CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Hash and MAC Algorithms
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography and Network Security Chapter 12
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Cryptography and Network Security Hash Algorithms.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Information Security and Management 11
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter3 Public-Key Cryptography and Message Authentication.
Lecture 13 Message Signing
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
PULIC –KEY CRYPTOGRAPHY AND MESSAGE AUTHENTICATION.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Behzad Akbari Spring In the Name of the Most High.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
1 Public-Key Cryptography and Message AuthenticationPublic-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology,
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)
CSCE 815 Network Security Lecture 7 Message Authentication Codes And Hash Functions.
453 Network Security Section 3b: Message Authentication and Public-Key Cryptography Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology -
Chapter 21 Public-Key Cryptography and Message Authentication.
Data & Network Security
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Hash and MAC Functions CS427 – Computer Security
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Hash and Mac Algorithms. Contents Hash Functions Secure Hash Algorithm HMAC.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Lecture 24 Public-Key Cryptography modified from slides of Lawrie Brown.
Hash Algorithms see similarities in the evolution of hash functions & block ciphers –increasing power of brute-force attacks –leading to evolution in algorithms.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
1 Chapter 12: Hash and MAC Algorithms Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal, U of Kentucky)
Key Management Network Systems Security Mort Anvari.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Information Security and Management 11. Cryptographic Hash Functions Chih-Hung Wang Fall
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Hash Algorithms Ch 12 of Cryptography and Network Security - Third Edition by William Stallings Modified from lecture slides by Lawrie Brown CIM3681 :
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Public Key Cryptography. 2 Public Key Cryptography Agenda: Message authentication – authentication codes and hash functions Public key encryption –
Chapter 12 – Hash Algorithms
Public-Key Cryptography and Message Authentication
Cryptography and Network Security (Various Hash Algorithms)
Hash and MAC Algorithms
Presentation transcript:

CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos

– 2 – CSCE 815 Sp 03 Resources Stallings Web Site: Network Security Essentials, Second Edition Network Security Essentials, Second Edition Instructors Resources PowerPoint Slides Henric Johnson Tables and Figures Student Resources: look here for yourself! Resources for Cryptography and Network Security, Third Edition Instructors Resources Figures, Tables PowerPoint Lawrie Brown

– 3 – CSCE 815 Sp 03 Test 1 Feb 20 Sample Test ??? (next Time) Open vs Closed??? Questions  Analyze this sequence of ciphertext given table of frequencies.  Analyze this ciphertext knowing it is a very simple permutation.  Describe approach to decipher composition of substitution and permutation.  DES ?  RSA ?  SHA, MAC,

– 4 – CSCE 815 Sp 03

– 5 – CSCE 815 Sp 03 Birthday Attacks You might think a 64-bit hash is secure But by Birthday Paradox is not The Birthday attack works thus: opponent generates 2 m / 2 variations of a valid message all with essentially the same meaning opponent also generates 2 m / 2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature Conclusion is that need to use larger MACs

– 6 – CSCE 815 Sp 03 One-way HASH function

– 7 – CSCE 815 Sp 03 One-way HASH function Secret value is added before the hash and removed before transmission.

– 8 – CSCE 815 Sp 03 SHA Overview pad message so its length is 448 mod 512 append a 64-bit length value to message initialize 5-word (160-bit) buffer (A,B,C,D,E) to ( ,efcdab89,98badcfe, ,c3d2e1f0) process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing & shifting use 4 rounds of 20 bit operations on message block & buffer add output to input to form new buffer value output hash value is the final buffer value

– 9 – CSCE 815 Sp 03 Message Digest Generation Using SHA-1

– 10 – CSCE 815 Sp 03 SHA-1 Process- ing of single 512-Bit Block

– 11 – CSCE 815 Sp 03 Figure 12-6 (C&NS) SHA one step

– 12 – CSCE 815 Sp 03 SHA-1 Compression Function Each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) <-(E+f(t,B,C,D)+S 5 (A)+W t +K t ),A,S 30 (B),C,D) A,B,C,D,E refer to the five words of the buffer t is the step number K t is a constant value derived from step f(t,B,C,D) is nonlinear function for round f t (t,B,C,D) is nonlinear function for round W t is derived from the message block S – circular shift by k bits S k – circular shift by k bits + here means addition modulo 2 32

– 13 – CSCE 815 Sp 03 K t - Constants for SHA-1 steps Step NumberK Step NumberK t (in hex) Integer portion of -1 < t <205A x sqrt(2) 19 < t <406ED9EBA12 30 x sqrt(3) 39 < t <608F1BBCDC 2 30 x sqrt(5) 59 < t <80CA62C1D x sqrt(10)

– 14 – CSCE 815 Sp 03 f t – Round Functions for SHA-1 steps Step Numberf Step Numberf t (t,B,C,D) -1 < t <20(B ^ C) V (B’ ^ D) 19 < t <40B + C + D 39 < t <60(B ^ C) V (B ^ D) V (C ^ D) 59 < t <80 B + C + D Where B’ means B complement, and + on this slide means XOR

– 15 – CSCE 815 Sp 03 W t words 32 bit Wt words For the first 16 words W t = 16 words of current block Henceforth W t = S 1 (W t-16 + W t-14 + W t-8 + W t-3 ) W t = S 1 (W t-16 + W t-14 + W t-8 + W t-3 ) + means XOR

