Yorkville High School Computer Science Department
Yorkville High School Computer Science Department on Facebook  Yorkville High School Computer Science Department Twitter Feed  Yorkville High School Computer Science Department on Instagram

Yorkville High School Computer Science

ASSIGNMENTS: Build a Computer - September 25, 2018 :: Network App - December 14, 2018

Computer Security :: Lessons :: HMAC and CMAC

HMAC

The idea of using a hash function to generate a MAC is relatively new. HMAC or hash-based message authentication code was first defined and published in 1996 and is now used for IP security and SSL. The advantage of using a hash-based MAC as opposed to a MAC based a block cipher is speed. Hash functions like MD5 and SHA are generally faster in software than symmetric block ciphers like AES and DES.

A hash function cannot be used directly as a MAC since it does not rely on a secret key. The design objectives for an HMAC are the following:

HMAC Structure

The diagram shows the general structure of HMAC using these terms:

The HMAC structure follows these steps:

  1. Append 0s to the left of K to create a b-bit string K+.
  2. XOR K+ with ipad to produce the b-bit block Si.
  3. Append M to Si.
  4. Apply H to the stream generated in the previous step.
  5. XOR K+ with opad to produce the b-bit block S0.
  6. Append the hash result from step 4 to S0.
  7. Apply H to the stream generated in step 6 and output the result.

CMAC

The Data Authentication Algorithm, or DAA, is a block cipher MAC based on DES. However, security weaknesses have led to its replacement. Cipher-based Message Authentication Code, or CMAC, is a block-cipher mode of operation for use with AES and 3DES. CMAC uses three keys: one key that is used for each step of the cipher block chaining and two keys that are the same length as the cipher block.

Yorkville High School Computer Science Department on Facebook Yorkville High School Computer Science Department Twitter Feed Yorkville High School Computer Science Department on Instagram