Internet Protocol Security

Previous Topic Next Topic

Integrity with Hash Functions

Hash message authentication codes (HMAC) "sign" packets to verify that information received is exactly the same as the information sent (integrity). This is critical when data is exchanged over unsecured media.

HMACs provide integrity by means of a hash function (algorithm), combined with a shared, secret key. A hash is more commonly described as a signature on the packet. This is somewhat inaccurate, because a hash differs from a digital signature: a hash uses a secret, shared key; a digital signature uses public key technology and the sending computer's key. Hash functions are also sometimes referred to as message digests or one-way transforms. One-way transforms or functions are so named for two reasons: each party must perform the computation on their respective end, and because it is easy to go from message to digest but mathematically infeasible to go from digest to message. Conversely, two-way functions can go either way; encryption schemes are examples of two-way functions.

The hash signature itself is actually a cryptographic checksum or Message Integrity Code (MIC) that each party must compute to verify the message. For example, the sending computer uses an HMAC algorithm and shared key to compute the checksum for the message and includes it with the packet. The receiving computer must perform an HMAC computation on the received message, and compare it to the original (included in the packet from the sender). If the message has changed in transit, the hash values are different and the packet is rejected.

For integrity, you can choose between two hash functions when setting policy:

For clarity and brevity, "sign" or "signature" is used for the remainder of this chapter when discussing how the hash function provides integrity.

© 1985-2000 Microsoft Corporation. All rights reserved.