In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a messageâin other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
![]()
Amongst other applications, the client was deploying Microsoftâs Office for Mac 2016 suite using a site-license for all Macs. This deployed and installed without complaint. When first launching any of the âcore threeâ Office applications (Word, PowerPoint and Excel, but strangely not Outlook), these took between 2-5 minutes to launch. Configuring Microsoft NPS for MAC-Based RADIUS - MS Switches. Table of contents. Benefits of MAC-Based RADIUS. Adding MS Switches as RADIUS clients on the NPS Server. Create a user account in Active Directory for a connecting device. Configuring a NPS Connection Request Policy. Configuring a NPS Network Policy.
Definitions[edit]
Informally, a message authentication code system consists of three algorithms:
For a secure unforgeable message authentication code, it should be computationally infeasible to compute a valid tag of the given message without knowledge of the key, even if for the worst case, we assume the adversary can forge the tag of any message except the given one.[1]
Formally, a message authentication code (MAC) system is a triple of efficient[2] algorithms (G, S, V) satisfying:
A MAC is unforgeable if for every efficient adversary A
where AS(k, · ) denotes that A has access to the oracle S(k, · ), and Query(AS(k, · ), 1n) denotes the set of the queries on S made by A, which knows n. Clearly we require that any adversary cannot directly query the string x on S, since otherwise a valid tag can be easily obtained by that adversary.[4]
Security[edit]
While MAC functions are similar to cryptographic hash functions, they possess different security requirements. To be considered secure, a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, the attacker cannot guess the MAC for other messages (which were not used to query the oracle) without performing infeasible amounts of computation.
MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on the same key before initiating communications, as is the case with symmetric encryption. For the same reason, MACs do not provide the property of non-repudiation offered by signatures specifically in the case of a network-wide shared secret key: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair, which is public-key cryptography[2]. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation. However, non-repudiation can be provided by systems that securely bind key usage information to the MAC key; the same key is in the possession of two people, but one has a copy of the key that can be used for MAC generation while the other has a copy of the key in a hardware security module that only permits MAC verification. This is commonly done in the finance industry.[citation needed]
Message integrity codes[edit]![]()
The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications,[5] to distinguish it from the use of MAC meaning MAC address (for media access control address). However, some authors[6] use MIC to refer to a message digest, which is different from a MAC â a message digest does not use secret keys. This lack of security means that any message digest intended for use gauging message integrity should be encrypted or otherwise be protected against tampering. Message digest algorithms are created such that a given message will always produce the same message digest assuming the same algorithm is used to generate both. Conversely, MAC algorithms are designed to produce matching MACs only if the same message, secret key and initialization vector are input to the same algorithm. Message digests do not use secret keys and, when taken on their own, are therefore a much less reliable gauge of message integrity than MACs. Because MACs use secret keys, they do not necessarily need to be encrypted to provide the same level of assurance.
RFC 4949 recommends avoiding the term 'message integrity code' (MIC), and instead using 'checksum', 'error detection code', 'hash', 'keyed hash', 'message authentication code', or 'protected checksum'.
Implementation[edit]
MAC algorithms can be constructed from other cryptographic primitives, like cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms (OMAC, CBC-MAC and PMAC). However many of the fastest MAC algorithms like UMAC-VMAC and Poly1305-AES are constructed based on universal hashing.[7]
Intrinsically keyed hash algorithms such as SipHash are also by definition MACs; they can be even faster than universal-hashing based MACs.[8]
Additionally, the MAC algorithm can deliberately combine two or more cryptographic primitives, so as to maintain protection even if one of them is later found to be vulnerable. For instance, in Transport Layer Security (TLS), the input data is split in halves that are each processed with a different hashing primitive (MD5 and SHA-1) then XORed together to output the MAC.
Standards[edit]
Various standards exist that define MAC algorithms. These include:
ISO/IEC 9797-1 and -2 define generic models and algorithms that can be used with any block cipher or hash function, and a variety of different parameters. These models and parameters allow more specific algorithms to be defined by nominating the parameters. For example, the FIPS PUB 113 algorithm is functionally equivalent to ISO/IEC 9797-1 MAC algorithm 1 with padding method 1 and a block cipher algorithm of DES.
