Do you think IIT Guwahati certified course can help you in your career?
Introduction
Have you sent a message to your friend or family? Have you ever wondered how that message is authenticated on the other end?
This article focus on a critical topic in Cryptography, i.e., MAC or Message Authentication Code. We will study a type of Message Authentication Code or MAC known as CBC-MAC or Cipher Block Chaining Message Authentication Code in detail. We will try to understand how to compute the CBC-MAC or Cipher Block Chaining. We will also see the vulnerability and how to attack that vulnerability.
CBC-MAC in Cryptography
CBC-MAC stands for Cipher Block Chaining Message Authentication Code. The CBC-MAC method uses a block cipher to create a message authentication code.
The message is encrypted using a block cipher algorithm in CBC mode to establish a chain of blocks where each block depends on the proper encryption of the preceding block.
Because of the interdependence, it is guaranteed that altering any one of the plaintext bits will result in a modification to the final encrypted block that cannot be anticipated or thwarted without knowing the block cipher's secret key.
How to Compute CBC-MAC?
Now, it's time to see how you can calculate the CBC-MAC of any message.
Let's calculate the CBC-MAC of a message 'm'. For this, you must encrypt 'm' in Cipher Block Chaining or CBC mode with an initialization vector of zero. It would help if you kept the last block.
The following diagram shows the computation of the CBC-MAC of a message. This message consists of blocks m1 || m2 || ... || m2. We are using a secret key named 'k' and a block cipher named 'E.'
Vulnerability of CBC-MAC
When we are working on CBC-MAC or Cipher Block Chaining Message Authentication Code, we generally use the Initialization Vector or IV as zero.
When we use the IV or Initialization Vector as zero, a problem arises. Let's say there are two known messages named 'msg1' and 'msg2'. These two messages will generate two signatures called 'sig1' and 'sig2' independently. Finally,
E (msg1 XOR 0) = sig1
E (msg2 XOR 0) = sig2
Now, a message which consists of msg1 and msg2 will generate two signatures. Let's name the concatenated message as msg3 and the signals generated as sig31 and sig32.
E (msg1 XOR 0) = sig31 = sig1
E (msg2 XOR sig1) = sig32
We can calculate this without even knowing the key of the encryption.
Let's take an example: we will try to encrypt the name 'Administrator' in blocks of 8 bytes. It will look like this:
Administ
rator\00\00\00
We can create a username and name it 'Administ.' We can call this msg1. Using msg1, you can get the signature sig1.
After that, you can create another username which will be the output of the following:
rator\00\00\00 XOR sig1
The above equation will generate 'E' (msg2 XOR sig1 XOR 0). Here, E is sig32.
You can use sig32 for the signature of the complete name 'Administrator.'
Attack via Controlling Initialization Vector
You can efficiently perform the attack if you know how to control the used IV or Initialization Vector.
If the cookie contains only the encrypted username, you can create the user "administrator" and obtain its cookie if you want to pretend to be that user.
Now, if you are able to control the Initialization Vector or IV, you can modify the first 'Byte' of the Initialization Vector or IV.
IV[0] XOR 'A' == iV'[0] XOR 'a'
Finally, you can recreate the cookie for the user named "Administrator."
With the initial IV, this cookie will be valid to pretend to be the user administrator.
Frequently Asked Questions
How long can a message authentication code be?
The most recommended size is a 128-bit (16-bytes) tag.
Does the message authentication code use the public key?
A message recipient can use private keys provided by MACs to confirm that a message hasn't been tampered with during transmission.
What is authenticated code?
Message Authentication Code is an approved security function-based keyed cryptographic checksum.
What are the four principles of cryptography?
The key pillars of contemporary cryptography are Data Confidentiality, Data Integrity, Authentication, and Non-repudiation.
What are the two main types of cryptographic algorithms?
There are two main types of cryptography, asymmetric key encryption and symmetric key encryption.
Conclusion
In this article, we have studied a critical topic in Cryptography, i.e., MAC or Message Authentication Code. We have studied Cipher Block Chaining Message Authentication Code or CBC-MAC in detail. We tried to understand how to compute the CBC-MAC or Cipher Block Chaining. We have also seen the vulnerability of CBC-MAC or Cipher Block Chain and how to attack that vulnerability.
85+ registered