HMAC and its Design Objectives Network Security 1

HMAC and its Design Objectives Network Security 1

HMAC and its Design Objectives of the Topic • After completing this topic, a student will be able to – explain design objectives of hashbased message authentication code(HMAC). 2

HMAC and its Design Objectives Figures and material in this topic have been adapted from • “Network Security Essentials : Applications and Standards”, 2014, by William Stallings. 3

HMAC and its Design Objectives • Message authentication is a procedure that allows communicating parties to verify that received messages, file, document, or other collection of data are authentic. 4

HMAC and its Design Objectives Message Authentication Code (MAC) • is a technique that involves the use of a secret key to generate a small block of data, known as a message authentication code , that is appended to the message. 5

HMAC and its Design Objectives 6

HMAC and its Design Objectives • There has been a growing interest in developing a MAC derived from a cryptographic hash code, such as SHA-1. • The motivations are: 7

HMAC and its Design Objectives • 1. Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES. • 2. Library code for cryptographic hash functions is widely available. 8

HMAC and its Design Objectives • A hash function such as SHA was not designed for use as a MAC and cannot be used directly for that purpose, because it does not rely on a secret key. 9

HMAC and its Design Objectives • Among the proposals for the incorporation of a secret key into an existing hash algorithm, HMAC is the approach that has received the most support. 10

HMAC and its Design Objectives • HMAC has been issued as RFC 2104, • as a NIST standard (FIPS 198). • as mandatory-toimplement MAC for IP Security. • Also used in Transport Layer Security (TLS) and Secure Electronic Transaction (SET). 11

HMAC and its Design Objectives • HMAC Design Objectives: • RFC 2104 lists the following design objectives for HMAC. 12

HMAC and its Design Objectives • 1. To use, without modifications, available hash functions. • In particular, hash functions that perform well in software, and for which code is freely and widely available. 13

HMAC and its Design Objectives • 2. To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required. 14

HMAC and its Design Objectives • 3. To preserve the original performance of the hash function without incurring a significant degradation. • 4. To use and handle keys in a simple way. 15

HMAC and its Design Objectives • 5. To have a wellunderstood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions on the embedded hash function. 16

HMAC and its Design Objectives • The first two objectives are important to the acceptability of HMAC. • HMAC treats the hash function as a “black box. ” This has two benefits. 17

HMAC and its Design Objectives • First, an existing implementation of a hash function can be used as a module in implementing HMAC. 18

HMAC and its Design Objectives • Second, if it is ever desired to replace a given hash function in an HMAC implementation, all that is required is to remove the existing hash function module and drop in the new module. 19

HMAC and its Design Objectives End • The last design objective in the preceding list is, in fact, the main advantage of HMAC over other proposed hash-based schemes. 20