Cryptography & Network Security: 1 IX. Hash Algorithms Look at three important hash functions (MD5, SHA-1, RIPEND-160) then look an Internet- standard.

Slides:



Advertisements
Similar presentations
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Advertisements

Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
SMUCSE 5349/49 Message Authentication MAC and Hash.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Hash and MAC Algorithms
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
Cryptography and Network Security Chapter 12
Cryptography and Network Security Hash Algorithms.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
HASH Functions.
Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)
Chapter 21 Public-Key Cryptography and Message Authentication.
Data & Network Security
Hash and MAC Functions CS427 – Computer Security
1 Network Security Lecture 5 Hashes and Message Digests Waleed Ejaz
Hash and Mac Algorithms. Contents Hash Functions Secure Hash Algorithm HMAC.
Cryptographic Hash Functions
CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos.
Chapter 4 Message Authentication MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Chapter 18: One-Way Hash Functions Based on Schneier.
Hash Algorithms see similarities in the evolution of hash functions & block ciphers –increasing power of brute-force attacks –leading to evolution in algorithms.
Cryptographic Hash Functions and Protocol Analysis
Chapter 11 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
Information Security and Management 11. Cryptographic Hash Functions Chih-Hung Wang Fall
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Hash Algorithms Ch 12 of Cryptography and Network Security - Third Edition by William Stallings Modified from lecture slides by Lawrie Brown CIM3681 :
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
Chapter 12 – Hash Algorithms
Secure Hash Algorithm A SEARIES OF SHA….
CSCE 715: Network Systems Security
Cryptography and Network Security (Various Hash Algorithms)
کدهاي احراز تماميت پيام و توابع درهم ساز
Hash and MAC Algorithms
HMAC and its Design Objectives
The Secure Hash Function (SHA)
Presentation transcript:

Cryptography & Network Security: 1 IX. Hash Algorithms Look at three important hash functions (MD5, SHA-1, RIPEND-160) then look an Internet- standard message authentication code (HMAC)

2 Cryptography & Network Security: CONTENTS… 1. MD5 Message Digest Algorithm 2. Secure Hash Algorithm 3. RIPEMD HMAC

3 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Developed by Ron Rivest at MIT -RFC 1321 MD5 Logic Input: arbitrary length message Processed in 512-bit blocks Output: 128-bit message digest

4 Cryptography & Network Security: 1. MD5 Message Digest Algorithm

5 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Processing Steps 1. Append padding bits 2. Append length 3. Initialize MD buffer 4. Process message in 512-bit blocks 5. output

6 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Append padding bits[1/5] pad message so its length is 448 mod 512 Padding is always added. the number of padding bits is in the range of 1 to 512  ex) 448(message) + 512(padding bit)=960bits 447(message) + 1(padding bit) =448bits 449(message) + 511(padding bit)=960bits Padding consists of a single 1-bit followed by 0-bits

7 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Append length[2/5] Append 64 bit length of the original message to the result step 1. If original length is greater than 2 64 only low- order 64 bits of the length are used. The length of expanded message is L*512 bits -> # of block = L, # of word = N = 16*L

8 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Initialize MD buffer[3/5] 128-bit buffer, used to hold intermediate and final results of the hash function bit registers (A, B, C, D) IV = {A= ,B=EFCDAB89, C=98BADCFE, D= } Stored in little-endian format AB CD = ABCDEF FEDCBA

9 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Process message in 512bit blocks[4/5] Module that consists of 4 rounds of processing of 16 steps each 4 rounds have a similar structure, but each uses a different primitive logical function(F,G,H,I) INPUT: 512-bit block Y q, 128-bit CV q 64-element table T[1…64], [Table9.1] OUTPUT: CV q+1 (addition is mod 2 32 )

10 Cryptography & Network Security: 1. MD5 Message Digest Algorithm

11 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Output[5/5] The output from the Lth stage is the 128-bit message digest. Summary of Logic CV 0 =IV CV q+1 =SUM 32 (CV q,RF I [Y q,RF H [Y q,RF G [Y q,RF F [Y q,CV q ]]]]) MD=CV L

12 Cryptography & Network Security: 1. MD5 Message Digest Algorithm MD5 Compression Function Each round consists of a sequence of 16 steps of the form a <- b+((a+g(b,c,d)+X[k]+T[i]<<<s) Roun d Primitive function gg(b,c,d) 1F(b,c,d) (b ∧ c) ∨ (~b ∧ d) 2G(b,c,d) (b ∧ d) ∨ (c ∧ ~d) 3H(b,c,d) bcdbcd 4I(b,c,d) c  (b ∨ ~d)

