Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
CBC-MAC in Cryptography
3.
How to Compute CBC-MAC?
4.
Vulnerability of CBC-MAC
5.
Attack via Controlling Initialization Vector
6.
Frequently Asked Questions
6.1.
How long can a message authentication code be?
6.2.
Does the message authentication code use the public key?
6.3.
What is authenticated code?
6.4.
What are the four principles of cryptography?
6.5.
What are the two main types of cryptographic algorithms?
7.
Conclusion
Last Updated: Mar 27, 2024
Medium

CBC-MAC in Cryptography

Author Amit Singh
0 upvote
Master Python: Predicting weather forecasts
Speaker
Ashwin Goyal
Product Manager @

Introduction

Have you sent a message to your friend or family? Have you ever wondered how that message is authenticated on the other end?

Cipher Block Chaining

This article focus on a critical topic in Cryptography, i.e., MAC or Message Authentication Code. We will study a type of Message Authentication Code or MAC known as CBC-MAC or Cipher Block Chaining Message Authentication Code in detail. We will try to understand how to compute the CBC-MAC or Cipher Block Chaining. We will also see the vulnerability and how to attack that vulnerability.

CBC-MAC in Cryptography

CBC-MAC stands for Cipher Block Chaining Message Authentication Code. The CBC-MAC method uses a block cipher to create a message authentication code. 

The message is encrypted using a block cipher algorithm in CBC mode to establish a chain of blocks where each block depends on the proper encryption of the preceding block. 

Because of the interdependence, it is guaranteed that altering any one of the plaintext bits will result in a modification to the final encrypted block that cannot be anticipated or thwarted without knowing the block cipher's secret key.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

How to Compute CBC-MAC?

Now, it's time to see how you can calculate the CBC-MAC of any message.

Let's calculate the CBC-MAC of a message 'm'. For this, you must encrypt 'm' in Cipher Block Chaining or CBC mode with an initialization vector of zero. It would help if you kept the last block. 

The following diagram shows the computation of the CBC-MAC of a message. This message consists of blocks m1 || m2 || ... || m2. We are using a secret key named 'k' and a block cipher named 'E.'

cbc

Vulnerability of CBC-MAC

When we are working on CBC-MAC or Cipher Block Chaining Message Authentication Code, we generally use the Initialization Vector or IV as zero.

When we use the IV or Initialization Vector as zero, a problem arises. Let's say there are two known messages named 'msg1' and 'msg2'. These two messages will generate two signatures called 'sig1' and 'sig2' independently. Finally,

  • E (msg1 XOR 0) = sig1
     
  • E (msg2 XOR 0) = sig2
     

Now, a message which consists of msg1 and msg2 will generate two signatures. Let's name the concatenated message as msg3 and the signals generated as sig31 and sig32. 

  • E (msg1 XOR 0) = sig31 = sig1
     
  • E (msg2 XOR sig1) = sig32
     

We can calculate this without even knowing the key of the encryption. 

Let's take an example: we will try to encrypt the name 'Administrator' in blocks of 8 bytes. It will look like this:

  1. Administ
     
  2. rator\00\00\00
     

We can create a username and name it 'Administ.' We can call this msg1. Using msg1, you can get the signature sig1.

After that, you can create another username which will be the output of the following:

rator\00\00\00 XOR sig1


The above equation will generate 'E' (msg2 XOR sig1 XOR 0). Here, E is sig32. 

You can use sig32 for the signature of the complete name 'Administrator.'

Attack via Controlling Initialization Vector

root

You can efficiently perform the attack if you know how to control the used IV or Initialization Vector. 

If the cookie contains only the encrypted username, you can create the user "administrator" and obtain its cookie if you want to pretend to be that user.

Now, if you are able to control the Initialization Vector or IV, you can modify the first 'Byte' of the Initialization Vector or IV. 

IV[0] XOR 'A' == iV'[0] XOR 'a'


Finally, you can recreate the cookie for the user named "Administrator."  

With the initial IV, this cookie will be valid to pretend to be the user administrator.

Frequently Asked Questions

How long can a message authentication code be?

The most recommended size is a 128-bit (16-bytes) tag.

Does the message authentication code use the public key?

A message recipient can use private keys provided by MACs to confirm that a message hasn't been tampered with during transmission.

What is authenticated code?

Message Authentication Code is an approved security function-based keyed cryptographic checksum.

What are the four principles of cryptography?

The key pillars of contemporary cryptography are Data Confidentiality, Data Integrity, Authentication, and Non-repudiation.

What are the two main types of cryptographic algorithms?

There are two main types of cryptography, asymmetric key encryption and symmetric key encryption.

Conclusion

In this article, we have studied a critical topic in Cryptography, i.e., MAC or Message Authentication Code. We have studied Cipher Block Chaining Message Authentication Code or CBC-MAC in detail. We tried to understand how to compute the CBC-MAC or Cipher Block Chaining. We have also seen the vulnerability of CBC-MAC or Cipher Block Chain and how to attack that vulnerability.

We hope that this article has provided you with the help to enhance your knowledge regarding Cryptography and if you would like to learn more, check out our articles on what-are-basic-cryptography-tools and what-is-cryptography-and-why-do-we-use-it.

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enroll in our courses and refer to the mock test and problems available; take a look at the interview experiences and interview bundle for placement preparations.

Do upvote our blog to help other ninjas grow.

Merry Learning!

Previous article
Nested MACs and HMAC in Cryptography
Next article
Authenticated Encryption in Cryptography
Live masterclass