MAC, HMAC & DigitalSignature (week 5)

Question 1

what does mac stand for ?

Answer 1

Message Authentication Code

Question 2

what is mac used for ?

Answer 2

MAC is used to ensure the integrity and authenticity of the message

Question 3

what are 3 mac algorithms

Answer 3

Key generation Algorithm
–> Select a random cryptographic key

Signing Algorithm
–> Returns a MAC from the message and the key

Verifying Algorithm
–> Verify the message’s authenticity and integrity

Question 4

sender and receiver must _____ in mac

Answer 4

share a secret cryptographic key (a shared secret)

Question 5

why is mac weak on non repudiation

Answer 5

MAC is weak on non-repudiation as multiple parties may possess the same key.

Question 6

what is authenticity

Answer 6

Authenticity verifies the sender’s identity and the source of the message.

Question 7

what is non repudiation

Answer 7

Non-repudiation is a procedural, legal concept that proves the legitimacy of a message or data transfer by providing undeniable evidence of both authenticity and integrity

Question 8

what are the steps for MAC creation and verification steps

Answer 8

1. Bob calculates MAC 1 using a cryptographic key and plaintext message.
2. Bob sends the message and MAC 1 to Alice.
3. Alice calculates MAC 2 using the same key and message and compares MAC 1 with MAC 2:
   • If they are equal, the message is good.
   • Else, the message is rejected.

Question 9

who should know the mac key and why

Answer 9

The key must be known only to the sender and receiver to support authenticity.

Question 10

give a scenario where the mac has been compromised by the attacker

Answer 10

If the attacker (Eve) changes the message but not the MAC, the receiver will calculate a different MAC from the message and conclude that message integrity has been violated.
* The attacker does not have the
cryptographic key to re-compute
and replace the MAC

Question 11

what is siphashs

Answer 11

add–rotate–xor (ARX) based pseudo-random
MAC function optimized for short inputs

Question 12

what does siphash compute

Answer 12

computes a 64-bit MAC from a message

128-bit secret key

Question 13

MAC algorithms can also be constructed from ?

Answer 13

hash functions (HMAC)

block cipher algorithms

Question 14

what is HMAC

Answer 14

HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.

Question 15

what are some challenges with HMAC

Answer 15

• Multiple recipients using multiple keys need a key management process/system
• Multiple recipients using a single shared key has an authentication problem

Question 16

what are 2 common things among Hash, MAC, and HMAC

Answer 16

–> there is message integrity verification

–> Not designed to support confidentiality

Question 17

what is a digital signature

Answer 17

Digital signatures are a mathematical way of verifying the authenticity of digital messages to prevent forgery and tampering in the sending and receiving process

Question 18

What does the Digital Signature assure?

Answer 18

• Authenticity
• Integrity
• Non-repudiation
• A certificate authority

Question 19

steps to create a digital signature

Answer 19

1. Bob uses the message digest algorithm (e.g., SHA-1) to calculate the message digest (MD1) of the plaintext document (PT)
2. Bob encrypts MD1 using his private key to get the encrypted message digest, which is the digital signature.
3. Bob sends the document and digital signature to the Alice.

Question 20

steps to verify a digital signature

Answer 20

4. Alice uses the same message digest algorithm to calculate the message digest (MD2) of the plaintext document.
5. Alice uses Bob’s public key to decrypt the
   digital signature to get MD1.
6. Alice compares MD1 with MD2:
   • If MD1 = MD2, Alice can trust and accept PT
   • If MD1 != MD2, Alice rejects PT

Question 21

Both physical and digital signatures provide the security services of __________

Answer 21

authentication,
data integrity,
non-repudiation

Question 22

what is the difference between physical and digital signature

Answer 22

–> physical signatures are a physical part of the document whereas digital signature is an algorithm that needs to bind the signature to message.

–> copy of signed paper document can distinguished but copy of the signed message is identical to the original

–> physical signature can be verified by comparing it to other authentic sources whereas digital signatures are verified using publicly known verification algorithms

–> physical signatures have a slow verification process while digital signatures have a fast verification process

–> physical signatures are easy to understand while digital signatures involve complex cryptographic algorithms and mathematical computation.

Question 23

what are the 10 steps to message encryption and signing

Answer 23

1. Bob encrypts the plaintext message using a strong random symmetric key and a symmetric cipher.
2. Bob encrypts the symmetric key from step1 using Alice’s public key.
3. Bob generates the message digest of his plaintext message using a strong message digest algorithm (SHA-1 or SHA-2).
4. Bob encrypts the message digest using his private key. This becomes the digital signature of the message.
5. Bob sends ciphertexts of the message, symmetric encryption key (step 2), and the digital signature (step 4) to Alice.
6. Alice decrypts the ciphertext of the symmetric key using her private
   key.
7. Alice decrypts the message ciphertext using the symmetric key from step 6.
8. Alice regenerates the message digest using the same hash algorithm Bob used.
9. Alice decrypts the digital signature sent by Bob (step 4) using his public key to obtain the message digest.
10. Alice compares digests from steps 8 and 9 to confirm that the message is indeed from Bob, and that message integrity is intact.

Question 24

what does NIST stand for ?

Answer 24

National Institute of Standards and Technology (NIST

Question 25

Digital Signature Standard uses ?

Answer 25

DSS uses SHA-1, and DSA

Question 26

what are the 3 types of Digital Signature Standards

Answer 26

Simple electronic signature (SES)

Advanced electronic signature (AES)

Qualified advanced electronic signature (QES)

Question 27

what is Simple electronic signature (SES)

Answer 27

–> The most basic form of electronic signature.

–> SESs are quick and easy to add to documents, but they lack protection provided by cryptographic encryption methods.

–> In other words, they’re not as secure. One’s email signature is a good example of an SES.

Question 28

what is Advanced electronic signature (AES)

Answer 28

–> AESs track changes to the document made after signing.

–> This increases security but is still not suitable to use on important contracts or documents as it is not legally binding.

Question 29

what is Qualified advanced electronic signature (QES)

Answer 29

–> QES is the safest way to sign
electronically.

–> Qualified electronic signatures, also called digital signatures, use public key
infrastructure, asymmetric cryptography, and two-factor authentication to ensure the highest level of security.

–> They can also validate the signer’s identity, making them as safe and legal as
a physical signature.