Data integrity using a MAC alone

Message Authentication Codes (MACs) as discussed earlier are designed specifically for applications where data integrity (but not necessarily privacy) is required. The originator of a message x computes a MAC hi;{x) over the message using a secret MAC key к shared with the intended recipient, and sends both (effectively x || /ц. (.?;)). The recipient determines by some means (e.g., a plaintext identifier field) the claimed source identity, separates the received MAC from the received data, independently computes a MAC over this data using the shared MAC key, and compares the computed MAC to the received MAC. The recipient interprets the agreement of these values to mean the data is authentic and has integrity - that is, it originated from the other party which knows the shared key, and has not been altered in transit. This corresponds to Figure 9.8(a).

Data integrity using an MDC and an authentic channel

The use of a secret key is not essential in order to provide data integrity. It may be eliminated by hashing a message and protecting the authenticity of the hash via an authentic (but not necessarily private) channel. The originator computes a hash-code using an MDC over the message data, transmits the data to a recipient over an unsecured channel, and transmits the hash-code over an independent channel known to provide data origin authentication. Such authentic channels may include telephone (authenticity through voice recognition), any data medium (e.g., floppy disk, piece of paper) stored in a trusted place (e.g., locked safe), or publication over any difficult-to-forge public medium (e.g., daily newspaper). The recipient independently hashes the received data, and compares the hash-code to that received. If these values agree, the recipient accepts the data as having integrity. This corresponds to Figure 9.8(c).

Example applications include virus protection of software, and distribution of software or public keys via untrusted networks. For virus checking of computer source or object code, this technique is preferable to one resulting in encrypted text. A common example of combining an MDC with an authentic channel to provide data integrity is digital signature schemes such as RSA, which typically involve the use of MDCs, with the asymmetric signature providing the authentic channel.

< Prev   CONTENTS   Source   Next >