Message Authentication Requirements
Data is prone to various attacks. One of these attacks includes message authentication. This threat arises when the user does not have any information about the originator of the message. Message authentication can be achieved using cryptographic methods which further make use of keys.
- Revelation: It means releasing the content of the message to someone who does not have an appropriate cryptographic key.
- Analysis of Traffic: Determination of the pattern of traffic through the duration of connection and frequency of connections between different parties.
- Deception: Adding out of context messages from a fraudulent source into a communication network. This will lead to mistrust between the parties communicating and may also cause loss of critical data.
- Modification in the Content: Changing the content of a message. This includes inserting new information or deleting/changing the existing one.
- Modification in the sequence: Changing the order of messages between parties. This includes insertion, deletion, and reordering of messages.
- Modification in the Timings: This includes replay and delay of messages sent between different parties. This way session tracking is also disrupted.
- Source Refusal: When the source denies being the originator of a message.
- Destination refusal: When the receiver of the message denies the reception.
Message Authentication Functions:
All message authentication and digital signature mechanisms are based on two functionality levels:
- Lower level: At this level, there is a need for a function that produces an authenticator, which is the value that will further help in the authentication of a message.
- Higher-level: The lower level function is used here in order to help receivers verify the authenticity of messages.
These message authentication functions are divided into three classes:
- Message encryption: While sending data over the internet, there is always a risk of a Man in the middle(MITM) attack. A possible solution for this is to use message encryption. In message encryption, the data is first converted to a ciphertext and then sent any further. Message encryption can be done in two ways:
- Symmetric Encryption: Say we have to send the message M from a source P to destination Q. This message M can be encrypted using a secret key K that both P and Q share. Without this key K, no other person can get the plain text from the ciphertext. This maintains confidentiality. Further, Q can be sure that P has sent the message. This is because other than Q, P is the only party who possesses the key K and thus the ciphertext can be decrypted only by Q and no one else. This maintains authenticity. At a very basic level, symmetric encryption looks like this:
Read more about symmetric encryption here.
- Public key Encryption: Public key encryption is not as advanced as symmetric encryption as it provides confidentiality but not authentication. To provide both authentication and confidentiality, the private key is used.
- Message authentication code (MAC): A message authentication code is a security code that the user of a computer has to type in order to access any account or portal. These codes are recognized by the system so that it can grant access to the right user. These codes help in maintaining information integrity. It also confirms the authenticity of the message.
- Hash function: A hash function is nothing but a mathematical function that can convert a numeric value into another numeric value that is compressed. The input to this hash function can be of any length but the output is always of fixed length. The values that a hash function returns are called the message digest or hash values.
Measures to deal with these attacks:
Each of the above attacks has to be dealt with differently.
- Message Confidentiality: To prevent the messages from being revealed, care must be taken during the transmission of messages. For this, the message should be encrypted before it is sent over the network.
- Message Authentication: To deal with the analysis of traffic and deception issues, message authentication is helpful. Here, the receiver can be sure of the real sender and his identity. To do this, these methods can be incorporated:
- Parties should share secret codes that can be used at the time of identity authentication.
- Digital signatures are helpful in the authentication.
- A third party can be relied upon for verifying the authenticity of parties.
- Digital Signatures: Digital signatures provide help against a majority of these issues. With the help of digital signatures, content, sequence, and timing of the messages can be easily monitored. Moreover, it also prevents denial of message transmission by the source.
- Combination of protocols with Digital Signatures: This is needed to deal with the denial of messages received. Here, the use of digital signature is not sufficient and it additionally needs protocols to support its monitoring.
Another ultimate solution for all kinds of message authentication is Message Authentication Code (MAC).