13 Cryptography & Network Security: 1. MD5 Message Digest Algorithm [Figure 9.4] adapted from RFC1321, defines the processing algorithm of step 4. X[0…15] holds the value of the current 512-bit input Within a round, each of the 16 words of X[i] is used once, during one step  2 (i)= (1+5i)mod 16  3 (i)= (5+3i)mod 16  4 (i)= 7imod 16

14 Cryptography & Network Security: 1. MD5 Message Digest Algorithm MD4 Precursor to MD5 [RFC1320] Goals  Security, Speed, Simplicity and compactness, Favor little- endian architecture Differences  Uses three rounds of 16 steps each  No additive constant is used in 1 st round  Uses three primitive logical functions  Did not include final addition

15 Cryptography & Network Security: 1. MD5 Message Digest Algorithm Strength of MD5 [ominous trend in the attacks on MD5] using differential cryptanalysis it is possible to find 2 messages producing the same digest for a 1-round, not the full 4-round MD5 Pseudocollision, not seem to be any way to extend this approach to a success Collision for the MD5 compression function: works on a single 512-bit block of input, no way has been found to generalize this attack to a full message using the MD5 IV.

16 Cryptography & Network Security: 2. Secure Hash Algorithm Developed by the National Institute of Standards and Technology (NIST) Published as a federal information processing standard in 1993 Revised version was issued as SHA-1 SHA-1 is based on the MD4 algorithm, its design closely models MD4

17 Cryptography & Network Security: 2. Secure Hash Algorithm SHA-1 Logic INPUT: a message with a maximum length of less than 2 64 bits Overall processing: shown for MD5 in Figure 9.1, with a block length of 512 bits and a hash length of 160 bits OUTPUT: 160-bit message digest

18 Cryptography & Network Security: 2. Secure Hash Algorithm Processing Steps 1. Append padding bits 2. Append length 3. Initialize MD buffer 4. Process message in 512-bit blocks 5. output

19 Cryptography & Network Security: 2. Secure Hash Algorithm Append padding bits[1/5] pad message so its length is 448 mod 512 Padding is always added. the number of padding bits is in the range of 1 to 512 Padding consists of a single 1-bit followed by 0-bits

20 Cryptography & Network Security: 2. Secure Hash Algorithm Append length[2/5] Append 64bit length of the original message to the result step 1. Treated as an unsigned 64-bit integer Contains the length of the original message

21 Cryptography & Network Security: 2. Secure Hash Algorithm Initialize MD buffer[3/5] 160-bit buffer 5 32-bit registers (A, B, C, D, E) IV = {A= ,B=EFCDAB89,C=98BADCFE, D= ,E=C3D2E1F0} Stored in big-endian format ABCDE = EFCDAB89 98BADCFE C3D2E1F0

22 Cryptography & Network Security: 2. Secure Hash Algorithm Process Message in 512bit blocks[4/5] Module that consists of 4 rounds of processing of 20 steps each 4 rounds have a similar structure, but each uses a different primitive logical function(f 1,f 2,f 3,f 4 ) INPUT: 512-bit block Y q, 160-bit CV q Each round uses an additive constant K t where 0≤t≤79 (for 80 steps) OUTPUT: CV q+1 (addition is mod 2 32 )

23 Cryptography & Network Security: 2. Secure Hash Algorithm Step Numbe r HEX Take Integer Part of: 0≤t≤19 K t =5A [ ] 20≤t≤39 K t =6ED9EB A1 [ ] 40≤t≤59 K t =8F1BBC DC [ ] 60≤t≤79 K t =CA62C1 D6 [ ]

24 Cryptography & Network Security: 2. Secure Hash Algorithm Output[5/5] The output from the Lth stage is the 160-bit message digest. Summary of Logic CV 0 =IV CV q+1 =SUM 32 (CV q, ABCDE q ) MD=CV L

25 Cryptography & Network Security: 2. Secure Hash Algorithm SHA-1 Compression Function Each round is of the form[Figure 9.6] Each primitive function  takes 3 32-bit words as input  Performs a set of bitwise logical operation  Produces a 32-bit word output

26 Cryptography & Network Security: 2. Secure Hash Algorithm Step Function NameValue 0≤t≤19 f 1 =f(t,B,C,D) 20≤t≤39 f 2 =f(t,B,C,D) 40≤t≤59 f 3 =f(t,B,C,D) 60≤t≤79 f 4 =f(t,B,C,D)

27 Cryptography & Network Security: 2. Secure Hash Algorithm

28 Cryptography & Network Security: 2. Secure Hash Algorithm Comparison of SHA-1 and MD5 Security against brute-force attacks  32 bits longer than the MD5  Producing any message having a given message digest is on the order for SHA-1  Producing 2 messages having the same message digest is on the order 2 80 for SHA-1  Stronger against brute-force attack

