sent you the message M for a variety of reasons. For 2 MESSAGE AUTHENTICATION M C Sender A K K C E D Receiver M or Figure 7.1: An authenticated-encryption scheme. Here we are authenticating messages with what is, syntactically, just an encryption scheme. The sender transmits a transformed version C of M and the receiver is able to recover M = M or else obtain indication of failure. Adversaryor else obtain indication of failure....
View Full Document
- Winter '08