HMAC

Hash-based message authentication code, or HMAC, is an important building block for proving that data transmitted between the components of a system has not been tampered with.

HMAC is a widely used cryptographic technology. I recently came across its use in an RFID system.

Perhaps the most common use of HMAC is in TLS—Transport Layer Security, previously known as SSL. This is used every time you visit an “https://” URL in your browser. To really understand HMAC, you can read the RFC.

However, I’m going to give you the secret decoder ring here. You need to understand Message Authentication Code (MAC) first. Imagine I have a block of data, perhaps a video file. I want to send it to you and I would like you to be able to prove that it was unmodified in transit, and that I was the one who sent it to you.

The idea behind MAC is I compute a cryptographic hash function, perhaps MD5 or SHA-1, over both the block of data that I want to send, and a secret key that we share. I then transmit the block of data and the hash to you. You append the same shared secret key to the block of data and compute the same hash function. If you get the same hash result as I transmitted, then the message was not corrupted, and it came from someone who knew the shared secret—presumably me. Mathematically we can write

MAC = H(key || message)

In this formula, H denotes our cryptographic hash function (MD5, SHA1, etc.); || denotes concatenation; key is our shared secret; and message is the block of data we want to send.

What’s wrong with MAC? Well, it turns out a lot of people have spent a lot of time figuring out ways to change the data in a message but have to have the same resulting hash function. In particular, it turns out that if:

H(message1) == H(message2)

Then this is also true:

H(key || message1) == H(key || message2)

By its very nature, a hash function has collisions such that multiple messages hash to the same value. The problem here is someone can modify the message without knowing the key, give it to you, and it appears to be from me.

HMAC solves this problem by using the following construction:

HMAC = H(key1 || H(key2 || message))

No known attack allows an attacker to modify the message and have the same HMAC value without knowing key1 and key2 values.

HMAC is a key to SSL/TLS security, for the reasons described in this recent email by an engineer at Microsoft. In short, HMAC is a powerful tool for authenticating data that is fairly easy to implement and understand.