MACs (Message Authentication Codes)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Let's move into our next topic.
00:00
Our next topic is going to be to
00:00
discuss MACs, message authentication codes.
00:00
Again, don't be surprised when in later chapters
00:00
the meaning of the acronym
00:00
MAC changes because it's going to change several times.
00:00
But for right now in this moment,
00:00
MAC stands for message authentication codes.
00:00
What we're going to talk about
00:00
is we're going to talk about
00:00
what a message authentication code
00:00
and how it provides us with integrity.
00:00
Then we're going to talk about how it
00:00
fills the gap in-between
00:00
>> hashing and digital signatures.
00:00
>> Now, with integrity,
00:00
let's just go back and do a quick review.
00:00
We want to make sure that data hasn't been modified.
00:00
Now it could be modified
00:00
>> accidentally through corruption.
00:00
>> It could also be modified intentionally through
00:00
malicious attacks or attempts at modification.
00:00
We want to be able to detect
00:00
both of those. But here's the thing.
00:00
We talked about, hashing giving us integrity
00:00
and we talked about if we take this hash,
00:00
it creates a digital representation of the message.
00:00
The application puts the hash on
00:00
the message and sends it to the receiver.
00:00
The receiver hashes the document.
00:00
If the two hashes match,
00:00
then the receiver knows there's been no change.
00:00
The problem with that though is if I were
00:00
a malicious attacker and I
00:00
intercepted that message and changed the message,
00:00
I just changed the hash also.
00:00
You see what I mean? Like the hash when we use that,
00:00
that really is only good
00:00
to detect accidental modification.
00:00
Because if it was maliciously modified,
00:00
the attacker can bypass that.
00:00
They could just rehash the document.
00:00
It's important that we have
00:00
>> hashing to detect corruption.
00:00
>> But if we really want to be able
00:00
to detect malicious modification,
00:00
well, we talked about digital signatures.
00:00
Because a digital signature takes the hash,
00:00
but then encrypts the hash
00:00
with the sender's private key so
00:00
that you have the assurance that
00:00
the sender is the one who hashed the document.
00:00
You have that true non-repudiation.
00:00
A hash is low-end.
00:00
Digital signatures are high-end but the problem
00:00
with digital signatures is they require overhead.
00:00
Remember we talked about a PKI,
00:00
a public key infrastructure.
00:00
We have to have certificate authorities and we
00:00
have to have standards-based certificates.
00:00
We have to have applications that use
00:00
certificates and we have to have means to
00:00
revoke and all these different pieces.
00:00
A digital signature is great.
00:00
It lets me know if something's
00:00
>> been maliciously modified,
00:00
>> but it requires a lot of
00:00
overhead and we can't assume every environment,
00:00
every domain is going to have
00:00
support for public key infrastructure.
00:00
What we need is something in the middle,
00:00
and that's where a MAC comes in.
00:00
MAC provides reasonable authenticity.
00:00
It's system-based authenticity and integrity.
00:00
Now, it's not as strong as a digital signature.
00:00
Because instead of using
00:00
asymmetric key like a digital signature does,
00:00
a MAC uses a symmetric key.
00:00
Symmetric keys don't provide
00:00
the same strength of
00:00
authentication that you get with an asymmetric key.
00:00
For instance, if you'll remember when we
00:00
talked about asymmetric keys,
00:00
my private key is mine.
00:00
It is bound to the identity of Kelly Handerhun.
00:00
If that private key is used,
00:00
you can trace the action back to Kelly Handerhun.
00:00
But because a MAC uses asymmetric key,
00:00
that means both parties,
00:00
the sender and receiver,
00:00
know the same key.
00:00
Usually it's based off
00:00
a password that the two entities share.
00:00
Anytime more than one entity
00:00
>> has access to the same key,
00:00
>> that makes true non-repudiation very difficult to get,
00:00
but we get decent authenticity with a MAC.
00:00
Ultimately what happens is
00:00
the contents of the message are hashed.
00:00
Just like we said, my little example of a hash is fine.
00:00
We have the comparison of what
00:00
happens with a PKI, we just talk about that.
00:00
With a MAC,
00:00
what happens is the message is
00:00
concatenated with the symmetric number
00:00
or a symmetric key.
00:00
You've got the message and
00:00
the symmetric key together go through
00:00
a hashing algorithm and the result of that is a MAC.
00:00
Now there are HMAC and CBC MAC.
00:00
I wouldn't get tangled up
00:00
in the difference between the two.
00:00
HMAC, most of the time when people talk about MACs,
00:00
that's what they're talking about.
00:00
The message in the symmetric key go through
00:00
a hashing algorithm and they
00:00
produce a unique value called the HMAC.
00:00
On the receiving end,
00:00
you use the message and
00:00
the symmetric key through the hashing algorithm,
00:00
you're going to produce the same HMAC and we
00:00
know not just that the message hasn't changed,
00:00
but we have the reasonable assumption
00:00
of the origin of the message.
00:00
Because if only you and I
00:00
know the secret number, the symmetric number,
00:00
the symmetric key,
00:00
then only you would
00:00
be able to have produced the value that I produced.
00:00
That symmetric key gives
00:00
us a little bit of authentication.
00:00
It's reasonable authentication.
00:00
You can't map it specifically to
00:00
me or specifically to you because we both share it.
00:00
But if the symmetric numbers used in the communication,
00:00
I know it had to come from you because you're
00:00
the only other person that knows it.
00:00
MACS are symmetric in nature.
00:00
Public key infrastructure and digital signatures,
00:00
those are asymmetric, and then
00:00
hashes are neither symmetric nor asymmetric.
00:00
If you'll remember, hashes just
00:00
provide a thumbprint of the file.
00:00
They're only good to detect corruption.
00:00
PKI's way on the other end,
00:00
but it requires a lot of overhead so a MAC is
00:00
a symmetric key concatenated with
00:00
the message put through a hashing algorithm.
00:00
It gives us decent authentication,
00:00
gives us integrity, but
00:00
not the strongest non-repudiation
00:00
which we would need a PKI to implement.
Up Next
Instructed By
Similar Content
