Message authentication

From HandWiki
Short description: System to verify the source and or authenticity of a message

In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message.[1]

Description

Message authentication or data origin authentication is an information security property that indicates that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message.[1] Message authentication does not necessarily include the property of non-repudiation.[2][3]

Techniques

Message authentication is typically achieved by using message authentication codes (MACs), authenticated encryption (AE), or digital signatures.[2] The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them.[4] It is based on using a cryptographic hash or symmetric encryption algorithm.[5] The authentication key is only shared by exactly two parties (e.g. communicating devices), and the authentication will fail in the existence of a third party possessing the key since the algorithm will no longer be able to detect forgeries (i.e. to be able to validate the unique source of the message).[6] In addition, the key must also be randomly generated to avoid its recovery through brute-force searches and related-key attacks designed to identify it from the messages transiting the medium.[6]

Some cryptographers distinguish between "message authentication without secrecy" systems – which allow the intended receiver to verify the source of the message, but they don't bother hiding the plaintext contents of the message – from authenticated encryption systems.[7] Some cryptographers have researched subliminal channel systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message.

Related concepts

Data origin authentication and non-repudiation have been also studied in the framework of quantum cryptography.[8][9]

See also

References

  1. 1.0 1.1 Mihir Bellare. "Chapter 7: Message Authentication". CSE 207: Modern Cryptography. Lecture notes for cryptography course. https://cseweb.ucsd.edu/~mihir/cse207/w-mac.pdf. Retrieved 2015-05-11. 
  2. 2.0 2.1 Alfred J. Menezes; Paul C. van Oorschot; Scott A. Vanstone. "Chapter 9 - Hash Functions and Data Integrity". Handbook of Applied Cryptography. p. 361. http://cacr.uwaterloo.ca/hac/about/chap9.pdf. Retrieved 2015-05-11. 
  3. "Data Origin Authentication". Web Service Security. Microsoft Developer Network. 14 July 2010. https://msdn.microsoft.com/en-us/library/ff648434.aspx. Retrieved 11 May 2015. 
  4. Patel, Dhiren (2008). Information Security: Theory and Practice. New Delhi: Prentice Hall India Private Lt.. p. 124. ISBN 978-81-203-3351-2. 
  5. Jacobs, Stuart (2011). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. Hoboken, NJ: John Wiley & sons. p. 108. ISBN 978-0-470-56512-4. 
  6. 6.0 6.1 Walker, Jesse (2013). "Chapter 13 – Internet Security". in Vacca, John R.. Computer and Information Security Handbook (3rd ed.). Morgan Kaufmann Publishers. pp. 256–257. doi:10.1016/B978-0-12-803843-7.00013-2. ISBN 978-0-12-803843-7. 
  7. Longo, G.; Marchi, M.; Sgarro, A. (4 May 2014). Geometries, Codes and Cryptography. Springer. p. 188. ISBN 978-3-7091-2838-1. https://books.google.com/books?id=WvYrBAAAQBAJ. Retrieved 8 July 2015. 
  8. Pirandola, S.; Andersen, U. L.; Banchi, L.; Berta, M.; Bunandar, D.; Colbeck, R.; Englund, D.; Gehring, T. et al. (2020). "Advances in Quantum Cryptography". Advances in Optics and Photonics 12 (4): 1012–1236. doi:10.1364/AOP.361502. Bibcode2020AdOP...12.1012P. 
  9. Nikolopoulos, Georgios M.; Fischlin, Marc (2020). "Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources" (in en). Cryptography 4 (4): 31. doi:10.3390/cryptography4040031.