Table of Contents
1. Background
-- what is a MAC?
2. HMAC -- what is it?
3. Internals -- how does it work?
4. Advantages -- why use HMAC?
5. References -- where can I learn
more?
Section 1 -- Background
What is a MAC?
MAC stands for Message Authentication Code. In general, a MAC can
be thought of as a checksum for data passed through an unreliable
(or more importantly, unsecure) pipeline. A sender will typically
generate a MAC code by first passing their message into some MAC algorithm.
The sender will then send their message M with the MAC(M). The receiver
can then generate their own MAC(M) and verify that MAC(M) sent by
the receiver matches the MAC(M) they themselves generated.
A MAC algorithm can be generated using multiple different techniques;
howerver, sender and receiver generally need to have a shared secret
key, K. A MAC algorithm could be made out of a common symmetric cipher
such as DES2 or AES3.
A sender wanting to send a secure message can send M encrypted, e(M),
with a symmetric cipher and then resend M||K (M concatenated with
K) encrypted, e(M||K). The receiver first decrypts M, d(e(M)), to
generate M'. He then encrypts M'||K, e(M'||K) and compares with the
e(M||K) originally sent. If the two match, the data has not been manipulated.
A general step-by-step process of how a generic MAC functions works
can be described in the following steps:
1.Sender sends
Message & MAC(Message), M1
2.Receiver receives both parts
3.Receiver makes his own MAC(Message),M2
4.If M2 != M1, data has been corrupted
5.If M2 == M1, data is valid
Note that a hash function alone cannot act as a MAC function. Why?
Well, an attacker could intercept M and Hash(M). He could then resend
as M' and Hash(M'). The receiver could then not tell that the message
had been altered. In other words, Hash functions can help prevent
error in an unreliable channel, but not in an unsecure channel.
Section 2 -- HMAC
-- what is it?
What is HMAC?
HMAC is merely a specific type of MAC function. It works by using
an underlying hash function over a message and a key. It is currently
one of the predominant means to ensure that secure data is not corrupted
in transit over unsecure channels (like the internet).
Any hashing fuction
could be used with HMAC, although more secure hashing functions are
preferable. An example of a secure hash function (which is commonly
used in HMAC implementations) is SHA-14.
(Other common hashing functions include MD5 and RIPEND-160). As computers
become more and more powerful, increasingly complex hash functions
will probably be used. Furthermore, there are several generations
of SHA hashing functions (SHA-256, SHA-384, and SHA-512) which are
currently available but not very widely used as their added security
is not yet believed to be needed in everyday transactions.
Section 3 -- Internals
-- how does it work?
How does it work?
HMAC generates a Message Authentication Code by the following formula:
HMAC(M) = H[(K+opad)||H[(k+ipad)||M]]
M = Message
H[] = Underlying Hash function
K = Shared Secret Key
opad = 36hex, repeated as needed
ipad = 5Chex, repeated as needed
|| = concatenation operation
+ = XOR operation
The
HMAC(M) is then sent as any typical MAC(M) in a message transaction
over insecure channels (See section 1).
For a graphical illustration, click the link below for diagram of
the HMAC algorithm. Diagram was pulled from the NIST5
website.
See
diagram here
Again, any hash function can be used, but SHA-1 seems to be most
popular implementation.
Section 4 -- Advantages
-- why use HMAC?
Why use HMAC?
HMAC has all of the general properties of a MAC function; this means
that HMAC is suitable anytime senders and receivers wish to guarantee
integrity between sender and receiver.
Moreover, HMAC
is computationally very fast and very compact. HMAC accomplishes both
of these properties with it's reliance on a given hash function which
are both fast and return compact outputs.
Also, HMAC can be (and has been) implemented in practically any language.
For example, he Java API already includes a basic implementation of
HMAC/SHA-1 for use. Implementation is (almost) as simple as calling
a few key pre-written methods.
However, HMAC may not be used for non-repudation. That is, Bob cannot
demonstrate that data really came from Alice -- both sender and receiver
can correctly generate an HMAC output (so Bob could have made the
data himself). This is in contrast to digital signatures in which
only the sender can generate the correct output.
Section 5 -- References
-- where can I learn more?
1. HMAC -- see
also FIPS PUB 113 and RFC 2104
2. DES -- see also FIPS PUB 46
3. AES -- see also FIPS PUB 197
4. SHA-1 -- see also FIPS PUB 180-1
5. NIST -- National Institute of Standards
and Technology
And as always,
for those who are truly hardcore CS nerds, I would recommend looking
up anything you could think of at the IETF
website.
