System to verify the source and or authenticity of a message
This article's
lead sectionmay be too short to adequately
summarize the key points. Please consider expanding the lead to
provide an accessible overview of all important aspects of the article. The reason given is: it misses a summary of the content of each section(June 2024)
In
information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (
data integrity) and that the receiving party can verify the source of the message.[1]
Description
Message authentication or data origin authentication is an
information security property that indicates that a message has not been modified while in transit (
data integrity) and that the receiving party can verify the source of the message.[1] Message
authentication does not necessarily include the property of
non-repudiation.[2][3]
Techniques
Message authentication is typically achieved by using
message authentication codes (MACs),
authenticated encryption (AE), or
digital signatures.[2] The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them.[4] It is based on using a
cryptographic hash or
symmetric encryption algorithm.[5] The authentication key is only shared by exactly two parties (e.g. communicating devices), and the authentication will fail in the existence of a third party possessing the key since the
algorithm will no longer be able to detect
forgeries (i.e. to be able to validate the unique source of the message).[6] In addition, the key must also be randomly generated to avoid its recovery through brute-force searches and related-key attacks designed to identify it from the messages transiting the medium.[6]
Some cryptographers distinguish between "message authentication without secrecy" systems – which allow the intended receiver to verify the source of the message, but they don't bother hiding the plaintext contents of the message – from
authenticated encryption systems.[7] Some cryptographers have researched
subliminal channel systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message.
Related concepts
Data origin authentication and non-repudiation have been also studied in the framework of quantum cryptography.[8][9]
^Patel, Dhiren (2008). Information Security: Theory and Practice. New Delhi: Prentice Hall India Private Lt. p. 124.
ISBN978-81-203-3351-2.
^Jacobs, Stuart (2011). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. Hoboken, NJ: John Wiley & sons. p. 108.
ISBN978-0-470-56512-4.
^
abWalker, Jesse (2013). "Chapter 13 – Internet Security". In Vacca, John R. (ed.). Computer and Information Security Handbook (3rd ed.). Morgan Kaufmann Publishers. pp. 256–257.
doi:
10.1016/B978-0-12-803843-7.00013-2.
ISBN978-0-12-803843-7.