Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 12
Advertisements

Sri Lanka Institute of Information Technology
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Cryptography and Network Security Chapter 12
Cryptography and Network Security Hash Algorithms.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Information Security and Management 11
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
Public Key ECC, Hash. Elliptic Curve Cryptography  majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.
CSCE 815 Network Security Lecture 7 Message Authentication Codes And Hash Functions.
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Hash and MAC Functions CS427 – Computer Security
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Chapter 4 Message Authentication MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Chapter 11 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Message Authentication and Hash Functions K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College.
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
1 Chapter 12: Hash and MAC Algorithms Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal, U of Kentucky)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Hash Algorithms Ch 12 of Cryptography and Network Security - Third Edition by William Stallings Modified from lecture slides by Lawrie Brown CIM3681 :
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Dr. Nermin Hamza.  Attacks:  Traffic Analysis : traffic analysis occurs when an eavesdroppers observes message traffic on network. Not understand the.
Information and Network Security Dr. Hadi AL Saadi Message Authentication and Hash Functions.
Chapter 12 – Hash Algorithms
Message Authentication and Hash Functions
Cryptography and Network Security Chapter 11
Computer and Network Security
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Message Authentication and Hash Functions
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 11 – Message Authentication and Hash Functions
Hash and MAC Algorithms
Message Authentication and Hash Functions
NETW4005 COMPUTER SECURITY - A
Message Authentication
Message Authentication Code
Cryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11
Presentation transcript:

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating identity of originator validating identity of originator non-repudiation of origin (dispute resolution) non-repudiation of origin (dispute resolution)  considers a set of security requirements  Three alternative functions used: message encryption message encryption message authentication code (MAC) message authentication code (MAC) hash function hash function

A Set of Security Requirements  disclosure  traffic analysis  masquerade  content modification  sequence modification  timing modification  source repudiation  destination repudiation

Message Encryption  message encryption by itself also provides a measure of authentication  if symmetric encryption is used then: receiver knows sender must have created it receiver knows sender must have created it since only sender and receiver now key used since only sender and receiver now key used they know that content cannot have been altered by others than themselves they know that content cannot have been altered by others than themselves

Message Encryption  If public-key encryption is used: encryption provides no confidence of sender encryption provides no confidence of sender since anyone potentially knows public-key since anyone potentially knows public-key however if however if sender signs message using their private-keysender signs message using their private-key then encrypts with recipients public keythen encrypts with recipients public key thus, have both secrecy and authenticationthus, have both secrecy and authentication

Message Authentication Code (MAC)  MAC provides assurance that message is unaltered and comes from certain sender.  generated by an algorithm that creates a small fixed-sized block depending on both message and some key depending on both message and some key like encryption though need not be reversible like encryption though need not be reversible  A MAC is appended to message as a signature  receiver performs same computation on message and checks it to match the MAC appended

Message Authentication Codes  MAC provides authentication but can also use encryption for secrecy generally use separate keys for each generally use separate keys for each can compute MAC either before or after encryption: generally regarded as better done before can compute MAC either before or after encryption: generally regarded as better done before  why use a MAC? sometimes only authentication is needed sometimes only authentication is needed sometimes we need authentication to persist longer than the encryption (eg. archival use) sometimes we need authentication to persist longer than the encryption (eg. archival use)

MAC Properties  A MAC is a cryptographic checksum MAC = C K (M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator condenses a variable-length message M using a secret key K to a fixed-sized authenticator  is a many-to-one function potentially many messages have same MAC potentially many messages have same MAC but finding these can be very difficult but finding these can be very difficult

Requirements for MACs  Taking into account the types of attacks we need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message

Using Symmetric Ciphers for MACs  can use any block cipher chaining mode and use final block as a MAC  Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC using IV=0 and zero-pad of final block using IV=0 and zero-pad of final block encrypt message using DES in CBC mode encrypt message using DES in CBC mode and send just the final block as the MAC and send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final blockor the leftmost M bits (16≤M≤64) of final block  but final MAC is now too small for security!

