In information security, message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message. Message authentication does not necessarily include the property of non-repudiation.
Message authentication is typically achieved by using message authentication codes (MACs), authenticated encryption (AE) or digital signatures. The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them. It is based on using a cryptographic hash or symmetric encryption algorithm. The authentication key is only shared by at least two parties or two communicating devices but it will fail in the existence of a third party since the algorithm will no longer be effective in detecting forgeries. In addition, the key must also be randomly generated to avoid its recovery through brute force searches and related key attacks designed to identify it from the messages transiting the medium.
Some cryptographers distinguish between "message authentication without secrecy" systems -- which allow the intended receiver to verify the source of the message, but don't bother hiding the plaintext contents of the message -- from authenticated encryption systems. Some cryptographers have researched subliminal channel systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message.
- Mihir Bellare. "Chapter 7: Message Authentication" (PDF). CSE 207: Modern Cryptography. Lecture notes for cryptography course.
- Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. "Chapter 9 - Hash Functions and Data Integrity" (PDF). Handbook of Applied Cryptography. p. 361.CS1 maint: uses authors parameter (link)
- "Data Origin Authentication". Web Service Security. Microsoft Developer Network.
- Patel, Dhiren (2008). Information Security: Theory and Practice. New Delhi: Prentice Hall India Private Lt. p. 124. ISBN 9788120333512.
- Jacobs, Stuart (2011). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. Hoboken, NJ: John Wiley & sons. p. 108. ISBN 9780470565124.
- Vacca, John (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann Publishers. pp. 111–112. ISBN 9780123743541.
- G. Longo, M. Marchi, A. Sgarro "Geometries, Codes and Cryptography". p. 188.