Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Similar presentations


Presentation on theme: "Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:"— Presentation transcript:

1 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain the importance of message authentication on Internet communications –Describe message authentication with and without message encryption and identify its uses –Explain the operation of simple hash functions and secure hash functions –Describe the main parameters of MD5 and SHA1

2 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Introduction Message authentication is necessary to: Make sure that the message was transmitted properly No content was altered or deleted during transmission Protects users against active attacks

3 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Message authentication strategies Authentication & symmetric encryption Simply encrypt the message using a symmetric encryption algorithm Assume only the receiver and the sender know the key Advantages: Message confidentiality is kept Disadvantages: Computationally expensive Uses: Transmission of critical information

4 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Authentication using message digests A digest is a code generated using the message content that is appended at the end of the message. When the message is received, the digest is regenerated and compared with the message received Message digests are usually encrypted Advantages: Computationally cheaper Disadvantages: Compromises message confidentiality Uses: Transmission of non-critical information Transmission of delay sensitive information

5 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Message Authentication Code Message Authentication Code (MAC) The message content and a secret key are used to generate a small block of data appended to the message DES is used to encrypt the message and the last bits of the encrypted message act as a MAC Advantages: No decryption is necessary Disadvantages: It is as computationally expensive as DES

6 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Hash functions A hash function is a fingerprint of a message, file or block of data A hash function used for message authentication must have the following properties: –It can be applied to messages of any size –It must produce a fixed length output regardless of the size of the input –The computational complexity to find the output must be reasonable –The output must always be different from the input –For a given message, it must be computationally infeasible to find another message with the same output –For a pair of messages, it must be computationally infeasible to find equal outputs

7 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Examples of Secure Hash Functions SHA-1 Developed by NIST published in FIPS PUB 180 in 1993, revision FIPS PUB 180-1 issued in 1995 Maximum input message of 2 64 bits Message digest of 160 bit Input processed in 512 bit blocks MD5 Specified in RFC 1321 No maximum input message length Message digest of 128 bit Input processed in 512 bit blocks

8 Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Examples of Secure Hash Functions RIPEMD-160 Developed by European researchers trying to break MD4 and MD5. No maximum input message length Message digest of 160 bit Input processed in 512 bit blocks HMAC Cryptographic hash function (combination of MAC and SHA-1). Specified in RFC 2104. HMAC is as computationally expensive as the hash function employed (SHA-1)

9 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: Explain the uses of public-key cryptography Describe the operation of public-key cryptography Produce public and private keys using integer numbers Explain the RSA and Diffie-Hellman algorithms Identify the main issues on key management

10 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Introduction Proposed by Diffie and Hellman in 1976 Based on mathematical functions not on bit operations Used to encrypt messages Main uses: –Confidentiality –Key distribution –Authentication

11 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Operation of public-key cryptography Elements of public key cryptography: Message Encryption algorithm Public and private key Ciphertext Decryption algorithm

12 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Characteristics of public-key algorithms The following conditions must be met for a public-key algorithm: It must be computationally effective to generate both keys It must be easy for the sending party to encrypt a message knowing the public key It must be computationally effective to decrypt the message using the private key It must be computationally infeasible to determine the private key

13 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 RSA public-key encryption algorithm Developed by Rivest, Shamir and Adleman in 1977 Most widely accepted public-key encryption algorithm In RSA the message, ciphertext and keys are represented as integer numbers

14 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 RSA operation C=M e mod n M=C d mod n = (M e ) d mod n = M ed mod n 0 < M & C < n Public key  e, n Private key  d, n e and n must be large values for the algorithm to be robust

15 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 RSA steps 1. Select two arbitrary (preferably large) prime numbers p and q 2. n = pq 3. Calculate Φ(n) = (p-1) (q-1) 4. Select an integer e such that e is a relative prime of Φ(n) 5. Calculate d such that de mod Φ(n)=1 6. Private key  e, n 7. Public key  d, n

16 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Key management Public-key certificates Public-keys are public, but they need to be authenticated Public-key certificates are public keys plus a user ID signed by a Certificate Authority (CA) Any user trying to verify the authenticity of a public key can get the appropriate certificate from the CA and validate the public key

17 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Key management Distribution of secret keys Public key algorithms can be used to distribute secret symmetric keys Encrypt the secret key with a one-time only session key Encrypt the session key using a trusted certified public-key Attach the encrypted session key to the encrypted session key and send both of them

18 Dr Alejandra Flores-Mosri Public-Key Cryptography Internet Management & Security 06 Resources Stallings W., Network Security Essentials, 2 nd Edition, Prentice Hall, 2002 (Chapter 3) FIPS 180-1 – Secure Hash Standard http://www.itl.nist.gov/fipspubs/fip180-1.htm Schneier on Security: SHA-1 broken http://www.schneier.com/blog/archives/2005/02/sha1_broke n.html RFC 1321 MD5 Message Digest Algorithm RFC 2104 HMAC: Keyed-Hashing for Message Authentication RSA Laboratories http://www.rsasecurity.com/rsalabs RFC 2631 Diffie-Hellman Key Agreement Method


Download ppt "Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:"

Similar presentations


Ads by Google