Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Would a scheme like the following work to allow authentication of a sender: A no

ID: 649526 • Letter: W

Question

Would a scheme like the following work to allow authentication of a sender:

A nonce is appended to data, and the result is encrypted. The encrypted pack is sent to the other party. The sender then contacts the receiver through an authenticated channel (or one that is sufficiently good for the current purposes) and provides them with the nonce. When the receiver gets the encrypted file, they decrypt it. If the nonce matches the one given through the secondary channel, the encrypted pack is known to be from the sender.

Now, I realize no such scheme could provide non-repudiation, but the purpose in this case is simply to ensure that the encrypted pack has not been tampered with in transit. My presumption is that tampering with the encrypted pack without decrypting it has a high probability of creating gibberish, so the main threat of an MITM is the pack being removed and replaced with something else.

Does the approach above sound reasonable?

Explanation / Answer

No. Whether your presumption is true depends on the properties of the encryption scheme you are using. In a block cipher's CTR mode, or virtually any other stream cipher, an attacker can arbitrarily flip any bit so desired, and those bit flips only affect the bits in question. For block ciphers in CBC mode, a bit flip garbles the plaintext block in which the bit was flipped, but introduces another bit flip in the same position in the next plaintext block.

As you can see, errors do not necessarily propagate, unless the encryption scheme was designed for such, nor are they necessarily easy to catch. As such, I would recommend against the scheme you suggested.

Instead of generating a nonce, why not use that space to append a proper MAC, perhaps HMAC. Note that if you go with this approach, you should use a separate, independent key for the MAC.

Related Questions

Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2390527
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2401196
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2412890
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2413101
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2413780
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2414039
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2420831
Worley Company buys surgical supplies from a variety of manufacturers and then r
Question #2424902
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Would a risk averter ever select the riskier of two strategies? A) no B) yes, if
Next
Would a site or blog owner know who is reading their site if the visitor is read

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.