Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits.

Slides:

Advertisements

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Advertisements

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures and Hash Functions. Digital Signatures.

Cryptographic Security CS5204 – Operating Systems1.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Lecture 13 Message Signing

Chapter 3 Encryption Algorithms & Systems (Part C)

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Public-Key Cryptography and Message Authentication modified from slides of Lawrie Brown.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

8. Data Integrity Techniques

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Bob can sign a message using a digital signature generation algorithm

1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

1 Hash Functions. 2 A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length

CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos.

Lecture 24 Public-Key Cryptography modified from slides of Lawrie Brown.

Chapter 18: One-Way Hash Functions Based on Schneier.

Cryptographic Hash Functions and Protocol Analysis

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 10 September 21, 2004.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

COM 5336 Lecture 8 Digital Signatures

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

Lecture 9 Overview. RSA Invented by Cocks (GCHQ), independently, by Rivest, Shamir and Adleman (MIT) Two keys e and d used for Encryption and Decryption.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Overview Modern public-key cryptosystems: RSA

Network Security Unit-III

Cryptographic Hash Function

Introduction to security goals and usage of cryptographic algorithms

NET 311 Information Security

Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS

Presentation transcript:

Lecture 8 Overview

Secure Hash Algorithm (SHA) SHA SHA SHA – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits 160-bit message digest CS 450/650 Lecture 8: Secure Hash Algorithm 2

Step 1 -- Padding Padding  the total length of a padded message is multiple of 512 – Every message is padded even if its length is already a multiple of 512 Padding is done by appending to the input – A single bit, 1 – Enough additional bits, all 0, to make the final 512 block exactly 448 bits long – A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm 3

Padding (cont.) MessageMessage length10…0 64 bits Multiple of bit CS 450/650 Lecture 8: Secure Hash Algorithm 4

Example M = (20 bits) Padding is done by appending to the input – A single bit, 1 – 427 0s – A 64-bit integer representing 20 Pad(M) = … CS 450/650 Lecture 8: Secure Hash Algorithm 5

Example Length of M = 500 bits Padding is done by appending to the input: – A single bit, 1 – 459 0s – A 64-bit integer representing 500 Length of Pad(M) = 1024 bits CS 450/650 Lecture 8: Secure Hash Algorithm 6

Step 2 -- Dividing Pad(M) Pad (M) = B 1, B 2, B 3, …, B n Each B i denote a 512-bit block Each B i is divided into bit words – W 0, W 1, …, W 15 CS 450/650 Lecture 8: Secure Hash Algorithm 7

Step 3 – Compute W 16 – W 79 To Compute word W j (16<=j<=79) – W j-3, W j-8, W j-14, W j-16 are XORed – The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm 8

Step 4 – Initialize A,B,C,D,E A = H 0 B = H 1 C = H 2 D = H 3 E = H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 9

Initialize 32-bit words H 0 = H 1 = EFCDAB89 H 2 = 98BADCFE H 3 = H 4 = C3D2E1F0 K 0 – K 19 = 5A K 20 – K 39 = 6ED9EBA1 K 40 – K 49 = 8F1BBCDC K 60 – K 79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm 10

Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm 11

Four functions For j = 0 … 19 – f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) For j = 20 … 39 – f j (B,C,D) = (B XOR C XOR D) For j = 40 … 59 – f j (B,C,D) = (B AND C) OR ((NOT B) AND D) For j = 60 … 79 – f j (B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm 12

Step 6 – Final H 0 = H 0 + A H 1 = H 1 + B H 2 = H 2 + C H 3 = H 3 + D H 4 = H 4 + E CS 450/650 Lecture 8: Secure Hash Algorithm 13

Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message, – the 160-bit message digest is given by H 0 H 1 H 2 H 3 H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 14

