Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information and Network Security Dr. Hadi AL Saadi Message Authentication and Hash Functions.

Published byBuck Young Modified over 8 years ago

Similar presentations

Presentation on theme: "Information and Network Security Dr. Hadi AL Saadi Message Authentication and Hash Functions."— Presentation transcript:

1 Information and Network Security Dr. Hadi AL Saadi Message Authentication and Hash Functions

2 Message authentication is concerned with:  Protecting the integrity of a message  Validating identity of originator  Non-repudiation of origin (dispute resolution) Will consider the security requirements Then three alternative functions used:  Message encryption  Message authentication code (MAC)  Hash function Message Authentication

3 Security Requirements 1.Disclosure 2.Traffic analysis 3.Masquerade 4.Content modification 5.Sequence modification 6.Timing modification 7.Source repudiation 8.Destination repudiation

4 Message Encryption Message encryption by itself also provides a measure of authentication. If symmetric encryption is used then:  Receiver know sender must have created it since only sender and receiver know the key used  Content of the message cannot be altered if the message has a suitable structure, redundancy or a checksum to detect any changes

5 Message Encryption If public-key encryption is used:  Encryption provides no confidence of sender, since anyone potentially knows public-key.  However, if sender signs message using their private-key, then encrypts with recipients public key, provides both secrecy and authentication.  Again need to recognize corrupted messages.  But at cost of two public-key uses on message.

6 Basic Use of Message Encryption

7 Confidentiality and Authentication Implications of Message Encryption

8 Basic Use of Message Encryption Confidentiality and Authentication Implications of Message Encryption

9 Message Authentication Code (MAC) Generated by an algorithm that creates a small fixed- sized block  Depending on both message and some key.  Like encryption though need not be reversible. Appended to message as a signature. Receiver performs same computation on message and checks it matches the MAC. Provides assurance that message is unaltered and comes from sender.

10 Message Authentication Code (MAC) A message authentication code (MAC), also known as a cryptographic checksum, is an authentication technique involves the use of a secret key to generate a small fixed-size block of data.

11 Message Authentication Code (MAC)

12

13 Message Authentication Codes (MACs) As shown the MAC provides confidentiality. Can also use encryption for secrecy:  Generally use separate keys for each.  Can compute MAC either before or after encryption.  Is generally regarded as better done before. Why use a MAC?  Sometimes only authentication is needed.  Sometimes need authentication to persist longer than the encryption (e.g., archival use). Note that a MAC is not a digital signature.

14 MAC Properties A MAC is a cryptographic checksum. MAC = C K (M) Condenses a variable-length message M using a secret key K to a fixed-sized authenticator. It is a many-to-one function  Potentially many messages have same MAC.  Finding these needs to be very difficult.

15 Requirements for MACs Taking into account the types of attacks. Need the MAC to satisfy the following: 1.Knowing a message and MAC, is infeasible to find another message with same MAC. 2.MACs should be uniformly distributed. 3.MAC should depend equally on all bits of the message.

16 Message Authentication Code Based on DES Can use any block cipher chaining mode and use final block as a MAC. Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC.  Using IV=0 and zero-pad of final block.  Encrypt message using DES in CBC mode.  Send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final block. But final MAC is now too small for security.

17 Message Authentication Code Based on DES

18 MAC with Polynomials Consider a message to be polynomials in Z 2 [x] Each bit correspond to one coefficient E.g, message 10011010  can reduce one polynomials modulo another let find q(x) and r(x) such that m(x)=q(x).c(x)+r(x) and degree of r(x)< degree of c(x)

19 CRC calculation for 10100101 Codeword is 1010010101110 only long division, but addition/ or subtraction is XOR

20 Error free message results in a zero remainder

21 H.W: what will be the MAC for the message &h A2B5, assuming the polynomials generator is

22 Hash Functions A hash function h is generated by a function H of the form: h = H(M) Condenses arbitrary message to fixed size; usually assume that the hash function is public and not keyed as compared to MAC which is keyed. Hash used to detect changes to message. Can use in various ways with message. Most often to create a digital signature.

