When our machine reads the file, it could check that the MAC is valid before using the file contents. To protect against tampering with the files on our flash drive, our machine could generate a secret key and store a MAC of each file somewhere on the flash drive. For instance, suppose we want to store files on a removable USB flash drive, which we occasionally share with our friends.
MACs can be used for more than just communication security. Note that MACs must be deterministic for correctness–when Alice calculates \(T=F(K,M)\) and sends \(\langle M,T \rangle\) to Alice, Bob should get the same result when he calculates \(F(K,M)\) with the same \(K\) and \(M\). If it matches, Bob will accept the message \(M\) as valid, authentic, and untampered if \(F(K,M)\ne T\), Bob will ignore the message \(M\) and presume that some tampering or message corruption has occurred. When Bob receives \(\langle M,T \rangle\), Bob will recompute \(F(K,M)\) using the \(M\) he received and check that it matches the MAC \(T\) he received. She sends the message and the MAC \(\langle M,T \rangle\) to Bob. When Alice wants to send a message with integrity and authentication, she first computes a MAC on the message \(T=F(K,M)\). Typically, we might use a 128-bit key \(K\) and 128-bit tags. A secure MAC has the property that any change to the message will render the checksum invalid.įormally, the MAC on a message \(M\) is a value \(F(K,M)\) computed from \(K\) and \(M\) the value \(F(K,M)\) is called the tag for \(M\) or the MAC of \(M\). It takes in a fixed-length secret key and an arbitrary-length message, and outputs a fixed-length checksum. MAC: DefinitionĪ MAC is a keyed checksum of the message that is sent along with the message. Later we will see how Alice and Bob might securely exchange a shared secret key over an insecure communication channel, but for now you can assume that only Alice and Bob know the value of the secret key. Because MACs are a symmetric-key cryptographic primitive, in this section we can assume that Alice and Bob share a secret key that is not known to anyone else.
In this section, we will define message authentication codes (MACs) and show how they guarantee integrity and authenticity. To address these threats, we will introduce cryptographic schemes that enable the recipient to detect spoofing and tampering. When building cryptographic schemes that guarantee integrity and authentication, the threat we’re concerned about is adversaries who send messages pretending to be from a legitimate participant ( spoofing) or who modify the contents of a message sent by a legitimate participant ( tampering). This site uses Just the Docs, a documentation theme for Jekyll.Ĩ.
0 kommentar(er)
