Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Dr. Munam Ali Shah

Published byAshley Nash Modified over 6 years ago

Similar presentations

Presentation on theme: "Presented by: Dr. Munam Ali Shah"— Presentation transcript:

1 Presented by: Dr. Munam Ali Shah
Network Security Lecture 22 Presented by: Dr. Munam Ali Shah

2 Incorporating security in other parts of the network
Part – 2 (e): Incorporating security in other parts of the network

3 Summary of the Previous Lecture
In previous lecture we continued our discussion on Confidentiality using symmetric encryption We talked about Master Key/Session Key We also talked about Key storage, key hierarchy, key renewal and lifetime of a session key We also explored the issues with centralized and decentralized key distribution.

4 Summary of the previous lecture
A key distribution scenario

5 Outlines of today’s lecture
Some discussion on Decentralized Key Control Message Authentication Mechanism Message encryption MAC Hash

6 Objectives You would be able to present an understanding of the confidentiality and message authentication mechanism. You would be able demonstrate knowledge about different functions and protocols used for message authentication

7 Decentralized Key Control

8 Decentralized Key Control
For n end system, [n(n-1)]/2 master keys are required. message send using master key are short, crypt analysis is difficult, session are used for limited time

9 Controlling key usage Can define different types of key on the basis of usage Data encryption key: for general communication PIN-encryption key: for PIN transfer File encrypting key: for file transfer Needs a control in systems that limit the ways in which the key is used Simple plan: attached 8 bit tag with each 64 bit key One bit indicate whether the key is session or master One bit indicate whether the key is used for encryption One bit indicate whether the key is used for decryption Remaining bits are spare for future use

10 A key distribution scenario
Let us assume that user A wishes to establish a logical connection with B and requires a one-time session key to protect the data transmitted over the connection. A has a master key, Ka, known only to itself and the KDC; similarly, B shares the master key Kb with the KDC. The steps occurred are given in the figure (in next slide)

11 A key distribution scenario

12 Man-in-the middle attack

13 Message Authentication

14 Confidentiality and Authentication
So far we have talked about confidentiality only Classical ciphers Block ciphers Stream ciphers Authentication is the second most important goal of cryptography Provided by authentication functions Digital signatures provide authentication as well as non-repudiation

15 Authentication Functions
Two levels of message authentication mechanism Lower level: Authentication function Higher level: Authentication protocol Authentication functions have 3 classes Message encryption Message Authentication Code (MAC) Hash function

16 Message Encryption In a way, message encryption can provide authentication But not reliable Small changes in ciphertext may not be detected Done in two ways Symmetric (private key) encryption Asymmetric (public key) encryption

17 Symmetric encryption: confidentiality and authentication
Message Encryption Symmetric encryption: confidentiality and authentication

18 Public-key encryption: confidentiality
Message Encryption Public-key encryption: confidentiality

19 Public-key encryption: authentication and non-repudiation
Message Encryption Public-key encryption: authentication and non-repudiation

20 Message Encryption Public-key encryption: confidentiality, authentication and non-repudiation

21 Message Authentication Code (MAC)
MAC = C(K,M) M: Input message C: MAC function K: Shared secret key Message + MAC are sent to the intended recipient Recipient calculates MAC’ = C(K,M’) If MAC = MAC’ then accept else reject

22 Properties of MAC MAC function need not be reversible (in contrast to decryption function) MAC input: arbitrary length MAC output: fixed length (typically much smaller than message length) MAC is many-to-one function

23 Message Authentication Code

24 Message Authentication Code
Authentication and confidentiality; authentication tied to plaintext

25 Message Authentication Code
Authentication and confidentiality; authentication tied to ciphertext

26 Hash Function A variation of MAC Does not need a key h = H(M)
h is called hash code/hash value/message digest

27 Requirements of Hash Function
Arbitrary length input Fixed length output H(x) is easy to compute Given h, computationally hard to find x such that H(x) = h (called onewayness) Given x, computationally hard to find y ≠ x such that H(x) = H(y) (called weak collision resistance) Comp hard to find a pair x,y such that H(x) = H(y) (called strong collision resistance)

28 Confidentiality and authentication
Hash Function Confidentiality and authentication

29 Hash Function Authentication

30 Authentication and non-repudiation
Hash Function Authentication and non-repudiation

31 Confidentiality, authentication and non-repudiation
Hash Function Confidentiality, authentication and non-repudiation

32 Summary In today’s we explored the limitations of the centralized key distribution and have explored key distribution in a decentralized fashion. Message Authentication Mechanism Message encryption MAC Hash

33 Next lecture topics We will talk about authentication through digital signatures

34 The End

Download ppt "Presented by: Dr. Munam Ali Shah"

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester 2008-2009 ITGD 2202 University of Palestine.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Similar presentations

Ads by Google