Presentation is loading. Please wait.

Presentation is loading. Please wait.

CRYPTOGRAPHY & NETWORK SECURITY

Published bySilje Lassen Modified over 5 years ago

Similar presentations

Presentation on theme: "CRYPTOGRAPHY & NETWORK SECURITY"— Presentation transcript:

1 CRYPTOGRAPHY & NETWORK SECURITY
II MSc(CS)(MCS30117), II MCA(MCA30217)

2 Message Authentication and Hash Functions
Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of Hash Functions and MACs

3 Authentication Requirements
Kind of attacks (threats) in the context of communications across a network Disclosure Traffic analysis Masquerade Content modification Sequence modification Timing modification Repudiation Measures to deal with first two attacks: In the realm of message confidentiality, and are addressed with encryption Measures to deal with items 3 thru 6 Message authentication Measures to deal with items 7 Digital signature

4 Authentication Requirements
Message authentication A procedure to verify that messages come from the alleged source and have not been altered Message authentication may also verify sequencing and timeliness Digital signature An authentication technique that also includes measures to counter repudiation by either source or destination

5 Authentication Functions
Message authentication or digital signature mechanism can be viewed as having two levels At lower level: there must be some sort of functions producing an authenticator – a value to be used to authenticate a message This lower level functions is used as primitive in a higher level authentication protocol

6 Authentication Functions
Three classes of functions that may be used to produce an authenticator Message encryption Ciphertext itself serves as authenticator Message authentication code (MAC) A public function of the message and a secret key that produces a fixed-length value that serves as the authenticator Hash function A public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator

7 Message Encryption Conventional encryption can serve as authenticator
Authentication Functions Message Encryption Conventional encryption can serve as authenticator Conventional encryption provides authentication as well as confidentiality Requires recognizable plaintext or other structure to distinguish between well-formed legitimate plaintext and meaningless random bits e.g., ASCII text, an appended checksum, or use of layered protocols

8 Basic Uses of Message Encryption
Authentication Functions Basic Uses of Message Encryption

9 Ways of Providing Structure
Authentication Functions Ways of Providing Structure Append an error-detecting code (frame check sequence (FCS)) to each message

10 Ways of Providing Structure - 2
Authentication Functions Ways of Providing Structure - 2 Suppose all the datagrams except the IP header is encrypted. If an opponent substituted some arbitrary bit pattern for the encrypted TCP segment, the resulting plaintext would not include a meaningful header

11 Confidentiality and Authentication Implications of Message Encryption
Authentication Functions Confidentiality and Authentication Implications of Message Encryption

12 Message Authentication Code
Authentication Functions Message Authentication Code Uses a shared secret key to generate a fixed-size block of data (known as a cryptographic checksum or MAC) that is appended to the message MAC = CK(M) Assurances: Message has not been altered Message is from alleged sender Message sequence is unaltered (requires internal sequencing) Similar to encryption but MAC algorithm needs not be reversible

13 Authentication Functions
Basic Uses of MAC

14 Authentication Functions
Basic Uses of MAC

15 Why Use MACs? Cleartext stays clear MAC might be cheaper Broadcast
Authentication Functions Why Use MACs? i.e., why not just use encryption? Cleartext stays clear MAC might be cheaper Broadcast Authentication of executable codes Architectural flexibility Separation of authentication check from message use

16 Authentication Functions
Hash Function Converts a variable size message M into fixed size hash code H(M) (Sometimes called a message digest) Can be used with encryption for authentication E(M || H) M || E(H) M || signed H E( M || signed H ) gives confidentiality M || H( M || K ) E( M || H( M || K ) )

17 Basic Uses of Hash Function
Authentication Functions Basic Uses of Hash Function

18 Basic Uses of Hash Function
Authentication Functions Basic Uses of Hash Function

19 Basic Uses of Hash Function
Authentication Functions Basic Uses of Hash Function

20 Message Authentication Codes
MACs Message Authentication Codes MAC= C(K,M) a MAC is a cryptographic checksum MAC = CK(M) M: a variable-length message K :a secret key C(K,M): fixed-sized authenticator is a many-to-one function potentially many messages have same MAC but finding these needs to be very difficult

21 Requirements for MACs If an opponent observes M and C(K,M), it should be computationally infeasible to construct M’ such that C(K,M’) = C(K,M). C(K,M) should be uniformly distributed in the sense that for randomly chosen messages, M and M’, the probability that C(K,M) = C(K,M’) is 2-n, where n is the number of bits in the MAC. Let M’ be equal to some known transformation on M. That is, M’ = f(M). E.g. f may involve inverting one or more specific bits. In that case, Pr[C(K,M) = C(K,M’)] = 2-n.

