11 Authentication Algorithms Discussions CCSDS Security WG Winter 2007 Colorado Springs, Colorado USA Howard Weiss NASA/JPL/SPARTA +1-443-430-8089.

Slides:



Advertisements
Similar presentations
FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Advertisements

Digital Signatures and Hash Functions. Digital Signatures.
1 Some Current Thinking on Hash Functions Within NIST John Kelsey, NIST, June 2005.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
11 Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA September.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Cryptography and Network Security Chapter 12
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
HASH Functions.
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Basic Elliptic Curve Cryptography 1Lt Peter Hefley 90 OSS Instructor Fall ‘06.
Hash and MAC Functions CS427 – Computer Security
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,
Chapter 4 Message Authentication MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
May 30 th – 31 st, 2006 Sheraton Ottawa. Implementing Advanced Cryptography - Suite-B William Billings, CISSP Chief Security Advisor Microsoft US Federal.
Cryptographic Hash Functions and Protocol Analysis
1 SecWG New Business Discussions CCSDS CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA November 2004.
Prepared by Dr. Lamiaa Elshenawy
1 Chapter 12: Hash and MAC Algorithms Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal, U of Kentucky)
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public-Key encryption structure First publicly proposed by Diffie and Hellman in 1976First publicly proposed by Diffie and Hellman in 1976 Based on mathematical.
Identity-Based Signatures for MANET Routing Protocols draft-dearlove-manet-ibs-00 Christopher Dearlove Presented by Ulrich Herberg.
Slide 1 August 2005, Paris, FranceIETF DNSEXT 2929bis etc. Donald E. Eastlake 3 rd
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
IEEE CyberTrust workshop
B. R. Chandavarkar CSE Dept., NITK Surathkal
Introduction Used for communication to verify
ICS 454 Principles of Cryptography
Hash and MAC Algorithms
ICS 454 Principles of Cryptography
Digital Signature Standard (DSS)
Presentation transcript:

11 Authentication Algorithms Discussions CCSDS Security WG Winter 2007 Colorado Springs, Colorado USA Howard Weiss NASA/JPL/SPARTA January 2007

22 Discussion Topics Future Standards: – Authentication/Integrity – Encryption – Key Management

33 Previous Agreements In Atlanta (Sept 2005) there was consensus to adopt the following algorithms for authentication/integrity: – For digital signature environments: » Digital Signature Algorithm (DSA) per FIPS PUB – For non-digital signature environments: » Keyed Hash Message Authentication Code (HMAC) as per FIPS PUB 198a Baselines SHA-1 hash algorithm but encourages the use of other hash algorithms such as SHA-256, SHA-384, SHA-512, RIPEMD-160, etc.

44 Revisiting Hash Algorithms Should we still be promulgating a “new” CCSDS standard using SHA-1 which appears to be falling by the wayside in the community (see following slides)?

55 Microsoft Dumps SHA-1

66 NIST Moving to SHA-256 From NIST Special Pub part 1: – Page 64, footnote 22: SHA-1 has recently been demonstrated to provide less than 80 bits of security for digital signatures; at the publication of this Recommendation, the security strength against collisions is assessed at 69 bits. The use of SHA-1 is not recommended for the generation of digital signatures in new systems; new systems should use one of the larger hash functions. For the present time, SHA-1 is included here to reflect it's widespread use in existing systems, for which the reduced security strength may not be of great concern when only 80-bits of security are required.

77 NIST Comments on Cryptanalytic Attacks on SHA-1 In 2005 Prof. Xiaoyun Wang announced a differential attack on the SHA-1 hash function; with her recent improvements, this attack is expected to find a hash collision (two messages with the same hash value) with an estimated work of 263 operations, rather than the ideal 280 operations that should be required for SHA-1 or any good 160-bit hash function. This is a very large computation, and to our knowledge nobody has yet verified Prof. Wong’s method by finding a SHA-1 collision, but 263 operations is plainly within the realm of feasibility for a high resource attacker. NIST accepts that Prof. Wang has indeed found a practical collision attack on SHA-1. NIST held a workshop to consider the status of hash functions on Oct. 31-Nov. 1, 2005 and has reviewed the implications of Prof. Wang’s attack. The attack primarily affects some digital signature applications, including timestamping and certificate signing operations, where one party prepares a message for the generation of a digital signature by a second party, and third parties then verify the signature. There are many applications of hash functions, and many do not require strong collision resistance; for example, keyed hash applications, such as the Hash- based Message Authentication Code (HMAC) or key derivation applications of hash functions do not seem to be affected. Several steps are now prudent. The first of these is to transition rapidly to the stronger “SHA-2” family of hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) for digital signature applications. The SHA-2 hash functions are in the same general family of hash functions as SHA- 1. They could potentially be attacked with similar techniques, but they are much stronger than SHA-1. Practical SHA-2 attacks are unlikely in the next decade; and might never be found, except through decades of exponential growth of available computing power. The SHA-2 hash functions are well along in the commercial system deployment process and are available in many newer systems and applications, but are not yet available in the majority of deployed systems. The primary constraint on the current use of the SHA-2 hash functions for signatures is interoperability; many relying party systems do not yet implement them, and may not do so for several more years. NIST encourages a rapid adoption of the SHA-2 hash functions for digital signatures, and, in any event, Federal agencies must stop relying on digital signatures that are generated using SHA-1 by the end of 2010.

88 US Govt “Suite B” Algorithms Encryption: Advanced Encryption Standard (AES) - FIPS 197 (with keys sizes of 128 and 256 bits) Digital Signature: Elliptic Curve Digital Signature Algorithm - FIPS (using the curves with 256 and 384-bit prime moduli) Key Exchange: Elliptic Curve Diffie-Hellman or Elliptic Curve MQV Draft NIST Special Publication (using the curves with 256 and 384-bit prime moduli) Hashing: Secure Hash Algorithm - FIPS (using SHA-256 and SHA-384)

99 What Shall We Do? Do we stay with the recommendation of SHA-1? Do we move to one of the larger SHAs (224, 256, 384, 512)? – Do we move now? – Or do we move later (4 years from now)? Do we move to another (more obscure) hash algorithm such as RIPEMD-160? Our HMAC w/SHA-1 did not mandate truncation to 96 bits. – If we move to another algorithm (e.g., SHA-224, 256, 384, or 512) do we mandate truncation or leave it as optional?

10 Discussions/Conclusions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.