密码学中的MAC(message authentication code)

1. MAC

在密码学中,MAC(message authentication code)为消息认证码,主要作用有:

  • 1) 进行消息认证,证明消息的真实性,如消息确实来源于所声称的sender;
  • 2)保护消息数据的完整性,拥有密钥的receiver(或verifier)可发现对消息内容的任何篡改。

对于第2点“保护消息数据的完整性”,可通过hash技术来实现。

MAC与Hash/数字签名技术的对比为:
密码学中的MAC(message authentication code)_第1张图片

对于第1点“进行消息认证,证明消息的来源”,可通过对加密后的数据使用对称密码学技术来实现。

通常MAC为附加在要传送消息后面的一个加密过的checksum校验码(加密使用对称密钥K)。详细的流程为:
密码学中的MAC(message authentication code)_第2张图片
密码学中的MAC(message authentication code)_第3张图片
上图整个详细流程为:

  1. The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces a MAC value.

  2. Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The major difference between hash and MAC is that MAC uses secret key during the compression.

  3. The sender forwards the message along with the MAC. Here, we assume that the message is sent in the clear, as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is required then the message needs encryption.

  4. On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key K into the MAC algorithm and re-computes the MAC value.

  5. The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they match, then the receiver accepts the message and assures himself that the message has been sent by the intended sender.

  6. If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether it is the message that has been altered or it is the origin that has been falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.

由上图可知,在MAC中需要有2个input:

  • a message,待传输的消息。
  • a secret key known only to the sender and its intended recipient(s)。只有消息发送者和指定的消息接收者知道的密钥。

MAC通常分为四大类:

  • unconditionally secure
  • hash function-based
  • stream cipher-based
  • block cipher-based

过去用的比较多的是block cipher-based MAC(如DES), 但是现在hash function-based MAC(HMACs)与一个密钥K结合使用来生成hash的情况应用越来越多。

MAC的缺陷:

  1. 由于使用的是对称加密技术,在使用MAC之前,需要在sender和特定接收者之间进行密钥K共享;
  2. 无法提供不可抵赖性(Non-Repudiation),因无法区分一条MAC消息是sender生成的还是receiver生成的,因为二者拥有的是相同的密钥。而公钥数字签名技术可提供不可抵赖性。

2. HMAC

Hash-based message authentication code在MAC的基础上,增加了一个密码学hash函数,该hash函数可为SHA-2或SHA-3。
具体数学定义为:【其中blocksize取决于所选择的hash函数,若SHA256对应的block size为256 bit,对应的HMAC算法称为HMAC-SHA256;若SHA512对应的block size为512 bit,对应的HMAC算法称为HMAC-SHA512。有 HMAC在线生成工具。有 HMAC测试用例-RFC4231。】
密码学中的MAC(message authentication code)_第4张图片
相应的伪代码实现为:
密码学中的MAC(message authentication code)_第5张图片

参考资料:
[1] https://searchsecurity.techtarget.com/definition/message-authentication-code-MAC
[2] https://en.wikipedia.org/wiki/Message_authentication_code
[3] https://medium.com/@mohammad2603/message-authentication-code-mac-algorithm-ea9edaf66b3c
[4] https://www.tutorialspoint.com/cryptography/message_authentication.htm
[5] https://en.wikipedia.org/wiki/HMAC

你可能感兴趣的:(基础理论,基础理论)