Manual Mac Authorization

CallingID/MAC authentication. To enable authentication based on clients CallingID or MAC address you must set service option Calling ID login to yes and set service username to verbatim value found in CallingID/MAC field of authentication logs and service history. As a result, MAC authentication cannot defend against header spoofing, and a web site that uses the Host header to defend against CSRF attacks cannot use MAC authentication to defend against active network attackers. Sites that want the full protection of MAC Authentication should use traditional, cookie-tied CSRF defenses.

• Java Cryptography Tutorial

• Message Digest and MAC

• Keys and Key Store

• Generating Keys

• Digital Signature

• Cipher Text

• Java Cryptography Resources

• Selected Reading

MAC (Message Authentication Code) algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −

In Java the Mac class of the javax.crypto package provides the functionality of message authentication code. Follow the steps given below to create message authentication code using this class.

Step 1: Create a KeyGenerator object

The KeyGenerator class provides getInstance() method which accepts a String variable representing the required key-generating algorithm and returns a KeyGenerator object that generates secret keys.

Create KeyGenerator object using the getInstance() method as shown below.

Step 2: Create SecureRandom object

The SecureRandom class of the java.Security package provides a strong random number generator which is used to generate random numbers in Java. Instantiate this class as shown below.

Manual Mac Authorization Download

Step 3: Initialize the KeyGenerator

The KeyGenerator class provides a method named init() this method accepts the SecureRandom object and initializes the current KeyGenerator.

Initialize the KeyGenerator object created in the previous step using this method.

Step 4: Generate key

Generate key using generateKey() method of the KeyGenerator class as shown below.

Step 5: Initialize the Mac object

The init() method of the Mac class accepts an Key object and initializes the current Mac object using the given key.

Step 6: Finish the mac operation

The doFinal() method of the Mac class is used to finish the Mac operation. Pass the required data in the form of byte array to this method and finsh the operation as shown below.

Example

• Java Cryptography Resources

• Selected Reading

MAC (Message Authentication Code) algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC process, the sender and receiver share a symmetric key K.

Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −

In Java the Mac class of the javax.crypto package provides the functionality of message authentication code. Follow the steps given below to create message authentication code using this class.

Step 1: Create a KeyGenerator object

The KeyGenerator class provides getInstance() method which accepts a String variable representing the required key-generating algorithm and returns a KeyGenerator object that generates secret keys.

Create KeyGenerator object using the getInstance() method as shown below.

Step 2: Create SecureRandom object

The SecureRandom class of the java.Security package provides a strong random number generator which is used to generate random numbers in Java. Instantiate this class as shown below.

Manual Mac Authorization Download

Step 3: Initialize the KeyGenerator

The KeyGenerator class provides a method named init() this method accepts the SecureRandom object and initializes the current KeyGenerator.

Initialize the KeyGenerator object created in the previous step using this method.

Step 4: Generate key

Generate key using generateKey() method of the KeyGenerator class as shown below.

Step 5: Initialize the Mac object

The init() method of the Mac class accepts an Key object and initializes the current Mac object using the given key.

Step 6: Finish the mac operation

The doFinal() method of the Mac class is used to finish the Mac operation. Pass the required data in the form of byte array to this method and finsh the operation as shown below.

Example

The following example demonstrates the generation of Message Authentication Code (MAC) using JCA. Here, we take a simple message 'Hi how are you' and, generate a Mac for that message.

Output

Manual Mac Authorization Software

The above program will generate the following output −

• CallingID/MAC authentication

CallingID/MAC authentication

To enable authentication based on clients CallingID or MAC address you must set service optionCalling ID login to yes and set service username to verbatim value found in CallingID/MAC field of authentication logs and service history.

Depending on service type, CallingID/MAC field may hold MAC address of WiFi device, IP address of PPPoE/VPNclient machine or some other value. You have to test it by making initial authentication attempt and checkingit in logs.

Service is looked up and authenticated only based by CallingID/MAC field. Service password is ignored.

Keep in mind that this kind of authentication doesn't provide security as many devices allow users to change its MAC address easily.

Manual Mac Authorization Form