Message authentication
What Is Message Authentication?
Message authentication is a cryptographic mechanism for verifying that a received message originated from a legitimate source and has not been altered during transmission. It addresses two distinct security goals: data integrity (confirming the content has not changed) and data origin authentication (confirming the claimed sender is genuine). These goals are distinct from confidentiality, which concerns secrecy, and from non-repudiation, which concerns legally binding proof of origin. Message authentication is a foundational component of secure communication protocols, file verification systems, and software distribution pipelines.
The discipline draws on symmetric cryptography, public-key cryptography, and hash function design. Its practical mechanisms divide into two principal families: message authentication codes (MACs), which rely on shared secret keys, and digital signature schemes, which use asymmetric key pairs and additionally provide non-repudiation.
Message Authentication Codes
A message authentication code (MAC) is a short fixed-length value, known as a tag, computed from an input message and a secret key shared between the sender and receiver. The sender appends the tag to the message; the receiver recomputes the tag independently using the same key and verifies that the two values match. An attacker who does not possess the key cannot forge a valid tag for a modified message with computationally practical effort. NIST currently approves three general-purpose MAC algorithms: HMAC, which constructs the tag using an approved hash function such as SHA-256 or SHA-3; CMAC, which uses a block cipher such as AES in a chaining mode; and KMAC, derived directly from the SHA-3 (Keccak) permutation. The NIST Computer Security Resource Center project page on message authentication codes defines these approved algorithms and their security properties. The HMAC specification is codified in FIPS 198-1, which sets requirements on key lengths and hash function selection.
Digital Signatures and Asymmetric Authentication
Digital signatures achieve message authentication without a pre-shared secret key. The sender signs the message (or its hash) using a private key, and any party holding the corresponding public key can verify the signature. This asymmetry makes digital signatures suitable for open, large-scale settings where pre-distributing secret keys is impractical, such as software updates, certificate authorities, and electronic contracts. Standard signature schemes include RSA-PSS, DSA, and ECDSA (Elliptic Curve Digital Signature Algorithm), all defined in FIPS 186-5. Unlike MACs, digital signatures provide non-repudiation: the signer cannot later deny having produced a valid signature, since only they possess the private key. Steganography, a related but distinct field, hides the existence of a message rather than authenticating its origin, and is sometimes combined with authentication in covert channel applications.
Deployment and Standards
Message authentication is deployed at multiple layers of modern computing infrastructure. At the network layer, the IPsec Authentication Header (AH) and Encapsulating Security Payload (ESP) use HMAC-based MACs to authenticate IP packets. At the transport layer, TLS 1.3 uses HMAC inside its record protocol to protect application data integrity. Firmware and software packages distributed over the internet typically carry cryptographic signatures verified at installation time, protecting against supply-chain tampering. Hardware security modules (HSMs) handle high-volume MAC and signature operations in payment systems, where authenticating thousands of transactions per second requires dedicated cryptographic processors. The IEEE 802.11s wireless mesh standard uses Simultaneous Authentication of Equals (SAE), illustrating how message authentication principles extend into wireless networking contexts.
Applications
Message authentication has applications in a wide range of fields, including:
- Secure communications protocols including TLS, IPsec, and SSH
- Software and firmware update verification and code signing
- Financial transaction authentication in payment networks
- Electronic document signing and contract management
- API security for authenticating web service requests
- IoT device identity verification and command integrity