22 Using Symmetric Ciphers for MACs
can use any block cipher chaining mode and use final block as a MAC Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC using IV=0 and zero-pad of final block encrypt message using DES in CBC mode and send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final block but final MAC is now too small for security

23 Data Authentication Algorithm

24 Hash Functions Hash Functions h = H(M) M is a variable-length message, h is a fixed-length hash value, H is a hash function The hash value is appended at the source The receiver authenticates the message by recomputing the hash value Because the hash function itself is not considered to be secret, some means is required to protect the hash value

25 Hash Function Requirements
Hash Functions Hash Function Requirements H can be applied to any size data block H produces fixed-length output H(x) is relatively easy to compute for any given x H is one-way, i.e., given h, it is computationally infeasible to find any x s.t. h = H(x) H is weakly collision resistant: given x, it is computationally infeasible to find any y  x s.t. H(x) = H(y) H is strongly collision resistant: it is computationally infeasible to find any x and y s.t. H(x) = H(y)

26 Hash Function Requirements
Hash Functions Hash Function Requirements One-way property is essential for authentication Weak collision resistance is necessary to prevent forgery Strong collision resistance is important for resistance to birthday attack

27 Simple Hash Functions Operation of hash functions
The input is viewed as a sequence of n-bit blocks The input is processed one block at a time in an iterative fashion to produce an n-bit hash function Simplest hash function: Bitwise XOR of every block Ci = bi1  bi2  …  bim Ci = i-th bit of the hash code, 1  i  n m = number of n-bit blocks in the input bij = i-th bit in j-th block Known as longitudinal redundancy check

28 Simple Hash Functions Improvement over the simple bitwise XOR
Initially set the n-bit hash value to zero Process each successive n-bit block of data as follows Rotate the current hash value to the left by one bit XOR the block into the hash value

29 Birthday Attack Birthday Attack If the adversary can generate 2m/2 variants of a valid message and an equal number of fraudulent messages The two sets are compared to find one message from each set with a common hash value The valid message is offered for signature The fraudulent message with the same hash value is inserted in its place If a 64-bit hash code is used, the level of effort is only on the order of 232 Conclusion: the length of the hash code must be substantial

30 Generating 2m/2 Variants of Valid Messages
Birthday Attack Generating 2m/2 Variants of Valid Messages Insert a number of “space-backspace-space” character pairs between words throughout the document. Variations could then be generated by substituting in selected instances Alternatively, simply reword the message but retain the meaning

31 Brute-Force Attack of Hash Functions
Security of Hash Functions and MACs Brute-Force Attack of Hash Functions Three desirable properties of hash functions One-way: For any given code h, it is computationally infeasible to find x s.t. H(x) = h Weak collision resistance: For any given block x, it is computationally infeasible to find y  x s.t. H(y) = H(x) Strong collision resistance: It is computationally infeasible to find any pair (x, y) s.t. H(y) = H(x) Brute-force attack on n-bit hash code One-way and weak collision require 2n effort Strong collision requires 2n/2 effort  If strong collision resistance is required (and this is desirable for a general-purpose secure hash code), 2n/2 determines the strength of hash code against brute-force attack Currently, two most popular hash codes, SHA-1 and RIPEMD-160, provide a 160-bit hash code length

Download ppt "CRYPTOGRAPHY & NETWORK SECURITY"

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Message Authentication and Hash functions

Message Authentication and Hash functions
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
Information Security and Management 11

Information Security and Management 11
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
MAC and HASH Functions Unit 5. AUTHENTICATION REQUIREMENTS In the context of communications across a network, the following attacks can be identified:

MAC and HASH Functions Unit 5. AUTHENTICATION REQUIREMENTS In the context of communications across a network, the following attacks can be identified:
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester 2008-2009 ITGD 2202 University of Palestine.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.

Message Authentication Requirements Disclosure Release of message contents to any person or process not possessing the appropriate cryptographic key Traffic.

Similar presentations

Ads by Google