|
This paper describes MACJER-320, a new Message Authentication
Code (MAC) and evaluates its performance in comparison with
a popular one, the keyed-Hash Message Authentication Code
(HMAC). Both the MACs are based on hash functions, i.e.,
their security by and large depends on the strength of the
underlying hash function. MACJER-320 uses JERIM-320, a 320-bit
hash function, while HMAC uses a 160-bit hash function,
the Secure Hash Algorithm (SHA-1). JERIM-320 is designed
to operate on four parallel lines of message processing,
resulting in higher degree of security than serial iterative
hash functions like SHA-1. The performance evaluation of
the two methods has been done by using practical implementation
step computation methods.
Message Authentication Codes (MACs) form one of the fundamental
cryptographic primitives, used extensively in providing
security services for general digital data offering authentication,
non-repudiation and data integrity. The sender and receiver
share a common key K between the authorized entities, Alice
and Bob. When Alice sends a message to Bob, she computes
the MAC value of the message with the shared secret key
and appends it to the message. Once Bob receives the message
and the MAC value, he recomputes the MAC value of the obtained
message with the key and verifies the authenticity of the
message by checking if the recomputed MAC value is the same
as the received MAC value. This ensures the sender's authenticity
and non-repudiation. The algorithm producing the MAC is
designed to reflect any changes in the message to ensure
data integrity also. This MAC generation and verification
is shown in Figure 1. The security of the MAC algorithm
depends on the difficulty for an unauthorized entity to
produce a forgery that is, a new message with a valid MAC.
The popular MAC mechanism used nowadays is the HMAC (Hash
based Message Authentication Code) with MD5 or Secure Hash
Algorithm (SHA-1) as the hash functions (Jongsung Kim et
al., 2006). But, the strength of hash functions such as
MD5 (Message Digest Algorithm 5) (Rivest, 1992) and SHA-1
(NIST-SHA, 2002) has been called into question as a result
of recent findings. Hence, it is required to have a proven
method to meet the future requirements. The analysis of
MACJER-320 and its performance in comparison with the popular
HMAC-SHA1 have been carried out in this context.
MACJER-320, a new message authentication code has been
designed and its performance is compared with the popular
HMAC using practical implementations and single step computations.
MACJER-320 produces an output of 320 bit MAC code and hence
it is more secure than the 160 bit MAC code produced by
HMAC-SHA-1. Also due to the more number of operations performed
in each message block, the MAC code produced by MACJER-320
is more secure as compared to HMAC-SHA-1. Since message
integrity and authentication services are very important
in today's high-speed network protocols and since the confidence
level with the current candidates such as SHA-1 is coming
down, new MAC schemes are necessary and more secure MAC
codes like MACJER-320 could be an option.
|