An example of MAC use[edit]![]()
[14]In this example, the sender of a message runs it through a MAC algorithm to produce a MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn runs the message portion of the transmission through the same MAC algorithm using the same key, producing a second MAC data tag. The receiver then compares the first MAC tag received in the transmission to the second generated MAC tag. If they are identical, the receiver can safely assume that the message was not altered or tampered with during transmission (data integrity).
However, to allow the receiver to be able to detect replay attacks, the message itself must contain data that assures that this same message can only be sent once (e.g. time stamp, sequence number or use of a one-time MAC). Otherwise an attacker could â without even understanding its content â record this message and play it back at a later time, producing the same result as the original sender.
One-time MAC[edit]
Universal hashing and in particular pairwise independent hash functions provide a secure message authentication code as long as the key is used at most once. This can be seen as the one-time pad for authentication.[15]
The simplest such pairwise independent hash function is defined by the random key key = (a,b), and the MAC tag for a message m is computed as tag = (am + b) mod p, where p is prime.
More generally, k-independent hashing functions provide a secure message authentication code as long as the key is used less than k times for k-ways independent hashing functions.
See also[edit]
Notes[edit]
References[edit]
External links[edit]
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Message_authentication_code&oldid=942941772'
Update 2016-07-21:
Since originally drafting this blog, the slow launch issue detailed below has been fixed with version 15.24 of the Microsoft 2016 applications. The proxy pop messages still occurring as per the below.
Hi all. In this post Iâll share some information Iâve found whilst working with Microsoft Office 2016 at a clientâs site with high security requirements.
Background Information
The client in question has only just started supporting Macs internally. The Macs in question are running El Capitan (10.11.4 at the time), joined to AD and utilise a Kerberised proxy solution, configured to fall back to NTLM (the âproxy authentication popupâ) if the device is not authorised for the HTTP/HTTPS traffic in question.
The Problem
Amongst other applications, the client was deploying Microsoftâs Office for Mac 2016 suite using a site-license for all Macs. This deployed and installed without complaint.
When first launching any of the âcore threeâ Office applications (Word, PowerPoint and Excel, but strangely not Outlook), these took between 2-5 minutes to launch. Once they did, a window as per the below, was shown to the end user:
If the user entered their Proxy username and password the application would load and run fine, but the same message would appear (along with the delay) the next time one of the core three applications are launched.
If the user dismissed the window by using the red âXâ button, another 4-5 windows would appear, one at a time. This procession of popup windows would repeat another 2-3 times depending on what options users selected within the application (e.g. âNewâ, âOpenâ etc).
After working the issue with the client, we found that the Office application in question was correctly using the Kerberised authentication initially, but almost immediately fell back to an authentication request, and prompted the user for these details.
The Solution
After some work, we found the URLs that the Office applications reach out to (all 443) on launch:
In the end, the client had to configure these URLs as allowed âunauthenticatedâ through the proxy to resolve the issue. The client reached out to Microsoft support who confirmed that this was the correct resolution to the issue.
Additional Information
Since my own journey of discovery, Paul Bowden (Microsoft Software Engineer for Office for Mac / iOS) on the MacAdmins Slack instance (goes by the handle âpbowdenâ in the #microsoft-office channel) posted a PDF called âNetwork Requests in Office 2016 for Macâ.
This details a number of URLs that the Office for Mac 2016 apps reach out to and why. Additionally, it also provides details on ways to reduce the network requests and traffic.
I have yet to test these in the same restrictive environment as I found at the specific clientâs site, but I imagine it would certainly help reduce the URLs listed above, and the requirement to allow them through unauthenticated.
Summary
There you go, hopefully thatâll give other Mac Admins a helping hand with trying to use Microsoft Office 2016 in a locked down environment.
As always, if you have any questions, queries or comments, let us know below and Iâll try to respond to and delve into as many as I can.
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |