Data Integrity and Message Authentication
It was mentioned earlier in this chapter that integrity and protection security
services are needed to protect against active attacks, such as falsification of data
and transaction. Protection against such attacks is known as message
Def. Message Authentication – A message, file, document, or other collection of
data is said to be authentic when it is genuine and came from its alleged source.
Message authentication is a procedure that allows communicating parties to
verify that received messages are authentic.
The two important aspects are to verify that the contents of the message have
not been altered and that the source is authentic. Sometimes, we need to verify
a message’s timelines (i.e., it has not been purposely delayed and replayed) and
sequence relative to other messages following between two parties. There are
two approaches to message authentication:
A. Authentication with Conventional Encryption – If we assume that only the
sender and receiver share a key, then only the genuine sender would be
able to encrypt a message. Furthermore, if the message includes an
error-detection code and a sequence number, the receiver is assumed
that no alterations have been made and that sequencing is proper. If the
message also includes a timestamp, the receiver is assumed that the
message has not been delayed beyond that normally expected for
B. Message Authentication without Encryption – There are a number of
application in which the same message is broadcast to a number of
destinations. It is much cheaper and faster to broadcast in plaintext with
an associated authentication tag. Another example would be on-line
download of a computer program in plaintext, but in a way that assumes
its authentication. In this case, if a message authentication tag were
attached to the program, it could be checked whenever assurance is
required of the integrity of the program. In all of these cases, an
authentication tag is generated and appended to each message for
transmission. The message itself is not encrypted and can be read at the
destination independent of the authentication function.
Message Authentication Code (MAC)
One technique involves the use of a secret key to generate a small block of data,
known as a message authentication code (MAC), that is appended to the
message. In this technique, the two communicating parties, Alice and Bob, share
a common secret key K AB.lice calculates the MAC as a function of the message
and the key:
1 MAC =M(K AB)
The message plus this MAC code are transmitted to the intended recipient. The
recipient performs the same calculation on the received message, using the
same secret key, to generate a new MAC code. The received MAC code is
compared to the calculated code. If they match, then
a) The receiver is assured that the message has not been altered.
b) The receiver is assured that the message is from the alleged sender.
c) If the message includes a sequence number, then the receiver can be
assured of the proper sequence. This is shown in Figure 5.
Figure 5 Message Authentication Using a Message Authentication
2 Note 1 – A number of algorithms could be used to generate the MAC code. The
NIST, in its publication entitled DES Modes of Operation, recommends the use
of Data Encryption Algorithm (DEA). This algorithm is used to generate an
encrypted version of the message, and only the last number of bits of
ciphertext are used as the MAC code. A 16-bit or 32-bit code is typical.
Note 2 – The process just described is similar to encryption. One difference is
that the authentication algorithms need not be reversible, as it must for
Note 3 – The message authentication code is also known as data authentication
One-Way Hash Function
A variation on the MAC code is the one-way hash function. A one-way hash
function has many names: compression function, contraction function, message
digest, fingerprint, cryptographic checksum, message integrity check (MIC),
and modification detection code (MDC). It is central to modern cryptography.
As with the message authentication code, a hash function accepts a variable
-size message M as input and produces a fixed-size message digest H(M) as
output. Unlike the MAC, a hash function does not need a secret key as input. In
other words, the one-way hash function is a non-keyed message digest. To
authenticate the message, the message digest is sent with the