Week 5 - Message Authentication & Public-Key Cryptography Flashcards
What is the difference between message confidentiality and message authentication?
They both have different tasks:
- Message confidentiality (via encryption) against passive attacks
- Message authentication against active attacks
What are the two important aspects of message authentication?
- Verify messages are not altered during transmission
- Verify the source is authentic
Does conventional encryption work for message authentication?
Symmetric encryption alone is not suitable for data authentication.
It would seem possible to perform authentication simply by the use of symmetric encryption. If we assume that only the sender and receiver share a key (which is as it should be), then only the genuine sender would be able to encrypt a message successfully for the other participant, provided the receiver can recognize a valid message. Furthermore, if the message includes an error-detection code and a sequence number, the receiver is assured that no alterations have been made and that sequencing is proper. If the message also includes a timestamp, the receiver is assured that the message has not been delayed beyond that normally expected for network transit.
What is an authentication tag?
General Idea:
Message authentication: Attach an authentication tag to each message.
Sender and receiver share the same function to calculate the tag.
Sender’s tag should match receiver’s calculation.
Message confidentiality: Encrypt the message alongside the authentication tag.
