Message Authentication Code

LaRon Walker

Master of Information Technology and Internet Security

May, 2010

The amount of information being passed over public and private networks has caused

major concerns when it comes to privacy and information security. There are many components

that should be considered when developing a strategy to address these concerns. Message

authentication is one of these components.

Message authentication is a method used to verify messages are securely passed between

sender and recipient without being altered by external sources. When using the message

authentication technique, there are two levels of authentication. These levels are the lower level

authentication, which verifies the integrity of the sender of the message, and the higher level

authentication, which verifies the integrity of the message itself (Stallings, 2006). Despite

message authentication as being a commonly used practice, it still is vulnerable to attacks.

Due to the way information is transferred over public and private networks, this data is

susceptible to being intercepted or altered by an outside source. Attacks that are commonly

performed on networks to gain unauthorized access to this information are as follows:

1. Disclosure

2. Traffic analysis

3. Masquerading

4. Content modification
 5. Sequence modification

6. Timing modification

7. Source repudiation

8. Destination repudiation (Stallings, 2006).

The above attacks are all requirements that must addressed to have an affective message

authentication strategy. Also, to address these issues, you must consider both lower and high

level authentication tactics.

There are three main classes of techniques that can be used to encrypt messages on this

lower level. These methods are by using hash functions, message encryption, and message

authentication codes (Stallings, 2006). Using any of these techniques cover most of the above

attack concerns. Using digital signature in conjunction with any of these lower level

authentication techniques can help address the higher level authentication security concerns.

Along with this, newer, more secure lower level practices are being developed to help address

the exploits being discovered daily. One of these new cryptology practices is called abstract

cryptology. Using this strategy, an outsider is able to obtain cryptology information and creates

attacks using cryptology primitives, the attacks would not work as they would when not using

this method (Mashatan, 2009).

References

Mashatan, A., & Stinson, D.. (2009). Interactive two-channel message authentication based on

Interactive-Collision Resistant hash functions. International Journal of Information

Security, 8(1), 49-60. Retrieved May 23, 2010, from ABI/INFORM Global. (Document

ID: 1631537931).
Stallings, W. (2006). Cryptography and Network Security Principles and Practice (5th ed.).

Upper Saddle River, NY: Prentice Hall.