Message authentication ensures that the message has been sent by a genuine identity and not by an imposter.
• The service used to provide message authentication
is a Message Authentication Code (MAC).
• A MAC uses a keyed hash function that includes the
symmetric key between the sender and receiver when creating the digest.
This system makes use of a symmetric key shared by A
and B.
·
A, using this symmetric key and a keyed
hash function, generates a MAC.
·
A then sends this MAC along with the
original message to B.
·
B receives the message and the MAC and
separates the message from the MAC.
·
B then applies the same keyed hash
function to the message using the same symmetric key to get a fresh MAC.
·
B then compares the MAC sent by A with
the newly generated MAC.
·
If the two MACs are identical, it shows
that the message has not been modified and the sender of the message is
definitely A.
Limitations of MAC
There are two major limitations of MAC, both due to
its symmetric nature of operation −
- Establishment
of Shared Secret.
- It
can provide message authentication among pre-decided legitimate users who
have shared key.
- This
requires establishment of shared secret prior to use of MAC.
- Inability
to Provide Non-Repudiation
- Non-repudiation
is the assurance that a message originator cannot deny any previously
sent messages and commitments or actions.
- MAC
technique does not provide a non-repudiation service. If the sender and
receiver get involved in a dispute over message origination, MACs cannot
provide a proof that a message was indeed sent by the sender.
- Though
no third party can compute the MAC, still sender could deny having sent
the message and claim that the receiver forged it, as it is impossible to
determine which of the two parties computed the MAC.
Both these limitations can be overcome by using the
public key based digital signatures.
No comments:
Post a Comment