Part 1 Cryptography 1 Integrity
Part 1 Cryptography 2 Data Integrity Integrity detect unauthorized writing (i.e., modification of data) Example: Inter-bank fund transfers o Confidentiality may be nice, integrity is critical Encryption provides confidentiality (prevents unauthorized disclosure) Encryption alone does not provide integrity o One-time pad, ECB cut-and-paste, etc.
Message Authentication Code (MAC) Message Authentication Code ( MAC ) o Used for data integrity o Integrity not the same as confidentiality Part 1 Cryptography 3 plaintext MAC compute
Part 1 Cryptography 4 Computation of MAC There are two ways of computing MAC. One way is to compute MAC as CBC residue o That is, compute CBC encryption, saving only final ciphertext block, the MAC The other way is to use the hash function.(we will cover it ch 5)
Part 1 Cryptography 5 MAC Computation MAC computation (assuming N blocks) C 0 = E(IV P 0, K), C 1 = E(C 0 P 1, K), C 2 = E(C 1 P 2, K),… C N 1 = E(C N 2 P N 1, K) = MAC MAC sent with IV and plaintext Receiver does same computation and verifies that result agrees with MAC Note: receiver must know the key K
Part 1 Cryptography 6 Does a MAC work? Suppose Alice has 4 plaintext blocks Alice computes C 0 = E(IV P 0,K), C 1 = E(C 0 P 1,K), C 2 = E(C 1 P 2,K), C 3 = E(C 2 P 3,K) = MAC Alice sends IV,P 0,P 1,P 2,P 3 and MAC to Bob Suppose Trudy changes P 1 to X Bob computes C 0 = E(IV P 0,K), C 1 = E(C 0 X,K), C 2 = E(C 1 P 2,K), C 3 = E(C 2 P 3,K) = MAC MAC That is, error propagates into MAC Trudy can’t make MAC == MAC without K
Part 1 Cryptography 7 Confidentiality and Integrity Encrypt with one key, MAC with another key Why not use the same key? o Send last encrypted block ( MAC ) twice? o This cannot add any security! Using different keys to encrypt and compute MAC works, even if keys are related o But, twice as much work as encryption alone o Can do a little better about 1.5 “encryptions” Confidentiality and integrity with same work as one encryption is a research topic
CBC and CTR(1) Can we achieve both confidentiality and integrity through the same encryption? o CBC is possible, but CTR is not. But, the drawback of CBC is o Not possible to do pipelined and parallelized implementation. o So, common method is the composition of CBC with HMAC-SHA1. Part 1 Cryptography 8
CBC and CTR(2) CTR is possible to do pipelined and parallelized implementation. But there is no suitable message authentication algorithm. So, the question is, o Can we encrypt at high speed and provide message authentication that can keep up with our cipher? Part 1 Cryptography 9
Part 1 Cryptography 10 Uses for Symmetric Crypto Confidentiality o Transmitting data over insecure channel o Secure storage on insecure media Integrity ( MAC ) Authentication protocols (later…) Anything you can do with a hash function (upcoming chapter…)