Lecture 7 Flashcards

1
Q

What is a “MAC”?

A

Message authentication code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of a “MAC”?

A

A MAC provides “Authenticity”, as opposed to the “Confidentiality” and “Integrity” provided by cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is a MAC created and used?

A
  1. Unique MAC key and algorithm is agreed upon by Sender and Reciever
  2. The MAC algorithm typically takes two inputs - message, and key. Sender provides MAC algorithm with these, which returns a typically fixed length bitstring (known as a MAC tag) along with the message.
  3. This is sent to the Reciever, who verifies it’s authenticity by putting the message and their previously agreed key into the MAC algorithm. If the generated MAC tag matches the one provided, then authenticity can be assumed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can we prove a MAC is secure?

A

HMAC involves padding the key with two distinct constants (ipad
and opad), then hashing the key and message in two rounds: first with the
inner pad and then with the outer pad. The final HMAC value can be used to
check that the message hasn’t been changed and that it’s from a legitimate
sender.

Simply, it uses a known hash function, encrypting the message with a key either side of the message.

This method is secure as long as the secret key remains confidential.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of an existentially unforgeable MAC?

A

Verifying that, given a set of valid MAC pairs leak, an adversary can not use these pairs to facilitate widespread MAC forgery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of attack are MACs insecure to?

A

Replay attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Replay attack?

A

When an attacker intercepts, and maliciously resends a captured message to deceive the target into taking unwanted actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can Replay Attacks be prevented?

A
  1. Sequence Number
    Sender signs the message with a key compounding the previous key and the current amount of messages sent and received.
  2. Using Timestamps
    The sender adds the current time to the message, and the receiver checks that the current time is acceptable.
  3. Using Nonce
    The receiver sends to the sender a random nonce, which the sender includes in the signature.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can MACs be constructed using hash functions?

A

Signk(m) = H(k||m)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why shouldn’t hash functions be used for MACs?

A

An adversary can forge a valid signature or MAC for a modified message without knowing the secret key, by appending extra data to the original message and using the same hash function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a very secure method of MAC creation?

A

Encrypt-then-MAC Approach: First, the message is encrypted using a key. This ensures confidentiality.

MAC on Ciphertext: After encryption, a MAC (Message Authentication Code) is computed on the encrypted message (ciphertext), using a different key. This step ensures integrity and authenticity.

Decryption and Verification: During decryption, the receiver checks the MAC. If the MAC doesn’t match, it indicates tampering, and decryption is aborted, ensuring that only messages encrypted and authenticated with the correct keys are accepted.

CBC makes it difficult for attackers to glean information by modifying the ciphertext due to individual character changes having larger propagation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why are fixed-length outputs an issue for MACs?

A

Fixed-length messages are not entirely secure because if the length is known, an attacker can exploit this predictability to craft specific attacks, bypassing certain security measures that rely on variability in message size.

For example, with a padding oracle attack, if padding is used to bring messages to a fixed length, attackers can manipulate the padding to learn about the encrypted data or key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly