Did you just download the latest version of your favorite browser, or maybe a virus update program, from Microsoft or Netscape? You may have logged on through your network or dialed into an Internet service provider (ISP). Then you downloaded the file. The file passed from the vendor's disk to its Internet server to the Internet cloud to your ISP and finally to your machine (see Figure 7-7).
Figure 7-7 When you send or receive a message over the Internet, it's important to ensure its integrity.
You hope you received what you ordered; you hope that during each stop and forward along the way no one changed the contents. No one wants BlackHat to modify a virus checker program so that it will fail to check for particular viruses.
|Integrity is often referred to as message authentication.|
Authentication assures Alice that no one is masquerading as Bob. The principle of integrity assures Alice that no one can change Bob's messages without being detected. Authentication and integrity are very closely linked; integrity is often referred to as message authentication.
Alice and Bob obtain integrity assurance by using their secret key and the message to make a message fingerprint, known as a message authentication code (MAC). The message and message fingerprint are a closely tied, matched pair. No one can easily find another message that makes the identical matched message fingerprint. As with secret key encryption, the secret key Alice shares with Bob ensures that the message fingerprint is secure from forgeries. Even searching for an identical fingerprint is frustrating because the message fingerprint formula is designed so that a change in a single message letter (actually a single bit) changes about one-half the message fingerprint (see Figure 7-8).
Any change in the message changes the fingerprint. If $10.00 is changed to $10.01, it makes a completely different message authentication code. As discussed in Chapter 5, this is called the avalanche effect and means that cryptanalysts have a difficult time knowing when they're close to producing a successful forgery.
Like a secret key encryption method, the MAC formula is publicly available and known; it's not secret. Chapters 13 and 14 cover this topic in greater depth.
Using the MAC for Message Integrity Assurance
In Figure 7-9, Alice creates the MAC from the secret key and the message $10.00 is cost of game and sends both the message and the MAC to Bob.
Figure 7-8 A slight difference between two messages results in greatly differing message authentication codes.
Figure 7-9 Alice makes a message and a MAC and sends both to Bob.
In Figure 7-10, Bob uses the message and his copy of their shared secret key to independently calculate another message fingerprint. If Bob's independently calculated message fingerprint is exactly equal to the message fingerprint he received from Alice, he is assured that the message has not been changed in transit.
|MAC formula and shared secret key ensure that no one else can duplicate the (MAC) message fingerprint.|
Bob can feel secure because no one else can duplicate the message fingerprint without knowing the secret key he shares with Alice. Note that in our example, the message $10.00 is cost of game is sent as plaintext; that is, the message is not confidential. In Part IV, "Real World Systems," we'll see how to get confidentiality, authentication, and integrity assurances together.
Figure 7-10 Bob verifies that Alice's message arrived unaltered.
Why Bother Using a Message Authentication Code?
|A MAC is small.|
Why bother computing a MAC if you're going to send the message in the clear anyway? First, software updates can be many megabytes and don't need to be secret. Encryption and decryption take computer time. A MAC is very small compared with the size of most messages.
|Confidentiality, by itself, does not ensure integrity.|
Second, it's a common but mistaken notion that secret key confidentiality alone assures message integrity. Encryption doesn't stop BlackHat from altering messages (see Chapter 22). That is, message fingerprints are as important as confidentiality and should always be sent with the messages.
File and MAC Compression
By the way, MAC math compresses large files to a very few bytes (characters), but you shouldn't confuse MAC compression with popular compression programs such as PKZip, WinZip, or StuffIt. MAC compression is one-way; there's no way to decompress a MAC to reclaim the original underlying text (see Figure 7-11).
In fact, if BlackHat could recover or figure out any part of the original text from a MAC, the MAC program would be flawed and insecure (see Chapter 14).
Figure 7-11 MAC compression is one-way. The MAC cannot be decompressed to recover the original file (message).