What is message authentication code? What are some approaches to producing message authentication?
Subject Computer and Network Security
NU Year Set: 5.(c) Marks: 1+4 Year: 2015

A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.

A MAC requires two inputs: a message and a secret key known only to the originator of the message and its intended recipient(s). This allows the recipient of the message to verify the integrity of the message and authenticate that the message's sender has the shared secret key. If a sender doesn’t know the secret key, the hash value would then be different, which would tell the recipient that the message was not from the original sender. 

Some approaches to producing message authentication:

  • The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces a MAC value.

  • Similar to hash, MAC function also compresses an arbitrarily long input into a fixed length output. The major difference between hash and MAC is that MAC uses secret key during the compression.

  • The sender forwards the message along with the MAC. Here, we assume that the message is sent in the clear, as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is required then the message needs encryption.

  • On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key K into the MAC algorithm and re-computes the MAC value.

  • The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they match, then the receiver accepts the message and assures himself that the message has been sent by the intended sender.

  • If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether it is the message that has been altered or it is the origin that has been falsified. As a bottom-line, a receiver safely assumes that the message is not genuine.

Login to post your comment.