Message Authentication Protocol

Cryptographic authentication protocol

In the first article of this series, we studied that software and hardware infrastructure, as a product of human development, tends to present vulnerabilities exploited by hackers to take control of the system.

Cryptography makes it possible to solve these problems, which we have called generic vulnerabilities. In previous articles, we have studied how cryptography allows us to defend the integrity and confidentiality of data in a computer system.

In this article, we will address the authenticity of communications in a local or external computer network. Authenticity refers to ensuring that the correct person is sending the message.

Hash-key function

In article two, we studied how a hash function allows us to verify the integrity of a file. Now we use the hash function together with a secret key to authenticate a file sent from a point or node A of the network to another point B.

There are several cryptographic functions that allow us to solve the authentication issue, here I will use HMAC-SHA256.

HMAC-SHA256 function

HMAC stands for "Hashed Message Authentication Code", there are several hash functions, in this example I will use hash256.

Example:

Message or plain text:

New York is the most populous city in the United States. With a population in 2020 of 8,804,190

Secret key: wxdr20

We will use the function generator online site HMAC-sha256:

The result of the Hashed Output is:

597621fd8b22ac4148fbfb8cb120159ffbc996681b87303674e1ebd42d257298

If Bob wants to send the message to Alice, he will send the message and the Hashed Output.

Full authentication protocol

Step 1: Roberto (Bob) and Alice must share the secret key: wxdr20 (no one else must know it).

Step 2: Bob creates the message to send:

New York is the most populous city in the United States. With a population in 2020 of 8,804,190

Step 3: Bob calculates the hash (Hashed Output), which we will call Bob's hash:

597621fd8b22ac4148fbfb8cb120159ffbc996681b87303674e1ebd42d257298

Step 4: Bob sends the message and hash Bob to Alice; you can do it by email and phone message.

Step 5: Alice receives the message and the hash Bob, goes to the online hash function generator site, puts the message and the key:

And get the hash Alice:

597621fd8b22ac4148fbfb8cb120159ffbc996681b87303674e1ebd42d257298

Step 6: Alice compares both hashes:

597621fd8b22ac4148fbfb8cb120159ffbc996681b87303674e1ebd42d257298

Since they are both the same, Alice concludes that Bob sent the message.

Conclusions:

1. This is a simplified example of how to authenticate the sending of information (files) between nodes or points in an information system.

2.The reader uses this algorithm on a daily basis with email such as Gmail or Outlook, when he opens his mail on a device that he does not use daily, he must enter his personal email at jrmartin50@gmail.com and a password such as xrtvb453, which he has previously registered in his email application account, so that the application authenticates that he is the owner of that account.