– 16 – CSCE 815 Sp 03

– 17 – CSCE 815 Sp 03 Message Digest Generation Using SHA-1 revisited

– 18 – CSCE 815 Sp 03 Output Stage of SHA-1 After all 512 bit blocks have been processed Where IV = initial vector, initial value of five words L = number of 512 bit blocks in padded message MD = final Message Digest ABCDE q = output of last round of processing of the q th block Algorithm CV 0 = IV for q = 0 to L for q = 0 to L CV q+1 = CV q + ABCDE q MD = CV L

– 19 – CSCE 815 Sp 03 Other Secure Hash Functions MD5 Message Digest Algorithm RFC 1321 Ron Rivest 128 bit message digest with faster processors security has become questionable RIPEMD-160 Round European group produces 160 bit digest produces 160 bit digest processes text in 512 bit blocks

– 20 – CSCE 815 Sp 03 Other Secure HASH functions- table 3.1 SHA-1MD5RIPEMD-160 Digest length 160 bits 128 bits 160 bits Basic unit of processing 512 bits Number of steps 80 (4 rounds of 20) 64 (4 rounds of 16) 160 (5 paired rounds of 16) Maximum message size bits

– 21 – CSCE 815 Sp 03 Message Authentication Codes revisited MAC based on MAC algorithm and Key K Hash Functions one way function not based on key

– 22 – CSCE 815 Sp 03 Keyed Hash Functions as MACs have desire to create a MAC using a hash function rather than a block cipher because hash functions are generally faster not limited by export controls unlike block ciphers hash includes a key along with the message original proposal: KeyedHash = Hash(Key|Message) some weaknesses were found with this eventually led to development of HMAC

– 23 – CSCE 815 Sp 03 HMAC Use a MAC derived from a cryptographic hash code, such as SHA-1. Motivations: Cryptographic hash functions executes faster in software than encryption algorithms such as DES Library code for cryptographic hash functions is widely available No export restrictions from the US RFC 2104

– 24 – CSCE 815 Sp 03 HMAC Design Objectives Proposal to include secret key in hash function RFC 2104 lists design objectives for HMAC  To use available hash functions  Allow easy replaceability of hash function  Maintain performance of original hash  Use and handle keys simply  Have well understood cryptographic analysis of strength of the authentication method

– 25 – CSCE 815 Sp 03 HMAC Structure fig 3.6

– 26 – CSCE 815 Sp 03 HMAC Details Hash = embedded hash function (e.g., SHA-1) M – message L – number of blocks in M Y i – the ith block of M 0 < i < L b = number of bits in a block n = length of hash code produced by embedded hash K = secret Key K+ = K padded on left with zeroes so length is b Ipad = repeated b/8 times Opad = repeated b/8 times

– 27 – CSCE 815 Sp 03 Diffie Hellman Key Exchange First published public-key algorithm (1976) Purpose is to allow two users to exchange a private key Diffie-Hellman depends on the difficulty in computing discrete logarithms (inverse exponentials) Choose a prime p, consider the sequence a mod p, a 2 mod p, a 3 mod p, … a p-1 mod p If these are distinct and a permutation of 1 … p-1, then  b = a i mod p then ‘i’ is the discrete logarithm of b  a is called a primitive root of p Diffie-Hellman fig 3.10

– 28 – CSCE 815 Sp 03 Diffie-Hellman Algorithm fig 3.10 Global public elements q – a prime and ‘a’ a primitive root of q User A key generation Select private X A, calculate public Y A = a X A mod q User B key generation Select private X B, calculate public Y B = a X B mod q Select private X B, calculate public Y B = a X B mod q Generation of Secret Key by User A K = (Y B ) X A mod q Generation of Secret Key by User B K = (Y A ) X B mod q

– 29 – CSCE 815 Sp 03 Other Public-Key Cryptographic Algorithms Meaning other than RSA Digital Signature Standard (DSS) Makes use of the SHA-1 Not for encryption or key echange Elliptic-Curve Cryptography (ECC) Good for smaller bit size Low confidence level, compared with RSA Very complex

– 30 – CSCE 815 Sp 03 Diffie-Hellman Key Exchange fig 3.11

– 31 – CSCE 815 Sp 03 Key Management Major contribution of public-key encryption is to address the problem of key distribution Private keys as in RSA to distribute key for AES Public keys Public Key Certificates Public keys are public. Why not just broadcast? Forgery of public announcement Darth sends out “I’m Bob and my public key is XXX” Then Darth can read secret messages for Bob and Bob can’t Public Key certificate: public key + User Id signed by trusted third party X.509 protocol for certificates (next time)

– 32 – CSCE 815 Sp 03 Key Management Public-Key Certificate Use fig 3.12

– 33 – CSCE 815 Sp 03 Public-Key Distribution of Secret Keys How to share private key between Bob and Alice Diffie-Hellman Works but no user authenticationAlternative  Prepare message.  Encrypt message using conventional encryption using one- time session key.  Encrypt session key using public-key with Alice’s public key.  Attach the encrypted session key to the message and send to Alice. Only Alice is capable of decrypting the session key. Bob get’s public key from Alice’s public-key certificate.

– 34 – CSCE 815 Sp 03 Summary have considered: message authentication using message encryption MACs hash functions some current hash algorithms: MD5, SHA-1, RIPEMD-160 HMAC authentication using hash function Diffie-Hellman Key Exchange

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.