MACs Based On Hash Functions: HMAC

In recent years, there has been increased interest in developing a MAC derived from a cryptographic hash function. The motivations for this interest are

1. Cryptographic hash functions such as MD5 and SHA generally execute faster in software than symmetric block ciphers such as DES.

2. Library code for cryptographic hash functions is widely available.With the development of AES and the more widespread availability of code for encryption algorithms, these considerations are less significant, but hash-based MACs continue to be widely used.

A hash function such as SHA was not designed for use as a MAC and cannot be used directly for that purpose, because it does not rely on a secret key.There have been a number of proposals for the incorporation of a secret key into an existing hash algorithm. The approach that has received the most support is HMAC  HMAC has been issued as RFC 2104, has been chosen as the mandatory-to-implement MAC for IP security, and is used in other Internet protocols, such as SSL. HMAC has also been issued as a NIST standard (FIPS 198).

HMAC (Hash-based Message Authentication Code) is a mechanism that combines cryptographic hashing with a secret key to verify both the integrity and authenticity of a message. It is widely used in secure communication protocols such as SSL/TLS and is part of many cryptographic libraries. The core idea behind HMAC is to ensure that a message hasn't been tampered with, while also confirming that it was sent by someone with the secret key.

Key Concepts

  1. Message Integrity: HMAC ensures that the message hasn't been altered during transmission. If even a single bit changes, the resulting HMAC value will be different.

  2. Authentication: Only someone with the correct secret key can generate or verify the HMAC, providing authentication that the message came from a trusted sender.

  3. Cryptographic Hash Functions: HMAC can work with any cryptographic hash function, such as MD5, SHA-1, or SHA-256. The security of the HMAC depends on both the security of the hash function and the length of the secret key.


HMAC Design Objectives

■ To use, without modifications, available hash functions. In particular, to use hash functions that perform well in software and for which code is freely and widely available.
■ To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required.
■ To preserve the original performance of the hash function without incurring a significant degradation.
■ To use and handle keys in a simple way.
■ To have a well understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions about the embedded hash function.

HMAC Algorithm
Figure 12.5 illustrates the overall operation of HMAC. Define the following terms.
H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160)
IV = initial value input to hash function
M = message input to HMAC (including the padding specified in the embedded hash function)
Yi = i th block of M, 0 … i … (L - 1)
L = number of blocks in M
b = number of bits in a block
n = length of hash code produced by embedded hash function
K = secret key; recommended length is >=n; if key length is greater than b, the key is input to the hash function to produce an n-bit key
K+ = K padded with zeros on the left so that the result is b bits in length

ipad = 00110110 (36 in hexadecimal) repeated b/8 times
opad = 01011100 (5C in hexadecimal) repeated b/8 times

Then HMAC can be expressed as
HMAC(K, M) = H[(K+ ⊕opad) || H[(K+ ⊕ipad) || M]]



The HMAC algorithm involves several steps:

  1. Hash Function: HMAC uses a cryptographic hash function (e.g., SHA-256, MD5). For this explanation, let's assume we're using SHA-256, which produces a 256-bit output.

  2. Secret Key: A secret key (denoted as K) is shared between the sender and the receiver. The key is typically the same length as the block size of the hash function (64 bytes for SHA-256). If the key is shorter, it is padded; if it's longer, it is hashed to the appropriate length.

  3. Padding the Key:

    • If the key K is shorter than the block size (e.g., 64 bytes for SHA-256), it is padded with zeros.
    • If the key K is longer than the block size, it is hashed to reduce its length.

  4. Inner and Outer Padding: HMAC uses two padding constants, ipad and opad, which are defined as follows:

    • ipad: The inner padding, a sequence of 64 bytes, each set to the byte 0x36.
    • opad: The outer padding, a sequence of 64 bytes, each set to the byte 0x5C.

  5. Process: HMAC computes the MAC using the following steps:

    1. XOR the key K with ipad (resulting in K ⊕ ipad).
    2. Append the message M to K ⊕ ipad, and hash the result using the chosen hash function.
    3. XOR the key K with opad (resulting in K ⊕ opad).
    4. Append the hash result from step 2 to K ⊕ opad, and hash this result again.

The final output is the HMAC digest of the message, which is a fixed-length value (256 bits if SHA-256 is used).


We can describe the algorithm as follows.
1. Append zeros to the left end of K to create a b-bit string K+ (e.g., if K is of length 160 bits and b = 512, then K will be appended with 44 zeroes).
2. XOR (bitwise exclusive-OR) K+ with ipad to produce the b-bit block Si.
3. Append M to Si.
4. Apply H to the stream generated in step 3.
5. XOR K+ with opad to produce the b-bit block So.
6. Append the hash result from step 4 to So.
7. Apply H to the stream generated in step 6 and output the result.

