Message Authentication Code (MAC)

What Is a Message Authentication Code?

A message authentication code (MAC), or tag, is a security code that is typed in by the user of a computer to access accounts or portals. This code is attached to the message or request sent by the user. Message authentication codes (MACs) attached to the message must be recognized by the receiving system in order to grant the user access.

Understanding Message Authentication Code (MAC)

Message authentication codes (MACs) are commonly used in electronic funds transfers (EFTs) to maintain information integrity. They confirm that a message is authentic; that it really does come, in other words, from the stated sender, and hasn’t undergone any changes en route. A verifier who also possesses the key can use it to identify changes to the content of the message in question.

Message authentication codes are usually required to access any kind of financial account. Banks, brokerage firms, trust companies, and any other deposit, investment, or insurance company that offers online access can employ these codes. They are a vital component of financial cryptography.

Algorithms Used to Generate MACs

Three algorithms typically comprise a MAC: a key generation algorithm, a signing algorithm and a verifying algorithm. The key generation algorithm chooses a key at random. The signing algorithm sends a tag when given the key and the message. The verifying algorithm is used to verify the authenticity of the message when given the key and tag; it will return a message of accepted if the message and tag are authentic and unaltered, but otherwise, it will return a message of rejected.

For example, the sender sends a message, such as an EFT, through the MAC algorithm, which generates a key and attaches a MAC data tag to the message. The recipient gets the message, runs it back through the MAC algorithm with the same key, and gets a second data tag. They will then compare this MAC data tag with the first one attached to the message when it was transmitted. If the code is the same at both ends, the recipient can safely assume that the data integrity of the message is intact. If not, however, it means that the message was altered, tampered with, or forged.

However, the message itself should contain some data that ensures that this message can only be sent once. For example, a one-time MAC, timestamp, or sequence number could be used to guarantee that the message can only be sent once. Otherwise, the system could be vulnerable to a replay attack, in which an attacker intercepts the message after it has been decoded and retransmits it at a later time, replicating the original results and infiltrating the system.

Message Integrity Codes (MICs)

Sometimes, the term message integrity code (MIC) will be used instead of MAC. This is most often done in the communications industry, where MAC traditionally means media access control address (MAC address). However, MIC can also be used to refer to message digest, which does not use secret keys in the same manner as a MAC, and cannot offer the same level of security without further encryption.