Message authentication code (MAC) is an authentication technology that can identify whether the message sent by the communication object has been tampered with, and is used to verify the integrity of the message and authenticate the identity of the message. In the algorithm of message authentication code, HMAC using hash function is the most commonly used. The formation of HMAC does not depend on a specific hash function algorithm. The message authentication code can authenticate the communication object, but not the third party. Besides, it can't stop denial.

major function

Implementation principle of HMAC

HMAC is a method of constructing message authentication code by using hash function (RFC20 14), where h of HMAC represents hash. There is not only one hash function used in HMAC. Any high-strength hash function can be used in HMAC, and it can also be used if a new hash function is designed in the future.

The Message authentication code generated for message can be expressed as: hmac(message, secret, hash), secret is the * * * shared key, and hash is the hash function used.

(1) key padding: if the key is shorter than the packet length of the hash function, it needs to be padded with 0 at the end until its length reaches the packet length of the hash function. If the key is longer than the packet length, the hash value of the key should be obtained through the hash function, and then the hash value should be used as the key of HMAC.

(2) XOR of the pad key and ipad: XOR the pad key with a bit sequence called ipad. Ipad is a bit sequence formed by repeating the bit sequence of 00110 (that is, 36 in hexadecimal 16) to the packet length, in which I of ipad is within. The value obtained by XOR operation is a bit sequence, which is the same as the packet length of hash function and related to the key. Here we call this bit sequence ipadkey.

(3) Combining with the message: combining the ipadkey with the message, that is, adding a bit sequence related to the key (ipadkey) at the beginning of the message.

(4) Calculating hash value: input the result of (3) into hash function to calculate hash value.

(5) XOR of the pad key and opad: XOR the pad key with a bit sequence called opad. Opad is a bit sequence formed by repeating the bit sequence of 010/100 (that is, 5C in 16) until the packet length is reached, where o of opad stands for outside. The result of XOR operation is also a bit sequence, and its grouping length is the same as that of hash function, and it is related to the key. Here we call this bit sequence opadkey.

(6) Combination with hash value: put the hash value of (4) after opadkey.

(7) Input the result of (6) into the hash function and calculate the hash value. This hash value is the final MAC value.

An attack on message authentication code

Methods to prevent replay attacks

The problem that message authentication code can't solve.

Because both the sender and the receiver can generate the MAC value, if the receiver wants to prove to the third-party verifier that the source of the message is the sender, the third-party verifier cannot prove it, because the receiver can also generate the MAC value; The third-party verifier can't judge whether the sender or receiver's claim is correct, that is, the message authentication code can't prevent denial.

Digital signature is an authentication technology, which can authenticate the message of a third party and prevent the communication object from denying it. The algorithms of digital signature include RSA, ELGamal, DSA and elliptic curve DSA. A certificate used in public key infrastructure (PKI) consists of a public key and a digital signature of a certificate authority. To verify the digital signature of the public key, it is necessary to obtain the legal public key of the certification authority itself by some means.

Digital signature method

The method of directly signing messages is easy to understand, but it is not actually used; The method of signing the hash value of the message is a little more complicated, but in practice we usually use this method.

Attacks on digital signatures

Problems that cannot be solved by digital signature

Digital signature can not only identify tampering and camouflage, but also prevent denial. In other words, we have achieved integrity confirmation, authentication and anti-denial.

However, in order to use digital signature correctly, there is a premise that the public key used to verify the signature must belong to the real sender. No matter how powerful the digital signature algorithm is, if the public key you get is forged, then the digital signature will be completely invalid.

In order to be able to confirm whether the public key we get is legal, we need to use a certificate. The so-called certificate is the public key that is signed by a trusted third party after taking the public key as a message.