Note that the XOR with ipad results in flipping one-half of the bits of K.
Similarly, the XOR with opad results in flipping one-half of the bits of K, using a

Security Properties of HMAC

  1. Message Integrity: If the message M is altered in any way, the HMAC will be different, ensuring that the message hasn't been tampered with.

  2. Authentication: Since the secret key K is known only to the sender and receiver, HMAC ensures that only someone with access to the key can generate or verify the message authentication code. This provides authentication that the message came from the trusted source.

  3. Resilience to Cryptographic Attacks: HMAC is resistant to known cryptographic attacks like collision, length extension, and birthday attacks, provided the underlying hash function is secure (e.g., SHA-256). Even if the hash function has some vulnerabilities (like MD5 or SHA-1), HMAC can still provide a certain level of security due to the additional keying material.

Applications of HMAC

  • TLS/SSL: Used to ensure data integrity in secure communications.
  • IPsec: Provides message authentication and integrity.
  • Token-Based Authentication: HMAC is used in generating signed tokens (e.g., JWT – JSON Web Tokens) to authenticate users.
  • API Authentication: Many APIs use HMAC to sign requests, ensuring both the integrity and authentication of the request (e.g., AWS or Google Cloud API).
A more efficient implementation is possible, as shown in Figure 12.6. Two quantities are precomputed:
f(IV, (K+ ⊕ipad))
f(IV, (K+ ⊕opad))

where f(cv, block) is the compression function for the hash function, which takes as arguments a chaining variable of n bits and a block of b bits and produces a chaining variable of n bits. These quantities only need to be computed initially and every time the key changes. In effect, the precomputed quantities substitute for the initial value (IV) in the hash function. With this implementation, only one additional instance of the compression function is added to the processing normally produced by the hash function. This more efficient implementation is especially worthwhile if most of the messages for which a MAC is computed are short.




Comments

Post a Comment

Popular posts from this blog

Cryptographic Algorithms CST 393 KTU CS Honour Notes Semester V -Dr Binu V P

About Me About the Course and Scheme Syllabus Model Question Paper University Question Papers ******************************************************** Module-1 (Introduction to the Concepts of Security) Introduction CIA Triad  OSI Security Architecture Security Attacks Security Services Security Mechanisms Model for Network Security Classical Encryption Techniques     Symmetric Cipher Model     Cryptography -  Crypt Analysis Substitution Ciphers-Caesar Cipher     Mono-alphabetic Ciphers     Playfair Cipher     Hill Cipher Poly Alphabetic Ciphers- Vigenere Cipher     Vernam Cipher- One Time Pad Transposition Ciphers Module-2 (Symmetric Key Crypto Systems) Stream Cipher Vs Block Cipher Traditional Block Cipher Structure- Fiestel Structure Data Encryption Standard - DES Algorithm Differential and Linear Cryptanalysis Double DES and Triple DES International Data Encryption Algorithm ( IDEA) Advanced Encryption Standard ( AES) Block Cipher Modes of Operation Stream Cipher and RC4 Module-3
Read more

Syllabus CST 393 Cryptographic Algorithms

Syllabus Module-1 (Introduction to the Concepts of Security) Need for security, Security approaches, Principles of security, Types of attacks, OSI Security Architecture, Classical encryption techniques - Substitution techniques, Transposition techniques. Stream cipher, Block cipher, Public key cryptosystems vs. Symmetric key cryptosystems, Encrypting communication channels. Module-2 (Symmetric Key Cryptosystems) Overview of symmetric key cryptography, Block cipher principles, Data Encryption Standard (DES), Differential and Linear cryptanalysis, Double DES, Triple DES, International Data Encryption Algorithm (IDEA), Advanced Encryption Algorithm (AES),Block cipher modes of operation, Stream cipher, RC4. Module-3 (Public Key Cryptosystems) Principles of public key cryptosystems, RSA algorithm, RSA illustration, Attacks, ElGamal cryptographic system, Knapsack algorithm, Diffie-Hellman key exchange algorithm, Elliptic curve cryptosystems. Module-4 (Key Management) Symmetric key distributi
Read more

Computer Security Concept- CIA Triad

Image
Definition of Computer Security The NIST Computer Security Handbook [NIST95] defines the term computer security as follows: Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability,and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).   This definition introduces three key objectives that are at the heart of computer  security: Confidentiality: This term covers two related concepts:             Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.      Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.   Integrity: This term covers two related concepts:      Data integrity: Assures that information
Read more