What are the relations and difference between message authentication code and hash function?
What is authenticated encryption (AE)? what kinds of security service doe AE provide?
What are the common approaches to providing both confidentiality and encryption for a message?
Answer:
1)
A message authentication code (MAC) is similar to a cryptographic hash, except that it is based on a secret key. When secret key information is included with the data that is processed by a cryptographic hash function, the resulting hash is known as an HMAC
A MAC (Message authentication code) is a short tag that can be used to verify the integrity of a message. It involves a shared secret key between the two parties.
It has two basic steps:
Building a tag
From a message “m” and the secret key “k” we can build a short tag that “t”. t = S(k,m).
Verifying a tag
From a message “m” , a tag “t” and a key “k” we can verity that the tag and the message correspond. V(k, t, m) .
For a MAC to be secure the following needs to happen
Without knoledge of the key “k” an attacker can’t create a pair (m,t) that will verify correctly. This implies the attacker can obtain a tag for any chosen plaintext message but with that power can’t create a new pair (m,t) that will be verified.
This can be understood as a chosen-plaintext game:
The attacker can send chosen-plaintext messages m0,m1,…..,mn to Alice who knows the secret key, alice will return the tag of those messages ti = S(k,mi).
The attacker can do this as many times as he wishes but even then he can’t produce a new pair (m’,t) such as V(k,t’,m’) will be verified with m’ different than m0….mn.
This is known as “existential forgery” and it is something that is NOT required from cryptographic hash functions.
So our first answer is that a MAC algorithm has security properties that go beyond cryptographic hash function.
Finally I have to say that a MAC can be built from a cryptographic hash function (HMAC) but can also be built from a private key encryption algorithm (CBC-MAC, etc..). MACs can also be built from non-cryptographic hash functions using Universal hashing.
So to summarize:
tldr; We might use a hash function to build a MAC algorithm but a hash function alone can never be a MAC.
2)
Authenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. These attributes are provided under a single, easy to use programming interface.
The need for AE emerged from the observation that securely combining separate confidentiality and authentication block cipher operation modes could be error prone and difficult.This was confirmed by a number of practical attacks introduced into production protocols and applications by incorrect implementation, or lack of authentication
E mode implementation would provide the following functions:
What are the relations and difference between message authentication code and hash function? What is authenticated...
Chapter 06 Applied Cryptography 1. How is integrity provided? A. Using two-way hash functions and digital signatures B. Using one-way hash functions and digital signatures C. By applying a digital certificate D. By using asymmetric encryption 2. Which term refers to the matching of a user to an account through previously shared credentials? A. Nonrepudiation B. Digital signing C. Authentication D. Obfuscation 3. Which term refers to an arranged group of algorithms? A. Crypto modules B. Cryptographic service providers (CSPs)...
Discuss the difference between advertising and public relations. Do you think that any advertising for medical services is ethical? Why or why not? Why has advertising become necessary in today’s health industry? Give 5 examples each of what you personally would do to market the medical office, both paid advertising and free publicity. Also, who are some of the customers that visit the medical office; specify both internal and external customers? Providing exceptional customer service can actually interfere with job...
Java Netbeans code Option 1: Authentication System For security-minded professionals, it is important that only the appropriate people gain access to data in a computer system. This is called authentication. Once users gain entry, it is also important that they only see data related to their role in a computer system. This is called authorization. For the zoo, you will develop an authentication system that manages both authentication and authorization. You have been given a credentials file that contains credential...
Question: Please Provide Comments on each Line of code explaining what the C Function is doing throughout the code. // Function used for substitution encryption void SubEncrypt(char *message, char *encryptKey) { int iteration = 0; printf("Enter Aphabet Encryption Key: \n"); scanf("%s", encryptKey); for (iteration = 0; iteration < strlen(message); iteration++) { char letter = message[iteration]; if (letter >= 'A' && letter <= 'Z') { letter = encryptKey[letter - 'A']; } message[iteration] = letter; } printf("CipherText message: %s\n", message); } //_________________________________________________________________________________________________________________________________________________...
Option 1: Authentication System For security-minded professionals, it is important that only the appropriate people gain access to data in a computer system. This is called authentication. Once users gain entry, it is also important that they only see data related to their role in a computer system. This is called authorization. For the zoo, you will develop an authentication system that manages both authentication and authorization. You have been given a credentials file that contains credential information for authorized...
10.Explain the difference between governmental in contrast to self-regulation. 11. Explain the underwriting function of an investment banker 13. Expound on three different approaches of distributing shares initially to the public markets. 14. Describe and define the 4 diverse security markets. 15. what has happened to transactions costs of trades inter temporally? Is your money safe in a broker dealer?
1. Define customer service and list its goals and challenges. 2. What is the difference between internal and external customers? What are the benefits of serving both internal and external customers? 3. List the needs of customers. 4. What are the characteristics of a social customer? Why are “listening tools” important for providing excellent customer service? 5. What is a contact point? 6 - 7. Type the 2 customer service tips in chapter 1 word-for word.
microprocessors 1.) What is the main difference between a function and an interrupt service routine (ISR)? 2.) What is the purpose of the interrupt vector table?
in LC3 assembly code, what is difference between TRAPx23 IN and TRAPx20 GETC? I know both are read one character form keyboard but how work differently?
What is the difference between network architecture and application architecture? For a P2P file- sharing application, do you agree with the statement, “There is no notion of client and server sides of a communication session”? Why or why not? Discuss the four broad classes of services that a transport protocol can provide. For each of the service classes, indicate if either UDP or TCP ( or both) pro-vides such a service. What is meant by a handshaking protocol? Consider an...