MAC Based on Block Ciphers: DAA and ÇMAC

In this section, we look at two MACs that are based on the use of a block cipher mode of operation. We begin with an older algorithm, the Data Authentication Algorithm (DAA), which is now obsolete. Then we examine Cipher-Based Message Authentication Code(CMAC), which is designed to overcome the deficiencies of DAA.

Data Authentication Algorithm
The Data Authentication Algorithm (DAA), based on DES, has been one of the most widely used MACs for a number of years.However, as we discuss subsequently, security weaknesses in this algorithm have been discovered, and it is being replaced by newer and stronger algorithms.

The algorithm can be defined as using the cipher block chaining (CBC) mode of operation of DES with an initialization vector of zero. The data (e.g.,message, record, file, or program) to be authenticated are grouped into contiguous 64-bit blocks: $D_1, D_2,\ldots, D_N$. If necessary, the final block is padded on the right with zeroes to form a full 64-bit block. Using the DES encryption algorithm $E$ and a secret key $K$, a data authentication code (DAC) is calculated as follows (Figure 12.7).

The DAC consists of either the entire block $O_N$ or the leftmost $M$ bits of the block, with $16 \le M \le 64.$

Cipher-Based Message Authentication Code (CMAC)
As was mentioned, DAA has been widely adopted in government and industry. This MAC is secure under a reasonable set of security criteria, with the following restriction. Only messages of one fixed length of $mn$ bits are processed, where $n$ is the cipher block size and $m$ is a fixed positive integer. As a simple example, notice that given the CBC MAC of a one-block message $X$, say $T = MAC(K, X)$, the adversary immediately knows the CBC MAC for the twoblock message $X|| (X ⊕T)$ since this is once again $T.$

Black and Rogaway  demonstrated that this limitation could be overcome using three keys: one key $K$ of length $k$ to be used at each step of the cipher block chaining and two keys of length $b$, where $b$ is the cipher block length.
This proposed construction was refined by Iwata and Kurosawa so that the two $n$-bit keys could be derived from the encryption key, rather than being provided separately. This refinement, adopted by NIST, is the Cipher-based Message Authentication Code (CMAC) mode of operation for use with AES and triple DES. It is specified in NIST Special Publication 800-38B.

First, let us define the operation of CMAC when the message is an integer multiple $n$ of the cipher block length $b$. For AES, $b = 128$, and for triple DES, $b = 64$. The message is divided into $n$ blocks $(M_1, M_2,\ldots, M_n)$. The algorithm makes use of a $k$-bit encryption key $K$ and a $b$-bit constant, $K_1$. For AES, the key size $k$ is 128, 192, or 256 bits; for triple DES, the key size is 112 or 168 bits. CMAC is calculated as follows (Figure 12.8).



If the message is not an integer multiple of the cipher block length, then the final block is padded to the right (least significant bits) with a 1 and as many 0s as necessary so that the final block is also of length $b$. The CMAC operation then proceeds as before, except that a different $b$-bit key $K_2$ is used instead of $K_1.$


How CMAC Works

CMAC operates on messages of arbitrary length, splitting them into fixed-size blocks and processing them with the block cipher. The last block is handled specially depending on the message length.

Step-by-Step Process:

  1. Message Splitting and Padding:

    • The input message M is split into n blocks of fixed size (e.g., 128-bit blocks for AES). If the message length is not a multiple of the block size, the last block is padded using a special padding rule.
    • Padding typically appends a "1" bit followed by enough "0" bits to make the block the required size.

  2. Subkey Generation: Two subkeys (K1 and K2) are generated from the original key K using the block cipher. These subkeys will be used to handle the last block of the message:

    • Subkey K1 is derived by encrypting a block of zeros with the block cipher and performing some bitwise operations.
    • Subkey K2 is derived by shifting K1 and applying modular arithmetic, which depends on the size of the block cipher (like AES).

  3. Processing the Blocks: The message blocks are processed one at a time with the block cipher:

    • For each block except the last, the block is XORed with the result of the previous block's encryption and then encrypted with the block cipher.
    • The last block is handled differently based on whether the message length is a multiple of the block size:
      • If the last block is complete (i.e., no padding is needed), it is XORed with subkey K1 before encryption.
      • If the last block is incomplete (i.e., padding is required), it is padded, XORed with subkey K2, and then encrypted.

