Introduction: -Any message authentication or digital signature
mechanism has two levels of functionality. At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
Following functions can be used to produce an authenticator:-
Message encryption: The cipher text of the entire message serves as
its authenticator.
Message authentication code (MAC): A function of the message
and a secret key that produces a fixed-length value that serves as the authenticator. C(M,K)
C = Authentication function
M= Message
K= Key
Hash function: A function that maps a message of any length into a
fixed-length hash value, which serves as the authenticator.
H(M)
Message Encryption:-Message encryption by itself can provide a
measure of authentication. The analysis differs for symmetric and public-key encryption schemes. Symmetric Encryption: A message M transmitted from source A to destination B is encrypted using a secret key K shared by A and B. If no other party knows the key, then confidentiality is provided: No other party can recover the plaintext of the message.
B is assured that the message was generated by A. Why? The message
must have come from A because A is the only other party that possesses K and therefore the only other party with the information necessary to construct ciphertext that can be decrypted with K. Furthermore, if M is recovered, B knows that none of the bits of M have been altered, because an opponent that does not know K would not know how to alter bits in the ciphertext to produce desired changes in the plaintext.
So we may say that symmetric encryption provides authentication as
well as confidentiality. However, this flat statement needs to be qualified. Consider exactly what is happening at B. Given a decryption function D and a secret key K, the destination will accept any input X and produce output Y = D(K, X). If X is the ciphertext of a legitimate message M produced by the corresponding encryption function, then Y is some plaintext message M. Otherwise, Y will likely be a meaningless sequence of bits. There may need to be some automated means of determining at B whether Y is legitimate plaintext and therefore must have come from A.
Public-Key Encryption:The straightforward use of public-key
encryption provides confidentiality but not authentication. The source (A) uses the public key PUb of the destination (B) to encrypt M. Because only B has the corresponding private key PR b, only B can decrypt the message. This scheme provides no authentication because any opponent could also use B's public key to encrypt a message, claiming to be A.
o provide authentication, A uses its private key to encrypt the
message, and B uses A's public key to decrypt. This provides authentication using the same type of reasoning as in the symmetric encryption case: The message must have come from A because A is the only party that possesses PRa and therefore the only party with the information necessary to construct ciphertext that can be decrypted with PUa. Again, the same reasoning as before applies: There must be some internal structure to the plaintext so that the receiver can distinguish between well-formed plaintext and random bits.