What is a message authentication code (MAC)?
A message authentication code (MAC) is a cryptographic checksum applied to a message in network communication to guarantee its integrity and authenticity. A MAC ensures the transmitted message originated with the stated sender and was not modified during transmission, either accidentally or intentionally. A MAC is sometimes referred to as a tag because of the way it is added to the message it is verifying.
Using a MAC for message verification
Symmetric key cryptographic techniques are used to generate MACs for individual messages. The process requires a standard MAC algorithm that takes two inputs: the original message and a secret key known only to the message originator and its intended recipient. The following figure provides an overview of how a sender generates a MAC and how it is verified by the receiver.
MAC-based message verification requires both the sender and receiver to follow specific steps to ensure the message's credibility:
- The sender and receiver share a secret symmetric key.
- The sender runs a standard algorithm to create the MAC. As input, the algorithm takes the original message and the secret key.
- The algorithm combines the message and secret key and, from this content, generates a fixed-length checksum that is used to create the MAC.
- The sender appends the MAC to the message and transmits them both to the sender.
- When the sender receives the message and MAC, it runs the MAC algorithm using the transmitted message and shared secret key as input.
- The algorithm combines the message and secret key and, from this content, generates a fixed-length checksum that is used to create its own MAC.
- The receiver compares the sender's MAC against its own MAC. If they match, the receiver accepts the message. If the two MACs do not match, the receiver rejects the message.
When the two MACs match, the receiver knows the message came from the legitimate sender and was not altered when transmitted between the sender and the receiver. If the sender and receiver are not using the same secret key or if the message content is different between the sender and receiver, the MAC values will not match and the receiver rejects the message.
Although a MAC ensures authenticity and integrity, it does not protect the message data itself. That is not the purpose of a MAC. For data protection, the message needs to be encrypted in a separate process. In addition, a MAC does not offer nonrepudiation capabilities like a digital signature, which provides a record of a document's origin. With a MAC, there is no way to prove who created the original message.
MAC generation requires a general-purpose algorithm that can securely generate the cryptographic checksum needed to create the MAC. There are multiple algorithms available for MAC creation; however, the National Institute of Standards and Technology (NIST) has approved only the following three algorithms:
- Keyed-Hash-based Message Authentication Code. HMAC is a cryptographic authentication technique that uses a secret key in conjunction with a hash function approved by the Federal Information Processing Standards (FIPS). Because different hash functions can be used, there are multiple implementations of HMAC, such as HMAC-SHA256 and HMAC-SHA3-256. Multiple communication and transfer protocols use HMAC, including Hypertext Transfer Protocol Secure (HTTPS), File Transfer Protocol Secure (FTPS) and Secure File Transfer Protocol (SFTP).
- Keccak Message Authentication Code. A keyed hash function based on Keccak, KMAC is a cryptographic hash function that can also be used for authentication, encryption and pseudo-random number generation. There are two variants of Keccak, KMAC128 and KMAC256. Keccak is specified in the FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions.
- CMAC Mode for Authentication. The cipher-based message authentication code (CMAC) standard defines a block cipher-based MAC algorithm for ensuring authenticity and integrity. According to NIST, CMAC can be considered a mode of operation of the block cipher, providing an "algorithm for the cryptographic transformation of data that features a symmetric key block cipher."
NIST documentation also states that an approved MAC algorithm is expected to support the following property: "It must be computationally infeasible to determine the (as yet unseen) MAC of a message without knowledge of the key, even if one has already seen the results of using that key to compute the MAC's of other (different) messages."
NIST also provides testing requirements and validation lists for the approved algorithms through its Cryptographic Algorithm Validation Program.
Explore how MAC and HMAC use hash function encryption to authenticate messages and the differences between symmetric vs. asymmetric encryption algorithms.