Lecture 7 Flashcards
What is a “MAC”?
Message authentication code.
What is the purpose of a “MAC”?
A MAC provides “Authenticity”, as opposed to the “Confidentiality” and “Integrity” provided by cryptography.
How is a MAC created and used?
- Unique MAC key and algorithm is agreed upon by Sender and Reciever
- The MAC algorithm typically takes two inputs - message, and key. Sender provides MAC algorithm with these, which returns a typically fixed length bitstring (known as a MAC tag) along with the message.
- This is sent to the Reciever, who verifies it’s authenticity by putting the message and their previously agreed key into the MAC algorithm. If the generated MAC tag matches the one provided, then authenticity can be assumed.
How can we prove a MAC is secure?
HMAC involves padding the key with two distinct constants (ipad
and opad), then hashing the key and message in two rounds: first with the
inner pad and then with the outer pad. The final HMAC value can be used to
check that the message hasn’t been changed and that it’s from a legitimate
sender.
Simply, it uses a known hash function, encrypting the message with a key either side of the message.
This method is secure as long as the secret key remains confidential.
What is the purpose of an existentially unforgeable MAC?
Verifying that, given a set of valid MAC pairs leak, an adversary can not use these pairs to facilitate widespread MAC forgery.
What type of attack are MACs insecure to?
Replay attacks.
What is a Replay attack?
When an attacker intercepts, and maliciously resends a captured message to deceive the target into taking unwanted actions.
How can Replay Attacks be prevented?
- Sequence Number
Sender signs the message with a key compounding the previous key and the current amount of messages sent and received. - Using Timestamps
The sender adds the current time to the message, and the receiver checks that the current time is acceptable. - Using Nonce
The receiver sends to the sender a random nonce, which the sender includes in the signature.
How can MACs be constructed using hash functions?
Signk(m) = H(k||m)
Why shouldn’t hash functions be used for MACs?
An adversary can forge a valid signature or MAC for a modified message without knowing the secret key, by appending extra data to the original message and using the same hash function.
What is a very secure method of MAC creation?
Encrypt-then-MAC Approach: First, the message is encrypted using a key. This ensures confidentiality.
MAC on Ciphertext: After encryption, a MAC (Message Authentication Code) is computed on the encrypted message (ciphertext), using a different key. This step ensures integrity and authenticity.
Decryption and Verification: During decryption, the receiver checks the MAC. If the MAC doesn’t match, it indicates tampering, and decryption is aborted, ensuring that only messages encrypted and authenticated with the correct keys are accepted.
CBC makes it difficult for attackers to glean information by modifying the ciphertext due to individual character changes having larger propagation.
Why are fixed-length outputs an issue for MACs?
Fixed-length messages are not entirely secure because if the length is known, an attacker can exploit this predictability to craft specific attacks, bypassing certain security measures that rely on variability in message size.
For example, with a padding oracle attack, if padding is used to bring messages to a fixed length, attackers can manipulate the padding to learn about the encrypted data or key.