29 Cryptography & Network Security: 2. Secure Hash Algorithm Security against cryptanalysis  Less vulnerable against cryptanalytic attacks discovered since MD5’s design Speed  Both algorithms rely heavily on addition modulo 2 32 SHA-1 involves more steps and must process a 160-bit buffer.  SHA-1 should execute more slowly than MD5

30 Cryptography & Network Security: 2. Secure Hash Algorithm Simplicity and Compactness  Both are simple to describe and simple to implement  Not require large programs nor substitution tables Little-endian vs Big-endian architecture  There appears to be no advantage to either approach

31 Cryptography & Network Security: 3. RIPEMD-160 Developed under the European RACE Integrity Primitives Evaluation project By a group of researchers launching partially successful attacks on MD4 and MD5 Originally a 128-bit RIPEMD

32 Cryptography & Network Security: 3. RIPEMD-160 RIPEMD-160 Logic INPUT: a message of arbitrary length Overall processing: shown for MD5 in Figure 9.1, with a block length of 512 bits and a hash length of 160 bits Output: 160-bit message digest

33 Cryptography & Network Security: 3. RIPEMD-160 Processing Steps 1. Append padding bits 2. Append length 3. Initialize MD buffer 4. Process message in 512-bit blocks 5. output

34 Cryptography & Network Security: 3. RIPEMD-160 Append padding bits[1/5] pad message so its length is 448 mod 512 Padding is always added. the number of padding bits is in the range of 1 to 512 Padding consists of a single 1-bit followed by 0-bits

35 Cryptography & Network Security: 3. RIPEMD-160 Append Length[2/5] Append 64bit length of the original message to the result step 1. Treated as an unsigned 64-bit integer Contains the length of the original message As with MD5, and in contrast to SHA-1, RIPEMD-160 uses a little-endian convention

36 Cryptography & Network Security: 3. RIPEMD-160 Initialize MD buffer[3/5] 160-bit buffer 5 32-bit registers (A, B, C, D, E) IV = {A= ,B=EFCDAB89,C=98BADCFE, D= ,E=C3D2E1F0} Stored in little-endian format

37 Cryptography & Network Security: 3. RIPEMD-160 Process message in 512bit blocks[4/5] Module that consists of 10 rounds of processing of 16 steps each 10 rounds are arranged as 2 parallel lines of 5 rounds 4 rounds have a similar structure, but each uses a different primitive logical function(f 1,f 2,f 3,f 4,f 5 ) INPUT: 512-bit block Y q, 160-bit CV q ABCDE(L), A’B’C’D’E’(R) Each round uses an additive 9 constants OUTPUT: CV q+1 (addition is mod 2 32 )

38 Cryptography & Network Security: 3. RIPEMD-160 CV q+1 (0)=CV q (1)+C+D’ CV q+1 (1)=CV q (2)+D+E’ CV q+1 (2)=CV q (3)+E+A’ CV q+1 (3)=CV q (4)+A+B’ CV q+1 (4)=CV q (0)+B+C’

39 Cryptography & Network Security: 3. RIPEMD-160 Output[5/5] The output from the Lth stage is the 160-bit message digest

40 Cryptography & Network Security: 3. RIPEMD-160 Compression Function Each round consists of a sequence of 16 steps [Figure 9.9] The processing algorithm of one round A:=CV q (0);B:=CV q (1);C:=CV q (2);D:=CV q (3);E:= CV q (4) A’:=CV q (0);B’:=CV q (1);C’:=CV q (2);D’:=CV q (3);E’:= CV q (4) for j=0 to 79 do T:=rol s(j) (A+f(j,B,C,D)+X r(j) +K(j))+E; A:=E;E:=D;D:= rol 10 (C);C:=B;B:=T; T:=rol s’(j) (A’+f(79-j,B’,C’,D’)+X r’(j) +K’(j))+E’; A’:=E’;E’:=D’;D’:= rol 10 (C’);C’:=B’;B’:=T’; enddo CV q+1 (0)=CV q (1)+C+D’; CV q+1 (1)=CV q (2)+D+E’; CV q+1 (2)=CV q (3)+E+A’; CV q+1 (3)=CV q (4)+A+B’; CV q+1 (4)=CV q (0)+B+C’;

41 Cryptography & Network Security: 3. RIPEMD-160

42 Cryptography & Network Security: 3. RIPEMD-160 Step Function NameValue 0≤t≤15 f 1 =f(j,B,C,D) 16≤t≤31 f 2 =f(j,B,C,D) 32≤t≤47 f 3 =f(j,B,C,D) 48≤t≤63 f 4 =f(j,B,C,D) 64≤t≤79 f 5 =f(j,B,C,D) 5 primitive logical functions

43 Cryptography & Network Security: 3. RIPEMD-160 The array of 32-bit words X[0..15] holds the value of the current 512-bit input block being processed. Within a round, each of the 16 words of X[i] is used exactly twice during one step on each line  Table 9.5a: the permutation used for each round in each line  Table 9.5b: the circular left shifts used in each round 

