Presentation is loading. Please wait.

Presentation is loading. Please wait.

@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.

Published byBrianna Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication."— Presentation transcript:

1 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication Yuan Xue Fall 2012

2 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Review of Encryption Mechanisms Symmetric Encryption Single block  How to verify the plaintext is legitimate? Multiple-blocks  modes of operation  Blocks can be rearranged/modified without being detected Asymmetric Encryptions similar issues

3 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security ECB (Electronic Codebook) Blocks can be rearranged/

4 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security CBC mode

5 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security OFB (Output Feedback Mode) E Output (Pi) can be manipulated by modification on (Ci)

6 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Confidentiality and Integrity Protection ECB Rearranging the blocks is undetectable. CBC Modifying ciphertext blocks and rearranging ciphertext blocks undetected are still possible. CFB No integrity protection; Better in detecting alterations than OFB OFB Able to make controlled changes to recovered plaintext. No integrity protection; not as good as CFB CTR Same as OFB

7 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Outline MAC Design Hash Function

8 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Encryption – Lessons learned Encryption can achieve data confidentiality Using encryption for data integrity & source authentication faces the following issues Without a structure, legitimate plaintext can not be identified automatically Modes of operation provides no data integrity protection Sometimes only data integrity is required but not confidentiality. And encrypting the whole message introduces unnecessary overhead Note that some modes of operation provides both confidentiality and authentication (e.g. OCB mode), but they typically include a MAC in their designs.

9 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Intuition We need a structure/redundant information on the plaintext How about Error Detection Code?

10 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Limit of Error Detection Code Error detection code (non-cryptographic checksum) Provides redundant information for automatically data integrity checking Using the code directly can only provide integrity protection against data modification due to natural causes, but not malicious alteration Encrypting the error detection code does not work either  Attackers can identify the messages that generate the same error detection code  Attackers can still change the message without being detected even without knowing the value of the code Encrypting (message + CRC) still suffers from subtle attacks if CRC is short Suffer attacks as well

11 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Message Authentication Code MAC (Cryptographic checksum, Keyed/cryptographic hash function) MAC = C(K, M)  accepts as input a secret key and an arbitrary-length message to be authenticated  outputs a MAC MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. Approaches to MAC generation  CBC/DES-based MAC generation algorithm Data Authentication Algorithm  Hash-based MAC generation HMAC

12 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Usage of MAC

13 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security CBC-based MAC generation algorithm The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. This interdependence ensures that a change to any of the plaintext bits will cause the final encrypted block to change in a way that cannot be predicted or counteracted without knowing the key to the block cipher. Data Authentication Algorithm (DAA) = CBC-MAC + DES former U.S. government standard for producing MAC. code produced by the DAA is called a Data Authentication Code (DAC). The algorithm is not considered secure by today's standards. 0 

14 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Issues with CBC+MAC Issue 1 -- When same keys are used for MAC and encryption Can both confidentiality and integrity be achieved? no. only confidentiality as the ciphertext is transmitted. there is no integrity protection the last block c n+1 is the ciphertext of a “0” block, and independent of the input. If any block (other than the last one) in ciphertext is modified, it will not be detected. Solution -- Always use two different keys for MAC and encryption

15 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Issues with CBC+MAC Issue 2 -- CBC-MAC is secure for fixed-length messages. It is not secure for variable-length messages. 1. Assume that an attacker who knows the correct message-MAC pairs (m, mac) and (m', mac') 2. generate a third message m'' = m||[p 1 ’  mac||p 2 ’ …||p m ’ ] 3. Mac of m’’ will be mac’, even the attacker does not know the value of K. 4. Solution – Encrypt the mac with another key K’. 0  mac  mac  P 1 ’ mac’ M’ = p 1 ’ ||p 2 ’ ||p m ’ P2’P2’P m-1 ’Pm’Pm’ C1’C1’C2’C2’C m-1 ’

16 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Summary Message authentication code Use a shared secret key Provide data integrity protection + source authentication Limitations Use of MAC needs a shared secret key between the communicating parties MAC does not provide digital signature CBC-based MAC generation still involves high computation overhead More Approaches to MAC generation Hash-based MAC  HMAC  UMAC (http://en.wikipedia.org/wiki/UMAC)http://en.wikipedia.org/wiki/UMAC CMAC ([WS] 12.4, http://en.wikipedia.org/wiki/CMAC)http://en.wikipedia.org/wiki/CMAC

17 @Yuan Xue (yuan.xue@vanderbilt.edu)CS 285 Network Security Readings Required reading [WS] 12.1-12.3, 12.6 Recommended reading [KPS] 4.3 http://en.wikipedia.org/wiki/Message_authentication_cod e http://en.wikipedia.org/wiki/Message_authentication_cod e http://en.wikipedia.org/wiki/CBC-MAC

Download ppt "@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication."

Similar presentations

Chapter 4: Modes of Operation CS 472: Fall 2012. Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.2 Secret Key Cryptography.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.2 Secret Key Cryptography.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Cryptographic Technologies

Cryptographic Technologies
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Similar presentations

Ads by Google