Week 5 - Monday.  What did we talk about last time?  Cryptographic hash functions.

Slides:



Advertisements
Similar presentations
Lecture 5: Cryptographic Hashes
Advertisements

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
Networks Management and Security Lecture 3.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.
Chapter 21 Public-Key Cryptography and Message Authentication.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Cryptographic Hash Functions and Protocol Analysis
Lecture 2: Introduction to Cryptography
Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
Network Security. Three tools Hash Function Block Cipher Public Key / Private Key.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
DTTF/NB479: Dszquphsbqiz Day 26
Encryption. Encryption Basics • Plaintext - the original message ABCDEFG • Ciphertext - the coded message DFDFSDFSD • Cipher - algorithm for.
최신정보보호기술 경일대학교 사이버보안학과 김 현성.
ICS 454 Principles of Cryptography
ICS 454 Principles of Cryptography
DTTF/NB479: Dszquphsbqiz Day 27
Presentation transcript:

Week 5 - Monday

 What did we talk about last time?  Cryptographic hash functions

Michael Franzese

 Message Digest Algorithm 5  Very popular hashing algorithm  Designed by Ron Rivest (of RSA fame)  Digest size: 128 bits  Security  Completely broken  Reasonable size attacks (2 32 ) exist to create two messages with the same hash value  MD5 hashes are still commonly used to check to see if a download finished without error

 Secure Hash Algorithm  Created by NIST  SHA-0 was published in 1993, but it was replaced in 1995 by SHA-1  The difference between the two is only a single bitwise rotation, but the NSA said it was important  Digest size: 160 bits  Security  Mostly broken  Attacks running in time exist  SHA-2 is a successor family of hash functions  224, 256, 384, 512 bit digests  Better security, but not as widely used  Designed by the NSA

 NIST just had the contest for SHA-3  When I last taught this class, it was down to five finalists:  BLAKE  Grøstl  JH  Keccak  Skein  Keccak was announced as the winner in 2012  As with AES, Keccak beat out its competitors partly because it's so fast  Joan Daemen (of Rijndael fame) was also one of its designers

 Keccak uses a completely different form of hashing than SHA-0, SHA-1, and SHA-2  Although there are only theoretical attacks on SHA-1 and no real attacks on SHA-2, the attacks on SHA-0 made people nervous about hash functions following the same design  Keccak also allows for variable size digests, for added security  224, 256, 384, and 512 are standard for SHA-3, but it is possible to go arbitrarily high in Keccak

 Everyone stand up  Sort yourselves using merge sort by birthday

 How many people do we need in the room so that two must share a birthday?  366 (well, 367, counting leap years)  Pigeonhole principle  This is the only way we can guarantee with 100% probability that there is a collision

 What if we only want it to be really likely that two people share a birthday?  How many people do we need to have a 50/50 chance?  Only 23!

 The number of ways you can have no duplicate birthdays in a group of k people:  The probability that there are no duplicate birthdays in a group of k people:  The probability that there is at least one duplicate is simply one minus this quantity

People (k)Probability of Collision 1012% 2041% % 3070% 4089% 5097% %

 If we care about a group of k items which can have a value between 1 and n, the probability that two are the same is:  Because this form is a little unwieldy, we have an approximation that is easier to punch into a calculator:

 If we want to find the number of items needed before there is greater than a 1/2 probability of collision we get:  For large k, k(k-1) ≈ k 2, giving:

 If a hash value is made up of 8 bytes  8 bytes = 64 bits  2 64 =  So, we need to check one hash against 2 63 other hashes to have a 50% probability of matching  But, by the birthday paradox   We need a much smaller number to get a collision!

 2 32 operations is within the reach of modern computers in seconds, minutes, or hours  Collisions do not guarantee that the system can be hacked  A collision with an existing password is necessary  If the system has 2 32 users, there is a good probability that two of them have the same password

 Real hashes are usually longer  Salt makes things a bit more complex  Most people use weak passwords  It’s easier to guess them  Social engineering  Shoulder surfing  Finding the Post-It with their password  Still, the mathematical possibilities are interesting…

 Sometimes a document needs to be digitally signed  Contracts  Commitment schemes  Hashes are sometimes signed so that there is less data to sign and transmit  But, if the length of the hash is not very long, we can employ the Birthday Paradox

 Digital signature schemes typically employ public key cryptography  We need the one way property so that we can verify that it works without being able to break it  Full Domain Hash uses RSA to do this:  Given message M, we find H(M), then raise H(M) to the secret decryption exponent to find signature S  S = H(M) d mod n  To verify the signature, take the signature and raise it to the publicly known encryption exponent e and compare that to the hash of the message  If S e mod n = H(M), we feel reasonably sure of two things:  S is a signature for a M (M has not been changed)  Only someone who knows the private key for n could have signed it  Why does it use the hash of the message instead of the message?

 Erica wants to buy a house from Carmen (and cheat her)  Let’s say that they are going to electronically sign a 64-bit hash of the contract  Erica creates 2 32 variations on a contract that Carmen will agree to  Erica creates 2 32 variations on a contract which is highly advantageous to Erica  Sound ridiculous?

I, Erica, {hereby, through this document}, {agree, consent} to {purchase, buy} the {property, estate} {located, which can be found} at 742 Evergreen Terrace. A {fair, equitable} {sale, asking} price for this {property, estate} is the {sum, amount} of $200,000. This {document, contract} states that this {sum, amount} is {to be paid, payable} on March 3, 2010 by Erica to Carmen in {exchange, return} for {ownership, possession} of the {aforementioned, aforesaid} {property, estate}.

 Having generated the good and bad contracts, Erica can find a good and bad pair with matching hashes with high probability  Erica sends the good one to Carmen to sign  Erica keeps the bad one, brings it to court when Carmen says that Erica didn’t pay the right amount

 Use hash functions with a long digest  A hash function with an m-bit digest can produce about 2 m different hashes  But, some attacks only need around 2 m/2 different messages to find a collision  Don’t do real estate deals with Erica

 Secure programs

 Keep working on Project 1  Finish Assignment 2  Due Friday  Exam 1  In class on Monday  Review on Friday