Chapter 5ii: Message Authentication Codes

Question 1

• (Cryptographic) hashes alone do not protect against intentional tampering!
• MACs include a secret key K in addition to the message m they aim to protect.
• Only the persons with knowledge of K can (re-)compute the MAC. Explain the procedure.

Answer 1

Question 2

MACs:
* Do …
* Do …
* Cannot…
* Can be replayed (for same m)

Answer 2

prove message integrity

detect tampering

be forged

Question 3

• Do MACs prove authenticity?

Answer 3

• It depends on scenario
• If k is shared between Alice and Bob, Alice (Bob) knows that Bob (Alice) must have computed MACK (m); comparable to challenge/response authentication
• If k is a shared group key used by Alice, Bob, Cesar, …, e.g. Alice knows that MACK (m) was computed by a group member, but not by which one
• Also, an external observer cannot validate MACK (m) as k is unknown

Question 4

Explain.

Answer 4

• Alice protects/authenticates her message m with a MAC function
• Alice has to send m and the MAC value to Bob.
• Bob can verify the MAC code by using the shared key:
• He reads Alice’s MACK (m)
• He can check if MACK (m) he computed matches the one sent by Alice.
• If there is a match, m was not modified, as only Alice and Bob who K .
• Take home message: for integrity/authenticity checks the receiver needs to know m and a secure modi- fication check value that it can compare.

Question 5

Explain the issue here.

Answer 5

Question 6

Answer 6

Question 7

Common MAC Functions

Families of MAC constructions// Reasons of MAC constructions

Answer 7

Question 8

explain HASHMACS

Answer 8

Question 9

Answer 9

Question 10

CBC-MAC security

Answer 10

Question 11

CBC-MAC performance

Answer 11

Question 12

CMACs

Answer 12