Ensuring Message Integrity Using Java and Message Digests

Preserving the integrity of a message is indeed a major security challenge. Whenever a message is sent by a sender to a receiver, we must be 100% sure that the contents of the message are not tampered with. Otherwise, there is no guarantee that the message that the receiver actually gets and processes is indeed the same message that the sender had sent, or intended to send.

As a very simple example of understanding this problem, take a look at figure 1 below.

Here are the parties involved, with reference to the diagram.

A is an account holder of a bank
B is the bank
C is the attacker
D is another account holder of the bank

As we can see, the sender (A) wants to transfer $100 from her account to the receiver’s account (i.e. D’s account) via the services offered by bank B. Ideally, the message for transferring the funds should go from A’s computer directly to B’s computer. However, due to some security lapses; and we are not bothered here about what that lapse is, the message somehow is accessible to C. Attacker C is very happy to see this message. She changes the amount from $100 to $1000 and the intended recipient from D to C. She then sends this modified message to bank B.

Figure 1 : Send Message

If there are not enough security measures in place, bank B would not know that the message was sent by C, and not by A. The bank B would not also know that the amount to be transferred should have been $100 and not $1000, and that it should have been transferred to the account of D, and not to that of C.

While this problem is a combination of many security issues, the one we are concentrating on today is that of loss of message integrity. In other words, we expect that the security technology should alert the bank that the message that it has received is not the one that the original sender (A) had sent, but that it was changed by someone during its transit from A to B. To preserve message integrity, we use message digest or hash.

The relation of a message digest or a hash to the original message is similar to the relation of our finger print with us. In other words, given a human being and her thumbprint, we can confidently say that the fingerprint is indeed (not) that of the same person. In a similar fashion, given a message and its message digest, we can prove that there is a one-to-one relation between the message and its digest.

This should tell us that in any real-life application, whenever we want to ensure that a message has traveled without any (un)intended alterations from the sender to the receiver, we need to ensure that the integrity of the message is preserved. For this purpose, the technique shown in the Figure 2 below is used.

Figure 2 : Ensure Message Integrity

This would obviously lead to some questions. For example, if an attacker has access to a message and the digest, would the attacker not be able to modify both the message and digest? That is, the attacker C would modify the message and compute a fresh digest. The attacker would not send the modified message and the new digest to the receiver. How would the receiver come to know about this mischief? This is the subject of a separate article.

For now, we shall see how to compute the digest of a message in Java. This is shown in the code below.

// This program attempts to calculate the message digest of a message

import java.security.MessageDigest;

public class MessageDigestExample {
    public static final String str = "This is the text to be digested. It is quite interesting indeed!";

    public static void main(String[] args) throws Exception{

        // Create a message digest
        System.out.println ("Attempting to calculate message digest ...");
        MessageDigest md = MessageDigest.getInstance ("MD5");
        byte [] ba = str.getBytes("UTF8");
        md.update (ba);
        byte [] digest = md.digest ();
        System.out.println ("Result: Success");

        // Display plain text and digest
        System.out.println ("Original plain text was  : " + str);
        System.out.println ("Digested text is         : " + new String (digest));

        System.out.println ("Program execution was successful ...");
        }
}

Listing 1 : MessageDigestExample

As we can see, the code is quite simple. We first need to create an object of the MessageDigest class. We supply the digest algorithm name to the getInstance ( ) method, which is MD5. MD5 has been the leading message digest algorithm until recently. We then compute the digest by calling the digest ( ) method, which returns the digest in a byte array. We then display the original message and the digest on the screen. In real life, we would send these to the intended recipient.

The output of this program is as follows.

Attempting to calculate message digest ...
Result: Success
Original plain text was  : This is the text to be digested. It is quite interesting indeed!
Digested text is         :

Content Team

The IndicThreads Content Team posts news about the latest and greatest in software development as well as content from IndicThreads' conferences and events. Track us social media @IndicThreads. Stay tuned!

0 thoughts on “Ensuring Message Integrity Using Java and Message Digests

Leave a Reply