23

24 Hash Functions and Digital Signatures Basic Use of Hash Function.

25 Hash Functions and Digital Signatures Basic Use of Hash Function.

26 Hash Functions and Digital Signatures Basic Use of Hash Function H.

27 Hash Function Properties A Hash Function produces a fingerprint of some file/message/data h = H(M)  Condenses a variable-length message M to a fixed- sized fingerprint. Assumed to be public.

28 Other Hash Function Uses  to create a one-way password file store hash of password not actual password store hash of password not actual password  for intrusion detection and virus detection keep & check hash of files on system keep & check hash of files on system  pseudorandom function (PRF) or pseudorandom number generator (PRNG)

29 Requirements for Hash Functions 1.Can be applied to any sized message M. 2.Produces fixed-length output h. 3.It is easy to compute h=H(M) for any message M. 4.Given h is infeasible to find x (H(x)=h) One-way property 5.Given x is infeasible to find y (H(y)=H(x)) Weak collision resistance 6.It is infeasible to find any x, y (H(y)=H(x)) Strong collision resistance

30  consider two simple insecure hash functions  bit-by-bit exclusive-OR (XOR) of every block C i = b i1 xor b i2 xor... xor b im a longitudinal redundancy check reasonably effective as data integrity chec k  one-bit circular shift on hash value  for each successive n-bit block  rotate current hash value to left by1bit and XOR block  good for data integrity but useless for security Simple Hash Functions

31 Simple Hash Function Using Bitwise XOR Bit 1Bit 2…Bit n Block 1b 11 b 21 …b n1 Block 2b 12 b 22 …B n2 …………… Block mb 1m b 2m …b nm Hash CodeC1C1 C2C2 …CnCn

32

33 Simple Hash Functions Two Simple Hash Functions

34 Requirements for Hash Functions

35   have brute-force attacks and cryptanalysis   a preimage or second preimage attack find y s.t. H(y) equals a given hash value   collision resistance find two messages x & y with same hash so H(x) = H(y)   hence value 2 m/2 determines strength of hash code against brute-force attacks 128-bits inadequate, 160-bits suspect Attack on Hash Function

36 Birthday Attacks Might think a 64-bit hash is secure, but by Birthday Paradox is not Birthday attack works thus:  given user prepared to sign a valid message x  opponent generates 2 m / 2 variations x’ of x, all with essentially the same meaning, and saves them  opponent generates 2 m / 2 variations y’ of a desired fraudulent message y  two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox)  have user sign the valid message, then substitute the forgery which will have a valid signature  conclusion is that need to use larger MAC/hash

37 General Structure of Secure Hash code L   cryptanalytic attacks exploit some property of alg so faster than exhaustive search   hash functions use iterative structure process message in blocks (incl length)   attacks focus on collisions in function f

38 Block Ciphers as Hash Functions Can use block ciphers as hash functions  Using H 0 =0 and zero-pad of final block  compute: H i = E M i [H i-1 ]  Use final block as the hash value  Similar to CBC but without a key Resulting hash is too small (64-bit)  Due to direct birthday attack  Due to “meet-in-the-middle” attack Other variants also susceptible to attack

39 Hash Functions and MAC Security Brute-force attacks exploiting:  Strong collision resistance hash have cost 2 m / 2.  Have proposal for hardware MD5 cracker.  128-bit hash looks vulnerable, 160-bits better.  MACs with known message-MAC pairs  Can either attack keyspace (key search) or MAC.  At least 128-bit MAC is needed for security.

40 Cryptanalytic attacks exploit structure  Like block ciphers want brute-force attacks to be the best alternative. Have a number of analytic attacks on iterated hash functions. CV i = f[CV i-1, M i ]; H(M)=CV N  Typically focus on collisions in function f.  Like block ciphers is often composed of rounds.  Attacks exploit properties of round functions. Hash Functions and MAC Security

Download ppt "Information and Network Security Dr. Hadi AL Saadi Message Authentication and Hash Functions."

Similar presentations

Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.

Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Information Security and Management 11

Information Security and Management 11
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google