information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...

, message authentication or data origin authentication is a property that a message has not been modified while in transit (

data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire Information Lifecycle Management, life-cycle. It is a critical aspect to the design, implementation, and usage of any system that stores, proc ...

) and that the receiving party can verify the source of the message.

Description

Message authentication or data origin authentication is an

property that indicates that a message has not been modified while in transit (

) and that the receiving party can verify the source of the message. Message

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...

does not necessarily include the property of non-repudiation.

Techniques

Message authentication is typically achieved by using

message authentication code In cryptography, a message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authentication, authenticating and Data integrity, integrity-checking a message. In other words, it is used t ...

s (MACs), authenticated encryption (AE), or digital signatures. The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them. It is based on using a

cryptographic hash A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptographic application: * the probability of a particu ...

or symmetric encryption algorithm. The authentication key is only shared by exactly two parties (e.g. communicating devices), and the authentication will fail in the existence of a third party possessing the key since the

algorithm In mathematics and computer science, an algorithm () is a finite sequence of Rigour#Mathematics, mathematically rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algo ...

will no longer be able to detect forgeries (i.e. to be able to validate the unique source of the message). In addition, the key must also be randomly generated to avoid its recovery through brute-force searches and related-key attacks designed to identify it from the messages transiting the medium. Some cryptographers distinguish between "message authentication without secrecy" systems – which allow the intended receiver to verify the source of the message, but they don't bother hiding the plaintext contents of the message – from authenticated encryption systems. Some cryptographers have researched subliminal channel systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message.

Related concepts

Data origin authentication and non-repudiation have been also studied in the framework of quantum cryptography.

References

Error detection and correction Theory of cryptography {{crypto-stub

Description

Techniques

Related concepts

See also

References