message authentication
{{Short description|System to verify the source and or authenticity of a message}}{{Lead too short|date=June 2024|reason=it misses a summary of the content of each section}}
In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message.{{cite book |author=Mihir Bellare |title=CSE 207: Modern Cryptography |at=Lecture notes for cryptography course |chapter=Chapter 7: Message Authentication |chapter-url=https://cseweb.ucsd.edu/~mihir/cse207/w-mac.pdf |access-date=2015-05-11 |archive-date=2018-10-09 |archive-url=https://web.archive.org/web/20181009122804/http://cseweb.ucsd.edu/~mihir/cse207/w-mac.pdf |url-status=dead }}
Description
Message authentication or data origin authentication is an information security property that indicates that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message. Message authentication does not necessarily include the property of non-repudiation.{{Cite book |title=Handbook of Applied Cryptography |author=Alfred J. Menezes |author2=Paul C. van Oorschot |author3=Scott A. Vanstone |chapter=Chapter 9 - Hash Functions and Data Integrity |page=361 |url=https://cacr.uwaterloo.ca/hac/ |chapter-url=https://cacr.uwaterloo.ca/hac/about/chap9.pdf |access-date=2015-05-11 |archive-date=2021-02-03 |archive-url=https://web.archive.org/web/20210203194011/https://cacr.uwaterloo.ca/hac/ |url-status=live }}{{Cite book |title=Web Service Security |chapter=Data Origin Authentication |date=14 July 2010 |publisher=Microsoft Developer Network |chapter-url=https://msdn.microsoft.com/en-us/library/ff648434.aspx |access-date=11 May 2015 |archive-date=19 May 2017 |archive-url=https://web.archive.org/web/20170519201452/https://msdn.microsoft.com/en-us/library/ff648434.aspx |url-status=live }}
Techniques
Message authentication is typically achieved by using message authentication codes (MACs), authenticated encryption (AE), or digital signatures. The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them.{{Cite book|title=Information Security: Theory and Practice|last=Patel|first=Dhiren|publisher=Prentice Hall India Private Lt.|year=2008|isbn=978-81-203-3351-2|location=New Delhi|page=124}} It is based on using a cryptographic hash or symmetric encryption algorithm.{{Cite book|title=Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance|last=Jacobs|first=Stuart|publisher=John Wiley & sons|year=2011|isbn=978-0-470-56512-4|location=Hoboken, NJ|page=108}} The authentication key is only shared by exactly two parties (e.g. communicating devices), and the authentication will fail in the existence of a third party possessing the key since the algorithm will no longer be able to detect forgeries (i.e. to be able to validate the unique source of the message).{{cite book |chapter=Chapter 13 – Internet Security |first=Jesse |last=Walker |title=Computer and Information Security Handbook |editor-last=Vacca |editor-first=John R. |publisher=Morgan Kaufmann Publishers |edition=3rd |year=2013 |isbn=978-0-12-803843-7 |pages=256–257 |doi=10.1016/B978-0-12-803843-7.00013-2}} In addition, the key must also be randomly generated to avoid its recovery through brute-force searches and related-key attacks designed to identify it from the messages transiting the medium.
Some cryptographers distinguish between "message authentication without secrecy" systems – which allow the intended receiver to verify the source of the message, but they don't bother hiding the plaintext contents of the message – from authenticated encryption systems.{{cite book |first1=G. |last1=Longo |first2=M. |last2=Marchi |first3=A. |last3=Sgarro |url=https://books.google.com/books?id=WvYrBAAAQBAJ |title=Geometries, Codes and Cryptography |date=4 May 2014 |page=188 |publisher=Springer |isbn=978-3-7091-2838-1 |access-date=8 July 2015 |archive-date=9 January 2024 |archive-url=https://web.archive.org/web/20240109202625/https://books.google.com/books?id=WvYrBAAAQBAJ |url-status=live }} Some cryptographers have researched subliminal channel systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message.
Related concepts
Data origin authentication and non-repudiation have been also studied in the framework of quantum cryptography.{{cite journal|last1=Pirandola|first1=S.|last2=Andersen|first2=U. L.|last3=Banchi|first3=L.|last4=Berta|first4=M.|last5=Bunandar|first5=D.|last6=Colbeck|first6=R.|last7=Englund|first7=D.|last8=Gehring|first8=T.|last9=Lupo|first9=C.|last10=Ottaviani|first10=C.|last11=Pereira|first11=J.|title=Advances in Quantum Cryptography|journal=Advances in Optics and Photonics|year=2020|volume=12|issue=4|pages=1012–1236|doi=10.1364/AOP.361502|arxiv=1906.01645|bibcode=2020AdOP...12.1012P|s2cid=174799187}}{{Cite journal|last1=Nikolopoulos|first1=Georgios M.|last2=Fischlin|first2=Marc|date=2020|title=Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources|journal=Cryptography|language=en|volume=4|issue=4|page=31|doi=10.3390/cryptography4040031|arxiv=2011.06849|s2cid=226956062|doi-access=free}}
See also
References
{{Reflist}}
{{Cryptography navbox|hash}}
Category:Error detection and correction
Category:Theory of cryptography
{{crypto-stub}}