44 Cryptography & Network Security: 3. RIPEMD-160

45 Cryptography & Network Security: 3. RIPEMD-160 Design Decision 2 parallel lines are used to increase the complexity of finding collisions between rounds For simplicity, the 2 lines use essentially the same logic  It will become possible to attack one of the 2 lines and up to 3 rounds of the 2 parallel lines

46 Cryptography & Network Security: 3. RIPEMD-160  The combination of the 2 lines will resist attacks because of their differences The additive constants for the 2 lines are different The order of the primitive logical functions is reversed The order of processing of the 32-bit words in the message block is different The step operation is identical to MD5’s  The rotation of C word avoids an MD5 attack that focuses on the most significant bit The permutation has the effect that 2 message words close in one round are relatively far apart in the next

47 Cryptography & Network Security: 3. RIPEMD-160 The circular left shifts were chosen based on  The shift range from 5 to 15  Every message word is rotated over different amounts for the 5 rounds  The shifts applied to each word should not have a special pattern  Not too many shift constants should be divisible by 4

48 Cryptography & Network Security: 3. RIPEMD-160 Comparison with MD5 and SHA-1

49 Cryptography & Network Security: 3. RIPEMD-160 Resistance to brute-force attack  All 3 algorithms are invulnerable to attacks against weak collision resistance  MD5 is highly vulnerable to birthday attack on strong collision resistance  SHA-1 and RIPEMD-160 are safe for the foreseeable future Resistance to cryptanalysis  Designed specifically to resist known cryptanalytic attacks  The use of two lines of processing gives RIPEMD-160 added complexity should make cryptanalysis more difficult than SHA-1

50 Cryptography & Network Security: 3. RIPEMD-160 Speed  All 3 algorithms rely on addition modulo 2 32 and simple bitwise logical operations  The added complexity and number of steps of SHA-1 and RIPEMD-160 does lead to slowdown compared to MD5 [Table 9.7] Little-endian vs big-endian architecture  There is no strong advantage to either approach  MD5 and RIPEMD-160 use a little-endian scheme

51 Cryptography & Network Security: 3. RIPEMD-160

52 Cryptography & Network Security: 4. HMAC there has been increased interest in developing a MAC derived from a cryptographic hash code Motivations generally execute faster in software than symmetric block ciphers Library code is widely available No export restrictions from US or other countries for cryptographic hash code

53 Cryptography & Network Security: 4. HMAC Incorporation of a secret key into an existing hash algorithm issued as RFC 2104 chosen as the mandatory-to-implement MAC for IP security used in other Internet protocols, such as SSL

54 Cryptography & Network Security: 4. HMAC HMAC Design Objectives [RFC2104] To use available hash functions. To allow for easy replaceability of the embedded hash function To preserve the original performance To use and handle keys in simple way To have a well understood cryptographic analysis of the strength of the authentication mechanism

55 Cryptography & Network Security: 4. HMAC HMAC Algorithm 1. Append zeros to the left end of K to create a b-bit string K + 2. XOR K + with ipad to produce the b-bit block S i 3. Append M to S i 4. Apply H to the stream generated in step 3

56 Cryptography & Network Security: 4. HMAC 1. XOR K + with opad to produce the b-bit block S o 2. Append the hash result from step 4 to S o 3. Apply H to the stream generated in step 6 and output the result

57 Cryptography & Network Security: 4. HMAC Having pseudorandomly generated 2 keys from K XOR with ipad/opad results in flipping one- half of the bits of K -> S i /S o Figure 9.11 show More efficient implementation is possible. 2 quantities are precomputed

58 Cryptography & Network Security: 4. HMAC f(cv,block)  The compression function for the hash function  INPUT: chaining variable of n bits, a block of b bits  OUTPUT: chaining variable of n bits  Only needed initially or every time the key changes

59 Cryptography & Network Security: 4. HMAC Security of HMAC Depends in some way on the cryptographic strength of the underlying hash function Generally expressed in terms of prob. of successful forgery with a given amount of time and number of message-MAC pairs

60 Cryptography & Network Security: 4. HMAC The Probability of successful attack on HMAC  The attacker is able to compute an output of the compression function even with an IV that is random, secret, and unknown to the attacker  The attacker finds collisions in the hash function even when the IV is random and secret

61 Cryptography & Network Security: 4. HMAC for a hash code length of 128 bits  2 64 observed blocks (2 73 bits) generated using the same key  On a 1-Gbps link One would need to observe a continuous stream of messages with no change in key for about 250,000 years in order to succeed  If speed is a concern It is fully acceptable to use MD5 rather than SHA-1 or RIPEMD-160 as embedded hash function for HMAC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.