  4. Final Output: The result of the last encryption step is the CMAC value, which is a fixed-length output (equal to the block size of the cipher, such as 128 bits for AES). This MAC is used to verify the integrity and authenticity of the message.

Security Properties of CMAC
  1. Strong Message Integrity: CMAC ensures that even a small modification in the message results in a completely different MAC, making it easy to detect tampering.
  2. Message Authentication: Only someone with the correct secret key can generate or verify the CMAC, ensuring the authenticity of the message.
  3. Collision Resistance: Since it is based on secure block ciphers like AES, CMAC is resistant to collision attacks (where two different messages produce the same MAC).
  4. Key Strength: The strength of CMAC depends on the strength of the block cipher and the size of the key (e.g., AES-128, AES-192, AES-256).

Applications of CMAC

  • Secure Communication Protocols: CMAC is used in protocols such as IEEE 802.11 (Wi-Fi), IPsec, and others for message authentication.
  • Authentication Codes in Cryptographic Systems: CMAC is used to verify the integrity and authenticity of messages in various cryptographic systems.
  • Data Integrity Checks: It can be used in systems that require strong data integrity checks, especially where performance is important.

Conclusion

CMAC is a highly secure and efficient method for message authentication, based on the use of block ciphers like AES. Its strength comes from the security of the underlying block cipher, making it a robust choice for applications that need both data integrity and authenticity. Since it is standardized and well-supported, CMAC is widely used in secure communication protocols and cryptographic systems.





Comments

Post a Comment

Popular posts from this blog

Cryptographic Algorithms CST 393 KTU CS Honour Notes Semester V -Dr Binu V P

About Me About the Course and Scheme Syllabus Model Question Paper University Question Papers ******************************************************** Module-1 (Introduction to the Concepts of Security) Introduction CIA Triad  OSI Security Architecture Security Attacks Security Services Security Mechanisms Model for Network Security Classical Encryption Techniques     Symmetric Cipher Model     Cryptography -  Crypt Analysis Substitution Ciphers-Caesar Cipher     Mono-alphabetic Ciphers     Playfair Cipher     Hill Cipher Poly Alphabetic Ciphers- Vigenere Cipher     Vernam Cipher- One Time Pad Transposition Ciphers Module-2 (Symmetric Key Crypto Systems) Stream Cipher Vs Block Cipher Traditional Block Cipher Structure- Fiestel Structure Data Encryption Standard - DES Algorithm Differential and Linear Cryptanalysis Double DES and Triple DES International Data Encryption Algorithm ( IDEA) Advanced Encryption Standard ( AES) Block Cipher Modes of Operation Stream Cipher and RC4 Module-3
Read more

Syllabus CST 393 Cryptographic Algorithms

Syllabus Module-1 (Introduction to the Concepts of Security) Need for security, Security approaches, Principles of security, Types of attacks, OSI Security Architecture, Classical encryption techniques - Substitution techniques, Transposition techniques. Stream cipher, Block cipher, Public key cryptosystems vs. Symmetric key cryptosystems, Encrypting communication channels. Module-2 (Symmetric Key Cryptosystems) Overview of symmetric key cryptography, Block cipher principles, Data Encryption Standard (DES), Differential and Linear cryptanalysis, Double DES, Triple DES, International Data Encryption Algorithm (IDEA), Advanced Encryption Algorithm (AES),Block cipher modes of operation, Stream cipher, RC4. Module-3 (Public Key Cryptosystems) Principles of public key cryptosystems, RSA algorithm, RSA illustration, Attacks, ElGamal cryptographic system, Knapsack algorithm, Diffie-Hellman key exchange algorithm, Elliptic curve cryptosystems. Module-4 (Key Management) Symmetric key distributi
Read more

Computer Security Concept- CIA Triad

Image
Definition of Computer Security The NIST Computer Security Handbook [NIST95] defines the term computer security as follows: Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability,and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).   This definition introduces three key objectives that are at the heart of computer  security: Confidentiality: This term covers two related concepts:             Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.      Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.   Integrity: This term covers two related concepts:      Data integrity: Assures that information
Read more