Question

implement a Message Authentication Code program in either C/C++ or Python.

See the following steps.

1. Accept a message as keyboard input to your program.

2. Accept a secret key for the sender/recipient as keyboard input to your program.

3. Your hash function H() is simply the checksum. To compute the checksum, you add all the characters of the string in ASCII codes. For example, the checksum of a string "TAMUC" would be 84 + 65 + 77 + 85 + 67 = 378.

Concatenate the secret key of the sender/recipient (from step 2) and the message (from step 1) and compute the checksum of the concatenated string. For ASCII codes, refer to the following website:

http://www.asciitable.com

4. Accept a secret key for the attacker as keyboard input to your program.

5. The attacker modifies the message from step 1. The original message can be modified any way you want.

6. Concatenate the secret key of the attacker (from step 4) and the modified message (from step 5) and compute the checksum of the concatenated string.

7. Concatenate the secret key of the sender/recipient (from step 2) and the modified message (from step 5) and compute the checksum of the concatenated string.

8. Compare the checksum from step 7 and the checksum from step 6. See if they match or not.

9. Compare the checksum from step 3 and the checksum from step 6. See if they match or not.

NOTE: your program should have separate functions for the checksum and the message modification by the attacker.

Answer 1

#include <iostream>

using namespace std;

long checksum(string str)
{

  long val = 0;
  for (char c : str)
    val += (int)c;

  return val;
}

string modify_message(string str)
{

  string modified = "";

  //increment each character by 1 but limited to ascii value of 125 -> }
  for (char c : str)
  {
    modified += min(126, c + 1);
  }

  return modified;
}

int main()
{
  //1. accept message
  string msg;
  cout << "Enter the sender message: ";
  cin >> msg;

  //2. accept secret
  string key;
  cout << "Enter the sender secret key: ";
  cin >> key;

  string final_msg = key + msg;

  //3. computing checksum
  long sender_checksum = checksum(final_msg);

  //4. accept attack secret
  string attack_key;
  cout << "Enter the attacker secret key: ";
  cin >> attack_key;

  //5. modify original message
  string modified_msg = modify_message(msg);

  //6. final attacker msg
  string final_attack_msg = attack_key + modified_msg;

  //6. compute checksum
  long attacker_checksum = checksum(final_attack_msg);

  //7. concatenate secret of sender and modified msg
  string final_sender_modified = key + modified_msg;

  //7. compute checksum
  long sender_modified_checksum = checksum(final_sender_modified);

  cout << "sender original checksum: " << sender_checksum << "\n";
  cout << "attacker checksum: " << attacker_checksum << "\n";
  cout << "sender modified checksum: " << sender_modified_checksum << "\n";

  //8. compare chekcsum from steps 7 and 6
  cout << "attacker checksum and sender modified checksum are ";
  if (attacker_checksum == sender_modified_checksum)
    cout << "equal";
  else
    cout << "not equal";
  cout << "\n\n";
  //9. compare checksums from steps 3 and 6
  cout << "original sender checksum and attacker checksum are ";
  if (sender_checksum == attacker_checksum)
    cout << "equal";
  else
    cout << "not equal";

  return 0;
}

output:

Using checksums can lead to same summation of characters allowing attacker to guess secret keys but they are mostly used to verify the integrity of data received.