HMAC is a keyed-hash type of message authentication code (MAC), involving a hash function and a secret key. It can simultaneously provide the data integrity and the authentication of a message. According to the different underlying hash functions MD5, SHA-1, SHA-256, etc., the algorithm is termed HMAC-MD5, HMAC-SHA1, HMAC-SHA256, etc.
Task
Two students in a group. Student A and B share a key for HMAC in an offline manner. Student A then generates a message, gets the HMAC digest of this message, and then sends the message along with its HMAC to student B. Student B verifies the integrity of the received message by generating another HMAC with the shared key and match the two HMACs. Students A and B switch the roles and do the above again. All the transmitted messages should be encrypted with DES.
A simple protocol for the above process may be like
Both sides should display:
1. Shared keys for HMAC and DES
2. Plain message to be sent
3. HMAC
4. Ciphertext to be sent
5. Received ciphertext
6. Plain message and HMAC after decryption
7. Generated HMAC using KHMAC and plain message
Submission
Demo your program to the TA (70);
Submit a lab report to Canvas including two parts: 1. what you have learned about HMAC (10); 2. steps of your work (e.g., the language and library you used, problems you encountered and how you solved them, etc.) Screen captures is recommended (20). The report should be an individual work, and don’t forget to mention who is your partner.
Due
Demo: 5pm on Feb. 21
Report: 5pm on Feb. 28