11 Cipher Block Modes of Operation   Cipher Block Chaining Mode (CBC) The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block. Repeating pattern of 64-bits are not exposed

12

Data Authentication Algorithm (FIPS PUB 113)

Data Authentication Algorithm FIPS PUB 113

Hash Functions  condenses arbitrary message to fixed size h = H(M)  usually assumed that the hash function is public and not keyed  Hashes are used to detect changes to message  can be used in various ways with messages  mostly used to create digital signatures

Hash Functions & Digital Signatures

Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. one-way property: given h is infeasible to find x s.t. H(x)=h 5. weak collision resistance: given x is infeasible to find y s.t. H(y)=H(x) 6. strong collision resistance: is infeasible to find any x,y s.t. H(y)=H(x)

Simple Hash Functions  There are several proposals for simple functions  based on XOR of message blocks  not secure since can manipulate any message and either not change hash or change hash also  need a stronger cryptographic function

Secure Hash Algorithm  SHA originally designed by NIST & NSA in 1993  was revised in 1995 as SHA-1  US standard for use with DSA signature scheme standard is FIPS , also Internet RFC3174 standard is FIPS , also Internet RFC3174  based on design of MD4 with key differences  produces 160-bit hash values  recent 2005 results on security of SHA-1 have raised concerns on its use in future applications NIST = National Institute of Standards and Technology NSA = Ntional Security Ahency

Secure Hash Function

Hash Algorithm Structure

Revised Secure Hash Standard  NIST issued revision FIPS in 2002  adds 3 additional versions of SHA SHA-256, SHA-384, SHA-512 SHA-256, SHA-384, SHA-512  designed for compatibility with increased security provided by the AES cipher  structure & detail is similar to SHA-1  hence analysis should be similar  but security levels are rather higher

SHA-512 Overview

Keyed Hash Functions as MACs  Need a MAC based on a hash function because hash functions are generally faster because hash functions are generally faster code for cryptographic hash functions widely available code for cryptographic hash functions widely available  hash includes a key along with message  original proposal: KeyedHash = Hash(Key|Message) some weaknesses were found with this some weaknesses were found with this  eventually led to development of HMAC

HMAC  specified as Internet standard RFC2104  uses hash function on the message: HMAC K = Hash[(K + XOR opad) || Hash[(K + XOR ipad)||M)]]  where K + is the key padded out to size  and opad (5C Hex), ipad (36 Hex) are specified padding constants  overhead is just 3 more hash calculations than the message needs alone  any hash function can be used eg. MD5, SHA-1, RIPEMD-160, Whirlpool eg. MD5, SHA-1, RIPEMD-160, Whirlpool

HMAC Overview ipad = 36 hex opad = 5C hex

HMAC Security  proved security of HMAC relates to that of the underlying hash algorithm  attacking HMAC requires either: brute force attack on key used brute force attack on key used birthday attack (but since keyed would need to observe a very large number of messages) birthday attack (but since keyed would need to observe a very large number of messages)  choose hash function used based on speed verses security constraints

Henric Johnson28 Typical Digital Signature Approach

Henric Johnson29 Obtaining a User’s Certificate  Characteristics of certificates generated by CA: Any user with access to the public key of the CA can recover the user public key that was certified. Any user with access to the public key of the CA can recover the user public key that was certified. No part other than the CA can modify the certificate without this being detected. No part other than the CA can modify the certificate without this being detected.

Henric Johnson30 X.509 CA Hierarchy

Henric Johnson31 Revocation of Certificates  Reasons for revocation: The users secret key is assumed to be compromised. The users secret key is assumed to be compromised. The user is no longer certified by this CA. The user is no longer certified by this CA. The CA’s certificate is assumed to be compromised. The CA’s certificate is assumed to be compromised.