Question

13. Consider Message Authentication Codes:

a) Identify whether an symmetric/asymmetric cryptosystem is used and explain how it is applied to generate and validate the MAC.

b) Describe any additional information is needed by the receiver to validate the MAC.

c) Explain whether the receiver can trust a successfully validated MAC and any assumptions about the additional information you identified in (b) for a validated MAC to be trusted.

Answer 1

This is MAC algorithm

a)

Symmetric key crypotsystem is used since we need to generate same MAC at reciever end to verify it.

The message and key combined are processed by a MAC algorithm which produces a MAC which is sent along with the message. At reciever end, with the same key and message, reciever generate MAC and compare it with the one receved. This ensure if the message isn't modified in between.

b)

Reciever needs to have the message (sent by sender) same algorithm(which is available) and the same symmetric key to generate MAC.

c) If the key is shared among any third person, we cannot verify its credibility. Also it does not prevent non repudiation. If key allow exhaustive search, message can be modified with MAC. It's security depend on underlying hash algorithm.If we use long key which can't be attacked by exhaustive search and preimage attacks with SHA512 like hash, we can successfully  trust a validated MAC and the message used