What is the HMAC message authentication system in cryptography? How to deploy it on cryptool2.1 open-source software?

★HMAC, a popular authentication mechanism used for authenticating a message using cryptographic hash functions.

★HMAC, a popular authentication mechanism used for authenticating a message using cryptographic hash functions. We can use HMAC with any iterative cryptographic hash function family, in combination with a shared secret key. The strength of HMAC depends on the underlying properties of the cryptographic hash function. In today’s computing world, HMAC providing a necessary way to check the integrity of the message transmitted either stored in an unreliable medium. The mechanism used by HMAC to perform an integrity check on a shared secret key between two parties, called the Hash message authentication code (HMAC).

Design and Development:

★In this section, we use HMAC to design and develop a message-based system to encrypt and decrypt messages using an RSA algorithm. We implement and verify both the integrity and authenticity of messages between the two campuses and the required procedures such as designing, developing, testing various operations documented with cryptool open-source software.

Step 1: First, click on the left side navigation bar “NEW” icon in the Menu section as shown below in Fig1.

On the left side, CrypTool 2 (CT2) contains various classical and modern ciphers. We will use the search tool to fetch our ciphers.

Step 2: Open a “Text Input” file using the component “search” box. Find the “search” on the left side of the cryptool workspace. We will create two “Text Input” file as like shown in Fig.2.

Step 3: Now, we need to add an “AES” encryption algorithm to the workspace. Use the component “search” box to find AES.

Note: 1. Set Action to “Encrypt”.

2. Set Key size to “256 bit”.

Step 4: Now, we will add an “SHA” algorithm file into the workspace and to establish a link between “Text Input”, “SHA”, and “AES” as like shown in Fig.22.

Note: 1. Set SHA function to “SHA-256”.

Step 5: Now, we need to add an “AES” for decryption purposes to the workspace. Use the component “search” box to find AES.

Note: 1. Set Action to “Decrypt”.

2. Set Key size to “256 bit”.

Step 6: Now, we will add an “SHA” algorithm and a “Text Input” file into the workspace and also to establish a link between “Text Input”, “SHA”, and “AES” as like shown in Fig.6.

Note: 1. Set SHA function to “SHA-256”.

Step 7: Add a “String encoder” and a “Text Output” file to the workspace and to establish a link between them.

Step 8: To provide the Plaintext message and pre-defined shared “key” in the “Text input” box.

Step 13: Finally, click on the “Play” button. If Cryptool run the simulation successfully. It encrypt and decrypt the plaintext and the key on the left side and display it exactly to the right side by using the SHA code system. Q.E.D.

HMAC Integration with AES and SHA:

Step 1: Add an “HMAC” algorithm and a “Text Input” into the existing workspace for encryption purposes. After that to establish a link between them as shown in Fig.10.

Note: Set HMAC to “Md5”.

Step 2: Add a “String comparator” and establish a link between the HMAC.

Step 3: Add an “HMAC” algorithm and a “Text Input” for decryption purposes.

Step 4: To establish a link between “Stream comparator” and “HMAC”.

Step 5: Add a “Boolean Output” and establish a link between the “Stream comparator”.

Note: Play the simulation and check whether the boolean returns the integrity of the message.

Step 6: Add a “Gate” to the stream comparator. Then link the AES encryption to the Gate and Gate to AES decryption as like shown in Fig.16.

Step 7: Set the “Gate” value to “True”.

Step 8: Finally, click on the “Play” button. If Cryptool run the simulation successfully. It encrypts and decrypt the plaintext and the key on the left side and display it exactly to the right side by using the HMAC system. Boolean judges the system whether the message has tampered. If they do not tamper it, pass it over the gate and gate send it to AES for decryption and final plaintext is revealed on the other side. Q.E.D.

HMAC Integration with RSA: Part 1

Step 1: Message-based system to encrypt and decrypt messages using an RSA algorithm.

Step 2: To integrate the HMAC system by adding a “Text Input”, “Steam comparator”, “boolean output”, and “Gate” files into the workspace and link them accordingly as shown in Fig.20.

Step 3: Finally, click on the “Play” button. If Cryptool run the simulation successfully. It encrypts and decrypt the plaintext and the key on the left side and display it exactly to the right side by using the HMAC system. Boolean judges the system whether the message has tampered with. If they do not tamper it, pass it over the gate and gate send it to RSA for decryption and final plaintext is revealed on the other side. Q.E.D.

System strengths and weaknesses:

The strength of HMAC depends on the underlying properties of the cryptographic hash function. The key and the message in this prototype hashed separately. AES efficient key management system and computation helped us to meet the integrity and authenticity requirements effectively.

Conclusion:

This report presents the solution for students to develop a secure data transfer system from Port Macquarie to Canberra Campus vice versa and to better the enablement of dynamic service across the points. This report describes a practical algorithmic approach that applied in between the different campuses or locations or gov offices. After experimentation and extensive analysis, we made the ultimate design decision to pledge to use the AES algorithm to establish a secure Web data transfer system between the two campuses in the Task1. In Task 2, we used a message-based system to encrypt and decrypt the text using symmetric and asymmetric algorithms and integrated the HMAC algorithm into the prototype. This report elaborates on the cryptographic algorithm design requirements that led to this choice and presents detailed aspects of the security system and implementation method and detailed scenarios screenshot in this report. The key purpose is to ensure the integrity and authenticity of data. Exchanging keys securely is not a major issue in AES. RSA algorithm is reliable for key exchange management, but it’s not very efficient in terms of performance and cost factor. Therefore, we conclude our research report and recommend using the AES algorithm for implementation consideration.

Don’t forget to check these Article’s ⬇️ Best in the Town 😉

How to disable your Google search data activity, Ad personalization, search history, search settings on your browser?

Microsoft’s Top 12 Secure Software Development Lifecycle (SSDL) practices for software developers & security teams?

How can I permanently turn off or disable the Microsoft Compatibility Telemetry service causing High CPU usage?

How to create a Vulnerability management security team, roles & responsibilities in your organizations?

Top-14 OWASP Secure Coding Practices for software developers

How the Homeland Security (DHS), collect, Use, Protect the personal data of U.S citizens, Residents, B1/B2 visitors?

What is the HMAC message authentication system in cryptography? How to deploy it on cryptool2.1 open-source software?

Risk Management Overview & Integration of Risk management into SDLC

Employee’s Endpoint security Internal Survey-Template

— — — — — — — — — — — — — -THE END — — — — — — — — — — — —

Quote of the day: “You can lead a horse to water, but you can’t make him drink ” — English Proverb

Explanation: you can give someone an opportunity, but you can’t force them to take it.

Thanks for reading! Have a pleasant day!

Subscribe to FAUN topics and get your weekly curated email of the must-read tech stories, news, and tutorials 🗞️

Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