SHA Output size (bits) Internal state size (bits) Block size (bits) Max message size (bits) Word size (bits) RoundsOperations Collisions found SHA − , and, or, xor, rot Yes SHA − , and, or, xor, rot None (2 52 attack) SHA-2 256/ − , and, or, xor, shr, rot None 512/ − , and, or, xor, shr, rot None CS 450/650 Lecture 8: Secure Hash Algorithm 15

Lecture 9 Digital Signatures CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

Digital Signatures A digital signature can be interpreted as indicating the signer’s agreement with the contents of an electronic document – Similar to handwritten signatures on physical documents CS 450/650 Lecture 9: Digital Signatures 17

Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 18 Unforgeable: Only the signer can produce his/her signature Authentic: A signature is produced only by the signer deliberately signing the document

Digital Signature Properties Non-Alterable: A signed document cannot be altered without invalidating the signature Non-Reusable: A signature from one document cannot be moved to another document Signatures can be validated by other users – the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature CS 450/650 Lecture 9: Digital Signatures 19

Digital Signature Using RSA The RSA public-key cryptosystem can be used to create a digital signature for a message m – Asymmetric Cryptographic techniques are well suited for creating digital signatures The signer must have an RSA public/private key pair – c = M e mod n – M = c d mod n CS 450/650 Lecture 9: Digital Signatures 20

Signature Generation (Signer) Message SignaturePrivate Key Redundancy Function Formatted Message Encrypt CS 450/650 Lecture 9: Digital Signatures 21

Signature Verification Message Signature Public Key Verify Formatted Message Decrypt CS 450/650 Lecture 9: Digital Signatures 22

Example Generate signature S – d = 53 – e = 413 – n = 629 – m = 250 – Assume that R(X) = X S = R(m) e mod n – S = mod 629 = 411 CS 450/650 Lecture 9: Digital Signatures 23

Example Verify signature with message recovery – Public key (e) = 413 – n = 629 – S = 411 R(m) = S e mod n – R(m) = mod 629 = 250 Verifier checks that R(m) has proper redundancy created by R (none in this case) – m = R -1 (m) = 250 CS 450/650 Lecture 9: Digital Signatures 24

Creating a forged signature Choose a random number between 0 and n-1 for S – S = 323 Use the signer’s public key to decrypt S – R(m) = mod 629 = 85 Invert R(m) to m: m = 85 – A valid signature (323) has been created for a random message (85) CS 450/650 Lecture 9: Digital Signatures 25

Redundancy Function The choice of a poor redundancy function can make RSA vulnerable to forgery A good redundancy function should make forging signatures much harder CS 450/650 Lecture 9: Digital Signatures 26

Example generate signature S – d = 53 – e = 413 – n = 629 – m = 7 – Assume that R(X) = XX S = R(m) e mod n – S = mod 629 = 25 CS 450/650 Lecture 9: Digital Signatures 27

Example verify signature with message recovery – Public key (e) = 413 – n = 629 – S = 25 R(m) = S e mod n – R(m) = mod 629 = 77 The verifier then checks that R(m) is of the form XX for some message X – m = R -1 (m) = 7 CS 450/650 Lecture 9: Digital Signatures 28

Forging signature (revisited) Choose a random number between 0 and n-1 for S – S = 323 Use the signer’s public key to decrypt S – R(m) = mod 629 = 85 However, 85 is not a legal value for R(m) – so S = 323 is not a valid signature CS 450/650 Lecture 9: Digital Signatures 29

Privacy Signature provides only authenticity. How can we provide privacy in addition? CS 450/650 Fundamentals of Integrated Computer Security 30

Simple Scenario of Digital Signature

Getting a Message Digest from a document Hash Message Digest CS 450/650 Lecture 9: Digital Signatures 32

Generating Signature Message Digest Signature Encrypt using private key CS 450/650 Lecture 9: Digital Signatures 33

Appending Signature to document Append Signature CS 450/650 Lecture 9: Digital Signatures 34

Verifying Signature Hash Decrypt using public key Message Digest Message Digest CS 450/650 Lecture 9: Digital Signatures 35