CERTIFIED-IN-CYBERSECURITY Question #120: Real Exam Question with Answer & Explanation

Question

Which of these properties is NOT guaranteed by a Message Authentication Code (MAC)? ()

Options

• AIntegrity
• BAuthenticity
• CNon-repudiation
• DAnonymity

Explanation

A Message Authentication Code (MAC) does not guarantee anonymity. MAC is a cryptographic function that guarantees a message's integrity, authenticity, and non-repudiation. In particular: Integrity is the ability of the MAC to detect any changes that may have occurred to a message during either transmission or storage. A MAC provides this by generating a unique code for the message based on its contents, as well as a secret key that is shared between the sender and the receiver. If any changes are made to the message, the MAC code will not match the original code, thus indicating that the message has been tampered with. Authenticity is the ability to verify the identity of a message's sender. A MAC provides this by sharing a secret key between the sender and receiver. Only the sender knows the key, meaning that only the sender can generate a valid MAC code for the message (which may only have come from the sender.) Non-repudiation is the ability to prevent the sender from denying that they sent a given message. A MAC provides this by sharing a secret key between the sender and receiver. If the sender sends a message with a valid MAC code, then they cannot later deny that they sent the message, because they must necessarily have known the secret key to generate the valid MAC code. On the other hand, anonymity is not a property guaranteed by a MAC. Anonymity is the ability to hide the identity of the sender of a given message. A MAC does not provide anonymity, since it uses a secret key that is shared between the sender and the receiver, and the sender must then use this key to generate a valid MAC code for the message. This means that the receiver can accurately determine the identity of the sender.

No community discussion yet for this question.