MAC, HMAC & DigitalSignature (week 5) Flashcards
what does mac stand for ?
Message Authentication Code
what is mac used for ?
MAC is used to ensure the integrity and authenticity of the message
what are 3 mac algorithms
Key generation Algorithm
–> Select a random cryptographic key
Signing Algorithm
–> Returns a MAC from the message and the key
Verifying Algorithm
–> Verify the message’s authenticity and integrity
sender and receiver must _____ in mac
share a secret cryptographic key (a shared secret)
why is mac weak on non repudiation
MAC is weak on non-repudiation as multiple parties may possess the same key.
what is authenticity
Authenticity verifies the sender’s identity and the source of the message.
what is non repudiation
Non-repudiation is a procedural, legal concept that proves the legitimacy of a message or data transfer by providing undeniable evidence of both authenticity and integrity
what are the steps for MAC creation and verification steps
- Bob calculates MAC 1 using a cryptographic key and plaintext message.
- Bob sends the message and MAC 1 to Alice.
- Alice calculates MAC 2 using the same key and message and compares MAC 1 with MAC 2:
- If they are equal, the message is good.
- Else, the message is rejected.
who should know the mac key and why
The key must be known only to the sender and receiver to support authenticity.
give a scenario where the mac has been compromised by the attacker
If the attacker (Eve) changes the message but not the MAC, the receiver will calculate a different MAC from the message and conclude that message integrity has been violated.
* The attacker does not have the
cryptographic key to re-compute
and replace the MAC
what is siphashs
add–rotate–xor (ARX) based pseudo-random
MAC function optimized for short inputs
what does siphash compute
computes a 64-bit MAC from a message
128-bit secret key
MAC algorithms can also be constructed from ?
hash functions (HMAC)
block cipher algorithms
what is HMAC
HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
what are some challenges with HMAC
- Multiple recipients using multiple keys need a key management process/system
- Multiple recipients using a single shared key has an authentication problem
what are 2 common things among Hash, MAC, and HMAC
–> there is message integrity verification
–> Not designed to support confidentiality
what is a digital signature
Digital signatures are a mathematical way of verifying the authenticity of digital messages to prevent forgery and tampering in the sending and receiving process
What does the Digital Signature assure?
- Authenticity
- Integrity
- Non-repudiation
- A certificate authority
steps to create a digital signature
- Bob uses the message digest algorithm (e.g., SHA-1) to calculate the message digest (MD1) of the plaintext document (PT)
- Bob encrypts MD1 using his private key to get the encrypted message digest, which is the digital signature.
- Bob sends the document and digital signature to the Alice.
steps to verify a digital signature
- Alice uses the same message digest algorithm to calculate the message digest (MD2) of the plaintext document.
- Alice uses Bob’s public key to decrypt the
digital signature to get MD1. - Alice compares MD1 with MD2:
- If MD1 = MD2, Alice can trust and accept PT
- If MD1 != MD2, Alice rejects PT
Both physical and digital signatures provide the security services of __________
authentication,
data integrity,
non-repudiation
what is the difference between physical and digital signature
–> physical signatures are a physical part of the document whereas digital signature is an algorithm that needs to bind the signature to message.
–> copy of signed paper document can distinguished but copy of the signed message is identical to the original
–> physical signature can be verified by comparing it to other authentic sources whereas digital signatures are verified using publicly known verification algorithms
–> physical signatures have a slow verification process while digital signatures have a fast verification process
–> physical signatures are easy to understand while digital signatures involve complex cryptographic algorithms and mathematical computation.
what are the 10 steps to message encryption and signing
- Bob encrypts the plaintext message using a strong random symmetric key and a symmetric cipher.
- Bob encrypts the symmetric key from step1 using Alice’s public key.
- Bob generates the message digest of his plaintext message using a strong message digest algorithm (SHA-1 or SHA-2).
- Bob encrypts the message digest using his private key. This becomes the digital signature of the message.
- Bob sends ciphertexts of the message, symmetric encryption key (step 2), and the digital signature (step 4) to Alice.
- Alice decrypts the ciphertext of the symmetric key using her private
key. - Alice decrypts the message ciphertext using the symmetric key from step 6.
- Alice regenerates the message digest using the same hash algorithm Bob used.
- Alice decrypts the digital signature sent by Bob (step 4) using his public key to obtain the message digest.
- Alice compares digests from steps 8 and 9 to confirm that the message is indeed from Bob, and that message integrity is intact.
what does NIST stand for ?
National Institute of Standards and Technology (NIST
Digital Signature Standard uses ?
DSS uses SHA-1, and DSA
what are the 3 types of Digital Signature Standards
Simple electronic signature (SES)
Advanced electronic signature (AES)
Qualified advanced electronic signature (QES)
what is Simple electronic signature (SES)
–> The most basic form of electronic signature.
–> SESs are quick and easy to add to documents, but they lack protection provided by cryptographic encryption methods.
–> In other words, they’re not as secure. One’s email signature is a good example of an SES.
what is Advanced electronic signature (AES)
–> AESs track changes to the document made after signing.
–> This increases security but is still not suitable to use on important contracts or documents as it is not legally binding.
what is Qualified advanced electronic signature (QES)
–> QES is the safest way to sign
electronically.
–> Qualified electronic signatures, also called digital signatures, use public key
infrastructure, asymmetric cryptography, and two-factor authentication to ensure the highest level of security.
–> They can also validate the signer’s identity, making them as safe and legal as
a physical signature.