HMAC

HMAC. In cryptography, a keyed-hash message authentication code is a specific construction for creating a message authentication code involving a cryptographic hash function and a secret cryptographic key. It is widely used to verify both the data integrity and the authenticity of a message, ensuring it originated from the stated sender and was not altered in transit. The mechanism was first defined in a 1996 paper by researchers Mihir Bellare, Ran Canetti, and Hugo Krawczyk, and has since been adopted in numerous Internet standards and security protocols.

Definition and purpose

The primary purpose is to provide a robust method for message authentication using existing cryptographic hash function algorithms like those in the SHA-2 family. It is formally defined within standards such as FIPS PUB 198-1 and RFC 2104. The design intentionally allows the use of different underlying hash functions, making it adaptable as cryptographic recommendations evolve. Its core objective is to prevent forgery and tampering in digital communications, a critical requirement for secure systems like online banking and electronic commerce.

Algorithm

The algorithm operates by combining the secret key with the message data in a nested structure. First, the key is processed to create two derived keys: an inner pad and an outer pad. The inner computation involves hashing the concatenation of the inner pad and the original message. The outer computation then hashes the concatenation of the outer pad and the result of the inner hash. This double-hashing approach, often using functions like SHA-256 or SHA-3, thwarts certain types of cryptanalytic attacks that might be possible with simpler constructions. The final output is a fixed-size digest that serves as the authentication tag.

Security and properties

The security proof is reducible to the properties of the underlying hash function, specifically its collision resistance and pseudorandom function capabilities. A significant property is that it does not require the hash function to be resistant to length extension attack, a common weakness in naive constructions. Its strength is formally analyzed in the standard model of cryptography, and it remains secure even if the hash function exhibits some vulnerabilities, provided the key remains secret. This robustness has led to its endorsement by major bodies like the National Institute of Standards and Technology and its inclusion in the ISO/IEC 9797-2 standard.

Applications

It is a foundational component in many critical Internet protocols and security systems. It is used for message authentication in the Transport Layer Security protocol suite, which secures web traffic. The Internet Protocol Security framework employs it within the Authentication Header and Encapsulating Security Payload protocols. It is also integral to the OAuth framework for API security and in the JSON Web Token standard. Furthermore, it sees extensive use in financial systems, smart card authentication, and verifying software updates in systems like those from Microsoft and Apple.

Variants and related concepts

Several variants have been standardized to use with specific hash functions, such as HMAC-SHA256 and HMAC-SHA3-512. The KMAC algorithm, based on SHA-3, offers a similar functionality but is designed as a variable-length output primitive. Related concepts include CBC-MAC and GMAC, which are message authentication code constructions based on block ciphers rather than hash functions. The broader field of cryptographic primitive design also includes digital signature schemes like those in RSA and the Digital Signature Algorithm, which provide non-repudiation in addition to authentication.

Category:Cryptography Category:Cryptographic primitives